Flying The Miserable Skies

So I had booked up on the airline to go to the Florida Keys.

You have to go to Miami first and switch flights—it’s a two-legged trip.

But I decided after the first flight to just to stay in Miami and not go on the second flight to the Keys.

Since the flight was overbooked—not only didn’t the airlines lose anything by me not going, they actually benefited by having my empty seat for another passenger—and making money twice off of the same seat.

Yet, the airline demanded that I pay them a change ticket fee.

This is the first time that I heard of being asked to pay extra for not using a product or service.

Common sense and basic business practice is that if you don’t use something, you get a credit or refund, but the airline was actually demanding I pay an extra fee for this so called “change.”

I explained politely that I didn’t change anything and that I just wanted to be able to get home.

They said even by not getting on another flight that is a change—and as the customer service representative (and I choke on even calling him that) then went on to say, “you will pay for that mistake!”

I reiterated that I didn’t make a mistake or any change, I simply decided not to use the second leg of the trip.

I asked to see a copy of the policy or guidelines where I had to pay for not using something, but the customer rep refused this.

He may as well have said, “Who needs right, when we have might?”

Basically, it came down to, “If you want to go home, you will have to pay.”

As if this wasn’t enough, when I arrived at the airport, another airline representative made me put my rolling carry-on into the sizing device to check that it would fit in the overhead.

Dar-gone-it—I bought it specifically for just that purpose, as it was advertised—why go through this?

In the airport, in front of everyone, they made me empty my things out and put some in another bag to skinny the first–“just a little.”

Then they said, uh ha, now you have an extra carry-on we can charge you for—but I didn’t, I only had two bags, total!

Later, in the airport, I overpaid for a stale sandwich and diet soda.

And for the first time, even after going through airport security and showing my boarding pass and picture identification once, I was then asked to do it all over again—while “walking the plank” to board the flight, with suitcase and sandwich in hand.

Not long after I sat down, an airline attendant literally shoved my seat up straight, and then reminded me put up my seat before takeoff! Yet the seat was already up—the whole time.

Another comes up and asks me if I was the one who asked about the Internet—no, it wasn’t me, but there’s another customer somewhere onboard who did ask about it—they just forget who it was—oh well.

It used to be that the airlines were just overcrowded, the bagged peanuts were skimpy, and the recycled air was nauseating, but now the flying experience is at a whole new level of yuck!

This is no way to run an industry, treat customers, or generally do business.

On the airline, the stewardess gets on the mic and says “welcome to {Blank} airlines” and hope you enjoy the ride—unfortunately, they are riding all of us. 😉

(Source Photo: here with attribution to Kuster and Wildhaber Photography)

Cyberwar–Threat Level Severe

!This video is of an incredible opening statement by Rep. Michael McCaul (R-TX), Subcommittee Chairman on Oversight, Investigations, and Management on the topic–Cybersecurity Threats to the United States.Some of the highlights from his statement:- America’s computers are under attack and every American is at risk.

– The attacks are real, stealthy, persistent, and can devastate our nation.

– Cyber attacks occur at the speed of light, are global, can come from anywhere, and can penetrate our traditional defenses.

– In the event of a major cyber attack, what could we expect? Department off Defense networks collapsing, oil refinery fires, lethal clouds of gas from chemical plants, the financial systems collapsing with no idea of who owns what, pipeliness of natural gas exploding, trains and subways derailed, a nationwide blackout. This is not science fiction scenarios. (Adapted from Richard Clark, former Senior Advisor of Cyber Security)

– It is not a matter of if, but whena Cyber Pearl Harbor will occur.  We have been fortunate [so far]. (Adapted from General Keith Alexander, Director of the NSA).

I believe we must address these threats and our vulnerabilities in at least five main ways:

1) Increase research and developmentfor new tools and techniques–both defensive and offensive–for fighting cyberwar.

2) Establish a regulatory frameworkwith meaningful incentives and disincentives to significantly tighten cybersecurity across our critical infrastructure.

3) Create a cybersecurity corpsof highly trained and experienced personnel with expertise in both the strategic and operational aspects of cybersecurity.

4) Prepare nationwide contingency plansfor the fallout of a cyberwar, if and when it should occur.

5) Create a clear policyfor preventing cyberattacks by taking preemptive action when their is a known threat as well as for responding with devastating force when attacks do occur.

With cyberwar, just as in conventional war, there is no way to guarantee we will not be attacked, but we must prepare with the same commitment and zeal–because the consequences can be just, if not more, deadly.

Have Your Voice Heard

There is a new application from the White House called “We The People” for crowdsourcing public opinion and getting your voice heard on policy issues.

This is an easy way to let the administration know your opinions and get others to sign on as well.

It’s simple to set up an account–just input your name, email, and zip code and verify your account.

Then you can sign existing petitions or create your own and share the link with others via email, Facebook, Twitter, etc.

Here’s how to create a petition in 10 easy steps:

1) Sign on to your White House.gov account

2) Create an action statement (i.e. petition headline)

3) Select up to 3 issue categories

4) Review existing petitions on the same subjects

5) Sign the other petitions and/or create your own

6) Describe your petition in 800 words or less

7) Add key words (tags).

8) Preview and edit

9) Publish

10) Share

According to the site, the current threshold for getting an official response is 5,000 signatures within 30 days.

So petition away and let your voice be heard on important issues to you–this is your hotline to the President and his staff.

I can’t think of a better use of social media than this.

(I work for the government, but am not representing them here…all opinions my own.)

Visualizing IT Security

I thought this infographic on the “8 Levels of IT Security” was worth sharing.

I thought this infographic on the “8 Levels of IT Security” was worth sharing.

While I don’t see each of these as completely distinct, I believe they are all important aspects of enterprise security, as follows:

1) Risk Management – With limited resources, we’ve got to identify and manage the high probability, high impact risks first and foremost.

2) Security Policy – The security policy sets forth the guidelines for what IT security is and what is considered acceptable and unacceptable user behavior.

3) Logging, Monitoring, and Reporting – This is the eyes, ears, and mouth of the organization in terms of watching over it’s security posture.

4) Virtual Perimeter – This provides for the remote authentication of users into the organization’s IT domain.

5) Environment and Physical – This addresses the physical protection of IT assets.

6) Platform Security – This provides for the hardening of specific IT systems around aspects of its hardware, software, and connectivity.

7) Information Assurance – This ensures adequate countermeasures are in place to protect the confidentiality, integrity, availability, and privacy of the information.

8) Identification and Access Management – This prevents unauthorized users from getting to information they are not supposed to.Overall, this IT security infographic is interesting to me, because it’s an attempt to capture the various dimensions of the important topic of cyber security in a straightforward, visual presentation.

However, I think an even better presentation of IT security would be using the “defense-in-depth” visualization with concentric circles or something similar showing how IT security products, tools, policies, and procedures are used to secure the enterprise at every level of its vulnerability.

IT security is not just a checklist of do’s and don’t, but rather it is based on a truly well-designed and comprehensive security architecture and its meticulous implementation for protecting our information assets.

Does anyone else have any other really good visualizations on cyber security?

(Source Photo: here)

Misappropriating Twitter

By now we are all familiar with the news story regarding a prominent lawmaker, recently married, who admitted to a longstanding pattern of inappropriate sexual exploits via Twitter.

 

As The Wall Street Journal (9 June 2011) notes, the individual got caught when he “mistakenly sent the photo to tens of thousands of Twitter followers,” rather than as a private message.

 

As a public servant who is a proponent of social media technology used appropriately, I was very concerned when I saw this in the news (note: all opinions my own).

 

The government needs social media tools like Twitter. It is an important tool for sharing information and alerts. It is obviously not for “sexting” your followers, especially with a Twitter handle that is apparently coming from someone in the government.

 

Twitter is an important means of engaging the public in important ways, moving this great country forward on policy issues and a vision that is noble, righteous, and for the betterment of our world. What a shame when these tools are misappropriated!

 

So while I cannot say “with certitude” what exactly this person was thinking, I am certain that we need social media in government and that there are numerous positive ways for it to be applied.  With the caveat that the basis for social media by anyone in government has to be truth, transparency and genuine outreach on issues of importance to the people.

 

A lot of government people and agencies are doing a good job with Twitter and other social media tools. Let’s go back to focusing on the positive work that we can do with them, even as we note with caution how badly they can be misused. 

 

>Enterprise Architecture Panel – Snowmaggedon and the End of the (Desktop) World: The Mobile Workforce

>

[Pictured (Left to Right): Andy Blumenthal, Chief Technology Officer, Bureau of Alcohol, Tobacco, Firearms and Explosives; Ms. Doreen Cox, Chief Enterprise Architect, U.S. Customs and Border Protection; Mr. Rod Turk, Chief Information Security Officer, U.S. Patent and Trademark Office.]

Introduction:

Good afternoon. I’m Andy Blumenthal, the Chief Technology Officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF). It’s a great honor for me to be here with you today to talk about telework and how EA is shaping it’s adoption.

Just coming out of the blazing hot summer, the blizzard this past February seems like ages ago. Yet this storm brought the federal workforce in D.C. to a halt for 6 days, costing more than $100 million in lost productivity per day. This was offset only by the 1/3 of the federal workforce which was teleworking.

Just in case you don’t remember take a look at this:

I still remember Snowmaggedon because that was when we shoveled out the wrong car because the snow was so high we couldn’t see which was ours.

More seriously though, telework benefits federal agencies in many ways:

1. Increases productivity
2. Enhances work-life balance and morale
3. Helps the environment by keeping cars off the road
4. Can save the taxpayer money by reducing the agency’s footprint

Data from the Telework Research Network indicate that telework could save agencies and participants as much as $11 billion annually (on such things as real estate, electricity, absenteeism, and employee turnover) and that if eligible employees telecommuted just one day every other week, agencies would increase productivity by more than $2.3 billion per year (driven by employee wellness, quality of life, and morale).

According to OPM telework adoption is growing. As of 2008, telework increased 9% over the previous year and now slightly more than 5% of the federal workforce are teleworking.

Telework got a boost when the House and the Senate passed similar bills–in May and July respectively–to expand telework opportunities. The two chambers now must reconcile their versions before a final bill heads to President Obama for approval. The Telework Enhancement Act would make employees presumptively eligible and require that agencies establish telework policies, designate a telework managing officer, and incorporate telework into agency’s continuity of operations plans.

Five years ago nobody would’ve thought that EA would inform the discussion on telework. EA was still primarily a compliance only mechanism and didn’t have a real seat at the decision table. Now thanks to the efforts of all of you, it’s strategic benefit is recognized, and EA is playing a vital role in planning and governing strategic IT decisions such as in investing and implementing telework solutions for our agencies.

Our distinguished panelists here today will discuss how EA is informing the discussion of telework from both the policy, systems, and security perspectives.

>Work-Life Balance

>

See my new article in Public CIO (June 2010) promoting healthy Work-Life Balance and the technology tools and policies that enable it.

>Can Microsoft Stomp Out The iPhone?

>

So much for letting the best product win. According to the Wall Street Journal, 13-14 March 2010, Microsoft is forcing their employees to “choose” Microsoft phones for personal use and to push those who don’t into hiding.

Is this a joke or a genuine throwback to the Middle Ages?

Apparently this is real: “Last September, at an all-company meeting in a Seattle sports stadium, one hapless employees used his iPhone to snap photos of Microsoft Chief Executive Steve Ballmer. Mr. Ballmer snatched the iPhone out of the employee’s hands, placed it on the ground, and pretended to stomp on it in front of thousands of Microsoft workers.” That sends a pretty clear message!

I guess the employee can consider himself lucky that Mr. Ballmer didn’t put him (instead of the iPhone) on the ground underneath his foot or perhaps maybe even just burn him at the stake for heresy against Microsoft.

Further, in 2009, Microsoft “modified its corporate cellphone policy to only reimburse service fees for employees using phones that run on Windows.”

While many workers at Microsoft can evidently be seen with iPhones, others are feeling far from safe and comfortable doing this. According to the article, one employee told of how when he meets with Mr. Ballmer (although infrequently), he does not answer his iPhone no matter who is calling! Another executive that was hired into Microsoft in 2008 told of how he renounced and “placed his personal iPhone into an industrial strength blender and destroyed it.”

Apparently, Mr. Ballmer told executives that his father worked for Ford Motor Co. and so they always drove Ford cars. While that may be a nice preference and we can respect that, certainly we are “big boys and girls” and can let people pick and choose which IT products they select for their own personal use.

While many employees at Microsoft have gone underground with their iPhones, “nearly 10,000 iPhone users were accessing the Microsoft employees email systems last year,” roughly 10% of their global workforce.

My suggestion would be that instead of scaring the employees into personally using only Microsoft-compatible phones, they can learn from their employees who choose the iPhone—which happens to have a dominant market share at 25.1% to Microsoft 15.7%—in terms why they have this preference and use this understanding to update and grow the Microsoft product line accordingly. In fact, why isn’t Microsoft leveraging to the max the extremely talented workforce they have to learn everything they can about the success of the iPhone?

It’s one thing to set architecture standards for corporate use, and it’s quite another to tell employees what to do personally. It seems like there is a definite line being crossed explicitly and implicitly in doing this.

What’s really concerning is that organizations think that forcing their products usage by decree to their employees somehow negates their losing the broader product wars out in the consumer market.

Obviously, IT products don’t win by decree but by the strength of their offering, and as long as Microsoft continues to play medieval, they will continue to go the way of the horse and buggy.

>Damned If You Do, Damned If You Don’t

>

Frequently employees face double-bind message in the workplace and these not only impair morale, but also can result in poor decision-making.

One example has to do with whether we should apply tried and true, best practices or be creative and innovative. This manifests when employees bring innovative approaches to the table to solve problems are told, “there’s no reason to recreate the wheel on this.” And then when the employees take the opposing track and try to bring established best practices to bear on problems, they are told disparagingly “ah, that’s just a cookie cutter approach.”

Another example has to do with when and how much to analyze and when to decide, such that when employees are evaluating solutions and they hustle to get a proposal on the table, only to be told they haven’t done enough work or its superficial and they need to go back, “do due diligence, and conduct a more thorough evaluation.” Then when the employees go back to conduct a thorough analysis of alternatives, business case, concept of operations and so on, only to be told, “what is taking you so long? You’re just getting bogged down in analysis paralysis—move on!”

I am sure there are many more examples of this where employees feel like they are in a catch 22, between a rock and a hard place, damned if they do and damned if they don’t. The point is that creating contradictions, throwing nifty clichés at employees, and using that to win points or get your way in the decision process, hurts the organization and the employees that work there.

What the organization needs is not arbitrary decision-making and double-bind messages that shut employees down. Rather, organizations need clearly defined, authoritative, and accountable governance structure, policy, process and roles and responsibilities that open it up to healthy and informed debate and timely decisions. When everyone is working off of the “same sheet of music” and they know what is professionally expected and appropriate to the decision-making process, then using clichés arbitrarily and manipulating the decision-process no longer has a place or is organizationally acceptable.

We can’t rush through decisions just to get what we want, and we can’t bog down decisions with obstacles, just because we’re looking for a different answer.

Sound governance will help resolve this, but also necessary is a leadership committed to changing the game from the traditional power politics and subjective management whim to an organization driven by integrity, truth, and genuine progress based on objective facts, figures, and reason. Of course, changing an organization is not easy and doesn’t happen overnight, but think how proud we can be of our organizations that make this leap to well-founded governance.

>Implementing IT Governance

>

IT governance is often implemented with the establishment of an IT Investment Review Board (IRB) and Enterprise Architecture Board (EAB); but to get these to really be effective you have to win the hearts and minds of the stakeholders.

Here are some critical success factors to making IT governance work:

• Management buy-in and commitment—this is sort of a no-brainer, but it’s got to be said; without senior management standing firmly behind IT governance, it won’t take root and IT projects will continue to fly under the radar.
• Prioritizatuion and resourcing—EA, IT Strategic Planning, and IT governance compete with IT operations for resources, management attention, and prioritization. More often than not, many not so savvy CIOs value putting some new technology in the hands of the end-user over creating strategic IT plans, developing transition architectures, and implementing sound IT governance (they do this at risk to their careers and good names!)
• Policy and procedures—IT governance needs a firm policy to mandate compliance to the user community; further the procedures for users to follow need to be clear and simple. IT governance procedures should integrate and streamline the governance processes for authorizing the project, allocating funding, conducting architectural reviews, following the systems development life cycle, managing the acquisition, and controlling the project. End-users should have a clear path to follow to get from initiating the project all the way through to close-out. If the governance mechanism are developed and implemented in silos, the end users have every reason in the world to find ways to work around the governance processes—they are a burden and impede timely project delivery.
  
• Accessibility—Information on IT governance services including the process, user guides, templates, and job aids needs to be readily available to project managers and other end users. If they have to search for it or stick the pieces together, then they have another reason to bypass it all together.
• Enforcement—there are two major ways to enforce the governance. On the front end is the CIO or IRB controlling the IT funding for the enterprise and having the authority to review, approve, prioritize, fund, monitor, and close down IT projects. At the back-end, is procurement; no acquisitions should pass without having demonstrated compliance with the IT governance processes. Moreover, language should be included in contracting to enforce EA alignment and compliance.
• Cultural change-Organizations need to value planning and governance functions. If operations always supersede IT planning and governance, then both business and technical stakeholders will feel that they have a green light to ignore those functions and do what they want to do without regard to overall strategy. Further, if the culture is decentralized and governance is managed in silos (one manager for SDLC, another for EA, yet another for requirements management), then the processes will remain stove-piped, redundant, and not useable by the user community.
• Communication plan—the governance process and procedures need to be clearly communicated to the end users, and it must address the what’s in it for me (WIIFM) question. Users need to understand that their projects will be more successful if they follow the IT plan and governance processes. Those are in place to guide the user through important and necessary project requirements. Further, users are competing for resources with other important IT projects, and user will benefit their projects by making the best business and technical case for them and following the guidelines for implementing them.