Sten Vesterli's Blog

Making IT Live up to its Promise

What Happens Then?

IT Leadership, Technology That Fits, ,

There is an easy way to avoid making stupid decisions: Asking “what happens then?” A decision is exposed as stupid when it turns out that the decision-maker did not carefully think through the consequences. Bad decisions occur when someone only looks at the immediate result.

New York City dodged a bullet when they started implementing bike lanes in the narrow streets of Manhattan. They could easily have made the stupid decision of simply marking a part of the street as a bike lane. Fortunately, someone clever at City Hall asked herself: What happens then? If you had simply painted bike lanes on streets, thoughtless New Yorkers would have wiped out bicyclists by the thousands with their car doors. So New York decided to paint a separation area between the car parking area and the bike lane. Clever.

Next time you are faced with a decision, try asking “what happens then?” several times. You might find this saves you from doing something stupid.

Don’t be Like FSB and Tesla

IT Leadership

There are two ways to handle product problems: The right way and the Tesla way. A now-ex Tesla employee had the temerity to post videos on YouTube showing their vaunted self-driving feature in action. Unfortunately, one of his videos showed his supposedly self-driving car running down a bollard before he manages to react. He was fired by Tesla immediately after posting the video.

If you have a problem, acknowledge it and fix it. Getting rid of everyone bringing bad news is what made Putin think he could easily conquer Ukraine. Don’t be like FSB and Tesla. 

Play the Minimalism Game with Me

Spiritual Programmer,

You have too much stuff. The average American household contains 300,000 items plus whatever is in their storage unit. You might think that having too much stuff is harmless, but it isn’t. Every item you own is taking up a little working memory in your brain. Each item has to be stored, repaired, charged, cleaned.

If you want to make a change in your life, getting rid of some stuff is a good place to start. If you are up to the challenge, join me for a 30-day challenge invented by The Minimalists. The rules are simple: The first day you get rid of one item. You can throw it away, recycle it, sell it, or give it away. On the second day, you get rid of two items. On the third day, three items. You don’t have to do the math in your head – if you stick with the challenge for all 30 days, you’ll end up 465 items lighter. Who’s with me?

Improve Internal IT

IT Leadership, Technology That Fits, ,

If you think it hard to retain IT talent, spare a thought for the leader of customer service. 83% of customer service agents feel overworked and 62% consider quitting. IT cannot give them a pay rise or remove obnoxious customers, but we can give them useful IT systems.

28% of customer service workers agree completely or somewhat that their IT systems help them do their job. That leaves 7 out of 10 who feel their IT is working against them. When was the last time you sent an expedition out into the trenches of your organization to find out what was bothering your users the most? Sometimes, there are little things that IT can easily do to dramatically improve the effectiveness of internal IT.

Fight for Your Hiring Process

IT Leadership

In the war for talent, are you like the Ukranians or the Russians? Canonical, the publisher of Ubuntu Linux obviously hasn’t heard that the labor market is tight. One candidate published the email describing their hiring process, and it has gone viral on the internet.

In addition to to a 40 bullet point written interview, there is an aptitude assessment, personality assessment, culture assessment, HR assessment, peer interview, tech assessment, hiring manager interview and senior lead interview. The candidate withdrew their application.

If you have a hard time attracting the talent you need, examine what your hiring process looks like from the application side. Unless you actively fight to keep it simple, it will insidiously accumulate additional steps and bullet points until it degenerates into a ridiculous CYA-box-checking-exercise. You should be able to decide whether to hire someone based on their resume and two interviews.

How are you Vetting New Packages?

IT Leadership,

Some of the code you depend on was written by Ukrainians, Russians, and hacktivists. Deep in the dependency tree of NPM packages your software depends on, you will find node-ipc. That package was recently drafted into the ongoing war in Ukraine. If you are in Russia or Belarus, it will delete your files. Otherwise, it will only write an anti-war message to stdout and put it on your desktop.

As a professional organization, you are surely not just getting the latest software packages directly from a repository on the internet. But what is your procedure for vetting new versions you incorporate into your blessed repository? With the current threat level, having a single overworked developer do this in addition to his normal development tasks is not a good idea.

Stop Your Tech from Distracting You

Spiritual Programmer,

To create something, you need focus. I take meeting notes on paper because a sheet of paper won’t suddenly interrupt me with an unimportant message. When I am in focus mode, I have notification off on my phone and my computer. When writing on the computer, I use the “focus” mode in Word that removes all the menus and covers everything on my screen but the document.

You need to bend your technology to your will. Spend a moment investigating the “focus” features on your laptop and various devices and activate the ones that make sense for you.

Cybersecurity Insurance: Read the Fine Print

IT Leadership

When are you in a war? Your cyber security policy probably contains the standard exclusion: It does not cover acts of war. But when the war is being fought partially in cyberspace, it can be hard to tell if you are part of it.

Insurers tried to use the war clause to wriggle out of a cybersecurity claim lodged by Merck. Merck was hit by the NotPetya attack that spilled over from Ukraine into the systems of global shipping giant Maersk as well. They insurers claimed it was war, but a judge recently dismissed that argument and ordered insurers to pay up.

The insurance industry is tightening up their exclusion language with new definitions from Lloyd’s Market Association. If you recently got an email from your insurance company with a boring “we have clarified the terms” subject line, read it carefully. You just might find that your insurance company has re-defined your cyber security coverage to be worthless.

Why isn’t This a Bitcoin Moment?

Spiritual Programmer

This was supposed to be Bitcoin’s finest hour. We have inflation, war, sanctions and economic turmoil. Since Bitcoin is supposed to be kinda like digital gold, you would expect the laggards to see the point and pile into Bitcoin in these uncertain times. But they don’t.

If cryptocurrencies don’t have their moment now, they will remain a fringe speculation object and never replace fiat currencies. If you hold crypto, I think a large part of your proposition has been disproven.

Cybersecurity must be risk-based

IT Leadership, Technology That Fits,

Good cybersecurity is based on risk analysis. It is not based on locking down everything as tightly as you can.

I’ve been discussing the consequences of the war in Ukraine with several cybersecurity experts. Some argue that if you have to strengthen your defense now, it means it was too weak before. That is a fundamental misunderstanding of security. Security, like availability, reliability, and many other aspects of your technology is a trade-off. Higher security costs more money and slows your organization down. You don’t need maximum security always. You need a security level that is appropriate to your risk.

Right now, cyber-warriors and vigilantes are firing indiscriminately in all directions. You might get caught in the crossfire even if you have nothing to do with either side in the war. That’s why your risk has increased and you need to strengthen your cyber security posture. When the war is over, you can reassess your risk again.