Sten Vesterli's Blog

Making IT Live up to its Promise

Category: IT Leadership

Productivity at 10 pm?

IT Leadership, ,

They call it “productivity” but it’s more likely just busyness. Microsoft research into the use of their Teams product has discovered there are now three peaks in a day. It used to be only mid-morning and early afternoon, but now another peak has appeared at 10 pm. Euphemistically, Microsoft equates keyboard activity with productivity, but keyboard activity at 10 pm is unlikely to add much value for most people.

The workday has expanded by 46 minutes since the start of the pandemic, and most of that has been after normal office hours. It is a leadership task to preserve the health and productivity of your people. Do your employees work at 10 pm? Are you okay with that?

What Can and Cannot Be Said

IT Leadership,

Can you say “pay rise” in your company? At Amazon, that would not be possible. The internal social media app they plan to roll out for warehouse workers will filter out words like “union,” fairness,” and “plantation” (!)

Russian author Fyodor Dostoyevsky said, “The degree of civilization in a society can be judged by entering its prisons.” Similarly, the degree of civilization in an organization can be judged by its internal social media.

What does your internal communication platform and its rules say about your organization?

Are You Monitoring Your Automated Systems?

IT Leadership, Technology That Fits, , ,

It is hard to anticipate the real world. I’m sure the wet concrete on the road in Japan looked just like solid ground to the delivery robot. Consequently, it happily trundled into the urban swamp and got stuck. The story does not report whether the delivery company managed to get their robot out before the concrete hardened…

This is why you need careful monitoring of all the fully automated systems you are deploying. The first line of defense is automated metrics and their normal interval. For a delivery robot, the distance covered over a minute should be greater than zero and less than 270 (if you have limited the robot to e.g. 10 mph). The second line of defense consists of humans who will evaluate the alarms and take appropriate action. The third line of defense are developers who will fix the software and the alarms.

Too many automated systems are simply unleashed and depend on customers to detect that something is wrong and complain. You want to figure out you have a problem before the image of your robot encased in concrete starts trending on Twitter.

Do You Let Convenience Trump Security?

IT Leadership, Technology That Fits,

Personal data on anyone is available from all the large U.S. social media platforms and ISPs to anyone who cares to ask. The mechanism is an Emergency Data Request (EDR). When law enforcement doesn’t have time to wait for a court order because someone’s life is in imminent danger, they send an EDR. This is simply an email from a law enforcement mail address. To send a fake EDR, you simply purchase a legitimate government email address from a hacker who has breached one of the more than 15,000 police forces in the U.S.

You would never divulge information on your customers based on just a plausible-looking email. But how do you ensure that expediency has not trumped security somewhere in your organization?

What Happens Then?

IT Leadership, Technology That Fits, ,

There is an easy way to avoid making stupid decisions: Asking “what happens then?” A decision is exposed as stupid when it turns out that the decision-maker did not carefully think through the consequences. Bad decisions occur when someone only looks at the immediate result.

New York City dodged a bullet when they started implementing bike lanes in the narrow streets of Manhattan. They could easily have made the stupid decision of simply marking a part of the street as a bike lane. Fortunately, someone clever at City Hall asked herself: What happens then? If you had simply painted bike lanes on streets, thoughtless New Yorkers would have wiped out bicyclists by the thousands with their car doors. So New York decided to paint a separation area between the car parking area and the bike lane. Clever.

Next time you are faced with a decision, try asking “what happens then?” several times. You might find this saves you from doing something stupid.

Don’t be Like FSB and Tesla

IT Leadership

There are two ways to handle product problems: The right way and the Tesla way. A now-ex Tesla employee had the temerity to post videos on YouTube showing their vaunted self-driving feature in action. Unfortunately, one of his videos showed his supposedly self-driving car running down a bollard before he manages to react. He was fired by Tesla immediately after posting the video.

If you have a problem, acknowledge it and fix it. Getting rid of everyone bringing bad news is what made Putin think he could easily conquer Ukraine. Don’t be like FSB and Tesla. 

Improve Internal IT

IT Leadership, Technology That Fits, ,

If you think it hard to retain IT talent, spare a thought for the leader of customer service. 83% of customer service agents feel overworked and 62% consider quitting. IT cannot give them a pay rise or remove obnoxious customers, but we can give them useful IT systems.

28% of customer service workers agree completely or somewhat that their IT systems help them do their job. That leaves 7 out of 10 who feel their IT is working against them. When was the last time you sent an expedition out into the trenches of your organization to find out what was bothering your users the most? Sometimes, there are little things that IT can easily do to dramatically improve the effectiveness of internal IT.

Fight for Your Hiring Process

IT Leadership

In the war for talent, are you like the Ukranians or the Russians? Canonical, the publisher of Ubuntu Linux obviously hasn’t heard that the labor market is tight. One candidate published the email describing their hiring process, and it has gone viral on the internet.

In addition to to a 40 bullet point written interview, there is an aptitude assessment, personality assessment, culture assessment, HR assessment, peer interview, tech assessment, hiring manager interview and senior lead interview. The candidate withdrew their application.

If you have a hard time attracting the talent you need, examine what your hiring process looks like from the application side. Unless you actively fight to keep it simple, it will insidiously accumulate additional steps and bullet points until it degenerates into a ridiculous CYA-box-checking-exercise. You should be able to decide whether to hire someone based on their resume and two interviews.

How are you Vetting New Packages?

IT Leadership,

Some of the code you depend on was written by Ukrainians, Russians, and hacktivists. Deep in the dependency tree of NPM packages your software depends on, you will find node-ipc. That package was recently drafted into the ongoing war in Ukraine. If you are in Russia or Belarus, it will delete your files. Otherwise, it will only write an anti-war message to stdout and put it on your desktop.

As a professional organization, you are surely not just getting the latest software packages directly from a repository on the internet. But what is your procedure for vetting new versions you incorporate into your blessed repository? With the current threat level, having a single overworked developer do this in addition to his normal development tasks is not a good idea.

Cybersecurity Insurance: Read the Fine Print

IT Leadership

When are you in a war? Your cyber security policy probably contains the standard exclusion: It does not cover acts of war. But when the war is being fought partially in cyberspace, it can be hard to tell if you are part of it.

Insurers tried to use the war clause to wriggle out of a cybersecurity claim lodged by Merck. Merck was hit by the NotPetya attack that spilled over from Ukraine into the systems of global shipping giant Maersk as well. They insurers claimed it was war, but a judge recently dismissed that argument and ordered insurers to pay up.

The insurance industry is tightening up their exclusion language with new definitions from Lloyd’s Market Association. If you recently got an email from your insurance company with a boring “we have clarified the terms” subject line, read it carefully. You just might find that your insurance company has re-defined your cyber security coverage to be worthless.