December 2013 Archives

CANCELLED DUE TO WEATHER.

CIO Magazine 2013 State of the CIO Survey lists five stages of an IT organization from a business stakeholders' view:

1. Cost center
2. Service Provider
3. IT Partner
4. Business Peer
5. Business Game Changer

I don't think an IT department needs to start at one phase and work their way forward. However, I do think this list exemplifies the categories of IT organizations I've dealt with. If you think about the book "The Phoenix Project", it really is about how to leap ahead to be the last (best) category.

I think that many people don't even know that anything other than "cost center" is a possibility. Just having an awareness of these 5 categories would help inspire a lot of IT goodness.

A brilliant description. It's certainly the best explanation I've ever seen. For the first time I actually understood how it works.http://www.youtube.com/watch?v=Lx9zgZCMqXE

https://lopsa.org/LPR

You should too.

The LOPSA Professional Recognition Program (LPR) is not a certification. It is a recognition that the person in question met or exceeded the standards for professional practice. In particular, it certifies that the person has agreed to abide by the LOPSA Code of Ethics and works to keep their skills current in the last year.

I've always been an advocate for some kind of program that would raise the bar among system administrators, encourage professionalism, and spread the word about the Code of Ethics. I'm glad to see LOPSA giving this a try and I think everyone should support it. This is a new program. The more people that join now, the sooner we will all benefit from its success.

It cost $10 took me 30 minutes to write my essay.

Information about the LOPSA Professional Recognition Program can be found here: https://lopsa.org/LPR. I encourage you to apply today.

I'm really sick and tired of Slashdot doing posts like this, but it isn't slashdots fault. It's our industry's fault.

Here's the question:

"I am a senior engineer and software architect at a fortune 500 company and manage a brand (website + mobile apps) that is a household name for anyone with kids. This year we migrated to a new technology platform including server hosting and application framework. I was brought in towards the end of the migration and overall it's been a smooth transition from the users' perspective. However it's a security nightmare for sysadmins (which is all outsourced) and a ripe target for any hacker with minimal skills. We do weekly and oftentimes daily releases that contain and build upon the same security vulnerabilities. Frequently I do not have control over the code that is deployed; it's simply given to my team by the marketing department. I inform my direct manager and colleagues about security issues before they are deployed and the response is always, 'we need to meet deadlines, we can fix security issues at a later point.' I'm at a loss at what I should do. Should I go over my manager's head and inform her boss? Approach legal and tell them about our many violations of COPPA? Should I refuse to deploy code until these issues are fixed? Should I look for a new job? What would you do in my situation?"

I guess I'm getting a bit passive-aggressive in my old age because here's my reaction:

Well it sounds like you've done the responsible thing and tried to raise the issue. That's important because that is what I'd recommend. You need to make at least 3 attempts at warning your employer before you give up. Each time make sure you explain it in terms of the business impact, not in geeky technical jargon. In other words, "The system could be penetrated and credit card numbers could be stolen" is business impact. "There's a buffer overflow in the PHP framework being used" is geeky technical jargon. Explain it without sounding alarmist, but be firm. File a bug for each issue so that there is visibility and a record of when the issue was first raised.

However it seems like you've already done that. Your question isn't "what should I do?" but "what should I do now that warnings have failed?"

I guess I'm getting a bit passive-aggressive but the answer is, "Let them fail."

You've done your job. You have a technical position and your role is to raise technical issues. You aren't in management. Management's job is to set priorities. They've set the priorities: security is low priority.

Management won't give security any higher priority until a few "household names for anyone with kids" have catastrophic outages and security issues that are "New York Times Front Page" stories. For some executives the only motivation is fear of public embarrassment.

Once that happens management will finally take action.

What action? If they are smart they'll change their technical strategy and fix the problems: put into place controls and procedures to fix problems before they happen. In that case, good for them. If they are dumb they'll hire a slick "snake-oil salesperson" that will charge a lot of money but not actually improve things. In that case, they'll go out of business (or the executives will be fired) when there are more problems or a company better at technology is more successful.

Isn't it about time that dumb companies go out of business? Isn't it better for dumb executives to get fired?

Yes, it is.

So why are you helping them stay in business? Why are you sheltering a dumb person from the effects of their ignorance?

Does any company think they are unaffected by the "computerization-of-everything" that they can hire technologically illiterate executives?

When AT&T Wireless went out of business and sold their name (and their customer list) to SBC, didn't it improve the world?

Of course, the most ethical thing to do would be to educate them and help them change their ways. However that was not your question. Your question was "what now that I have failed?"

Oh, that reminds me. One of the most important parts of working in IT is being able to communicate effectively to executives the business impact of these things. My definition of "effective" is that they decide to make the changes required to fix the problems you are concerned about.

Failure of communication is a two-way street. The information sender has to succeed and the information receiver has to succeed. If either fails, both fail.

So that's the real bad news here. You are just as much a failure in communicating to them as they are a failure in receiving the information.

So, if you have failed, doesn't that mean we need to get you out of there for the same reason we need to get failed executives out of companies (or failing companies out of the market)?

Yeah. That.

So if you leave maybe your replacement will be better at "one of the most important parts of working in IT": communication. Or maybe you can step back and completely change your tactics.

If you are going to leave, read my So your management fails at IT, huh? blog post. It will help you feel better and leaving such a messed up company.

If you are going to change your ways, let me recommend The Phoenix Project. It will open your eyes to a an entirely different way of communicating and interacting with executive management about IT.

I hope you pick the latter. It is probably the better thing to do for your sanity, your stress level, and your career.

[forwarded from Evan Pettrey, this year's LOPSA-East chair]

Greetings!

LOPSA-East is pleased to announce that we have released our Call for Participation for our 2014 conference. Everybody with a passion for technology and a willingness to share with others in our industry are encouraged to submit!

Full details of the CFP can be found on our website at: http://lopsa-east.org/2014/

Important Dates:

• Deadline for all Submissions - Wednesday, January 22nd, 2014 (midnight EST)
• Decisions Sent to All Submitters - Monday, February 3rd, 2014
• Schedule Published - Monday, February 10th, 2014
• Registration Opens - Friday, February 14th, 2014
• LOPSA-East '14 Conference - Friday, May 2nd - Saturday, May 3rd

We look forward to seeing your submissions! Please email all submissions and questions to [email protected].

-The LOPSA-East 2014 Committee

You know Black Friday and Cyber Monday... did you know that tomorrow (Dec 3) is "Giving Tuesday"? Many charities receive most of their donations in December as people rush to donate before the tax year is over. These donations determine if in 2014 they'll be able to grow or will they have to cut back.

I'd like to highlight three charities that I think are having a huge impact on our world and encourage you to donate too:

1. USENIX Annual Fund. You probably think of USENIX as the organization that hosts the LISA conference. It is so much more. However what I'd like to point out is that they are on the cutting edge of keeping academic publications "open access". Academic papers should be published and made as widely available; not hidden behind a paywall. Making that happen is expensive and they need your support. Donate today.

2. The FreeBSD Foundation. Many of the innovations that spread out the all Unix and Unix-like systems start in FreeBSD. The Foundation's fund-raising efforts are essential to keeping FreeBSD free. As the Project grows, so do the costs. By donating to the foundation, you are helping us fund and manage projects, sponsor FreeBSD events, and provide travel grants to FreeBSD developers. You are also helping us represent the Project in executing contracts, license agreements, copyrights, trademarks, and other legal arrangements that require a recognized legal entity. Donate today.

3. Lyon-Martin Health Services. By making a donation today, you are making sure that Lyon-Martin can continue its life-saving mission of caring for women, lesbian, and transgender people, regardless of their ability to pay. I appreciate that so many of my readers support LGBT rights and when I post something related to that on Facebook I am impressed by the number of "likes" I get from people I don't even know. Well here's an organization that is in the trenches doing the hard work of providing services that transform lives. Donate today.

Please consider donating to these causes. Even a minimum donation goes a long way! For example the FreeBSD Foundation is trying to increase the number of donors (a requirement by some grant-making organizations), so donating the minimum will not cost you much but will help them greatly!