I recently came across a powerpoint deck from netflix regarding its culture. Its unclear whether this was intentionally leaked or not but regardless, I highly recommend it to really anyone interested in developing high performing organizations. The insight that I found really interesting was that the author identified not only why process can be bad, but also why its the instant reflex most of us reach for to reduce errors and keep the “chaos” under control. Unfortunately that “chaos” is also what some others call “start up culture”, the very thing that has fueled so much innovation and excitement in the tech sector. Is it possible to keep that culture while you grow big? Netflix thinks so.
I’ve seen my share of process on top of process, eventually it turn into gunk – it sticks to everything and slows things down. There certainly are some types of personalities who thrive in this kind of environment, its not for everyone. For me, what I’ve been thinking about – can a team or org, part of a much larger org capture that magic? Having observed many teams at Microsoft, I think the answer is yes, although with the caveat that it is not easy. There’s a continous requirement to push against the grain, swim up stream and to make culture development and renewal a key core objective of the leadership team.
Tags:
I find the success of the Ipad and other Apple products very interesting because of a specific angle. While not limited to Apple, there is an interesting trend I’m starting to notice. We are becoming ever more consumers of content vs creators of content. The ipad is fundamentally a consuming device, no one can seriously claim that anything more then the occasional tweet or facebook update from an ipad would happen, it’s just not made for that. The pc gives you more freedom to create vs consume but most who’ve tried it know that creation is infinitely harder then passive consumption. There of course is the profit motive as well: there’s money to be made when people are consuming; it’s infinitely harder to monetize low volume created content unless you own the platform or can efficently aggregate it (the former like facebook, the latter like google). So, we get the promise of the web turning into more and more the mindless drudgery of tv. We’ve swapped our cable for hulu, our fox for drudge and our CDs for iTunes. I’m not convinced we’re any better off.
Right now cloud computing and cloud infrastructure is all the rage. The big players right now are Amazon, Microsoft and Google with probably more to come. I was thinking about this the other day, what about rogue clouds? Lets not be so naive to think that only the “good guys” will offer or use cloud infrastructure. What’s to stop some unregulated territory offering cloud computing infrastructure to all takers, provided they have the cash? How will the world change when anyone with some cash can avail themselves of massive multi-core cloud infrastructure? What if any country in the world with even meager resources can leverage the kind of computing power only the NSA can muster today?
What if any private individual or institution can do the same?
Suddenly some of our calculations become a little off. We know today what kind of computing power it takes to crack traditional passwords, the assumption is that at a certain point, it makes no sense to try because the computing time required is too large. Well if you can assemble some smart people with some smart software and virtually unlimited computing power, the equations suddenly change: what was once unrealistic or impossible now all of a sudden becomes attainable. Take an average Fortune 500 company, do I need to breach 80,000 mailboxes to get a worm into that environment? No of course not… I just need one. Same goes for passwords; I don’t need them all, I just need one.
So do rogue clouds exist today? What is a botnet for hire if not a rogue cloud? It can be rented by the hour or by computing time. It can be used for any purpose you can dream of; the owners will happily take your money. It can provide massive p2p computing power. What is likely to happen is that in the next few years, these operations will become more mature. They will grow physical data centers or rent (or steal) computing power from average users.
This future isn’t far off, and it has many many interesting implications to what we do today as security professionals.
Tags:
Report: 90 Percent of Web Apps Have Serious Flaws
InformationWeek – November 09, 2009
Nearly nine out of 10 Web applications have vulnerabilities that could lead to the exposure of sensitive information, a new report says.
I thought this was interesting. While the numbers themselves may be off because they’re vendor provided, the general trend doesn’t seem to be improving. In some companies at least, its moving in the wrong direction. Perhaps a new way of thinking about this problem is needed. What we as a team have been preaching for the last many years certainly can make vast improvements (and have made vast improvements by implementing SDL type programs) but we’re still far away from a world where any developer can write an app that does what it needs to, without having to conscientiously and explicitly think about a myriad of complex security concepts.
Which leads me to my next thought: would you be more enticed to use a cloud computing based infrastructure if you had a “5 nines” security SLA? What if the cloud provider not only hosted your site and your db, but also ensured full regulatory compliance, automated processes to detect/fix and prevent security issues before applications were ever deployed? As we’ve seen, in the traditional IT market, most security spend has been commoditized and forgotten about (even though plenty of issues remain and continue to cause problems). There is a possibility that cloud security will be used as a differentiator in the next few years as a “value add” or decision criteria, but, like anything else… will likely become commoditized in the future as well where it’ll be just expected, like availability and up time.
Tags:
So… Skype is pretty interesting. The service itself? Not so much (for me anyway) but for a lot of people the service is great too. For me, its interesting because of the business itself, how it evolved and how two guys from Europe built it. These two guys, Niklas & Janus first developed the p2p technology called Fasttrack and launched the KaZaA service. At the time, the internet was ripe for something new, Napster (first gen p2p) had just been shut down and a new, non-centralized approach had a lot of appeal.
Obviously, being in the p2p business is cumbersome and expensive at best, illegal at worst and the founders of KaZaA found themselves getting out of the business in a few years….BUT they had developed the IP and programming chops to really do p2p right. And that’s what went on to become the foundation of the Skype service. Skype was a genius move for several reasons: first of all, using a p2p platform freed the company up from humongous bandwidth requirements – the needs of the network grew as more users joined, which in turn supplied the bandwidth needed. Next, it wasn’t a potentially illegal or grey area business – VOIP was a legit offering and the technology worked pretty well. Finally, Skype figured out something that a lot of Internet startups never did: how to make gobs of cash, hand over fist. Skype did this by offering a free service but charging for Skype-In and Skype-Out (connecting to POTS services).
Now of course… most people know that the Skype founders managed to get EBay to (somehow, I can’t fathom how) pay $2.6B for the company and by the time its all said and done, probably north of $3B. That’s a lot of scratch. What never made sense to me, and apparently many others was what the hell was EBay, an auction site going to do with a p2p VoIP service provider? Well it turns out not a whole lot and they’ve decided to take their losses and spin Skype off or sell it. But here’s where it gets better: not only did Ebay pay a ridiculous amount for the company, they didn’t actually buy the underlying technology that makes Skype work! This, in mind is not just absolutely dumb founding but clearly, stupid (on Ebay’s part… Niklas and Janus – more power to ya). Of course things are back in the headlines because now there’s some lawsuits going on between the two companies and the fear that if Ebay can’t settle or come up with some alternative technology, they could have to shut down Skype. That doesn’t bode well for any potential 2010 Skype IPO that was planned, if the service goes down even for a few days the hardcore user base (the ones that pay) will start looking for something else… that something else may very well be Google Voice.
Tags:
Just read this post and thought it summed up things well:
Author Michael Jeffreys personally interviewed 15 top motivational gurus in 1997 for his then upcoming book. After talking to gurus from Brian Tracy to Dr. Wayne Dyer, he distilled 8 Secrets to Success they all agreed upon. These secrets are still good today and are as follows (link). Based on the book here.
Tags:
This week I had the opportunity to fly in everyone on my team that isn’t normally in Redmond and spend some time talking about our plans and getting things done for the coming year (Microsoft’s fiscal year starts July 1). I’ll write about that in a later post, but I did want to talk about something that came out of one my discussions with Roger Grimes who is also now working on my team. Roger is a visionary and unlike many other visionaries you may have come across who have vision but no action, Roger is actually pushing to make his vision of secure internet (or a securer internet) a reality. Part of the problem though is that he needs to get people to think about something in a totally different way. Sometimes to do that, you have to display a little “disruptive behavior” – disrupt people’s thought patterns which forces them to re-think their entrenched positions and conclusions. Microsoft is full of very talented, very smart, very opinionated people… so sometimes to get the mindshare needed requires forcing people to look at things in a new light. So you might be wondering, well, how does it work?
- First of all, clearly formulate your thoughts… be ready to defend your position
- Identify a crisis or other reason for immediacy… some people think a preventable disaster is needed to get people to open their eyes, well maybe you can warn them of the coming train wreck you already see?
- Speak as a member of the collective “We have failed…” or “we need to do better…” , never make it a me vs. you type argument
Think about the people around you… which ones are seen as innovative thinkers? Why?
Tags:
I was reading a great ebook recently, Self-Discipline in 10 days. It outlines what in the author’s opinion, are the five mental poisons that hold people back.
These were:
- cynicism
- negativism
- defeatism
- escapism
- delayism
As I read the book I couldn’t help but notice how much I agreed with each point. At the end of the day, we ALL have 24 hours in every day and 7 days in every week. Yet look around you, no matter who or where you are, you’ll find that there are others who are doing more, A LOT more than you are. Whether this be on the personal or professional plane, whether it be on a hobby or family. Some people get a lot of things done, and others complain that they’re too busy, too tired, they’ll do it when they have time, its not worth doing because it wont amount to much etc.
All of these mental poisons are pretty equally dangerous and can be the cause of self defeat, broken/unrealized dreams and all kinds of other failures, big and small. In the next few posts I’ll be talking about each… but let me share a few thoughts in general here right now:
First of all, these mental poisons are viral – they can travel and attack and infect others. Don’t believe me? Look around your workplace or other setting… if someone is overly negative or a cynic, all of a sudden it gives the people around that person to be the same way, it becomes an acceptable attitude and then it spreads. That’s why strong leaders don’t tolerate such poisons in their organizations, its just too dangerous. It can destroy morale, it can literally sap the strength of any group.
Do we want everyone to drink the kool-aid and put on the rose colored glasses? No… notice skepticism isn’t on the list, nor should it be. Healthy discussion, debate and review are necessary and should be welcomed. There’s really no other way to prevent groupthink. However its when this positive trait is abused with no facts that it can transform into one of its poisonous forms. More on each of these soon.
Tags:
Every one of us has been guilty of this at some point in our lives… and sometimes its nearly impossible to figure out how and why it’s the case or what to do about it. Well there’s a lot of books out there that describe a lot of different things but there is one magical formula… one way we can all get around what’s holding us back. What nags at us to “do it tomorrow” and “now’s not the right time.”
Do you know what this magical formula is? I learned it first when I read Napoleon Hill & W. Clement Stone’s excellent book “Success Through a Positive Mental Attitude.” They called it magical… a true talisman of success and I can’t say I disagree. It’s the most powerful three words you can repeat to yourself when your sub-conscience fights against you… when that apathy kicks in, when you’re tempted to put something off…to procrastinate. Its simple: “Do it now!” That’s it… seems simple right? Three simple words? These words are magical! Just repeat them to yourself whenever you get a chance… whenever something asks for something, whenever something shows up in your inbox at work, whenever you remember about doing something…. Just repeat these words in your mind “DO IT NOW!” No excuses to yourself…no putting things off! Just “DO IT NOW!” Watch how your approach to work, life, family and everything in between changes when you put this into action…. Checked your mail, got your gas bill? “Well, I’ll throw it in the pile and worry about it in a couple of weeks when its due….” Or DO IT NOW! Schedule it in your online bill payer AND BE DONE WITH IT!
After a few days, you will feel a thrill…a slight exhilaration…you’re getting so much more done, and it FEELS GOOD when things get done. When your mind is at ease because you didn’t put things off, you GOT THINGS DONE! Now of course you can’t do everything immediately… sometimes things take time; like buying a house… you can’t just make a phone call and own your new house…BUT, you can figure out “WHAT’S THE NEXT CONCRETE ACTION TO TAKE?” Something I learned from GTD (Getting things done by David Allen). Now his system is a bit complicated in MHO…. And it may not work for everyone …. (if you’re an OCD type, its perfect for you…go read this book.) But regardless, even if it doesn’t work for everyone it…this is the key takeaway for me…. WHATS THE NEXT CONCRETE ACTION TO TAKE? Sometimes you get a project… there’s a hundred things to do …and they all seem random; well now what? Can you DO IT NOW? No? Well then WHATS THE NEXT CONCRETE ACTION TO TAKE? Figured it out? Okay then…. DO IT NOW! 
Tags:
Welcome everyone… my name is ahmad mahdi, also known by my handle ‘techjunkie’. I work for Microsoft managing a team of super smart security guys but this blog or site isn’t about my professional life (although some of the lessons learned there will find their way here, I’m sure). A few months ago, I started thinking a lot about what I would call a strong desire to share what I’ve learned and what I know with the world… and of course everyone and their cousin wants to write a book…so I thought, yeah, it’s certainly something I should consider. The book is tentatively titled “Innerhacking: Reengineer your life” and hence the name of this site.
The concept I’m thinking about is that today, more than ever before, we have tremendous amounts of technology that can make our lives easier, better and more enjoyable… but certainly I’m sure most people don’t feel that way if they truly think about it. Well I believe technology, like anything else, is just a tool. The cavemen had rocks, we have iphones but at the end of the day, its what you’re going to do with those tools (or not do with them) that will truly impact your life. This book isn’t really a technology book, although there will be plenty of discussion about technology and how you can use it… but it will be about how you can truly make improvments and changes in your life…changes for the better that satisfy your soul. Do you have a clear sense of purpose? Are you financially secure? Do you want to do something but then don’t? Are you motivated to achieve your potential? Why do some people get promoted and others don’t? These are all things we’ll touch on during this process.
Why Innerhacking? The concept of the word “hacker” has gotten a bad rap in my opinion – what it really means is exploration, trial and error, persistence, knowledge & discovery. I think all of these concepts can and should be applied to oneself… and that’s why we’re here. Welcome!