Matthew Sekol

"The basic tool for the manipulation of reality is the manipulation of words."

Page 3 of 5

How Microsoft’s HoloLens Could be the Next App Store

The HoloLens stole the show at Microsoft’s Windows 10 unveiling. The demo video sure seems to be too good to be true. What’s more surprising is that the people who tried it seem to be impressed as well. The implications for this device could be huge and it could take off versus something like Google Glass, which was really presented to the masses as ubiquitous notifications and information.

The difference in presentation of the HoloLens vs. Google Glass or even Oculus Rift has me excited. I keep thinking of different applications as I go through my day. If done right, this device could spawn a multi-billion dollar market similar to the iPhone.

Here are some scenarios that I hope come to fruition for the HoloLens.

Effortless Planning
I have a challenge. There is a lot of bare wall space in my house in the main living area on the first floor. I’m never quite sure how to decorate that space. I’m smart enough to know it isn’t a space for movie poster art for a married man with a family, but I don’t know what to put there.

Between art, personal photos, and shelving, it can be a daunting task. With the HoloLens, I could browse my personal photo library from OneDrive and start checking out which pictures of my kids to hang up. I could even tweak the coloring (Instagram-esque style) to see what looks good in the room. If I wanted something more commercial, I could open an art reseller’s app to see what Picasso’s “Don Quixote” looks like next to my TV. The app could allow me to resize on the fly with standard sizes available or change the frame style and color.

This is really just the tip of the iceberg. For remodeling projects, the HoloLens is ideal. With the right applications, you could repaint your wall with a virtual floodfill before purchasing or place virtual furniture and change fabric patterns in the room without lifting a finger. You could check out a new fireplace or new bathtub with just a few gestures.

Since the HoloLens is so portable, you could take it outside to your landscaping and drop some virtual plants around before you make a purchase! Want to see what that sapling will look like in 5 years? 10? Just swipe right and watch it grow!

Savings Lives
Could the HoloLens safe a life? Well, depending on the final size, you may not be able to get close enough to administer CPR, but a 911 operator could possibly walk you through it. An EMT could receive additional instructions from a doctor at the hospital and potentially diagnose and recommend paths for treatment.

Doctors are already on the forefront of collaborative technologies. Imagine if they could see through another doctor’s (or anyone’s) virtual eyes from anywhere. The HoloLens could even work with a program like Doctors Without Borders, allowing cutting edge medical treatments to reach remote locations.

Next Level Recreation
We’ve already seen a Minecraft style video game in your living (I hope Lego is paying attention) and I could just imagine pulling back a virtual slingshot trying to aim birds at those pesky pigs.

But, let’s get our kids outside! Why confine yourself to the living room? It’s time to take your HoloLens outside for some augmented reality gaming. In case you didn’t notice, a lot of games take place outside as it is. Why not take advantage of the portability of the platform and take the game outside? Have a neighborhood alien invasion party!

Become a Giant
Stay with me on this one. Point A to Point B directions are available everywhere. It is so ubiquitous anymore, there’s no excuse for getting lost. What about big cities though? Oftentimes, you park and aren’t sure where to go. That’s even if you know where to park! Face it, finding parking and then figuring out where to go can be a hassle.

With a HoloLens application, you can virtually walk in a city and figure out exactly where to go. Find parking easily by inserting yourself into the map or zoom out and find a nearby restaurant before you head out.

What if you were moving to a new area and wanted to check it out? With a realtor application, you could tour the house and even the neighborhood. Zoom out and see where things are relative to the area easily by inserting yourself into the map and looking around.

Replacing that TV
Do you really need a TV if you’re wearing a HoloLens? The demo video would suggest not. Back in January, Gizmodo reported 3d TV is dead. That very well may be, but 3d content is not.

The question then becomes, why even look at the wall? Consider this scenario – You’re settling down to participate in your favorite detective\mystery show. The scene opens in your living room, only it isn’t your living room.

Your room expands to a long darkened alley. As you stand up and take a step forward, the alley pulls you forward and you are suddenly standing next to a murder victim. You bend down and find a matchbook. You pick it up and flip it over with some simple gestures. The detective next to you notices it as well. He thinks you’re just another uni, but you’ve just uncovered a major clue that could crack this case wide open…

Stories will never be the same again once you can truly participate. This will take some work on the camera end though.

Never Miss Anything
Why read a boring article about an event when you can live it? There are so many amazing things that happen in this world everyday. With the HoloLens and your favorite news network’s application, you can experience everything. As long as there is a camera there, you are good to go.

This one we’ve seen in the Mars demo, but it could really change people’s perspectives and be an excellent teaching tool.

Museums could discover new revenue streams by publishing exhibits with real world events. Imagine not only being able to see 3d renderings of artifacts, but also participating in their original uncovering!

Microsoft’s Strengths
If Microsoft can deliver on the promise of the HoloLens with easy to use application tools, the sky is really the limit with this technology. Early on, folks did amazing things with Kinect. I can’t wait to see how the HoloLens starts out!

What might you use it for?

How an Email Manager
Leaves a Job

I’ve been managing email systems for years and have been manager of the team that manages email (among other things) for the past 2 years. While my primary focus was on Exchange email, I also had a great understanding of different spam systems and how they worked. When my most recent company was purchased by an “Anything But Microsoft” company, the writing was on the wall.

As a result, I’m done! Here’s my goodbye notice to my co-workers. Enjoy!

December 26th is my last day here. Last week, I received a message from a Doctor in Nigeria. Apparently, I can assist with the transfer of $21,320,000.00 (TWENTY ONE MILLION, THREE HUNDRED AND TWENTY THOUSAND U.S. DOLLARS) for his family out of the country into US Banks. For helping settle the transaction, I will receive 70% of the transferred funds. On top of that, my wife has won the UK-LOTTO Sweepstakes in Johannesburg, South Africa. We will be getting another $2,500,000 (TWO MILLION, FIVE HUNDRED THOUSAND U.S DOLLARS)!

I’ve already provided my PIN number to Citibank per their email to facilitate the transaction (didn’t even know I had an account there) and have been contacted by Fedex regarding a package I have to pick up, which I believe contains the money. I only had to send them $500 to get it!

I can’t justify coming into an office anymore with this sum of money in my bank account. I’ve received an email that I can make thousands of dollars per month working from home for Google, so rest assured, I will stay busy. Of course, this will have to wait until I get back from my FREE Disney trip (thanks Facebook)!

I wish you all the best, it has been a pleasure working with you all. We’ve really done some fantastic things over the years.

If you’d like to stay in touch, I’m on LinkedIn. Try not to spam me, I keep a keen eye out for that stuff!


Why You Should Trust
the IT Early Bird

When I moved down to Frederick, MD a few years ago, I learned pretty quick that I needed to adjust my work hours. The commute to Rockville some days and Bethesda on others was tough. The 30 mile commute was always close to an hour, and that was on good days. In order to keep my sanity, I would leave home at 6:30AM and leave work no later than 4PM every day (if I could help it).

I was working at a utility company that only had plants and offices based in the US. Operating power plants and gas transmission lines required 24/7 support, but IT was staffed during the typical 9-5 hours. At each plant, there was a smart hands person (one of these was my own mother), who would typically arrive very early in the morning. This person wore several hats at the plant and were excellent points of contacts for IT.

After coming in early for a few months, the plant contacts realized I was online early. If there were any issues overnight, they would usually call me up first thing and we would work through the issue together. There were benefits on both sides. I was learning plant systems and troubleshooting issues that other IT owners might have taken on if they waited until 9AM. For the plant contacts, they would get their issue resolved quicker, resulting in higher satisfaction and a growing trust with myself and, by extension, IT.

I was hired as a desktop support person. Within 5 years, I was the technical lead for the Platform Services team. A lot of this was due to coming in early.

No one seemed to mind that I left early in the day either. My managers were well aware of my commute and they saw the advantages from me coming in early.

Since then, I’ve had other jobs and I always try to show up early and leave early. After all, I check my email all night anyway and as remote access became ubiquitous, this became even easier and more frequent. Some managers and teams didn’t care, others did care though. Regardless of opinions though, I was still consistently a top performer who would find issues early in the morning and resolving them before everyone came in.

Moving into management, I’ve come to understand the delicate balance of this shift in start and leave times. Sometimes I would get complaints from others when they see someone leaving early. They would make comments under their breath like “banker’s hours” and the like. Before you try something like this, make sure your manager and team is on board and understand your work times. Your manager in particular needs to account for your time. Be sure they are comfortable with it and see the benefits. If they do, they (and your team), will have your back.

The IT early bird is someone that can be trusted. They’ve seen it all and have done most troubleshooting by the time the others roll in. This gives them a great general knowledge of systems that might be out of their direct line of responsibility. Keep an eye on these folks – you might just see them do some amazing things!

Looking at Liberal Arts from the Outside

tulipsThey call us dreamers and radicals. We took a chance at what we loved and came out the other side battle-worn. We are Liberal Arts graduates.

A friend recently posted an article on Facebook about a conference for the future of Liberal Arts that took place at St. Johns College. It doesn’t look good. Here’s a snippet –

English majors only account for 3% of all majors nationwide.

One interesting comment listed in the article, which admittedly is controversial, is made by Andrew DelBanco, head of American Studies at Columbia University – “You cannot explain the value of a liberal education to those who have not had one.”

While the article focuses on some recent trends in the humanities that arguably should be reversed, let’s focus on that one comment. I don’t think it is the value is difficult to explain, you just have to switch your perspective.

I absolutely loved studying literature, but having an English degree meant two paths:

1. English professor – I saw the decline coming (see the article linked above)
2. Lawyer – I took my LSATs, but it just wasn’t for me.

By the time I realized I may have made a mistake by declaring English as my major, I decided that I was too far down the path. I took advantage of the free websites at Penn State, learned some HTML code, and finished up my English degree. I spent my immediate post-graduate life focusing on computers and moved into an entry-level IT job.

16 years later, I am still in IT and the value of my degree is extremely easy to see. This made me realize that Delbanco, which highly educated and well-respected, is missing the perspective of someone working completely outside the Liberal Arts field.

I thought my English degree was a hindrance for a long time. In IT, obviously technical skills are highly valued. I had these skills, but I started noticing that others, while very technically saavy, lacked other skills that I seemed to have.

I could communicate effectively and had empathy. This helped me translate technical ideas and concepts to non-technical customers and business partners. Empathy is a skill that is valued by business leaders for this and other reasons. For example, my first Enterprise IT job was a laptop support technician. After seeing the same problems being logged by the Help Desk over and over, I designed a training class to address common issues and delivered it to IT contacts in the business and administrative assistants.

As time went on and my responsibilities grew, I found other skills came naturally – complex analysis, listening, and critical thinking. It turns out, these skills that are also highly valued. Several years ago, I worked with IT teams and HR to understand the requirements and pain points around account management. From there, I developed an account lifecycle management strategy using a software solution and pitched the idea to various business units and management. The project was approved and we implemented a solution that lowered Help Desk tickets, streamlined account creation and kept terminations within SLA.

Delbanco almost has it right. Trying to convince someone of the value of a Liberal Arts education from inside a career in that field is impossible. Preaching the value as a professor and pointing to Liberals Arts careers as valuable is certainly difficult. How do you quantify the value of an author’s work, for example? It is completely subjective.

Instead, put a spin on the discussion and point to successful people that leverage their Liberal Arts education to drive results and change in other fields. The value become both measureable and obvious.

Photo: Library_Tulips_2 by Alina Gluck

Gen-Xers Value Life Balance, Too!

house-w-white-picket-fence_000Another day, more articles about Millennials. Where are the articles for Gen-Xers? We’re out here and about to be the group that has to lead Millennials and the generation after them in the business world.

Consider that the last of the Baby Boomers will be retiring in the next 10 years. Stack that on top of Gen-Xers that have gained corporate and managerial experience over the last 10 years. Sure, there are Millennials out there that will make (or already are) great managers, too, but Gen-X has the experience to hit the ground running.

Let’s get one thing out of the way, a generation does not define an individual. There are large swaths of individuals in each generations that do meet these profiles though.

The Work/Life balance for Millennials is about satisfaction. They crave both professional and personal fulfillment. If they need fewer hours and less pay to get there, they will get it sorted out through creativity and remote access. To them, their life experience is worth as much as the money they earn.

Consider that Millennials are ditching high cost items, like cars and houses, things that Baby Boomers and Gen-Xers have always taken for granted as necessities.

Perhaps it is because Millennials have witnessed their parents work like crazy and get little in return, or worse buried in debt, in their non-work life.

Millennial Philosophy: Work to Live!

For Gen-Xers, Work/Life balance is about taking financial care of their families. Not only do they have kids, but they are taking care of their aging parents, who are going to live for quite a long time (this will eventually be a Millennial problem too, eventually). They do value their family, but feel that they are better served through hard work and financial responsibility.

Gen-Xers grew up with ‘greed is good’ and, having lost a TON of money over the years, they’re still trying to gain that financial security. Due to the Baby Boomers’ strong work ethic, they take the punches and just keep going.

Gen-Xer Philosophy: Live to Work!

What is Gen-X Thinking?
As a member of Gen-X, I can see the appeal in the Millennial philosophy. For me, my career is a race to stay ahead to ensure my family has the financial security to send 3 kids to college (all will overlap for at least for 1 year) while making sure I can take care of my parents, who are close to retirement.

A lot of Gen-Xers are so far down this path that they can’t stop. They’ve purchased homes and bought into the same American dream that our parents help set up. So, now what are they to do?

Here’s what it comes down to. Gen-X is seeing how the Millenials operate and realizing that the work struggle isn’t the legacy we want to leave our families. We’re picking up the same tools as Millennials and leveraging them to give us a flexible work experience. All of this is while maintaining and improving our results at work.

The Downfall of the Flexible Work Movement
The one thing that will kill off this movement though is same thing that will kill it off for the Millennials. Employers need to recognize that, in some cases where the job (and person) can handle it, working remotely is just as effective as working in the office. Of course, some companies can’t seem to figure out even how to have remote offices!

I’ve seen flexible and remote work in my own industry. In IT, you don’t have to be in front of a server to manage it. The cloud and global accessibility has hastened this argument. Since IT folks are highly technical, we’ve embraced collaboration tools to work remotely from the rest of our team. As a manager of a global team, I’ve been able to be effective without ever meeting half of my team in person.

Millennials have led the charge for a better Work/Life balance, but Gen-X is adopting their methodologies. As Gen-X move into leadership roles, expect more flexible and results oriented initiatives. On the flip side, they will ask for accountability, otherwise the model falls apart.

How to Get People to
Read your Notification


Business support groups like HR, IT, facilities, etc. need to communicate changes and updates out to employees often. Probably too often. You can’t blame these groups though, they have a responsibility to communicate compliance rules, training, changes to processes, downtime and improvements.

Your email is probably already inundated with useless information and now these notifications compound it. As a result, almost everyone filters or ignores these types of emails. Here’s some tips to manage a notification to ensure it is read.

To be fair, there will always be people that don’t read your notifications no matter what you do. These steps though should get people reading your email and at least transfer the responsibility to them to read it.

Step 1: Consistency
Well, you can’t start being consistent on your next email campaign, but you can put a good foot forward. Work with your team or organization and design a central notification sending address to work with. If you have a Corporate Communications or Internal Marketing group, work with them for reviewing, branding, and potentially sending.

For all notifications your organization sends out, use the same sending address so your employees begin to recognize the sender (and hopefully not set up a rule).

Design a reusable format that will be the standard for your organization.

Step 2: Pick Your Audience
Make sure that your audience is appropriate. For example, if you rebooting an email server that serves only 100 people, only send the notice to the 100 people. If you communicate useless information out to the masses, it will train them to tune you out.

Step 3: Include Something Actionable if Required
It is absolutely the worst when you send a notification that requires an action from your employees, but it goes into a black hole and no one does what they need to.

In the Subject line, include an ACTION REQUIRED: so that employees know they need to do something. This should halt them from deleting it immediately. Include dates to complete by in the subject or body of the message.

As a helpful side note, if there is an action required, be sure you have a way to track it and don’t be afraid to send follow ups. This may be required for tracking compliance training for example.

Step 4: Avoid the Technical Jargon
Coming from IT, I can tell you – just avoid anything technical. Chances are it will be over the employees heads. Stick with the impact. If we continue the example about rebooting an email server, You will not be able to send or receive emails between from 1-3PM EDT on Saturday, Oct. 25th. Incoming messages from the internet will queue and be delivered after 3PM EDT.

Step 5: Leverage Your Leaders
For major changes, engage your managers and leaders with supplemental information so that they can reiterate the message if their teams ask. You can do this through leadership focused emails.

Step 6: Bonus!
This step is a bonus and includes one! If you are desperate to get people to read your notifications, include an incentive. Put a gift card reward for the 50th person to reply or some other incentive at the bottom of the email. Eventually, this will train your users to stop ignoring you.

All these steps should help you do everything you can to inform the employees through a notification. If they still refuse to read, you can always ask them for feedback on communicating better. For example, an IM broadcast might work better in an emergency.

Warning – ask people for their opinions at your own risk!

The One Thing That Stops
Top IT Talent

There’s something different about IT people. Sure, we like our salaries like everyone else, but a job is more than that. Seeing technology bring people together, make their lives easier and help the company grow is a great thing to be a part of.

There’s a certain level of investment IT folks make in their systems, a pride. When we look for jobs, we are looking to improve and grow, or maybe we’re forced to. Well, sure we also look for the same reasons as other folks, too.

Having said that, there is one thing though that will scare off talented IT job seekers. It is an outdated system. I’m not talking about the last major revision. I’m talking about software 5 years old+.

Reason 1: Its a Career Killer
You could be a fantastic company with a great reputation, but seeing that you are on an outdated piece of software will kill my career. Companies come and go and just because you are awesome today, doesn’t mean I won’t be looking for a job again soon and need those technical skills.

If that happens, I will be taking a step backwards technically. If you don’t use it, you lose it applies to me here.

Reason 2: It Reveals Your Investment Strategy in IT
Having an outdated system shows me your hand. You’ve revealed that you don’t (or can’t) keep your systems updated. IT is nothing to you except a commodity. Maybe you’re stuck with a legacy system for compliance reasons, but I’m still judging you.

Reason 3: You Are at Risk!
Something strange that you might not be considering – by putting outdated software versions on a job description, you just told the internet which exploits that they can use to hack your systems!

Not only that, but if I come on board, I am responsible for everything that happens to this system. An older system is more difficult to maintain and keep secure. Chances are I will be hosed in the near future.

How to Fix It
Focus on the technology family and not specific versions of the software. Consider the risks of your outdated software and, if you are truly looking for top talent, put a plan together to get the software updated once the new person starts. This is a great challenge to mention during the interview and could entice top talent to join, especially if it is something we’ve done before.

Consider this, your top talent candidate is confident, has been through this before and can modernize you AND get a quick win for themselves shortly after they join. It’s a win-win!

Where’s the Humor?

I’ve gotten into a full swing of writing LinkedIn articles now. I certainly don’t consider myself what you might call a ‘swinger,’ but I do alright. Some articles I write are serious, some are funny. On the flip side, I’ve read quite a few LinkedIn articles too. Most are serious and some talk about using humor or empathy in your job, but rarely do they use humor.

Come on, folks. We’re only on this crazy planet for a short time. We spend half of our lives working. Why not put a little humor into you day?

Corporate Life is Your Life
There’s a reason why people post Dilbert comics on their cubicle and dream of bashing their printer with a bat (a la Office Space). Working in the corporate world is horrible. It just is.

If you don’t believe me, consider the monotony, red tape,hours in pointless meetings, the soul sucking policies and procedures you must follow. Plus, what’s with that guy that always sleeps at his desk? How isn’t he fired yet?

If you’re happy in your job, come join the rest of us on the dark side. As the t-shirt states, we have cookies.

A Call to Action
I really believe LinkedIn Pulse should have a Humor channel. Work is ridiculous, yet we do it anyway. Why not let us share our combined depression and spin it into something humorous?

I certainly not proposing that we turn LinkedIn into Facebook, but come on! Being human means two things, you work and do stupid things. There are a million great stories out there (and voices) that have the power to give us a chuckle throughout our day.

I posted a request for this channel over in the LinkedIn Help Center. If you agree – go comment!

The Only Thing We Have to Fear
I can imagine why folks may not want to be funny on LinkedIn, I get it. You’re trying to get your name out there in your industry or maybe you are trying to get a job. But, you can spin out humor into a lesson. For example, I took a shot on two LinkedIn Posts when I got started. The first was about a bad ATS experience I had and the second was a humorous re-writing of my resume as a result. The end result? Maybe I imparted a little knowledge and backed up my belief that I use humor to get things done!

What are you afraid of? Get writing!

The Story of My Career: How to
Go from an English Major to IT

It was my 16th birthday and I was working at JCPenney’s in package pick-up. A co-worker heard it was my birthday and went over to the bookstore and purchased a copy of Kurt Vonnegut’s “Cat’s Cradle” for me. I had just finished reading George Orwell’s “1984” and both books blew my mind.

This is what I wanted to do – read great novels and teach kids to love literature.

I went to Penn State with every intention of majoring in English and doing, well something. At one point, I took my LSATs. In the late 90s though, the Internet exploded! Penn State started offering web sites to students and professors. I was fascinated with HTML and volunteered to do everyone’s class page.

I still loved to read, but I found I had a knack for the technical as well. There seemed to be money in technology and, the best thing was I could see it coming.

A lot of colleges were behind the ball in offering classes in what would become IT in the professional world. Computer Science at Penn State in 1997 wasn’t an exception. Now, I had been tutoring Calculus for 2  years despite my Liberal Arts education. In my senior year, I went to the Dean of the Computer Science department and asked what it would take to switch majors or at least get a minor.

Turns out neither was an option, or at least that was my understanding. It was hard to glean the true meaning behind all the laughing. I actually walked out to the sound of laughter.

I refused to believe this was the end. I started checking into what kinds of IT jobs were out there.

I kept developing websites for folks over the next year and grew my computer skills in general. By my senior year, I found Microsoft Networking Essentials and the MCSE program. I came up with a plan.

I graduated with my degree in English in the spring of 1998, but my roommates and I had the apartment through the summer. I scrapped my TV and immersed myself in Networking Essentials over the summer.

In the fall, I went to work for my father’s company upgrading their servers and managing a customer database. He offered to pay me in MCSE courses. After a few months, I had my MCSE and was on my way.

Phew, 1998 was a long time ago. In that time, I’ve grown a strong career on collaboration tools and IT infrastructure. Now, I haven’t become CIO or anything, but I did get to be manager of an international team of IT engineers for a global semiconductor company.

Oh, and that English degree? It absolutely helped me get here. Nothing balances out a technical career like a Liberal Arts education.

I have no idea whatever became of the Dean, but I will never forget him laughing at me. Who knew an English major could get so far in IT? So, what about the dream of reading great novels and teaching kids to love literature? Well, I have 3 kids under 8 and if our growing library is any indication, I’m doing just fine.

Let’s Fix It: The Gap Between
IT Budgets and IT Security


Are there any excuses anymore for not dedicating a serious effort towards your company’s IT Security?

There are some common and not so common things you might be thinking about for IT Security. Budgets and framing the conversation might be your biggest hurdle.

Here are 3 examples how budget hacking can lead to…well, actual hacking and something you can do about it.

The Basics – Economic Downturn
In the past decade, the economy has tanked. Enterprises were looking for ways to cut costs. DR, security and other proactive services were cut. These were the easiest targets because of the perceived low benefit.

Security Risk: The dedicated IT Security job has been cut and responsibilities scattered to folks wearing other IT hats. To compound the problem, other IT staff has been cut as well.

How to Communicate the Risk: This one is difficult to address because of the scope and the longest to ramp up. You may not even understand all of IT’s exposure. Don’t get too bogged down on the big picture!

Start reading security blogs and watch for similar companies in your industry that have been hacked and common ways hackers enter your network. Build your conversation with similar high risk systems that you may have and any low hanging fruit that can be addressed. This will at least get you some attention and put the company on the right path.

If your conversation is well received, you may want to recommend an engagement to identify risks. When you get the results, go beyond the technical and translate the risks into something the business can understand.

No one in the business will understand that you aren’t running an Intrusion Detection or Network Behavior Analysis system, but they will understand if that credit card system running under Gary’s desk could easily be stolen from your office.

The Not so Obvious – The Custom Written Application
For large Enterprises a decade or more ago, custom written applications were the cloud of the day. By hiring a small team of these computer geniuses, you could get exactly what you needed. I remember those guys, where did they go?

Security Risk: A critical database with customer information is still on SQL 2000. Despite the critical data stored here, the developers left years ago, but the application works too well to give it up. No group has stepped up to take ownership because no one wants the head count or developer budget to hit their numbers.

Side note – when planning cloud applications, define an application lifecycle so this doesn’t happen!

How to Communicate the Risk: In terms of critical and outdated applications, there are 2 risks.

1. The data is stolen because it is outdated and easily hacked – frame this conversation in terms of the data type and exposure risk to the media. Talk to your marketing team. They could lead you to other conversations with business units that could lead you to a real financial impact to the risk.

2. The application is taken offline and can’t be rebuilt because it is outdated – This is a bonus one! Find the business partners using the application. These folks should be able to provide potential business losses, etc. Depending on the exposure of the offline application, marketing could help you here as well.

Since we’re talking about not hiring security professionals, but developers instead, you should steer the conversation to the business units. Discuss the secondary benefit of adding functionality to these applications. You may find a business unit is aware of this risk and might take the headcount on if needed, or at least fund a quick project to get it done.

The One Thing Missing – Identity Management
Matt Zanderigo laid out a great framework to get companies thinking about how they can look at IT Security. If there was one thing I could add, it is that an Identity Management solution with a tight termination policy and consolidation of directory access supplements everything he’s laid out.

Security Risk: Your company has 4 directories, all with critical access to critical applications. There are 4 teams of people that are responsible for terminating access. One team has staff out of the office and terminations are just sitting there.

Ho boy, in this scenario, you are relying on so many disparate teams to terminate account access that you better hope VPN is first on your list and that you aren’t using cloud services!

How to Communicate the Risk: Review your termination SLAs and compare them against active accounts from HR, provide a report of stale accounts to your management chain. Write up ways this risk is mitigated now (physical access controls, tighter VPN controls, etc), but point to where the holes still exist.

You may not need a full blown Identity Management solution, but a project to build out a better account lifecycle management process could do wonders.

Mind the Gap!
Budgets have different ways to hurt your IT Security efforts. As the economy turns around, it is time to start looking at ramping up your IT Security again. Quantifying the risk and translating it into a risk the business can understand is IT’s responsibility. In all these scenarios, a little investment and re-thinking your discussions can go a long way!

« Older posts Newer posts »

© 2019 Matthew Sekol

Theme by Anders NorenUp ↑