Blog

My Top 5 Issues With IssueTrak

IssueTrak is a fairly basic ticketing system currently in use at LANVERA.  Although development efforts surrounded IssueTrak giving it a level of criticality to the business, we found ourselves painted into a corner with this solution.  We cannot upgrade without risk of breaking our applications.  That is on us.

However, my biggest concern was the product wasn’t designed with ITIL or any ITSM framework in mind, in my opinion.  And I wasn’t sure it ever would be with their track record of mostly bug fixes and focus on non-service management features.

As a result, in September 2017 I met with IssueTrak’s leadership to discuss the roadmap of IssueTrak .  Here is the deck I prepared for that meeting.


The conversation was mostly positive and there was a healthy agreement that the product wasn’t developed with these use cases in mind.  I hope the product continues to mature and grow as competition in the ITSM space is healthy in the SMB space.

\\ JMM

Information Security Preventative Measures

Information Security Preventative Measures
By US Department of Homeland Security, United States Secret Service
NTX ISAA Cyber Security Conference, November 10, 2018

  1. Employee Awareness and Training
  2. Strong Filters
  3. Email Scanning (Incoming and Outgoing)
  4. Firewall Configuration
  5. Network Segmentation
  6. Software Updates
  7. Scheduled AV Scans
  8. Configure Access Control (Least Privilege)
  9. Disable Remote Access
  10. Software Restriction Policies

Please check out this conference notes and consider attending going forward.  Amazing event and a lot of content shared.

\\ JMM

yED Graph Editor – Diagramming Dynamo

yEd is a powerful desktop application that can be used to quickly and effectively generate high-quality diagrams.
Create diagrams manually, or import your external data for analysis. Our automatic layout algorithms arrange even large data sets with just the press of a button.

I’ve just recently sat in an meeting with application development talking roadmap and architecture and was curious what tool they used diagramming their workflows and service dependencies.  When the manager mentioned this tool, I was suprised to hear it wasn’t Visio.

yEd is freely available and runs on all major platforms: Windows, Unix/Linux, and Mac OS X.

https://www.yworks.com/products/yed

\\ JMM

“Secure” is not a binary, black-and-white thing.

“Secure” is not a binary, black-and-white thing. Instead, it’s about risk management. Instead of asking whether something is secure, it’s better to ask whether it is “secure enough for such-and-such purpose”. – Quote from Crypto Stack Exchange, August 2013

I seem to be talking a lot about security these days.  Not only in my professional life, but in my personal day to day.

I am considering shifting my family from Windows phone over to Android, despite the personal pains supporting this ecosystem that worked flawlessly for me for many years.  The security conversation in this context is rife is opinion and observation from friends and colleagues.  Everything from Android’ inherent security challenges to hackers leveraging Google Play to distribute bad wares.  Admittedly, I will lose some sleep knowing my family’s desire to load hundreds of apps.

Getting the Microsoft ecosystem connected onto an Android phone requires passwords and access to applications that will not be understood as to why.  Just going through the motions.  For example, the password vault we’ve been using in my family worked only on Windows phone.  We need to consider what tool works well in the Android space, ease of transference, and retraining my family members to use this tool.  Further, vaults need access and will prompt if it can obtain rights to reach or access areas of the operating system.  Another situation rife with chance of malfeasance.

When I researched a deck on security back at Santander, I found the above quote and it immediately returns to mind when I talk security in both spaces today.  Many organizations take a harder line to reach the goal of “secure”, damn productivity and usability.  Compliance works for larger organizations under audit scrutiny.  But many companies do not operate in those industries.  Neither do families.

Nevertheless, when I look at technologies, you have to look at the people at the helm.  Combined, risks can be pondered and formulated. And after thoughtful interaction and use cases, discussion with the people using the technologies, making the arguments pro and con, can you make the right decision for those users.  As often times, technologies are often secure enough when powered by security conscious people.

My recent thoughts on the matter.

\\ JMM

Rob England IS the IT Skeptic

“You don’t change culture team by team or app by app. You don’t get to pick and choose where you DevOps. You can do it for a while – operating bi-modally – in order to experiment, to allow new ways of working to incubate, but it is essential to converge quickly. DevOps is not a piecemeal tool, it is an organisational transformation.” – The IT Skeptic Blog, July 22, 2017

This blog isn’t about DevOps.  There are now thousands to choose from with authors off all walks.  This blog is about Rob England and his blog, The IT Skeptic.

If you haven’t read this blog, start.  It’s a must read.  In fact, I’ve spent evenings rolling through his old content to follow his train of thought in the hottest topics all IT shops struggle with:  How to do IT service delivery, effectively.  It’s an art.  It’s not simple.  And done poorly, costs organizations dearly.

I do not have a recommendation where to start.  If you read his last blog, currently on December 5, 2017, it’s titled, “Project Management was the worst thing that ever happened to IT“… Wow.  And right on target.  Do organizations think this way?  Most can not.

\\ JMM

SMB and ITSM: Framework

Everybody says they want to be free. Take the train off the tracks and it’s free, but it can’t go anywhere.”

Zig Ziglar

Organizations require structure to operate, but most often end up creating silo towers with no connecting switch-track to communicate or change direction. Following a framework in exactness is limiting — but adapting a framework is not. There is no one-size-fits-all; that it’s a framework means you have the ability to lay the tracks any way you like. If, in the future, you decide to make an offshoot to a new destination, then you have the ability to do so with the guidance the framework provides.

ITSM is a continuous journey, not a project that ends on the ‘go live’ date. And if truth be known, there is no end to a project until all the chickens come home to roost (but that’s another blog). Count on this: There will always be other destinations to visit that will require you to lay tracks to get there.

From:  http://www.bmc.com/blogs/itsm-best-practices-quoting-itsm-isnt-enough/

Re-posting as we shift focus to ITSM.  I found this article on BMC’s website and felt it’s right on.

\\JMM

Companies Expect Updated Information Security Documents

“Below is a list of documents that is requested by a vendor management company.   Information Technology needs to be able to provide these documents on demand:

-Information Security Policies (Current)

-Cyber/Network Security Policies with Testing Requirements and Results (i.e. Vulnerability and/or Penetration Testing) (Current)

-Incident Response Policies with client notification protocols (Current)

-Disaster Recovery/Business Continuity Plan(s) (Current)

-Disaster Recovery Testing Results (Current)

Whether it is a partnership, vendor relationship, or just being a customer, it’s no longer unusual to get asked how companies treat security.  Risk Management survey’s include questions like, “Has your company been hacked in the last 12 months” and “What was your incident response plan to the breach”.

Where to go to get this stuff?  Where do you keep it?  How to manage?  Many larger companies hire the talent to write it.  Alternately, resources exist that can help with what is needed to cover.  Here are a couple of resources:

I have used all three in my career with success.  Managing these documents should be no different than other IT policies.  In other words, manage collectively with yearly reviews and periodic changes as the organization matures.

What tools or resources have you used to help write security documentation?  Drop me a link to add to the list!

\\ JMM

Our Data Center Reboot

“In today’s era of volatility, there is no other way but to re-invent.” – Jeff Bezos, Amazon founder

Our first major project happened in September of this year.  We fork-lifted the corporate office data center, refreshing our technology foot print and establishing standards.  An investment in not just things, but our technology philosophy, with emphasis on quality, craftsmanship, and ownership.

Before:

XXXX
LANVERA’s Data Center – June 2017 – Front
LANVERA's Data Center - June 2017 (Back)
LANVERA’s Data Center – June 2017 – Back

After:

Coppell's New Datacenter-Front
LANVERA’s Data Center – September 2017 – Front
Coppell Datacenter - Back
LANVERA’s Data Center – September 2017 – Back

Reinvention, completed.

\\ JMM

Challenging IT “Enablement”

“I don’t want my guys to be technical. That’s your team’s job.”

Imagine if Information Technology pushed “day-to-day support” to the business. Before you shoot this idea down, the concept is already actively being embraced by many smaller technical companies. Go read “A Year Without Pants”, by Scott Berkun, the story of WordPress.com where this idea and other evolutionary collaborative work space ideas has roots.

I call it, “IT Enablement”.  A focus on giving people the tools and trust, with strong oversight and governance from IT.  The alternative is zero trust, which is the popular direction for a majority of risk-adverse IT organizations.  Enablement is a philosophical challenge to today’s status quo and not embraced by many.

As with all disruptive ideas, success is determined through buy in and culture. So, when a strategic directive to eliminate the necessity for a help desk landed, we responded with goals to enable business units with a heightened degree of endpoint control while IT provides just governance and security controls.

Long story short, this direction bombed. I wish to write to talk briefly about what happened and why.

Problem 1.  A Misunderstanding.  As what often happens in leadership meetings, it’s often not what’s said, but what wasn’t.  In the discourse, I realized that my interpretation of what our senior leaders want translated to situations that put IT directly in opposition with our conventional business leaders.  How so?  Read on.

Problem 2.  An Revolution.  As this new direction took flight, did I prepare leaders?  Socialize this direction?  Align to goals or strategy?  Not satisfactorily.  In fact, the culture shift attempted occurred at the send of an email:  Effective immediately, support responsibilities are owned by our end users.  And as you might have guessed, leaders did not embrace.  In fact, we were criticized in town hall and by other leaders.  A series of ouch moments.

Problem 3.   Road map to Transformation.  About this time, IT leaders met and realized the bigger challenges in front of us, based on our misread and failed embrace of technical ownership.  The ‘digital transformation’ was born.  Here is our transformation road map:

Solution 1.  Simplify The Landscape.  From policies, standards, and procedures to technology, software, and networking.

Solution 2.  Monitor & Transparency.  Every single thing in IT should be measurable.  A tool will not just focus on measuring and reporting, but giving our technical support teams access for transparency.

Solution 3.  Education and Consult.  Information Technology should be consulting our business leaders, educating our people, and establishing the knowledge culture.  A baseline of technical skills and measuring the values of providing.

The goal:  To eliminate the help desk (Level 1) by 2020.

This blog took me more than a few weeks to write.  How to talk about a subject like this is not easily done nor written about.  And our journey about this topic consumed 3-4 months.  Upon reflection, it was a difficult time.  However, it was worth the attempt, I learned quite a bit from many leaders with legitimate perspectives, turning this fail into learning moments.

If you have successfully put to rest your IT help desk and embraced Enablement, please write me.  I would love to learn how you did it and challenges faced…

\\ JMM

Microsoft Kills Mobile…

Joe Belfiore @joebelfiore – Oct 8
Actually, a huge, huge majority of our Windows/Office (and Xbox) users are mixed-ecosystem. MOST people have a different phone than “PC”

Ingo @LaktoseIgnoranz
Replying to @joebelfiore
When people switch to iOS or Android they will switch ecosystems, too. No more need for Microsoft then. That’ll be your next big problem.

It has never been a more confusing… frustrating… no infuriating time for Microsoft developers and professionals. Twenty years of evangelizing the technologies, investing in the products, moving organizations, friends, and family, and for a time enjoying the benefits of a homogeneous ecosystem. Yet, this year, a constant barrage of fear, uncertainty, and doubt about Microsoft strategy from Microsoft pundits, talking heads, industry leaders, and peers.

The Microsoft code strategy has been under attack for decades, yet Microsoft appears to be succumbing to Linux via Android. It’s absolutely no secret Microsoft is heavily invested in Android. It’s disturbing to see this manifesting in Microsoft stores proudly selling Samsung Galaxy phones promoting the Office productivity suite.

Shifting away from Windows mobile is a questionable strategy. Our next phone now requires me to have a Google or Apple account with similar cloud strategies. A Microsoft failure to deliver on either of those platforms will speed a demise due to the lack of a unified endpoint platform. This is an uncomfortable gamble shifting from OS platforms to applications/cloud platforms. Untrue? No Windows mobile or universal app developers will continue to diminish the OS, folks. Why would consumers pay for this platform?

We are very different companies [from Apple and Google] …We are a tool creator … not a luxury good manufacturer. We are about creating technologies so that others can build. [With] Surface, we created a premium product … every OEM should create a lower-priced model. We want to democratize things. – CEO Satya Nadella

I would never believed I would have seen or heard in my Microsoft career at a Microsoft store, the sales person actively telling groups of people in the store, “Microsoft technologies are actually better on Android.” I am equally shocked to read a recent Joe Belfiore tweet, “Go download Edge from Google Play”.

Solution: Return to your roots and focus.

  1. Compete with Linux on their own ground. How? Open source the base Windows OS.
  2. Tier the OS based on function to support business. “Windows Basic” should align to Linux features and functions. “Windows Enterprise Desktop” for endpoints needing business features. “Windows Enterprise Server” for the server.
  3. Give away Visual Studio and continue to train people through MVA.
  4. Get out of the hardware business. Support your partners and OEMs.

Make Windows attractive again to both consumers, businesses, and developers!

\\ JMM