Making an Impact…

“Some people strive for recognition, but I’d suggest we are called to make an impact.” – Michael Quinn Sullivan

2024 was a tough but steady year for IT Operations at Pinnacle Group. We have had many achievements this year. One in particular and most notable was our work to obtain ISO 27001 certification by NSF. As an international company, ISO 27001 is often asked for as it’s mark delivers a credibility that is synonymous and trusted with the ISO brand.

I cannot say I did this alone. It took a tribe of people who also embrace a four-letter word I wish we would all hear more of: CARE. It was Kris Mendoza, who leads the ITO Security Team. It was Sonny Mendoza, who leads the ITO Infrastructure Team, and yes is also Kris’ father. Both Navy veterans and both have a passion for technology. It was Tiffany Newsom, who leads the ITO Support Team. It was Rajani Hyoju who leads the GRC team and project managed this work. Lucio Rosa who was an intern then but now hired on working with Rajnai when we launched GRC last year.

It also took the collaborative work of Alexis Kennedy and Greg Poynton, with our 27001 preparatory auditor partner Weaver. Stellar people. Incredible help.

And last, and most importantly, it took Pinnacle Group’s senior leadership support. We listened to our clients, we saw opportunity, and when I got the green light, we kicked off the change management work tuning the organization’s cybersecurity policy and posture. It took us about one and a half years to complete.

Pinnacle Group held our annual award ceremony on Thursday, January 23, where I was privileged to be awarded the Impact Award. As I said that evening, the award is in my name, but it was truly a team effort to bring this across the finish line. It’s amazing what your able to do with real momentum and encouragement all along the way.

// JMM

Hosting Upgrades 2020

This week, we’ve moved the website from NameSilo hosting over to Greengeeks.com

Deployment of Let’s Encrypt SSL certificates to the website was the big reason for the move. I am very surprised by the web hosting orgs that don’t provide this solution for the one website customer.

\\ JMM

What happens if we don’t invest in developing our people…

CFO asks CEO: “What happens if we invest in developing our people and then they leave us?”

CEO: “What happens if we don’t, and they stay?”

The Lesson: Train people well enough so they won’t leave. Treat them well enough so they won’t want to leave.

Numerous LinkedIn Postings

We see this advice over and over. As leaders, are we walking the walk? Or just more of the same. I talk to colleagues and training is still a problem. Fear of making the investment and watching that investment walk out the door cited as the primary reason.

In today’s economy, junior people are far more skilled than 10 years ago. I see the resumes. We live in times where candidates are highly competitive, highly motivated, and have goals. Financial goals.

Leaders: You are either a part of the solution. Or part of the problem. Invest in your people. Technical and professional. Hard skills and soft. Teach people how to win. Otherwise, your people will move on. And waiting till your top talent leaves you… is on you.

C-Levels: Culture starts at the top. Invest in your leaders. Values and culture matter. Establishes tone. What is and is not acceptable. Mentor the gaps, but hold the line on the winning culture: That you built. Otherwise, your leaders will move on. Waiting till one of your top leaders leaves the organization is on you. Money doesn’t solve the aggravation or feelings of having no support.

Invest in your people. Constantly.

\\ JMM

When A Leader Told Me To Stop Reading Books…

“Jonathan, you need to stop reading books.  They are hurting your career.  Read the email I just sent you.” – Name Withheld (Obviously)

I would bet in any career field, you run across people who say things that are incredibly damaging in multiple ways.  Causes pause for how toxic or caustic people get into leadership positions.  Nevertheless, the most outrageous comment I’ve ever been told is to stop reading books.

If you know my leadership style, then you know I perpetuate the knowledge culture, which is heavily based on DevOps’ CAMS (Culture, Automation, Measuring, and Sharing).  Working with other teams who don’t embrace that philosophy can and does create friction.  Which is where education is applied.  Culture is critical, we all agree.

So, if your wondering what the email said, I’ve kept it in my personal journal.  Sharing it’s entirety to you editing out business bits:

From: Director, Information Technology
Sent: Long Long Time Ago…
To: Jonathan Merrill
Subject: Communication

I wanted to tell you something I learned a long time ago.  What you did yesterday or last week or last year is almost worthless.  I too have won [people] awards.  They mean nothing.  The business world is focused on what have you done for me now.   The growth of teams is far more important than most anything else.

One of the main things that I desire is that I would rather make progress than simply prove that I am right.   As long as the progress is in the best general direction then it will likely make things better.  In time possibly it will convince people (that aren’t under me) that it was a good idea.  Maybe it shows how it wasn’t.  But I don’t try to emulate anyone.

The people you list (Leonici, Maxwell, Wooten) are mostly wrong in any approach they suggest.  Each approach has to be custom tailored for the situation.  I find that most of the books people write all say basically the same thing.  Many of them are worthless and if they are good I take only a few points from each of them that I have found worked.

For example I remember when everyone said emulate Jack Welch and his leadership style.  I started reading about him and it sounded impressive.  Then I started learning that it wasn’t uncommon for the company to lay off people all the time just to improve stock price.  I found that his words lacked practice.  So he said the right things but practiced a form of management that basically resulted in turn over at all levels (forced or not forced).  In time I figured out that in my opinion he was just another useless manager who had some good ideas but his ideas likely only worked one time in one situation and me saying I would use them was highly suspect.

So really I hate to say it (good or bad) but I don’t study anyone.  I keep a list of things I have learned and try to put who taught it to me.  Outside of that I don’t worry about it.  Graduate school taught me that for the most part.  Good management is 50% how you treat people and how they perceive you and 50% of your ability to define what you want.  Combine those and you likely get progress.

Sounds seat of the pants I know but how I work.

Let’s dig into a few of these statements, as parts of his email is peppered with logic, and where it goes off road.

#1.  What you did yesterday or last week or last year is almost worthless

Leaders are always judged positively by their achievements.  Finding the achievement pattern leads to good hires.  Not tracking your achievements nor having a track record of your achievements is a professional miss in self-development.  I argue all people, from help desk to VP, IT should actively track achievements.  Marry them up with your personal and professional goals.  Minimally, present them annually during the evaluation process so the organization understands what your about and the value you bring.

#2.  As for selling on approaches or styles I rarely if ever do that.  Nor will I start.

Managing a team on democracy and goals is good, but if the culture isn’t set to create the operating context of expectations, then that team is no different than a mob.  People want great cultures.  People desire to know the boundaries so they can freely do their job.  I would argue effective leaders have a style and actively sell/mentor approaches to their people.  Ineffective leaders do not try.

#3.  The people you list (Leonici, Maxell, Wooten) are mostly wrong in any approach they suggest.  Each approach has to be custom tailored for the situation.

How can you argue with the results of those leaders who study and embrace good leadership principles versus those that do not?  We take what is learned and apply it to any situation.  Most situations require customization as no one things fits.  I argue studying principles of success does far better to educate versus only depending on your last leadership experience.

#4.  I remember when everyone said emulate Jack Welch and his leadership style… I found that his words lacked practice.

I too have read Jack Welch and found many things that didn’t align with my leadership philosophy or brand.  I don’t advertise leading this way, but learning how he led isn’t less important.  We should not read any book and apply it to our life prima facie.  Books should educate us, challenge our thinking, and give us opportunity to change us, make us better, or just entertain us.  I argue practicality alone shouldn’t be a reason to not read books about leadership.

#5.  I don’t study anyone.  I keep a list of things I have learned and try to put [into practice] who taught it to me.  Outside of that I don’t worry about it.  Graduate school taught me that for the most part.

I would argue that going to college should just be the beginning of your life long learning journey.  Not the end.

#6.  Good management is 50% how you treat people and how they perceive you and 50% of your ability to define what you want.  Combine those and you likely get progress. 

Of everything said here, this statement rings most true.  And worthy of underscoring as working with this leader for over a year, I can say he wasn’t intentionally “toxic”.  He was a grounded guy, with a family, bills, car, and problems just like us all.

However, looking back on what he got accomplished during his time, he achieved very little.  Not many strategic things got done.  He touched no one.  Influenced little.  And was quickly forgotten as he left.  Does anyone enter a leadership gig with the desire to leave no legacy?  I would argue no.

I ran across this comic today and it reminded me of that leader and his email.

Source: Jake Likes Onions

If anyone knows the author of this book, please let me know.

\\ JMM

Why I Cancelled GoDaddy…

“It’s just not right that so many things don’t work when they should. I don’t think that will change for a long time.” – Steve Wozniak

After a ten-year plus relationship with GoDaddy, I’ve closed my account. It felt good as GoDaddy of today isn’t what GoDaddy was ten years ago.  I argue the service has been getting worse as time as gone on, just like Network Solutions.  These companies might be forgetting what got them there in the first place.  Here are my reasons and my next steps.

Why GoDaddy Worked

  1. Lost cost. Very competitive pricing.
  2. Good technical support. I did have a couple of problems and their support was great.  Even restored my DotNetNuke website back to a functional level.  Gave them mad kudos’ for that.
  3. Great DNS Management. I argue the simplest in the business.

Why I Said No to GoDaddy

  1.  My hosted WordPress site was painfully slow using the Economy hosting. Every time I publish, the website would go offline and timeout for 3-5 minutes. Every time. Call up GoDaddy and support would say I am on shared services. If I need more speed, need to upgrade. The speed issue exacerbated module and version upgrades. The last straw was a failed JetPack upgrade due to timeouts. No more.
  2. GoDaddy’s management site is slow. I’d log into my portal and it clocks transitioning between screens. Constant pop ups with new products and ads, but getting to the guts has slowed way down from ten years ago. Super annoying to embed in the management interfaces. Not good.
  3. No support for free SSL. I’ve been talking to them about this for a long time. There are many competitive offers out there offering a free SSL cert for a single WordPress site. If you’re a singular blogger or small business, why not a free SSL cert? No support for Let’s Encrypt. In fact, they’ve designed their system to prevent it without hacking their system. Not supporting these technologies may seem like protecting their turf. I argue it’s an example of legacy companies not getting with modern times. Fail.
  4. On and on sales phone calls. GoDaddy would call me and try to up sell me on products, many I didn’t need.  When I talked about my slow website and lack of support for Let’s Encrypt, the sales guy started dodging.  I’d hang up and get another call a week later, resuming the up sell. Finally, had to tell them to stop calling me. Sales pressure tactics when you’re not trying to fix your product or ease my pain means you don’t care about me.  Bottom line.

And I had to call to cancel. Digital transformation not apparently in effect at Godaddy. I was genuinely worried I would be pressured just like a gym membership. Alas, “Joel” took my call and walked me through. I asked for a refund for my remaining months and got it.  A+ Joel.  I might come back.

Where Did I Go?

I transitioned to Dreamhost. Performance has been far better, although they need to work on their management tools. User interface needs much work. But, it’s very nice to functional without wait times for the same money.

One More Thing…

Colleagues have pointed me to NameSilo as an inexpensive domain name registrar. I’ve been using them for a few domains and really like their interface and pricing.

\\ JMM

“Secure” is not a binary, black-and-white thing.

“Secure” is not a binary, black-and-white thing. Instead, it’s about risk management. Instead of asking whether something is secure, it’s better to ask whether it is “secure enough for such-and-such purpose”. – Quote from Crypto Stack Exchange, August 2013

I seem to be talking a lot about security these days.  Not only in my professional life, but in my personal day to day.

I am considering shifting my family from Windows phone over to Android, despite the personal pains supporting this ecosystem that worked flawlessly for me for many years.  The security conversation in this context is rife is opinion and observation from friends and colleagues.  Everything from Android’ inherent security challenges to hackers leveraging Google Play to distribute bad wares.  Admittedly, I will lose some sleep knowing my family’s desire to load hundreds of apps.

Getting the Microsoft ecosystem connected onto an Android phone requires passwords and access to applications that will not be understood as to why.  Just going through the motions.  For example, the password vault we’ve been using in my family worked only on Windows phone.  We need to consider what tool works well in the Android space, ease of transference, and retraining my family members to use this tool.  Further, vaults need access and will prompt if it can obtain rights to reach or access areas of the operating system.  Another situation rife with chance of malfeasance.

When I researched a deck on security back at Santander, I found the above quote and it immediately returns to mind when I talk security in both spaces today.  Many organizations take a harder line to reach the goal of “secure”, damn productivity and usability.  Compliance works for larger organizations under audit scrutiny.  But many companies do not operate in those industries.  Neither do families.

Nevertheless, when I look at technologies, you have to look at the people at the helm.  Combined, risks can be pondered and formulated. And after thoughtful interaction and use cases, discussion with the people using the technologies, making the arguments pro and con, can you make the right decision for those users.  As often times, technologies are often secure enough when powered by security conscious people.

My recent thoughts on the matter.

\\ JMM

Rob England IS the IT Skeptic

“You don’t change culture team by team or app by app. You don’t get to pick and choose where you DevOps. You can do it for a while – operating bi-modally – in order to experiment, to allow new ways of working to incubate, but it is essential to converge quickly. DevOps is not a piecemeal tool, it is an organisational transformation.” – The IT Skeptic Blog, July 22, 2017

This blog isn’t about DevOps.  There are now thousands to choose from with authors off all walks.  This blog is about Rob England and his blog, The IT Skeptic.

If you haven’t read this blog, start.  It’s a must read.  In fact, I’ve spent evenings rolling through his old content to follow his train of thought in the hottest topics all IT shops struggle with:  How to do IT service delivery, effectively.  It’s an art.  It’s not simple.  And done poorly, costs organizations dearly.

I do not have a recommendation where to start.  If you read his last blog, currently on December 5, 2017, it’s titled, “Project Management was the worst thing that ever happened to IT“… Wow.  And right on target.  Do organizations think this way?  Most can not.

\\ JMM

Microsoft Kills Mobile…

Joe Belfiore @joebelfiore – Oct 8
Actually, a huge, huge majority of our Windows/Office (and Xbox) users are mixed-ecosystem. MOST people have a different phone than “PC”

Ingo @LaktoseIgnoranz
Replying to @joebelfiore
When people switch to iOS or Android they will switch ecosystems, too. No more need for Microsoft then. That’ll be your next big problem.

It has never been a more confusing… frustrating… no infuriating time for Microsoft developers and professionals. Twenty years of evangelizing the technologies, investing in the products, moving organizations, friends, and family, and for a time enjoying the benefits of a homogeneous ecosystem. Yet, this year, a constant barrage of fear, uncertainty, and doubt about Microsoft strategy from Microsoft pundits, talking heads, industry leaders, and peers.

The Microsoft code strategy has been under attack for decades, yet Microsoft appears to be succumbing to Linux via Android. It’s absolutely no secret Microsoft is heavily invested in Android. It’s disturbing to see this manifesting in Microsoft stores proudly selling Samsung Galaxy phones promoting the Office productivity suite.

Shifting away from Windows mobile is a questionable strategy. Our next phone now requires me to have a Google or Apple account with similar cloud strategies. A Microsoft failure to deliver on either of those platforms will speed a demise due to the lack of a unified endpoint platform. This is an uncomfortable gamble shifting from OS platforms to applications/cloud platforms. Untrue? No Windows mobile or universal app developers will continue to diminish the OS, folks. Why would consumers pay for this platform?

We are very different companies [from Apple and Google] …We are a tool creator … not a luxury good manufacturer. We are about creating technologies so that others can build. [With] Surface, we created a premium product … every OEM should create a lower-priced model. We want to democratize things. – CEO Satya Nadella

I would never believed I would have seen or heard in my Microsoft career at a Microsoft store, the sales person actively telling groups of people in the store, “Microsoft technologies are actually better on Android.” I am equally shocked to read a recent Joe Belfiore tweet, “Go download Edge from Google Play”.

Solution: Return to your roots and focus.

  1. Compete with Linux on their own ground. How? Open source the base Windows OS.
  2. Tier the OS based on function to support business. “Windows Basic” should align to Linux features and functions. “Windows Enterprise Desktop” for endpoints needing business features. “Windows Enterprise Server” for the server.
  3. Give away Visual Studio and continue to train people through MVA.
  4. Get out of the hardware business. Support your partners and OEMs.

Make Windows attractive again to both consumers, businesses, and developers!

\\ JMM

Status Of Lanvera: Confidence Is Building…

August is my three month mark working at LANVERA. The IT transformation is in full swing and much of the work we have been working on is being felt.  The leaders report three months of network infrastructure stability and confidence is building. This is good for morale across the organization and I am humbled by the hard work.

Our highlights to this point are:

  1.  We hired our security-focused system engineer, Jeromey Lange.  A seasoned technical veteran and leader, Jeromey is going to bring a dimension to the team to reinforce the DevOps culture Steve Taff and I are trying to build.  Certifications include VCP, MCSA, MTA, ITILv3, and Tintri.  He is going to take on Alien Vault USM and run our security practice. A next level player.
  2. The commitment to VMWARE NSX and SDN. With heated discussion and negotiation, the engineers are taking on VMWARE’s NSX technology. We’ve chosen Mobius to partner with us to lead us through our NSX rollout. This milestone is particularly significant as our hopes this decision will see meaningful gains as our DevOps platform.
  3. Workstation Technology Refresh projects kicks off earnestly with work on hardware standards and continued support to develop on the Microsoft platform. Considerable time being spent working the requirements and desired specifications nets decisions of continued use of Dell hardware.
  4. McGuire Solutions has wrapped up the network engineering work and submitted his recommendations. The physical network is comprised of mostly security components on a Cisco Nexus backend. Greg’s team will be engaged to realize the solution starting in September!
  5. Investment in Coppell’s datacenter. We will be upgrading the internal infrastructure to uplift the technology foundation. Examples are patch panel rewire, electrical re-wire, electrical redistribution, and upgrading to cabinets.

Always forward!

\\ JMM

“Everything You Want Is On The Other Side Of Fear”

Quote from the movie Atomic Blonde, a slogan scrawled across a Berlin wall in the pre-Berlin wall era.  Having lived in that time period, the movie certainly plays out the 80s themes with music to match.  The characters blithley lighting up cigarettes and often pouring themselves a drink as the plot rains down violence in a world of secret agents and film noir.

And yet, the movie has an unsettling grittiness that is surmised in this quote.

\\ JMM