It would be hard for me to ignore the topic of disaster recovery after these past two weeks. I was able to witness an organization react to their own disaster while I played the active role in a rather blind recovery process. It was a powerful perspective to be in, to help understand what really is needed from having a good disaster recovery plan.
I rarely find a company that has not confused the actual role of a disaster recovery plan. We know we need it, we think we know it what it is, yet most companies over-think the process, muddying the discussion with what really should be a business continuity strategy. The disaster recovery plan should be a simple, yet focused outline of what keeps your organization running. As the person yeilding the power to bring you back to a functional organization, I need to know where to focus my energy and how much energy to exert. What departments make the organization run? (psst, trick question, it’s all of them) Identify the crucial resources of each department (psst, risk analysis model). How long can they operate without those resources? (psst, recovery prioritization model).
While you have toiled for hours to create what you consider to be the perfect plan for that perfect disaster, you missed one important step. A disaster is something you can not plan for. It wouldn’t be much of a disaster if you could, would it? Get your head out of “fire in the server room” or “plane in the building” scenarios and start with asking the important questions, like “what do we need to run this organization?”
Here are some easy signs to identify your disaster recovery plan needs revising.
You don’t have one. Don’t worry you are not alone. Many companies out there are still “really intending” to get to that disaster plan. The good news is, after the disaster, you will have all sorts of resources and attention put towards making one. We are a reactionary culture and while the events of 9/11 were enough to shock most companies into putting attention towards a disaster recovery plan, we all react at different paces. Give me a call after your disaster and we can talk because we all know you are too busy to sit down before hand.
You created the plan out of compliance. Mildly worse than not having one at all, is having one that isn’t really focused one what you need. Many companies don’t sit down to create a disaster recovery plan until some auditor tells them they need one. Most resultant plans are structured to ensure compliance, not act as a usable resource when the disaster actually happens. You will find yourself pulling out this document only confuses and delays an actually recovery process.
The auditing companies are either financial based or compliancy driven for some single objective. Come to the realization that you may be maintaining a surface level disaster recovery plan, along side of the one that will actually be useful in a disaster.
It goes unread. D day arrives, your disaster is upon you, and nobody reads the document. Hopefully it is because you have been so involved with making such a solid plan, that you have it memorized. Realistically you don’t look to the plan because it holds no pertinent information, it is outdated, or nobody knows how to find it anyway.
It is thick. Most people mis-apply the relevance to creating a disaster recovery plan. If you plan resembles the encyclopedia, then congratulations. You have officially created a plan so detailed that nobody could actually follow it if they needed to. Except for perhaps the one person who wrote it.
So you realize you may actually need to focus on a disaster recovery plan before the disaster. Now the trick is to give you some easy tools to make it happen. As I navigate my own organization through the following weeks of preparing a disaster recovery plan, I will publish up some very usable and basic guides for you to use in setting up your own plan. Consider it a usable guide to IT disaster recovery, apposed to the document you have creating dust now.
That is not to say there aren’t a lot of valid, powerful resources out there if you need a head start.
The resources available for how to create, modify, and optimize your resume seem to be growing exponentially with the unemployment rates. During my “summer off” I took advantage of the resume workshop over at Rochester Works, thinking I would get a leg up on the new hot trends in resume building. That particular class… was not for me. Being the only person in the class with a resume was my first sign I was in trouble.
That workshop taught me that there are a lot of people worse off than I am. Luckily I have been able to get a few very valuable tips through my communications with various positions, job recruitment agencies and the people who actually read your resume.
So I spent some time completely re-writing my resume, which oddly still doesn’t depict all of the things bouncing around in my head. It does however give me a chance to add some suggestions in how to trim up your resume, having gone through the process. Add this to the Resume 101 class you can obtain on any corner unemployment line.
Titles – Your title is not your title. The title that you put on a resume should not the one bestowed upon you by your previous employer. I had a lot of challenges explaining I was titled as supervisor, while my job responsibilities were above that of a manager or director.
URLs – The person reading your resume is going to read the name of the company, and probably type in the name of that company online to find out more about where you were. Save them the step and put the URL in of the company.
Plain Text – Read your resume in plain text. All of the formatting disappears when copy and paste it into some of the online job sites, so you may end up modifying the layout so it does not cause painful overlaps in the copy and paste process.
Dates – Under work experience, just list the year and not the month/year. Overlaps and holes throw up flags and in an economy where everybody has been unemployed it is a flag everybody needs to avoid.
Things to Ditch (from the old school of resumes)
Get rid of the activities. If you get past the first round of eliminations these days, it won’t be because you are part of the local book club.
10 year cut off. Get rid of any work that you did over 10 years ago, unless it is directly pertinent to the position you are applying for. Yes, I was an IT Manager for an international manufacturing corporation, but let’s not forget that I used to blow up balloons at the local party supply store. (I did do that AND had to wear a bow tie)
32 Flavors of a resume
If you are a seasoned professional, you are going to have a completely different resume for every job you apply for, and here is why. The person reading the resume picks it up and starts with the process of elimination. The longer they have to hunt to see if you match the minimum requirements, the closer your resume gets to the trash. You want to change your format of the resume to get those items on the “qualifications” list, front and center and allow that person to put you in the pile that does not get recycled.
One resume to rule them ALL
The resume you send out still has to conform to the one page rule. For somebody just out of school, this is pretty easy. Throw in some life experience, and the resume that you create for your job hunting is going to be ridiculously long. Start by making one long resume, multiple pages if needed and write down everything you did. I mean everything. When it comes time to send in the resume, save off the document as a new name, specific to this position, and start chopping out everything that does not apply to this position until you hit the one page rule. It is the quickest way I have found to not suck away your entire life re-writing each resume.
Tracking and Patience
Keep track of the resume you send out, and keep a copy of the job description. Download something like PDFCreator and make a new PDF for every resume/job description you can. The average turn around time for a resume to become a call back was well over a month. By the time I tried to find the original job advertisement it was gone, so having a copy of the original somewhere is important.
At least 3 times I received a letter from the employers HR department, saying that I did not qualify for the position. The following week I would get a call for an interview. I still have the letter from the place I am working at now, telling me that I didn’t make the cut. Be sure to have patience and if in doubt, send them more than they ask for. Job searching is a 3 month process, so don’t wait around for your perfect resume to be created. It will evolve more and more as time goes on, but getting your name out there is more important.
Every year Dox Electronics puts on a good sized trade show in the Rochester area called Hackerfest. Although it is perhaps the worst name possible for what amounts to be a trade show of Dox security vendors, the name is what draws in the attention of area companies to attend. The name is so bad, they even had a contest this year for people to pick a different name. Unfortunately this would ultimately destroy the marketing angle they have by using Hackerfest, as it sounds more like an open gathering of security professionals, which in reality it is not.
I have been to many of the Hackerfest events over the years, for one simple reason. There is little going on in the area that gets me out of the office for a valid reason. I sort of dissolved that reason this year, by being the wild card attendee without a company name on my badge. I owe Maggie and the group at Dox for putting me in the attendance list, while I transition between companies. It did however give me the chance to assess really who does come out to the event and what can be taken away from it.
The people who go to Hackerfest are not the people who need to be there. The majority of people there are in the IT department by chance, have accepted their position of out inheritance or perhaps were absent that day when they drew names. Among the crowd are a handful of actual IT professionals, not necessarily identified by title, but already know what they are doing. Whom everybody knows should be there are the layers of upper management of small businesses. These would be the decision makers don’t have the time to hear that their laptop is a walking lawsuit, that they should just leave the door open and still find all of this security talk rather cumbersome if their password isn’t the name of their kid. Without their understanding that security isn’t a single focus item or that the entire organization needs to be involved, even the best laid plan will fail.
The Good Talks
This year they had Chris Nickerson return to the stage by demand. He relates to that small piece of the audience that already knows what is going on and provides entertainment for the rest of the people who live with their heads in the sand. Give him a google search and watch some of the Tiger Team videos to get the idea. Chris is easy to spot, as he looks like the guy who does not belong and has a permanent case of jet lag. I caught him in the hallway, shook his hand with a thank you for showing up, and let the Dox officials take him away before he hit the stage.
So what is the large change in security and keeping the business safe? I will have to agree with Chris’s keynote speech and say “nothing”. I have always attested that security is like a large strategy game, with multiple layers in place to protect your key assets. It is the companies who throw all their money into a technology to secure one door, yet leave another open that don’t quite get the game.
Schedule of Events
After the keynote, you must choose from 8 different presentations with 4 slots. Sometimes you choose well and sometimes you don’t. I met Todd Wilson from Cisco in the hall, and after knowing more about VOIP than most humans should be subjected too, I opted not to go to his seminar. I know that was a good one to go to, without even walking in the room. I have also known Todd since the lab days at RIT, making the conversations go beyond just a sales pitch into the technology behind the magic. I would recommend if you ever want to talk about VoIP to insist to get Todd to sit down for the conversation. Just remember he only wears a Cisco hat.
Over Capacity Seating
The second seminar was saved by Sophos after a song and dance by Blue Coat. For some reason, Blue Coat and Sophos shared a booth, and we ended up seated in the room which turned into standing room only for the presentation. The Blue Coat presenter was good, but danced around a myriad of higher
concepts that nobody really cared to hear. The Sophos guys were a little more in line with the presentation, but were tight on time. Offering some visibility of the methods to step through a website attack, with actually demonstration, it was a welcome glimpse at defining what the industry really needs to see.
The last presentation of the day, I sat in on the WhiteHat seminar, which turned out to be really good. While scripted with virtual servers running to do the background work, we were presented with a step by step sql injection attack, and the methodology behind making it happen. I think I fell asleep after he handed it over to the sales guy, but he did a good job helping visualize how easy it really is.
The Bad Talks
Some of the vendors that they send in are not prepared to sit in front of a room of technical people and give a presentation they usually show off to corporate slugs. My first seminar I sat in with was ZixCorp who were covering email encryption. Before my unplanned exit from Rotork, I was working with the DOD to setup certificate based email encryption. I am pretty sure nobody finished that after I left, but it opened a perspective into what I would need out an email encryption solution.
Unfortunately the presentation would lead you to believe that this is the only natural step other than establishing point to point network connections between corporations. Their client does not approach a complete client to client encryption model, does not integrate with native corporate servers, there is no client for groupwise. It does however lock you into this “elite” group of 17 million clients (read users) who were bought into the proprietary solution like a bad time share scheme. So the only reason you will be looking at this will be because the guy you are doing business with demands it. They certainly threw out the HIPAA buzzwords enough to understand who does buy in. In fairness ZixCorp might have a better product than expected, but they sent the wrong team to deliver the message to a technically savy group.
News Coverage at VMWare
The third seminar of the day I headed into VMWare. I had a great experience talking to the VMWare experts years ago, and was ready to see them sit down and tear apart the new desktop virtualization approaches. So was half of the attendance of the entire conference, as they packed the seats in tight.
Unfortunately what I received was less than what I could have obtained on the website, delivered not by VMWare, but from a Dox employee. The attendance was so large, that it drew in the news crew, and all I could think of was out out of his league the presenter was. Too much time was spent on the why, what and perhaps who could use desktop virtualization that it never dug far enough into the “how” section. It instead brushed off the top of the topic. I spent my time taking random pictures of my neighbors taking pictures.
The Show Items
DOX Team handing out Prizes
People need to understand that this is a one vendor show, as competition to Dox in the area is not really invited. I like Dox as a vendor, although I am not sure I have actually bought anything yet. Ken Michaels is a terrible presenter, but gets the concepts and roles of IT in the organizations and is genuine about his infatuation with the technology. He walks around with a pocket full of lock picks and has more of a firm grasp on where corporations needs to be than most of the vendors I have spoken with. He also has a loyal team behind him, making it a positive experience to do business with Dox.
Dox and the subsequent vendors offered up a huge list of door prizes. Ken broke tradition by handing out the XBox 360 first, which I really could have used. I did walk away with a $50 price from McAfee, so I can’t complain. All of the give aways are at the end of the event, compelling most people to stay. I still think it would be more effective to have drawings throughout the day on the hour, saving the large drawings for the end.
My Suggestions
I would pay to sit down with Chris for a beer. Have a limited sign up security round table, with Chris spending more than 5 minutes in town, offsetting the cost to bring him in by having a buy in to have that time with him.
Have round tables for lunches based off of discussion topics, perhaps planned ahead. Sitting with my “appropriate Dox representative”, which didn’t actually sit with, felt pushed.
Accept submissions for seminars from non-vendors. I realize the Dox interest to keep other vendors out, so pay some of the professors from RIT to come in and talk, or involve the area user groups. After sitting through the ZixCorp presentation, I was ready to offer a presentation on Email encryption options.
Keep the name. I am afraid it is a curse, but also the only marketing hope you have of keeping the momentum you have.
I didn’t start at Rotork as the “computer guy”. I didn’t last an entire year before I assumed that role, yet some people find it hard to believe I have been anything but an IT centric person.
I found my old portfolio this week, documenting my path through, what used to be, the cutting edge of computer aided design. It feels like some distant far off planet, where remnants of memories come back from. While the portfolio may never open again, I figured I would share a glimpse into this parallel universe I used to live in.
It is amazing how much learned and applied knowledge we use over the course of the years. For me, I went to school at Alfred, because the CAD program was the only relation I had with computers at the time. It probably explains why I was good at it, and not that I had an engineering mentality.
After working at Goulds Pumps for a year, I got scare of settling and ran like the wind to Kentucky and worked for General Electric in Kentucky. It wasn’t until I had a few exposures to sitting in front of a CAD terminal all day that I finally realized, I don’t like doing CAD all day every day.
My path through the beginnings of CAD were not in vein. It did bring to surface my desire to learn more about the computers. Back then, all of the CAD systems were based off of UNIX platform, which few people knew about in the actual workplace. Being able to manipulate remote shells and take over X-windows processes on other machines became the entertainment value for the day, while rifling off a set of drawings only took a few minutes.
Having a mechanical background in CAD, I was lucky to be involved in the pneumatic and hydraulic side of things, giving me a strong foundation into engineering areas which were all around cool. Of course I wanted to learn about pressure drops in different lines, to apply it to understanding why different brake lines are better on the race car, but I appreciate the education none the less.
I had to go through the resume this summer, giving it modernized version and style to compete with the rest of the planet. Sadly, the resume no longer reports this previous life I had, as it is no longer relevant to the world of Information Technology networking and system administration.
It does make me wonder where I would be if I had listened to my good friend Craig when he suggested going to RIT back in 1996 to enter this new curriculum called Information Technologies. Sounds like a fad that would never last.
The most powerful update in Snow Leopard is the ability to move to 64-bit support. By default, Snow Leopard has 32-bit enabled and you have to purposefully enable 64-bit.
Here is how to determine if you have 64-bit enabled.
Start the Systems Profiler through the Applications or Click the on the Apple Menu and choose About This Mac > More Info
Highlight “Software”
Look to see if the “64-bit Kernel and Extensions” has a Yes or a No to identify whether 64-bit is enabled.
Enable: To enable 64-bit you have to hold down the 4 and 6 on the keyboard when you boot up the computer. Check back in the Systems Profiler and it should be marked as yes.
I am not sure if they will turn this into an official setting some place, but here is how to enable 64-bit by default on startup. Huge thanks to netkas.org who originally posted these settings.
We probably won’t know how many copies of Snow Leopard, the latest Mac operating system, sold until after the weekend. I do know the shipping industry took a hit today trying to get them all delivered.
I was working outside when the FedEx truck rolled up to deliver my copy of Snow Leopard. The driver politely asked if I wouldn’t mind telling him what was ordered. Apparently the Rochester office of Fedex alone received over 4500 of these identical boxes to distribute around the region, putting quite the overload on the personnel this morning, working to get the distribution out and onto the trucks for delivery.
He wasn’t overly impressed when I told him it was the latest Apple operating system that was released today. Regardless, it did make me wonder why Apple didn’t do a downloaded distribution. I certainly would have downloaded an ISO image instead of watching for the FedEx truck to arrive.
If Apple knows how to do anything right, it is to build up hype about their own product. The world seems to know that their latest release of operating system is called Snow Leopard and it comes out today. First of all, this is an upgrade to the already existing operating system, Leopard. (hence the clever name) For the average consumer, the feature list on this upgrade is rather small, so who is running out to buy this thing?
The first people to get this thing installed are the bloggers. While Mac enthusiasts used to make up the majority of the people who keep the retail shelves alive, this one is nothing short of a media frenzy. Every person out there who affiliations with technology running a blog, video stream, podcast or general news update is trying to get this installed first. Some of them just want to post up that they have it first with a few first impressions. Many of them scramble to try and break it. After all the person who finds it NOT successful gets the news.
The second in line are the educated community who understand how powerful these updates really are. Having 64-bit support is huge, whether you know what it means or not. It is such a huge change in how the operating system operates and interacts with the applications that Apple doesn’t even set this as the default for most installations. The performance enhancements and the capabilities this opens up are worth the effort.
The last people who bought Snow Leopard were the ones caught in the Apple net of advertising. They really don’t know whey they wanted it, but knew it was the cool thing to have. The low price point made it attractive, regardless of what it actually did. Finally they were afraid of not updating and keeping current.
Microsoft announced yesterday that it intended to release of a new version of Microsoft Office in 2010 for Mac. This new version will offer a Microsoft Outlook client, which has never been in the Mac suite of programs.
Dan Miller at PC World wrote an article, not understanding why this mattered at all. At a time when the world is migrating away from client based software, Microsoft Office is the most expensive and aging platform to go with. I think you live in a different world than market segment this will affect Dan.
There is a large percentage of companies out there have no concept they can move away from Microsoft Office, nor would they want to. I walked into my accountant last week and they were still all on Office 2000. This year, I just left the bottom of the barrel in the world of technology adoption rates, the manufacturing industry. They are still conceptualizing that all of these clients talk together in this strange new world called “collaboration”.
Microsoft Office is more than a suite of applications. For the corporate user, it is also a client to the business applications that have been adopted around the Microsoft centric platform. Microsoft Office is the client for Microsoft Sharepoint and while there are many other flavors of collaboration suites, Microsoft still has the corporate attention.
Let us not forget the security and control aspect. Having an office suite, capable of taking orders from the mother ship of either active directory or exchange server, allows corporations to maintain control of their systems. That is a huge advantage for companies with small or outsourced IT departments.
While Microsoft is getting ready to finally launch a new version of Windows, the Mac has silently infiltrated the corporate marketplace. In a race to keep up with the cool toys, the outside salesmen and the guys trying to maintain the latest gadgets are buying Macs.
I actually observe it as a surge from the college kids who have jumped over to Macs. Dad lost track with what was cool a long time ago in technology, but his son or daughter tells him all the cool kids are on Macs.
Microsoft may be shooting themselves in the foot for putting Outlook on a Mac version. After all one of the lagging pieces to allow the corporate adoption rate is the dis-similar clients in email. Integrating with Exchange may create a surge of corporate adopters buying Office 2010, while they are in the Apple store buying a new Mac. Be careful on your pricing Microsoft.
So far, the news on Windows 7 has been nothing but resoundingly positive. After fumbling the transitions to Vista, Microsoft really needs Windows 7 to be adopted by the public as Apple continues to gain momentum in the home user market.
One things that Microsoft continues to blunder is the release options for what should be a single operating system. From a consumer perspective, I want Microsoft to make one operating system and either enable or disable the features at installation. I realizing having three or four sounds pretty clear, but it is numbing to think about and make those choices for most people. Frankly they shouldn’t have to.
This week Microsoft released a chart to Walt Mossberg, a Wall Street Journalist, detailing the choices of upgrading to Windows 7 from Windows XP or Vista. The worst part is, that in somebody’s head at Microsoft, this chart is a positive thing. For the rest of the planet, it spells confusion, requiring consumers to think too long about what version they want or need.
Another confusing chart Microsoft, and you might as well hold the door open for the people entering the Apple Store. Most people at home, don’t know what they have, and don’t know what they need. As a home user, I would obviously only need Home, but then there has to be something I am missing out on in the professional versions. Ask any home user whether they have 32 bit or 64 bit and the response back will nothing short of a blank stare.
The flip side is that people have been waiting so long for a new operating system from Microsoft, the majority of users will be buying new licenses. With outdated hardware and larger incentives to buy OEM licensing, I doubt you will find people that will be upgrading at all. By making this chart, you have just certified that people should buy a new computer when getting this operating system anyway. Now they just need to choose which one offers the better experience.
At the end of last week Google Latitude became available for the iPhone, sort of.
If you don’t know what Google Latitude is, it is the developmental service from Google which will update your physical location and tie it back to your Google account. From there you can imagine you can share your location with others and adversely they can share their location. The end vision being that you will be able to see when you are physically close to your friends at any given moment and even port that information to other applications you may use. The concept is not new and there were already a handful of applications doing this already on the iPhone. However, this is Google, so the world stops to listen.
Google released applications for many other mobile platforms earlier this year, but the anticipated release of the iPhone app is what is needed to propel the service itself forward. I say that it is only “somewhat” released, because Google has released a web application for Google Latitude and not an actual application for the iPhone. Just as I was about to complain that they didn’t even update the Google iPhone application with the link, it appeared in the list.
I actually went in and looked for latitude when I first heard the rumor, and blew off the fact that I could only find the web version. Well it turns out that WAS the released version and that my quick encounter was probably accurate enough to depict how this will not take over the world… just yet.
Problem 1 - It doesn’t actually know where I am. It knows the area, based off cell towers, but fails to dial in that GPS location. After going out on the deck to look for a better signal, it found me within a few miles of the house, but still didn’t find my exact location. For listing purposes however, it still marks me down in Fairport, when I am actually in Penfield (the adjacent town to the North).
Just in case, I went into the Maps application and the little blue dot indicating my actual location showed up just fine.
Problem 2 – The push isn’t there. The reason this needs to be an actual application is because after writing quick blog post, I doubt I will remember to go into latitude on a regular basis. This needs to become an actual application, because what I want out of this, is a notification whenever I get within actual range of somebody and leave it as something I specify. Left to my own devices, I won’t check in with Latitude.
Supposedly, it will actually keep updating your location if you leave it as the main page in Safari. Something I have not tested or verified yet. I do however have one friend in there, and it keeps updating, so either he is really proactive, or the service might actually work in a hidden safari window.
Reading through the ARStechnica article and a few others out there, you get the impression that Apple really didn’t want Google to write an app, noting that it may conflict with Maps, already on the phone. You have to hope that what they really said is “Let’s build this into Maps on the iPhone”, and this web version is only something to appease the masses until that is ready.
So here is my “Dear Google” wrap up.
Dear Google,
Please work on integrating Google Latitude directly into my Maps application on my iPhone, so I can see my friends whenever I am in a map. Please set it up so I can schedule my location updates whenever I want and set it up so I can setup individual warning notifications based off of my distance from other people in my list. Oh, and thanks for keeping everything free, while still allowing me to bitch about something I paid absolutely nothing to obtain.
Thanks, Stephen
PS – Open a co-location in Rochester, NY, mainly because I want to work at Google, but can’t move to California just yet in my life.
