Category: Special Topics

  • Resilience – A Strong Metric

    Resilience – A Strong Metric

    I was recently attending a conference (virtually, of course) that focuses on leadership and the related trends. Every year there is an idea or two that is the current hot topic. This focus has included familiar things like EQ and grit in the past years. One somewhat new theme this year was resilience. It is a trait we have all heard of, but it may be the next big thing to measure in getting the “best” employees. It may also be a metric you can use to determine how to improve yourself professionally and in your personal life.

    Resilience Assumes Challenges

    There is an old phrase, “hope for the best and plan for the worst.” It is safe to say that most of us accept that life will be full of challenges. It is hard to live very long without that being proven out. Therefore, our ability to react to and overcome obstacles is a critical factor in our success. You hear this concept in sports all the time. Every championship team had moments where they overcame a challenge and advanced on the path to becoming a champion. Every business’s success is the same. There are “overnight” successes that come faster than expected. However, most companies have a long and bumpy history that continues to the current moment.

    A Measure of Succes

    When you assume that every journey will include obstacles you must also accept that every journey has an opportunity for being derailed. There are substantial obstacles to face like the global shutdown due to COVID. However, there are more often smaller obstacles like a change in requirements or delays or miscommunication. We are required to overcome all of these to reach success. That logically flows to the idea of building a team that possesses resilience. This trait can come from individuals or it can be how the team members support each other. Sometimes there is not only safety in numbers, but also resilience.

    Positive Attitude

    The points made thus far are realistic, not pessimistic. Stuff happens. We can rail against it or bemoan our situation. Nevertheless, it is where we find ourselves. When we face these situations we can move forward or dwell on our misfortune. It seems obvious that moving forward is the best approach. However, we sometimes get stuck in these challenging moments. Resilient people take these sort of setbacks in stride. That is not only a valuable trait, it is also one that is relatively easy to see. Of course, levels of resilience can be difficult to measure, but it is not hard to see if someone possesses some level of it.

    Tactics and Approaches

    At the risk of being obvious, I think it is worthwhile to look at some of the things we see in resilient individuals or teams. There are actions that come from this trait and show that tendency to push forward. Here are some things to look for that can easily be worked into an interview (or self-reflection).

    • Acceptance – Moving requires action. Thus, the time spent on bemoaning a situation increases the time spent on it.
    • Blame – Looking for blame or a way to shift responsibility to others does not contribute to overcoming the obstacle.
    • Progress – Resilient people and teams move through options and avoid getting stuck on a single option as well as analysis paralysis.
    • Optimistic – It is hard to tackle a problem that you think is a lost cause. Resilience almost requires some element of a positive attitude or at least hope.
    • Analysis – One can spend too long analyzing a situation. However, resilient people have the ability to dig into a challenge in an unemotional way in order to see where things went wrong or look for ways out of it.
    • Roll With It – Much like acceptance, resilience often includes an ability to “shrug off” setbacks. Thus, challenges are assumed to exist and do not slow down teams or individuals with this trait. This factor points back to that “plan for the worst” concept.
    • Absolutes and Clarity – In my personal experience, I find that resilient people are less likely to talk in absolutes when talking about an approach. They leave open the idea that changes to their plans may (or will) be required.

    Nothing New Under The Sun

    All of us have been exposed to the resilient trait in people and teams. However, it can often be lost in the shuffle of other skills and attributes we look for in a team or hire. Therefore, it is worth our time to consider how it can factor into our approach and processes. There is no question that finding the right hire and building a team are complex and complicated feats. Likewise, we must avoid letting critical factors fall through the cracks.

  • User Experience Should Always Be High Priority

    User Experience Should Always Be High Priority

    The User Experience aspect of applications is often on my mind. I am not a designer, but even the most simple solutions can be rendered unusable when one ignores UX.  A recent experience with a front-end to a web app. Reminded me of how bad it can be for a user.  My frustration ran high, and I would have walked away never to view the application again if I had the chance.  Likewise, I will complain to anyone who will listen about the experience and may sour others on it.  That is the last thing anyone wants for any application.

    The Intro – How I Got There

    Allow me to set the stage for this little drama.  I recently took a certification exam from the comfort of my home.  It has its annoyances but does save me a drive back and forth to a testing center.  There is a validation step to prep and ensure your environment meets the requirements as well as checks to avoid cheating.  Once you are validated, a proctor connects via text, does a few last-minute checks, and then your machine is sent the test.

    Overall, this is a good system, I think, and probably does a good job stopping people from cheating.  This solution is a good one in this case.  However, the experience I had leads me to think I will never try that again.

    A Bad User Experience

    The steps before the exam are where I had all my frustration. The exam process and experience was exactly what I expected.  We will start with the preparation step.  When you start into the prep process, you are given a nine-digit id to link uploads to the system.  You are sent a link on your phone, so you can take pictures and send them to the site.  The photos include the front and back of your picture ID (driver’s license) and then four to cover the front, back, left, and right view of your work area.  So far, so good.
    The upload process tells you what picture to take, flips to your camera app, then you click a button to submit.  The user experience gets bad quickly at this point.  There is no explanation about the pictures other than what I listed above.  I have no idea if you have to take a specific layout or from a certain distance.  It gets worse.  If there is a problem with the photo upload, you are taken back to the screen to enter the nine-digit ID and forced to walk through the screens again.  There is no error message or indication of what went wrong.  It does save pictures previously loaded, so at least once you get a successful upload, you do not have to re-enter that picture.

    A Painful Design

    The preparation process I listed above gets repeated precisely the same way when you log in to take a test.  You have to send an ID again and all of the pictures of the environment.  A bad UX is doubled down on.  This becomes more frustrating when the proctor has access to your machine camera and will likely ask you to pan it around your work area.  Thus, confirming a third time that you have a valid environment (no notes on the desk or anything like that).
    The same message-free process is used again, so in my case, I spent around forty-five minutes retaking those twelve pictures.  I lost count of how many times I took each, but I think I attempted each one at least three times.  It is more frustrating because it was not an Internet connection on my end.  I had stable and reliable high-speed connections throughout that time.

    A Moral To The Story

    I mentioned that this solution as a whole is awesome.  It is also one that was critically needed in a time of social distancing and stay-at-home orders.  It allowed me to get a certification test done much sooner than I would have otherwise.  I appreciate that.  However, a user experience that has a user in limbo for over a half-hour is far from good.  I think all of us would be happy to walk away from that experience.
    In this case, that validation process was a small part of the overall solution.  You may have seen features like this that are a registration, login, or even close account solution.  These are small parts of the overall solution and often seen as not integral to it.  For example, I often work on MVP solutions that ignore some of these “minor” features and even downplay the overall UX.  That is a dangerous approach to take.  Consider how much damage this bad experience for me will translate into bad feedback spread to others.  That should make you think twice before lowering the priority of the UX for your solution.
  • Why Security Awareness Matters To You

    Why Security Awareness Matters To You

    In the last few years, the idea of security awareness has risen to at least being on the radar of many CIOs. However, the general concepts around this topic are not seen as important enough to many outside of the IT world. The threat of cyber-based attacks is a reality for all of us. That alone makes this a subject we all should be concerned about. It is worth our time and investment to put a good program in place.

    Security Awareness is Affordable

    I find that too often security implementation and its high costs are confused with awareness. This is similar to thinking that educating people on health issues is the same as treating those issues. However, there are substantial security awareness programs like Ninjio, Know Be 4, Secure ED, Security IQ, and Media Pro that are professionally created, high-quality, and cost around a few dollars a month per person. Think about those costs. A family of four could take advantage of a SA program for roughly ten dollars a month. You may laugh at the family idea but how many children now are almost always connected and have access to texts, email, and social sites?

    The cost of falling into a scammer trap can quickly climb to scary heights in time and money. That risk alone should make you rethink the value of a SA program. Likewise, the fortune you save may be your own.

    It Is Constantly Evolving

    Even IT professionals can fall for phishing scams. Yes, read that again. Your daily work in the IT world does not make you automatically protected from scams. There is always a new scam out there, and knowledge is critical to avoiding them. For example, have you heard of scams where people buy a house and find out they did not buy a house? Instead, scammers walked off with the money. There are too many new ways for people to trick you to keep up with the latest approaches. That is where SA comes in. You have people working to inform you of the latest scams, test your knowledge, and even test that you paid attention to the material.

    How Does It Work?

    At this point, I hope you are at least considering checking out some security awareness programs or asking your IT leadership to do so. That means you are wondering what to expect with such services. The good and bad news is that they are all very similar. That is good because of so many excellent options. It is bad because it can be hard to choose. Most programs send material on roughly a monthly basis. This is often an email of some sort, and most include a video tutorial that goes over the latest things to look for. This may seem tedious and boring. However, the videos are usually ten minutes or less and can be highly entertaining. Some are even produced by entertainment writers like those that put together the shorts on Saturday Night Live and similar television shows.

    The videos/content is just part of a good program. You will also periodically be sent phishing emails, phone calls, or texts to help expose you to the kind of things to watch out for. If you fall for the scam, then you are sent a “you should not have clicked” form of email or message that educates you on how to avoid such things in the future. This combination of educational material and practical testing has been shown to reduce the effectiveness of all forms of scams dramatically.

    I Want To Learn More

    Here are a few links to help you get up to speed on security awareness programs and vendors.

    https://www.itgovernanceusa.com/security-awareness-program

    https://www.infosecinstitute.com/iq/awareness/

    https://www.knowbe4.com/

    https://ninjio.com/

    https://www.mediapro.com/security-awareness-trainingpack/