iBoss blog: Understanding the keys to writing successful ransomware

It is ironic that we have to look towards the authors of ransomware as examples of some of the leading aspects of software engineering. And while what they are doing is reprehensible and criminal, they ply their trade with improvements in customer service, using the cloud to package their programs, and lead in understanding the psychology of their ultimate victims. With all this effort going towards developing malware, it isn’t that surprisingly that this category has become very adept at making money. Perhaps legit software vendors can learn from some of these experiences, while hopefully avoiding some of the darker forces.

In my blog for IBoss today, I talk about some of these issues.

IBM SecurityIntelligence blog: Can You Still Protect Your Most Sensitive Data?

An article in The Washington Post called “A Shift Away From Big Data” chronicled several corporations that are actually deleting their most sensitive data files rather than saving them. This is counterintuitive to today’s collect-it-all data-heavy landscape.

However, enterprises are looking to own their encryption keys and protecting  their metadata privacy. Plus, there is a growing concern that American-based companies are more vulnerable to government requests than offshore businesses.

You can read more on IBM’s SecurityIntelligence.com blog here.

The death of the editor-in-chief

This piece was written for Sam Whitmore’s MediaSurvey, which is a subscriber-only site. I have reposted it with his permission.

We have come to the end of an era. It is time to retire a professional title that was significant role in my own life, that of the Editor-in-Chief or EIC. It now has little significance for those in online publishing, perhaps because the entire editorial department has collapsed into a single individual. As in, the EIC is also the copy editor, chief illustrator (thanks, clipart), social media promotions manager, and freelance manager. We might as well add the roles of lunchroom monitor and basketball coach too, for all that they matter.

To say that editorial operations have changed from back in the day when I was EIC at Network Computing in the early pre-web 1990s is an understatement. It is a completely different world. Look at some of the magazine mastheads from that era: there are dozens of roles that are historical curiosities now. It is like looking at the Dead Sea Scrolls. “Yes, sonny, back in my day we printed things on dead trees, and put them into the mail. And we walked five miles uphill to school too.” Who uses ordinary mail, and many kids learn online. Is there anything that the Internet can’t do now?

We had a significant editorial staff: some 20 people, some million or so dollars in annual salaries. Oh what fun I had back then. Not everyone wrote for the publication, but all contributed towards creating a solid editorial product every month. Remember art directors? Another job title that is headed for the scrap heap. Since then, I held other EIC titles and have run online publications with varying sized staffs, but never that big and for that much budget. Little did I know that my first EIC job was going to be the best of them.

Today we don’t have that luxury of having an editorial staff. If the EIC still writes their own stuff, they have a pressure to get it posted online within moments of the actual news event: how many posts on the Microsoft/LinkedIn deal did you read Monday morning, barely minutes after the acquisition was announced? You don’t have time to do a copy edit, or even check the facts, before you get something online.

Sure, there are pubs that have huge (by comparison) editorial staffs and probably still have EICs that can lay claim to the title, but they are by far the exception. Look how many publications Techtarget still has: Each one has a miniscule staff, with a lot of shared services. And I mean no disrespect for them; they are just an obvious example. When I was at EETimes back in the mid 2000’s, their print revenue was 10x or 20x their online revenue, and healthy revenue it was. Not so today. No one prints on dead trees anymore. It seems even silly to say so.

Now the current tech publishing model isn’t really about the articles. Instead, it is all about how you can pay the bills with other things: custom publishing and lead generation and conference sales – in other words, with everything but your actual editorial product. Who needs editorial product, anyway? Bring in the copywriters!

When I was last at ReadWrite, I ran a successful editorial effort with several full time editors and numerous freelancers. The company had just been purchased by an online advertising agency called, ironically, Say Media. Their first question: do you intend to still do copywriting for ReadWrite? Ahem, I didn’t realize that the rebel alliance had taken over. Or maybe it was the dark side of the Force, if I want to have the right Star Wars metaphor. Whatever, Say What? I didn’t last long as a “copywriter.”

Regardless of what the job I was doing was called, the problem is those golden words that I have written over the years used to be the crank that turned the cash machine on. It was words that got readers to open the pages, which in turn drove advertisers to plunk down thousands per fullpage ads. Thanks to the web, there are no more printed pages, and ad rates are down. Way down. If you the reader doesn’t click, we the writers don’t get paid.

But the web isn’t only to blame: that just started the process of decline of the EIC. What really killed him or her off was the very nature of the web publication itself has changed. When every article that I write lives or dies based on the clickstream, you are just a Google entry away from obscurity – or fame and becoming a viral meme. Nowadays the time that I spend promoting, tweeting, reposting, commenting, and cajoling and trying to find readers is just as much as the time spent interviewing, testing, researching and writing. Social media is the cart now driving this old workhorse.

So say farewell to the EICs, may they RIP. Soon we will take our place next to buggy whip operators in history. Please take a moment and honor their memory.

EventTracker blog: Should I be doing EDR? Why anti-virus isn’t enough now

Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR), such as those that integrate with SIEMs, that can recognize errant behavior and remediate endpoints quickly.

I like to think about EDR products in terms of hunting and gathering. You can read more in my post in EventTracker’s blog this week here.


Fast Track blog: The benefits of being in a hackathon

With the number of coding for cash contests, popularly called hackathons, exploding, now might be the time that you should consider spending part of your weekend or an evening participating, even if you aren’t a total coder. Indeed, if you are one of the growing number of citizen developers, you might be more valuable to your team than someone who can spew out tons of Ruby or Perl scripts on demand. I spoke to several hackathon participants at the QuickBase EMPOWER user conference last month to get their perspective. You can read my post in QuickBase’s Fast Track blog today.

Fast Track blog: Lessons Learned From IT Asset Management

As a citizen developer, trying to manage your IT assets can be tough. Keeping track of such things as programs, servers, policies and procedures requires discipline, organization, and best practices that those of us who were raised in the IT school of hard knocks had to learn along the way. Here are a few tips from the IT pros to help you out.

You can read more on the QuickBase Fast Track blog here.

Wanted: more women in software

The tech business for years has had an awful record of employing and retaining female engineers, and this record is getting worse. Women represent less than a third of the typical firm’s engineering staff, and in some cases such as Twitter only 10% are engineers. Top tech management ranks are almost exclusively male.

Over the years, I have accepted this sad fact of our industry, but this week I was at a conference that was almost all populated with women and girls. It was an eye opener for me. Like many of you, I have gotten used to being in a mostly male audience when I attend or speak at tech conferences. This event was called “She’s Pivotal” and the title was purposely multiple meanings. It was organized by the software vendor to showcase the brainy and accomplished women that it employed, along with some stalwarts from St. Louis. It was inspiring and a bit uncomfortable, which is what I imagine many of the female nerds feel when they sit in a typical meeting. One woman in her 50s spoke about when she first started her career; she was the sole member of her gender in most of her meetings. “Now things have progressed to where there are two or even sometimes three of us in a room.” I guess that is progress.

Then there is this: engineering schools graduate many more women that either never end up actually doing any engineering, or who leave the field after a few years. This research from last year found that nearly 40 percent of women who earn engineering degrees quit the profession or never enter the field at all. There could be a variety of reasons for this: after all, many male engineering grads also don’t end up doing engineering too.

One of the ways for tech firms to get more sensitive about women engineers was an effort last year that started to count their actual makeup. Software developer Tracy Chou’s began a voluntary collection effort on GitHub to keep track of these numCkhbciiWgAAc_ypbers, and numerous firms have entered their workforce gender info on her project. Most firms have less than 20% women, but there are a couple of standouts. For example, Thoughtworks has 29% with 655 women engineers, and Wells Fargo has 24% with 1300 engineers. While not listed, I do know that Mastercard has lots of women in their workforce, and they had several of them (as shown above) attending the event.

Another way is to start recognizing how women can make an engineering staff better, just by their presence. The women managers on the panel spoke about how it wasn’t their coding prowess but their ability to collaborate with others and form strong teams to get projects done. They came from companies such as Express Scripts, EMC and Monsanto. All held management titles and some of them have been around for 15 or 20 years in various engineering positions.

One speaker gave three suggestions for women to succeed in tech. “Try everything to see what you like, when in school take at least one business and engineering class, and just remember that it’s never too late to get more technical education or experience.” All are great ideas.

Ironically, Pivotal themselves isn’t the best example. While Cornelia Davis, their CTO, gave an excellent talk at their event, if you go to their management page online you can see a page of all male faces there. But at least they recognize that it is time for a change, and allowed Davis and other staff members to participate in this event. Certainly, Pivotal isn’t alone: most tech companies, indeed most companies, have all male executive suites. Sadly, the glass ceiling is still firmly in place.

me at 63 worlds fairThen there is the movement called #ILookLikeAnEngineer on Twitter. Last year women engineers started posting their pictures with this hashtag. It is a great idea, because the more we all can see them and can realize that there is no singular “look” the better we all will be. Of course, I posted this picture from my childhood that fits the popular stereotype. (Once a nerd, always a nerd.) Those of you that are engineers, I encourage you to post your own selfie.

One of the goals for the event was to get young girls interested in engineering fields while they were still in high school, or even younger. The event was co-sponsored by CoderGirl, a local effort that holds weekly coding meetups to help teach women and girls programming concepts. I spoke to several of the girls at the event who were considering going in this direction, and they all felt encouraged by what they heard from the professional presenters. One girl asked whether she could actually cut it in engineering, given that she wasn’t very good in math. The answer was most definitely yes: Tammy Hawkins, who went on at Mastercard to invent the “Selfie Pay” authentication app, told us that she too wasn’t a math whiz, and managed to just barely pass her last college math course. “But that was fine, because there are always people who can help you who know more,” she said.

That is actually an important point. Many of us – men and women alike – don’t often apply for a job because we don’t think we have the self-confidence or skills required. Programming is a very collaborative culture, and these days teams of programmers work together on solving problems and producing code. You aren’t always going to be the smartest person in the room.

It is time that all companies adapt to a more diverse workforce if they want to succeed. And we need to be on the leading edge in tech. It is time to fix this.