Random Acts of Architecture

Tales of an architect trying to bring order to the chaos that is modern information technology.

Monthly Archives: January 2017

Rebranding Corporate Politics

politicsThe term “corporate politics” conjures up images of sycophantic, self-serving behavior like boot-licking and backstabbing. However, to some IT professionals’ chagrin, we work with humans as much as computers. Dismissing humans is dismissing part of the job.

The best way to “play” corporate politics is solve big problems by doing things you enjoy and excel at.

“Big problems” means problems faced not just by your team but by your boss’s boss, your boss’s boss’s boss and so on. If you don’t know what they are, ask (easier than it sounds). Otherwise, attend all hands meetings, read industry literature or look at your leaders’ social network posts, particularly internal ones.

This is not just for those wanting promotions into management. Individual contributors still want better benefits and higher profile or challenging projects. These come easiest to those known to be providing value and not the strict meritocracy some IT professionals think they work in.

Start by solving small problems as side projects. Choose something impacting more than your own team and minimize others’ extra work. Build up to bigger problems once you have demonstrated ability and credibility.

You need not be the leader. Assisting others making an effort can be just as effective. You can own part of it or bask in the halo effect. If not, recognize those that are. This creates a culture of recognition that may recognize you in the future.

While some IT professionals solve big problems everyday, communicating and evangelizing their work “feels” wrong. This what salespeople do, not IT professionals. Many also think their work is not interesting.

Being successful requires people knowing what you do. This may be as simple as a short elevator chat, a brown bag talk or a post on the corporate social network. It also helps get early feedback and build a like-minded team. Others will be interested if you are working on the right things.

What about the potentially less savory aspects of corporate politics like work social events, sharing common interests with management, supporting corporate charities and so on? These are as much an art as a science. Focus on common goals and building trust, internally and externally. People like to deal with people at their level and contact builds familiarity.

However, this is no substitute for solving big problems. If you are delivering value, interactions with senior decision makers and IT professionals with similar goals should occur naturally. Build on that.

Be aware that problems change over time. Problems get solved by others. The market changes. Competitors come and go. Understanding organizational goals is an ongoing process.

Also realize decision makers are human. They make mistakes. They want to emphasize their achievements and not their failures, just like software developers’ fundamental attribute error bias for their own code and against others’.

However, if your organization makes decisions regularly on “political” grounds, leave. Culture is rarely changed from the ground up and many organizations are looking for good IT staff.

Ignoring the worse case scenario and IT professionals’ bias against self evangelism, the biggest problem with “corporate politics” is actually its name. The concepts behind “agile” and “technical debt” came into common usage once the correct metaphor was found. Corporate politics needs rebranding from something avoided to a tool that IT professionals use to advance themselves. It badly needs a dose of optimism and open mindedness.

Image credit: http://thebluediamondgallery.com/p/politics.html. Usage under CC BY-SA 3.0.

InfoSec: Not just for hackers

everybody-needs-a-hackerI recently read Troy Hunt’s blog post on careers in information security. Troy makes good points about information security as a potential career and the benefits of certifications like the Certified Ethical Hacker. Hackers are getting increasingly sophisticated, requiring specific knowledge to counter, and cryptography is hard. We need more information security specialists.

However, one criticism of the post, indeed the information security industry, is its implication hacking is the sole information security career path. This binary viewpoint – you are either a security person or not and there is only one “true” information security professional – does more harm than good.

Hacking is technology focused. However, security’s scope is not just technical. Information security needs people that can articulate security issue impact, potential solutions and their cost in terms non-security people can understand. This requires expertise and credibility in multiple disciplines from individual contributor level to management to boardrooms.

Security solutions are not just technical. We live in societies governed by laws. These can be standardized government security requirements as FedRAMP or IRAP. These can be contractual obligations like PCI-DSS, covering credit card transactions. These can hold organizations accountable, like mandatory breach disclosure legislation, or protect or privacy, like the European Union’s Data Protection laws. Effective legislation requires knowledge of both law and information security and the political nous to get it enacted.

We are also surrounded by financial systems. Financial systems to punish those with weak security and reward those with good security will only evolve if we (consumers and investors) value security more. Cyber insurance has potential. Cryptographic technologies like bitcoin and block chain algorithms are threatening to disrupt the financial sectors. Information security has and will continue to impact finance.

The list goes on. Law enforcement needs to identify, store and present cybercrime evidence to juries and prosecute under new and changing laws. Hospitals and doctors want to take advantage of electronic health records..

The security technology focus drives people away non-technology people. In a world crying out for diversity and collaboration, the last thing information security needs is people focusing solely inward on their own craft, reinforcing stereotypes of shady basement dwellers, and not on systems security enables.

Bringing this back to software, many organizations contract or hire in information security experts. Unfortunately, the OWASP Top 10 changed little from 2010 to 2013 and some say is unlikely to change in the 2016 call for data. According to the Microsoft Security Intelligence Report, around half of serious, industry wide problems are from applications. Developers make the same mistakes again and again.

Education is one solution – security literate developers will avoid or fix security issues themselves. A better solution is tools and libraries that are not vulnerable in the first place, moving security from being reactive to proactive. For example, using an Object-Relational Mapping library or parameterized queries instead of string substitution for writing SQL.

Unfortunately, security people often lack skills to contribute to development and design beyond security. While information security touches many areas, information security expertise is not development (or networking or architecture or DevOps) expertise.

Information security needs different perspectives to succeed. As Corey House, a Puralsight author like Troy Hunt says in his course Becoming an Outlier, one route to career success is specialization. Information security is a specialization for everyone to consider, not just hackers.

Image credit: https://www.flickr.com/photos/adulau/8442476626

Systems > Goals

systems-over-goals

It is the time of year when people evaluate their previous year’s goals and plan for the next. It is the time when New Year’s resolutions are made. It is also the time where people lament ones they failed to keep.

Setting goals is beneficial. They are how we demonstrate commitment and achievement. They motivate us to better ourselves.

Take learning a new skill, like a programming language or library. This requires acquiring tools, reading or watching tutorials and/or working with teachers then practicing the new skill until proficiency is reached.

People approach goals in different ways. For example, learning the basics of a new programming language can be crammed into a weekend, fitting into our “busy” lives and short-term focus.

This may be sufficient if the need is urgent. However, this is not possible with larger or sustained goals.

A few years ago I realized I needed to lose weight. Superficial attempts at exercise or the occasional healthy meal were insufficient. I needed a sustainable system not just reach an arbitrary weight target.

First, I had to want to lose weight. There is a difference between imagining oneself attaining the goal and the often underestimated effort required to achieve it. For example, in his book “The Element”, Ken Robinson compliments a keyboard player saying he’d love to play the keyboard that well. The keyboard player disagrees:

“You mean you like the idea of playing keyboards. If you’d love to play them, you’d be doing it.”

Second, I had to create a system that would make me succeed: “No excuses!” My schedule was unpredictable so gym memberships and other organized activities were out. I had always enjoyed running so I purchased a treadmill. Diet was solved by subscribing to a calorie- and portion-controlled food delivery service. I enjoyed running and the food so it became almost harder not to follow the plan.

Third, I had to make time to exercise and the discipline to stick to the diet. My unpredictable schedule meant a exercise a regular times was not possible. I fell back to priorities: other things had to fit around exercise like Stephen Covey’s big rocks analogy.

Fourth, I weighed myself morning and night to track progress. Many weight loss programs recommend weighing less frequently but, as long as the downward trend continued, the raw measurements were less important than the accountability – the scales were always there looking back at me and never lied.

Yes, I occasionally ate too much or missed a run or three but I just picked myself up and resumed. Patience and persistence conquered the dreaded weight plateaus.

I eventually reached my target weight and celebrated my success. I lost a quarter of my body weight over eight months.

More importantly, I developed habits for keeping my weight down and increasing fitness. Reaching my target had become both inevitable and irrelevant. I kept going afterwards. A year later I ran a sub 96 minute half marathon. During lunchtime at work. For fun.

Without realizing it, I stumbled upon thinking about achieving as systems or habits, like in Charles Duhigg’s “The Power of Habit: Why We Do What We Do in Life and Business” or Scott Adam’s “How to Fail at Almost Everything and Still Win Big”. Goals are only milestones. Systems or habits allow you to achieve them.

I now look at goals differently. First, is the goal important enough to change my habits? I cannot do everything. I try to pick what I will fail at or others will do it for me.

Second, do I want the goal enough to change my habits? I try to separate what I want from what others want. Failing that, I look for sources of fun or rewards for doing so. Motivation is half the battle.

%d bloggers like this: