Maverisk – Page 115 – Maverisk / Étoiles du Nord

Not yet one IoTA; Auditing ‘technology’

[Apologies for the date/time stamp; couldn’t pass.]
First, a pic:
20140226_113554
[Classy classic industrial; Binckhorst]

Recently, I was triggered by an old friend about some speaking engagement of mine a number of years back. As in this deck (in Dutch…).
The point being; we have hardly progressed past the point I mentioned in that, being that ‘we’ auditors, also IT/IS auditors!, didn’t fully adapt to the, then, Stuxnet kind of threats. (Not adopt, adapt; I will be a grammar and semantics n.z. on that.)
As we dwelled in our Administrative view of how to control the world, and commonly though not fully comprehensively, had never learned that the control paradigms there, were but sloppy copies of the control paradigms that Industry had known for a long time already, effectively in the environment of use there. As in this post of mine. Etc.

But guess what – now many years later, we still as a profession haven’t moved past the administrative borders yet. Hence, herewith

A declaration of intent to develop an audit framework for the IoT world.

Yes, there’s a lot of ground to cover. All the way from classification of sensors and networks, up to discussions about privacy, ethics and optimistic/pessimistic (dystopian) views of the Singularity. And all in between that auditors, the right kind, IS auditors with core binary skills and understanding of supra-supra-governance issues, might have to tackle. Can tackle, when with the right methodologies, tools, attitude, and marketing to be able to make a living.

Hm, there’s so much to cover. Will first re-cover, then cover, step by step. All your comments are welcomed already.
[Edited to add: Apparently, at least Checkpoint (of firewall fame oh yes don’t complain I know you do a lot more than that yesterday’s stuff; as here) has some offerings for SCADA security. And so does Netop (here). And of course, Splunk). But admit; that’s not many.]

Meet no more, continuously, and excel

I posted before on the atrocities of current-day meeting practices. And on the changing role of the Document, here.
The latter, provided some thought towards predicting the demise of the former: When we’re connected (at the information level, not mere technically) constantly and continuously, wouldn’t all the errors of meetings be resolved (resolvable) by not having them anymore, or at least, re-styling them in a wholesale manner?
First, a picture:
[Reflections of – the way life used to be (lyrics)]

I mean, all the meeting errors have been allowed to play out because the in-charge’s liked them, for the display of faux leadership caricature they provided. But with the change towards always-on mesh communications, which is do-or-die, the very reasons to have meetings diminishes. Social advantages of meeting F2F, that were collateral ‘damage’, may still be around but in the form of having drinks. Who’d need more? and now recognize the benefits outright, without the formal hassle and hilarious chair and topper pomp.

Though I treasure the value of the Document, if, very big if, it is in itself an attempt to Masterpiece. Which it sometimes is, in organisations, but then, so desperately few would survive public muster. Yes, there’s a trend towards deployment of Narratives everywhere. But that’s not what I mean here. I mean stuff like Books, nuggets of Culture carried through the ages. Where mere documents, even, let alone casual socmed conversations, will leave no (! storage re-use needs, TLA?) trace of your existence. As the Greek Hell beyond the underworld: In the underworld, even the villains were still known by name. But beyond that, in Hell, wailed the spirits of the Forgotten, the nameless. That truly was as bad as hell could get. And, of course, true heroes would attach to the pantheon, become stars and constellations. Do you strive for that, when filling out the TPS report at Initech? If you had to look that up, you’re on the naïve side of young…

Well then, to summarise: Meeting mania is curable, and Documents sharpen our skills. What a blunt conclusion. But don’t blame me when your greatness takes off.

Let It Go

Some paragraphs before you get into it, but True. As frequent readers of this blog may have learned from my rants against the top-down hierarchical approach. As Roger Waters (et al) sang: The Tide Is Turning… Hopefully.
And a pic to lighten up your day:
[Yes yet again…]

Clustering the future

Was clustering my themes for the future of this blog. Came up with:
[Sizes, colours, or text sizes not very reflective of the attention the various subjects will get]
Low sophistication tool, eh? Never mind. Do mind, to comment. On the various things that would need to be added. As yes I know, I have left much out of the picture, for brevity purposes. But will want to hear whether I missed major things before I miss them, in next year’s posts. Thank you!
And, for the latter,
[Bah-t’yó! indeed]

To watch: Firebase

Was tipped via this article. Firebase to be the next thing. Promising, in its a tempo development; seems to be one element of what the world needs right now in terms of moving forward, innovation. Though maybe it may remain out of sight for most consumers, businesses may build a whole new, upgraded set of tools for users on top of this data handling platform.
And be better at using your data than just flat invasive (sic) analysis. The battle field will be compliance with (new) EU privacy regulations. E.g., re transparency of the controllers and processors; that will be a tad more difficult to pull off than now.

Though entirely your opinion on this development now being in the hands of Big G.

Anyway, again from here:
[How many tourists would see this ..? Tar’ga Catalunya]

Pulling, and pushing the compliance boundaries

A reblog again, delving into the breath of being the peers that pressure towards conformity or be the Maverisk that wants to prevent stale and mould. Read past the starting stuff, and find the value of nonconformity explained. If you don’t see that… You may be the one most in need …
And,
[Accelerating, not so bad]

Wired / Tired / Expired, November 2014 edition

DSCN1324
[Weirdo’s – closing at 17:00h … doesn’t time melt for this artist, in this country (sic) …?]

Yes here’s the November edition of my Wired / Tired / Expired jargon watch overviews, a mixed bag again:

WIRED	TIRED	EXPIRED

Yik Yak, Ello, Tsu	The other anons (?)	Whatsapp et al
As in this, where as only the very old folks remember fubbuk started. And the other ones, here.	Already not making it past the tipping point? I mean, where are Whisper / Kik / Telegram / WeChat / Line / Viber / Wicker / Threema / surespot ? And this, as elsewhere on this blog.	Mehhh, as in the elsewhere mentioned on the left.

Poodle	Beast	Heartbleed
Because it’s “not much of an issue” as it affects end point consumers only … OUTRAGE! They are your customers, they are the huge numbers, they are the incapable to cure (also since a fraction of B2C’s doesn’t effing care). If only server-owning companies were the vulnerable, with their very few numbers, their resolution capacity, and their economic interests.	Yeah, yeah, working on it.	Really? Still?

Taking action	Taking symbolic action	Taking no action / denying any problems (tie)
E.g., by forking out another $250M, not just peanuts. Because pay the peanuts, get the monkeys.	… Or is the previous still only window dressing ..? Maybe some, silent, action might’ve cost much less. Anyway, symbolic action will prove to be the infosec czar’s new clothes.	Legally invalid. Demonstrating incapacity to function normally in today’s business world.

Docker	Google Docs	‘Private cloud’
Just as in this, and this and this – since the latter two.	Into the main stream.	Dumb outsourced data center, virtual or not. With all the privacy ramifications, without scalability (!) or efficiencies.

IoT detailing ever further	IoT! Mixed up with Wearables et al.	Cloud, ROSI etc.etc.
This kind of details … And these.	Pls learn to discriminate or you mess up the discussions. Which will be, at all levels of abstraction and everywhere, as under W.	Totalitarian Bureaucrat talk.

Not caring (to be seen)	Faux 1% philantropy	Posing
Hanging out at http://www.beriestain.com/ for example, just among like-minded self-sufficients (for peace of mind, not needing external recognition).	Clearly, this.	Uggg-gh!

OK, any suggestions for next month’s edition ..?

Flexing work vans

A thought just popped into my mind: If people are expected to be ever more flexible as for place of work, why would we still be tied up in concrete offices ..? Even if we move around, it is from concrete intensive-people-farm to the next, however flexible and nice it all may look. And all the flex space flex rent stuff is similar; tying people up to addresses.

Rather, wouldn’t it be of use if there were another variant suitably professionally organized, I mean not something like this:
[Hey, it’s someone’s office …]

But rather something a tiny bit more upmarket. Like:
[or just a little less conspicuous, with more actual desk space, filing possibilities (still, in this time and day), etc., for, probably, some quite a bit more affordable investment money and maybe a little more like above-linked ‘offices’ that this out-of-fashion posh]

So that the great many that aren’t at Queen Bee level that everyone flocks to – i.e., everyone, in the near future, in the flat(ter) network ‘organisations’ – can simply drive to the gathering places (previously known as parking lots) of choice and nearness to whatever client, and hook up the fully-equipped office to some power (charging the car battery and the equipment) and network to just do whatever work needs to be done. Could be downtown, could be at the park or beach front.

Oh well. It was just an idea….

Truth

Still haven’t heard the explanation on:
versus:

Really. How rebellious. How focused on uncompromising perfect design as the key (’cause functionality-wise, lagging before inception), ‘shocking’ the globe.
I still haven’t heard anyone have an explanation. Would you ..?

Spam (out) of control

How is it that for decades, we had been used to managerial spans of control being in the 5-to-10, optimal (sic) 8 range, whereas what we had in the past couple of decades is spans of control in the 2-3 range mostly ..? [Duh, exceptions and successful organisations aside…]

Because I came across some post on a well-known business site where there’s an early simple statement that a span of control of 10 would not only be normal, but outdated as well, as the span could be at 30.
Well, I doubt the latter, as this would conflict with a lower ‘Dunbar’ number which indeed is about 8, with ramifications for informal control as outlined in this Bruce masterpiece. Oh yes now it springs to mind the 8 figure was taken by the military, the ultimate built-for-survival organization, to be the optimal span of control, and taken over to business for its apparently attractive all-business-is-war metaphor – where the attraction is there only for those not really exposed to the gore of war, I guess.

But whether it’s 8, 10 or 30, the optimal span of control clearly is larger than the common today’s practice.
Which has implications:

Too low a number will inevitably lead managers to seek to have something to do. Busywork, in their role leading to excessive micromanagement (yes pleonasm but on purpose) and/or excessive meeting behavior, in particular with their underlings and/or likewise trapped colleagues, like an AA group. Thus burdening the underlings with time taken away from actual content work and the need for Action item lists and reporting blub. Thus burdening colleagues with all sorts of time lost on, what actually is, whining.
Too low a number and the micromanagement leads to extreme (far overextended) controls burdens on the ones who’d actually produce anything of value instead of producing negative value with all their externalities like managers may commonly do. This burdening then leads to ‘process’, ‘procedures’ etc., to ‘standardise’ (otherwise, understanding of actual content would be required; the horror to managers!), hollowing out even further the value of any work done. As in the abovementioned / linked Forbes article; the Peter principle will reign.
Too low a number and the standardisation will drive out the creativity (in process and in product/service design/production/delivery) that is required ever more than before to counter the ever more changing environment. As I typed this, this article arrived…

So yes, we all need to focus on upping the number. To counter stalemates. To counter bureaucracy heavens. To regain flexibility.
But still, still, this could only work IF, very very big IF, ‘managers’ (not to address actual managers, that I value enormously!) can loosen their frantic, fear-of-death-like Totalitarian Control attitude.
Which I doubt. But then, organisations relying on these (whether already or after they will have crowded-out the actual managers via the Peter principle and acolyte behavior) will loose out to the upstarts that do keep the mold out.

And, finally, of course:
[Was safe, now the highway passes by somewhere down below, leaving the ‘secured’ stranded upon high; Carmona]