Saturday, September 17, 2005

Networking Part Deux - a conversation about LinkedIn

For this piece, I have taken a conversation that actually took place and modified it slighty. I have removed the real names (to protect the guilty) because of those changes. However, the changes were mostly cosmetic with some embellishment of the thoughts to aid those not as familiar with LinkedIn as the participant. Please let me know if you need more clarification in the comments and I will gladly provide it.
-------------------------------------------------------------------------------------

Fred: One thing I have noticed is that LinkedIn as a service tends to fall down a bit when you are outside of the normal job market or the VC model for doing deals.

People have multiple dimensions to their lives. LinkedIn does not facilitate the discovery of the broader spectrum of interests IMHO. This was the most true back before the extra fields for groups, interests and education were added. I was an early beta tester for LinkedIn and what I am calling a limitation seemed to be by design. I raised the issue way back when and the response was something close to 'that is not what we are about' or 'there are other services that do that.' My memory on the prior conversations is not perfect so I am focusing more on my perception of intent based on how LinkedIn is used. A related point is LinkedIn is transactional by nature and not really a way for people to develop relationships. Use email or something else is the recommendation. LinkedIn is about specific referrals and not a way to develop a network for future use.

For the most part I have found that using other networking solutions allows one to develop connections to people who have interests that could be labeled 'topics for a Special Interest Group (SIG)' if I can use a term I know from the computer sector. Things that are not on a resume but might be a strong interest for certain individuals.

Barney: This is what LinkedIn representatives continue to say. LinkedIn's value is not in 'networking' in the sense of broadening your network, it is for leveraging the network you already have. Deepening relationships and using those relationships for referals to do business (whatever business you are in). SIGs and Forums are for getting to know people.

Fred: I have seen a marked increase in the value of LinkedIn to me now that we have groups. I do want to note that I laugh each time I consider the fact that LinkedIn's groups are largely operating outside the LinkedIn service (groups being a Yahoo thing with LinkedIn having no effective integration other than a little icon when you are a member of a specific group [that has become an approved LinkedIn Group and the member has joined it there also]). Granted you can run a search specific to members of a particular group that you are a member of.

Barney: Yes, the addition of groups did add another value point, the ability to 'network' within your group without direct connection or using referrals. This is especially useful when you don't know the person or his work but only share the common group connection. This way you can 'network' with the individual, and contact them without introduction but you will not be put 'on the spot' for an introduction to them.

Fred: With the external groups and forums, you really can get to know someone pretty well and never have any direct communication with them. After developing an understanding of a person and what they bring to the conversation you can contact them directly without any use of InMail, without any approval of other people in a chain, etc. If you enjoy the direct communication you can then go back to LinkedIn and let LinkedIn act as a way to flag that you have had contact. LinkedIn becomes a housekeeping tool.

Barney: BINGO! Once you have forged a relationship, it is time to move it to LinkedIn to nurture and leverage!

Fred: Where LinkedIn is more unique is you can search through someone's network and gain an introduction. The more people are in groups the more you can just join a group and developer a relationship with any person you might be interested in rather than seek an introduction. Granted it takes time to do so. Hence joining a group to reach someone is not that effective if you need to reach a person right now.

Barney: BINGO again! Leveraging your network to do business! {:^D With LinkedIn, while other people are going through the front door and encountering all the roadblocks, filters and gatekeepers, you get to go through the side door as 'a friend of a friend' and might get a chance to present your value proposition, regardless of whether you would have gotten past the blocks.

Let's put this into the perspective of the job seeker (but you can substitute any business dealing)... If you send your resume to HR, you could easily get blocked because you are either missing a key buzzword (or have spelled it out rather than used the acronym) but, going through the side door, you reach the hiring manager directly as a'a friend of a friend' and 'get an interview out of courtesy'. Thus you get the chance to overcome the gatekeepers percieved shortcoming.

Friday, September 09, 2005

What is Networking?

Have you been hearing a lot about something called “networking” and wondering just what the heck it is exactly?



If you’ve asked around, you probably get the sense that nobody really knows what it is because if you ask 10 people, you get 11 different answers. That may be because “networking” will be different for everyone, at least in the details of how, where, when, and why you network. In addition, many people have an incomplete idea of what we call “networking”.



In your handout, there are 3 definitions from 3 different people, an Author of a networking book and 2 company presidents. All 3 are correct, but incomplete – which is why they appear different. If you drew a Zen Diagram of these 3 definitions, there would be more overlap than difference. Here is why I say that:



First, every person on the planet that has interactions with others forms relationships. This is a natural occurrence and is a product of that interaction. Most people will attempt to assist anyone they know (whether asked or not) with advice, guidance, referrals, and endorsements (presuming they feel good about the aspect of the person they are endorsing).



The most successful sales people are very adept at forming relationships – but they are equally good at something else… nurturing those relationships. They sometimes form something that has been attributed to more discriminating groups… “The Olde Boys Network” (sometimes I think they are referring to their maturity but I digress..). “The Olde Boys Network” – many of them in fact – are usually centered around men who have graduated from the same university or are current or former members of some group.



“The Olde Boys Network” really does “network”, especially in terms of job search and hiring but some have questioned if this was done while disregarding qualifications and suitability to the task and with an elitist selectivity of who they allow in their network and casting shadow over the process.



So… What is “Networking”?



True “networking” is the natural act of forming and nurturing relationships, making introductions, referring people to others, and endorsing some; then using that network of who you know, and who they know, to help others. The extent you are successful at networking (over the long haul anyway) depends on your ability to practice those skills. Therefore, we need to hone our natural skills to improve our outcomes.



Networking is a communications based tool and a process that has no beginning and has no end. It is not a goal nor does the act of networking have a goal itself. We all learn to walk but not with the goal of walking – we learn to walk to transport our bodies from one place to another. Walking is the process or tool we use to move our body from the chair to the car where we use another tool to transport ourselves longer distances.



So, what’s the difference between the natural form of networking that we all perform daily and the practice of networking? Deliberate nurturing of relationships. Nurturing of relationships involves deepening our knowledge of others and consciously trying to help them achieve their goals through referrals, advice, and endorsements.



Networking without “trusted relationships”, providing endorsements, and referrals is nothing more than “collecting business cards” and may be enough for some activities but does not stand the test of time and the outcome is often no better than a ‘cold call’.



True networking is an unselfish, lifelong activity, a practice, a tool, a process. The concept of “Giver’s Gain Philosophy" is an unselfish attitude that is contagious and promotes creditable, profitable, and lasting business relationships. The group functions as a sales team for each other by serving as each other's eyes and ears.1



So, how does that all relate to a job search?



OK, well… you know who you know but do they [know who you know]? Not likely and, in the past, everyone had to ask everyone they knew if they knew someone who… until they found someone who did. (Fell like you’re in Whosville?) Now, as with so many things computers and the Internet have given us, we have tools to help with that.



You never know who will know, or meet your next hiring manager. You need to let others know what you do, how well you do it (quantified and objective if possible), and that you are looking for another position. However, you need to try and help others achieve their goals in the process.

Why? How do you feel when someone helps you? Most people feel indebted (to some extent). If you help others, what do you think will happen? Suddenly, it’s not you searching for your next job by yourself, you have an army of people helping you in an attempt to repay you!



One reason you must make networking a lifelong part of who you are is that you build that army of people who want to help you and who “can’t say enough” (hopefully good) about you long before you need them. Those people best at this are never unemployed.

1 "Giver's Gain Philosophy" as defined by BNI (Business Networking International www.bni.com)

Saturday, July 16, 2005

Enhanced Podcasting

I'm doing a little reasearch on Podcasting to try and understand it and its potential uses. I read a post that gave this little tidbit "If a publisher wishes they can even put in clickable web-links that will open up your default browser. This is kind of neat in my opinion. It opens up Podcasts to a whole different world of possibilities. " whole story about Apple's Enhanced Podcasting.

I don't know about you but my first thought was "Great! A new way for malicious hackers to infect our systems!"

I now return to my normal research mode...

Tell me what you think!
podcasting

Saturday, July 09, 2005

Backup, Backup, Backup (and test recovery)

Imagine my joy when I discovered two of my favorite bloggers talking about things I have an interest in and pointing to each other!
Dave Taylor, in his Intuitive Life Business Blog, panned podcasting for business in "Why podcasts won't help promote your business". Since I am a newbie to the world of blogging and have no thoughts of venturing into podcasting, I actually read some thoughts I was having but couldn't articulate (thanks Dave). Unless there is someone who's voice you really really want to hear, I don't see the draw. Why would anyone listen to something without a clue of whether it would be of value?
However, my friend Des Walsh, along with plenty of others (see the comments on Dave's blog). But Des went in a different direction altogether in his reference to Dave's post in "Podcasting and Cautionary Tale on Backups". Ah, backups... and the lack thereof. Des talks about Blogarama's total loss of a lot of content because they didn't have a backup. Imagine the storage you'd need for backing up Podcasting posts!
Des kind of let Blogarama off the hook (by not even questioning why not). I'm not that kind (on this topic anyway). There is no excuse for any business to not have proper backups and a disaster recovery plan that is tested and known to work. Anything less is, in my opinion, criminal.
Most companies that suffer this fate never make it back to prosperity though so I guess that is a steep enough price to pay.
security
backup
data loss

Close your Windows!

Allergic to Hackers, Trojans, & Worms?
Want to avoid most Virus infections?

What platform do you use? Is it Windows? OS X? Linux? Unix? Why do you use this platform? For most people, the answers are Windows, because that's what came installed on their machine. What makes a platform more or less vulnerable?

First, due to its installed base, Windows is a much bigger target than the others. Second, many users accept the default installation and do nothing to secure their system until they've already been compromised. Third, Microsoft has too many buffer overruns and does not handle them properly. (Buffer overruns are a major vector for exploitation.) Fourth, even though Microsoft has made changes that could make their system more secure, they appear to discourage software vendors from taking advantage of it.

Some users may say that they use Windows because a special progeam they need only runs on that platform. This is a valid reason... if it is indeed true and that program is the only one they can use to perform the given task(s). However, it is very rare that there is only one program that can accomplish the task(s) and you can usually find equivilant software in the *nix (all Unix & Linux distributions) world. Furthermore, if you really do need to run a Windows program, you can do it from within Linux! (providing you have one windows server and the right thin-client)

Are there vulnerabilities in the *nix world too? Of course. However, with a little knowledge and some planning, you can reduce your exposure greatly, especially as compared to Windows. I am told that you can make a Windows system safe and usable too and I would hope that is true. However, most people do not have the skills and patience to accomplish this.

If you are interested in finding a safer alternative, you must take stock of your needs, determine if there are alternative programs to do the same things you have been doing (it's much easier than you may think), and do a little homework to determine the right distribution for
you and plan for a safe implementation.

Many people should probably consult with someone who knows more before proceding but even that is easier than you may think.

Close your Windows, for good!

You can do it. {:^)
security
Linux
Windows
reduce costs

Tuesday, July 05, 2005

[Your unprotected] PCs [will be] Infected in 12 Minutes

Interesting tidbit here...

PCs Infected in 12 Minutes

By Vic DaSilva

The speed with which PCs can become infected has now shortened. If your
Windows computer is not properly protected, it will take 12 minutes
before it becomes infected, according to London-based security
company,Sophos. Sophos has detected 7,944 new viruses in the first half of 2005, a 59-percent increase over the same time span last year.
More: http://www.realtechnews.com/posts/1511

The bottom line is never connect an unprotected machine to the internet.
That's over 40 a day. Signature-based anti-viral software is not adaquate protection? There are many types of protection available for any operating system. Tell me what system you have, and what you want to use it for, and I'll help you find proper protection. For the home user, there are free and low cost options. For the business, you can still be protected for low cost. The cost of not protecting your systems is far greater.

security
virus protection

Monday, July 04, 2005

Happy Birthday America!

I hope everyone enjoyed their holiday (in America).
Today, we celebrated the Birthday of the Country. People often forget the reason for holidays, although I think July 4th is less forgotten than most. I guess we get so caught up in our day-to-day lives that it is difficult to remember that Memorial Day, originally called Decoration Day, is a day of remembrance for those who have died in our nation's service, not just the beginning of summer. Labor Day is not just the end of summer, it grew out of a celebration and parade in honor of the working class by the Knights of Labor in 1882.
Independence Day celebrates the birthday of the United States of America. Founded July 4th 1776, with the signing of the Declaration of Independence, America is celebrating it's 229th birthday this year (2005)On July 4, 1776, we claimed our independence from Britain and Democracy was born. Every day thousands leave their homeland to come to the "land of the free and the home of the brave" so they can begin their American Dream.
more...
http://www.usacitylink.com/usa/

Let's not forget the reasons for the holidays.

Value - when it comes to web hosting

I see a lot of people asking, on various message lists, for "cheap web hosting", or in a panic because their hosting company 'disappeared'. This has prompted me to create this message to say "There is more involved in the 'value' question than simply monthly cost."

Remember, value includes long-term relationships and total cost (over the long run). Total cost includes the vendor being in business - at least for the duration of your agreement. It also includes things related to 'security'. Does it matter if every other customer can traverse your directory structure? If so, is there a 'cost' associated with that?

What is the value of not being vulnerable to code-red or other issues? Answers may or may not pertain. Value differes. The main issue is to know what you are getting and place value on what is important to you. If you don't mind your site being vulnerable, then it doesn't matter if
they run W2K without patching. If you do, it does. Perhaps there is 'value' in ensuring that your hosting company does patch their Windows boxes regularly or uses a different OS.

So, I have compiled a list of questions I ask my hosting providers.
In no particular order:
1. Professional facility
- multiple backbones
2. Responsive customer service - what hours - methods?
- Level of expertise
- What topics
3. Easy to manage system - web interface for email, DNS, content
editing, trouble tickets?
4. Basic features:
- FTP access over ssh, can use scp, or similar
- multiple E-mail addresses
- forwarding to any address
- POP/web accounts
- statistics
- backup
- off-site archiving
5. Reliable service - "up-time" - SLA available?
6. Affordable pricing - what's included/not included.
7. Has policies that maintain security.
- Customers should not be able to see or access other customers
directories.
- Programs run as a user-specific login ID, not a generic ID
common to all clients.
- Maintaing latest patches - esp. security.
- Includes configurations to minimize risk - ie. MySQL run as
named pipes vs. TCP sockets - separate instance (not shared with other
clients).
8. Does not leave basic security up to the client (who probably
doesn't know how to deal with it).
9. Deals with patches before the client knows there's a potential hole.
10. Does not allow spam. If another client spams, the whole customer
base is vulnerable to blacklisting.
11. What platforms do they support - how many experts for each
(especially windows)
12. Include extras? like:
backend scripting (what and which versions)
available canned scripts
available scripting components
mailing lists
web-based email pickup/managemnt
available media types (flash, shockwave, wmv, etc)
streaming media servers (Real, Quicktime, Widnows Media)
built in ecommerce packages

Get references - call them - ask if they would mind if you picked out
some customers at random and called them.

Do you disagree with any of these? Have I forgotten some? Talk back to me.

value
lower cost
wise decisions
evaluate hosting companies

Sunday, July 03, 2005

CSO (Chief Security Officers) and general security issues

I was recently involved in a discussion concerning the apparent elevation of Information Security professionals in the business world. Many companies are now hiring managers into management slots that did not exist before, creating a 'department within a department' (within the IS/IT department). The gist of the discussion was questioning whether this heralded the true elevation of this specialty but quickly turned into what I will call a 'complaint' about the skills of management. Here is my reply:

I do not dispute the "generality" that many managers are not up to the technical level of their employees. I further stipulate that Security Managers may be a little closer in technical ability. The reason for this may be the nascent nature of the management specialty.

However, the reality of the (quoted as generalization from earlier comments in the thread) "Managers, of any type/level, are the middle guys assigned to make sure, those under them, those processes and procedures get implement on time, and under budget. Granted, security managers, in a worse case scenario, are probably the very few who can step in and roll up their sleeves, but for the most part, it's the grunts who do the work." argument depends on many factors. Not the least of which is the flatness of the organization.

I managed a 7 person organization responsible for *all* aspects of telecommunications *and* Information Technology for a company of 1200 employees with 450 nodes on the WAN in 4 locations, 150 mobile employees with laptops, a mainframe, large Unix server, Novell, and 2 WinNT machines running ERP, File/Print/Authentication services, and custom developed applications. I spent only 40% of my time managing and 60% of my time doing 'real work'. I am sure there are many more managers that also do 'real work'.

Mark Twain said "All generalizations are false, including this one." It was okay to use the generalization to make a point but this thread has turned the generalization into the point, which is false. Let's try to remember this.

As for the original point, it is about time the Security field got more recognition. I am happy to see the growth of this as a specialty and have long felt that it should be. Many organizations are actually hiring CSO's (Chief Security Officers). I would like to turn this thread to a discussion of whether these changes are cosmetic or real.

It is one thing to hire a manager in a specialty. It is another to spend money on projects in that discipline. Are these companies putting their money where their" managers are or just "paying lip service" to it?

What do you think? Talk back to me...

security
Chief Security Officer
working managers
value