Spinning plates as hard as I can…

Routinely, it’s easy to get into deep water with tickets and projects.  Here is an email exchange between one of my team members, JC Foster, and I.


Jon Foster

Where does this fall on my priority list?

  • Tickets
  • AD Project
  • PBX Project
  • Office 365 Project
  • Visual Studio Project
  • Teams rollout

I am spinning plates as hard as I can here.


Jonathan Merrill

Thank you for asking.  My own list is overwhelming.  The organization is hustling.  Projects are piling up and plates are falling as only so much can be done to keep those spun.  Let me turn you onto a recent EntreLeadership podcast, #263 – Thriving in the Age of Overload.  Skip to the Daniel Tardy’s talk about, “The Tyranny of the Urgent”.

Questions Needing Answered When Looking At Your Workload

  1. Does it have to be done?  Can we eliminate it?
  2. If I can’t eliminate, can I automate it?  ß This is where I feel the most work needs to be done.
  3. If I can’t automate it, can I delegate it?  Let someone else do it.
  4. If I can’t delegate it, is it urgent?  Is it a fire?
  5. If it is urgent, how do we approach, getting the right people in the room?   Most often, someone’s fire is not a fire to the organization.

Our temptation is everything is on the list is a fire.  We need to prioritize on impact and urgency based on the most impact to the most people.

If you’ve listened to the pod cast, tasks (or WIP) should be limited 3.  So, looking at this list, here is my recommendation where your head should be at:

  1. Tickets – I agree.  Although take care against this taking up 100% of your day.  Handle Critical and Highs only.  Sometimes, that means contacting customers, negotiating and adjusting the criticality.
  2. Visual Studio Project – Most impact.  Most urgent.  Key to our business.
  3. Office 365 Project  – Most impact.  Most urgent.

This is an exercise everyone can do.  And should be aligned to what is on our team Kanban.

\\ JMM

Hiring in Robert Britten…

“A leader is one who knows the way, goes the way, and shows the way.” – John C. Maxwell

It’s not very often you run into exceptional leaders who believe in what you believe, who care at the same level you too care, and execute at the same level and often better than you. I’ve been in this business for a long time and meeting Robert Britten was one of the high points of my career.

He took the reigns at Santander Consumer USA from another colleague of mine, Shaun Hendricks. The team he took on was troubled and when he got going, I admit I was skeptical. Robert is unassuming, humble, and eloquent. Something is wrong with this guy… After working with him for a couple of months, boy was I wrong. After six months, I knew I had a partnership that I would come to trust and rely on in both my professional and personal faith life.

Robert is a titan leader and I am proud to announce he has accepted the position of Director, Technical Services at Lanvera. Rob is going to head up a operations team which has responsibilities across multiple disciplines: application support, database support, and production services support. His team is central to service delivery, connecting infrastructure, development, and client services teams.

\\ JMM

Why I Cancelled GoDaddy…

“It’s just not right that so many things don’t work when they should. I don’t think that will change for a long time.” – Steve Wozniak

After a ten-year plus relationship with GoDaddy, I’ve closed my account. It felt good as GoDaddy of today isn’t what GoDaddy was ten years ago.  I argue the service has been getting worse as time as gone on, just like Network Solutions.  These companies might be forgetting what got them there in the first place.  Here are my reasons and my next steps.

Why GoDaddy Worked

  1. Lost cost. Very competitive pricing.
  2. Good technical support. I did have a couple of problems and their support was great.  Even restored my DotNetNuke website back to a functional level.  Gave them mad kudos’ for that.
  3. Great DNS Management. I argue the simplest in the business.

Why I Said No to GoDaddy

  1.  My hosted WordPress site was painfully slow using the Economy hosting. Every time I publish, the website would go offline and timeout for 3-5 minutes. Every time. Call up GoDaddy and support would say I am on shared services. If I need more speed, need to upgrade. The speed issue exacerbated module and version upgrades. The last straw was a failed JetPack upgrade due to timeouts. No more.
  2. GoDaddy’s management site is slow. I’d log into my portal and it clocks transitioning between screens. Constant pop ups with new products and ads, but getting to the guts has slowed way down from ten years ago. Super annoying to embed in the management interfaces. Not good.
  3. No support for free SSL. I’ve been talking to them about this for a long time. There are many competitive offers out there offering a free SSL cert for a single WordPress site. If you’re a singular blogger or small business, why not a free SSL cert? No support for Let’s Encrypt. In fact, they’ve designed their system to prevent it without hacking their system. Not supporting these technologies may seem like protecting their turf. I argue it’s an example of legacy companies not getting with modern times. Fail.
  4. On and on sales phone calls. GoDaddy would call me and try to up sell me on products, many I didn’t need.  When I talked about my slow website and lack of support for Let’s Encrypt, the sales guy started dodging.  I’d hang up and get another call a week later, resuming the up sell. Finally, had to tell them to stop calling me. Sales pressure tactics when you’re not trying to fix your product or ease my pain means you don’t care about me.  Bottom line.

And I had to call to cancel. Digital transformation not apparently in effect at Godaddy. I was genuinely worried I would be pressured just like a gym membership. Alas, “Joel” took my call and walked me through. I asked for a refund for my remaining months and got it.  A+ Joel.  I might come back.

Where Did I Go?

I transitioned to Dreamhost. Performance has been far better, although they need to work on their management tools. User interface needs much work. But, it’s very nice to functional without wait times for the same money.

One More Thing…

Colleagues have pointed me to NameSilo as an inexpensive domain name registrar. I’ve been using them for a few domains and really like their interface and pricing.

\\ JMM

When to Cut Partners Not Meeting Expectations…

“What got you here, won’t get you there” – Dr. Marshall Goldsmith

This post isn’t about leadership, coaching, or ways to win.  It’s in the context of when you have to make the hard decision and cut a partner or vendor that has been in your service for many years.   Why?  I’ve done it wrong many a time.  It wasn’t good.

Any sales guy worth their salt will tell you it’s all about the relationship and, in my time, that advice is right.  I’ve gotten more done on the backs of relationships than not.  I’d even bet that I was more successful with the relationship than without.   That kind of deep partner.  The kind that involve knowing each others’ spouses, kids names, where they go to school, sharing the good times and the bad.

So, what to do when the partnership no longer performs to standard?  When should you cut bait and move onward?  Here is some of my practical advice having been through those scenarios.

#5.  Measure against Expectations.  I am one of those guys who preach, “you can’t manage what you can’t measure.”  If partners aren’t performing, can you quantify your unhappiness?  Are you able to explain the failure against what is contracted?  Even if it’s outlined in a statement of work, the key is “outcomes” and ensuring expectations are laid.  The more nebulous or gray it’s kept, the harder this will be to enforce.

#4.  Give Feedback Often I sometimes include contractors in my quarterly  evaluation.  I mandate minimum annual review of yearly contracts against our organizations’ outcomes.  This is the administrata.  However, what I am referring to is getting on the phone at least quarterly and letting your partners know how they are doing is good business.  Even if it’s a difficult conversation.  Let them know what the issues are as they happen.  Let partners attempt to fix.  This goes to the root of a good relationship.

#3.  Have a Plan.  After multiple conversations and no progress made, it’s time to formulate an exit strategy from your partner.  Examine contracts, look at work product, what is your obligations, how did they violate, was it reasonable effort to resolve?  Look at replacements, can you transition easily, what is necessary to transition?  Cost deltas?  Time impacts?  Have a plan to move.

#2.  Warn Before You Cut.  Plan in place, I’d give it one more opportunity to fix.  Relationships are hard to build and long to cultivate.  Give them the final meeting where it’s on the line:  change or we move on.  If hands are tied and your partner isn’t responding fairly, then you know what you need to do.

#1.  Always Treat With Respect.  As much as our instinct is to light a fire and watch it burn, how you leave the relationship speaks volumes about your character an professionalism.  Not to mention reflective of your company.  Send the letter formally terminating the relationship and stop paying the bill.  Then walk away and don’t look back.  Move on with respectfulness.

Food for thought.

\\ JMM

DrawToast – A simple and fun introduction to Systems Thinking…

DrawToast workshops are a great way to get groups to think freshly about mental models. In just 3 minutes, each person sketches a diagram of how to make toast. When comparing diagrams, people are shocked at how diverse the diagrams are, revealing a wide range of models of what’s important in making toast. It’s a great launch pad for  drawing out what’s really important to the group.

Link:  www.drawtoast.com

A+

\\ JMM

Cautionary Tale: Not all security vendors are above board…

The pen test we do through Nessus is passive, our goal is to identify and report the vulnerabilities we find and allow you to close the holes and harden your systems. A majority of vendors find passive pen test results sufficient but some require active pen test results. We don’t do active pen testing because of the risk and liabilities involved. – Recent Communication From A  Security Vendor

Who shall remain nameless.  There is a difference between penetration tests and security vulnerability scans.  The two do not meet.  Neither does an admission of a passive pen test or an annual security vulnerability scan being acceptable to the majority.  I’ve never heard those words in the same sentence.

This kind of misinformation to score the deal is ugly.  Not only is it a risk to the organization writing the check, but it’s your reputation on the line for signing the deal.  Only good security people will see through this…

\\ JMM

137 Security Questions …

“As Albert Einstein is often quoted as saying, ‘If I had 20 days to solve a problem, I would spend 19 days to define it.’  So the first question you need to be asking is, ‘are you asking the right questions’? – 137 Security Questions Every Leader Should Ask. (2013, September 9). In SecurityIntelligence

As we finish up our SOC2 audit, these security questions run concurrent with everything we do as a security practice and a security leader.  This is one of those articles I refresh upon every now again because it’s exactly on message.

Check the link:  https://securityintelligence.com/137-security-questions-every-leader-should-ask/

\\ JMM

Using Social Security Number as a Bank ID…

SSN is not for IDThere are no laws preventing a bank or credit union of using the SS# as a bank ID. (The government remved the verbiage indicating that the SS# cannot be used as identification sometime in the 70’s.) It is just a bad idea… for a few reasons, based on a conversation I was in with legal experts.  Here are those notes:

1) It is considered personal identifiable information (PII).  PII could include:

  • Name: full name, maiden name, mother’s maiden name or alias
  • Personal identification numbers: social security number (SSN), passport number, driver’s license number, taxpayer identification number, patient identification number, financial account number or credit card number
  • Personal address information: street address or email address
  • Personal telephone numbers
  • Personal characteristics: photographic images (particularly of face or other identifying characteristics), fingerprints, or handwriting
  • Biometric data: retina scans, voice signatures, or facial geometry
  • Information identifying personally owned property: VIN number or title number
  • Asset information: Internet Protocol (IP) or Media Access Control (MAC) addresses that consistently link to a particular person

Using the SS# as the customer identifier makes this information more accessible to contractors, vendors, and others that require access to the account but not the PII. (Thin about how you are accessing your bill payment vendor. You will be passing the customer identification number. Hence you are now providing a SS# to a third party vendor.)

2) Speaking of third party vendors…you must consider how they use the customer identification number. Fiserv sometimes embeds the ID in the transaction number. Now the SS# is exposed elsewhere. I have seen other payments transfer vendors do similar things. Customers get a little sensitive about this sort of thing.

3) You now have the SS# is two places on your system. While you may contain your PII differently, the customer number is generally not considered PII. You will be forced to consider this with every interaction – printed reports, statements, etc.

4) It’s not unique, and its not even a very good identifier. The most infamous case of that was 078-05-1120, which was used on a sample Social Security card by a wallet manufacturer. At one point, more than 5,700 people were using that number as their SSN.

Fascinating.

\\ JMM

Bringing Us Together…

This is an excerpt of an email I sent to our employees.  I am proud to be a part of this organization change and milestone with Lanvera’s IT department.


We Are All ITO

Historically, “IT Operations” was one department, one team, all functions.  This model hasn’t made sense and wasn’t positioning this department to scale to the next level.  Since May 2017, we’ve seen more than a few organizational changes, restructuring functions, and changing of personnel roles.  Now the dust has settled, it’s a good time to mention our brand and mission for this year.

My team’s theme for 2018 is NIHIL SINE MAGNO LABORE.  Latin translation is “Nothing Without Great Effort”.  Steve talks a lot about our IT transformation, having achieved much, but have more ground to go.  The phoenix seen here is representative of our transformational journey.  I would like to extend this theme to all IT teams as we pull together.

To this aim, all teams fall under the department “ITO” and break out into three separate teams:  Infrastructure, DevOps, and QA.  Moving forward, teams will be identified as “ITO – Infrastructure”, “ITO – DevOps”, and “ITO – Quality Assurance”, respectively.  The goal is unification of technology services and support.

Bringing us together.

\\ JMM