wow that’s a lot of options but something has to work out :)

I’m a super newb to the #fitlife and this has some great ideas for easy stuff to make

2018: Being Less Connected

I've been making the argument for analog for many moons at this juncture of old age.  It's an ironic statement, given my career in cybersecurity and the fact that I'm typing this on a laptop to post to multiple social media sites.

Irony aside, we now exist in a civilization where everyone has a smart phone. I recall being absolutely appalled when I worked for a phone retailer and I activated one of the first Android phones for a four year old. Granted that was 8ish years ago but now the concept doesn't phase me at all. The next generation of parenting is distraction through technology. You see parents at restaurants giving children their phones, kids at the mall who play games on their tablets and adults of all ages who are constantly glued to their phones.

In our home, I have a no phones at the dinner table rule. While I enforce it with my SO vigilantly, it’s slightly more difficult to enforce with extended family and friends. You’d be surprised how difficult it is to make it through a twenty minute meal with four adults without phones; not quite an act of congress, but close.

A friend of mine, who is generally pretty connected, told me she was taking a line out of my book on her latest holiday, vowing to social media less and be more present in the moment. Although it’s difficult to take a wonderful vacation or visit with extended family and not post your entire trip to your diligent followers, it does make a difference in the vacation experience.

I’ll compare my last two trips with my husband; the first was basically technology free. We checked our phones at night, barely took any pictures and spent hours talking on a beach under the stars and enjoying the time we spent together. On our last trip, albeit a much more exotic destination, we were both glued to our phones, snapping pictures of everything (except for our food, because I will always think that’s weird).

While I agree that social media has made a huge impact on our lives and process as humanity, I do think there’s a balance that we can all try to achieve.  While that balance is obviously in your hands, I’d say being less connected, especially when it comes to the ones you love the most, is a must. Instead of buying new tech for your kids, take them on a trip and show them the wonders of the world. Instead of texting your SO all day long, wait until they get home and have a real conversation for 30 minutes about their day, without checking your feed in between statements. And for God’s sake, can we at least take back the dinner hour? Enjoy your food, don’t Instagram it.

Broken Management in Corporate America?

After a heated 3-mile lunch time conversation with a colleague, a discussion was had on the lack of competent managers in Corporate America today.  I was complementing a manager of another division at my current job and how his team’s mantra is “YOU ARE NOT PERFECT. YOU WILL MAKE MISTAKES. YOU WILL LEARN FROM THEM. YOU WILL STOP APOLOGIZING FOR LEARNING.” It struck me because it’s difficult to find a technically capable manager who has real managerial skills –read communication and leadership.  Often times you get one or the other, but rarely both.  And this unicorn also understands the value of failure and learning.  

               Our walk pondering lead to the following question, “Are there technical managers that exist that are closer to this unicorn and further away from the terrors that we normally see in IT.”

               Upon my return from said walk, in the same manager’s slack channel, one of his direct reports had linked this page and recommended it as mandatory reading for all engineers and managers.  It is a NASA report on the discrepancy of shuttle performance in terms of machine and human cost between their engineers and their management staff.  The full article is lengthy but worth the read: https://science.ksc.nasa.gov/shuttle/missions/51-l/docs/rogers-commission/Appendix-F.txt

               Here’s the TL:DR part that stood out to me:

"Finally, if we are to replace standard numerical probability usage with engineering judgment, why do we find such an enormous disparity between the management estimate and the judgment of the engineers? It would appear that, for whatever purpose, be it for internal or external consumption, the management of NASA exaggerates the reliability of its product, to the point of fantasy.”

“Official management, on the other hand, claims to believe the probability of failure is a thousand times less. One reason for this may be an attempt to assure the government of NASA perfection and success in order to ensure the supply of funds. The other may be that they sincerely believed it to be true, demonstrating an almost incredible lack of communication between themselves and their working engineers.”

               It occurs to me post reading, this isn’t a single industry problem, it’s a widespread disparity between the hands on workers and management.  If NASA can’t figure it out, are the rest of us a lost cause? Let’s hope not.

In my humble opinion, from being on both sides of this coin, communication is key.  As a manager, it will always be your job to attempt a relationship with your subordinates.  As a subordinate, it should be your desire to have a relationship with your manager and with your team.  Breaking the ice can be hard, asking for help can be hard but work-life balance is so much higher when you feel that you have a connection to the people you work with and your job will be easier if you have the support and guidance of your manager and the rest of your team.

               My attempt this week? Dad jokes.  Daily, in chat, who has the best ones?  Makes everyone laugh and if nothing else, I’ll take a smile.

How To Stay Safe Online, At Work

The cybersecurity industry has grown by rapidly over the last 5-10 years.  Companies invest in email filters, spam blockers, virus protection, web filters and firewalls all in hopes of keeping the bad guys out and keeping their employees safe online.

But what happens when all of that fails? And more importantly, why does it fail? If it's so expensive, you would think it would protect you 100% of the time. Wrong!

Let's start with why it fails. Cybersecurity, or internet security in general, is an ever changing landscape, where new vectors (vulnerable areas to exploit) are discovered every day.  Most of the time, these are bugs in software or hardware and can be fixed by patching.  The bad guys are able to break in because 1) it's a zero day threat, or a vector that doesn't have a patch, or 2) because your security team hasn't implemented the patch (see Equifax disaster).

In a perfect world, the hundreds of thousands of dollars that you company spends on tools to keep you safe, would always work.  But with every new innovation in technology, comes new vectors.  

Fun fact! People actually dedicate 100% of their time to collect "bug bounties," which is basically making a living off finding software bugs and reporting them to the parent company.  Depending on the severity of the bug, the payouts can be in the 10-100s of thousands.

Now, in the event of a failure, where something malicious actually ends up on your (the end user) computer screen, this is where a small bit of user education can save your company millions, it's reputation and the undying love of your IT staff.

Lesson One: Don't open random email.  See something from FedEx saying you have an incoming shipment? STOP. Did you order something? Can you verify it somewhere else? And why is it sending an alert to your work email?

Lesson Two: Apply common sense. Does your CEO normally email you? Does he/she normally ask for sensitive materials (i.e. company pay structure, list of all employees, w4 information)? If not, don't send it.  Good way to validate is to call or text said CEO (or any other employee in this scenario).  This is called out of bounds validation because you aren't using the same means to confirm the information.  If you reply to a scam email, they aren't going to admin they're scamming you.

Lesson Three: It's a BEST practice to not open up links.  In email, on Twitter, on Facebook, etc. If you are going to open one, take your mouse and hover over the link to see where it actually takes you.  If the link in the email reads "www.google.com/getfreemoneyhere" but when you hover over it, it becomes "www.akljzlkhedhlwe.ru" then chances are it's a redirect link.

Lesson Four: Don't update software on your computer from a pop up. For instance, if you're browsing www.equifax.com and a pop up appears saying you need to update Adobe Flash, don't click the link.  Instead, go to the source (in this case adobe.com) and see if your version of Flash actually needs updating. **The exception to this rule would be updates from Microsoft when you shut your computer down and it alerts you that there's an update**

Lesson Five: This is the most important one! If you don't know, just ask. I promise you, as a former help desk engineer and security engineer, even if you call me 500 times a week to validate a link, look at a suspicious email or just ask questions to better educate yourself, it's less of an annoyance/disaster than if you clicked a malicious link and now you've infected your computer and potentially the entire office with ransomware.

HTTPS: What it is and why it’s important

Most people understand that you shouldn’t log into a website that exchanges personal information (i.e. your bank account, email, etc) without seeing the green lock icon and “https” before the website name.  But most people don’t understand the why behind this behavior.

Let’s start with the simple difference between HTTP and HTTPS.  Hypertext Transfer Protocol (HTTP) is the basic communication between two devices over an internet connection.  The S means that this transportation is secure using TLS or SSL.  The later two acronyms are protocols that encrypt internet traffic, essentially offering protection for users on a website entering in information.

So why does that matter? For starters, we should take a quick detour into internet privacy and the age-old argument of “if I’m not doing anything wrong, why does it matter?” I like to think of internet privacy through the same lens as someone standing outside your house, staring in a window.  While I may just be cooking tacos in my kitchen, rocking my awesome Star Trek apron, why is that your business?  And if I caught someone standing in my window staring in my home, I would freak out.  I find that to be a normal, rational reaction.  What kills me is that the general argument I hear from people while discussing privacy on the internet, specifically around NSA surveillance, is that people don’t care because they aren’t doing anything wrong.  

Now that I’ve stepped down off my soapbox, it should matter on all websites for similar reasons.  Consider the following scenario, you’re at the airport, on free wifi, and you’re looking at hotels you want to visit.  If a nefarious person running a free packet sniffer was on the same free wifi network, they could very easily watch your transactions of choosing a hotel and/or activities to do while you’re at your destination.  Of course if you’re booking your hotel, that would be an HTTPS site because it involves your credit card.  But all the other activity searching and hotel looking may not be.  Now you have a stranger who has a good idea of where you are staying, what you plan on doing and it’s also obvious that you’re an out of towner and an easy target.

Additionally, a more basic, but equally nefarious scenario occurs hourly on non-HTTPS sites: website hijacking.  You’re surfing for a news article online and you see a pop up ad, alerting you of a new deal, a free virus scanner or a program needing an update (Flash, Java, etc).  You click said ad/alert and all of a sudden, you’re a victim of malware.  Do you get mad at the original news site owner? You should. If they were using HTTPS, it wouldn’t be as easy for nefarious people to spread malware.

The good news is that many web browsers force the use of HTTPS whenever it’s possible.  There’s also lots of pressure on site and application developers to create things utilizing HTTPS for the good of the entire internet.

TL:DR mind the pop up windows telling you that you’re accessing an HTTP only (insecure) website and don’t put your personal information into anything that doesn’t begin with HTTPS.