Netizen Blog and News

The Netizen team sharing expertise, insights and useful information in cybersecurity, compliance, and software assurance.

recent posts

about

Netizen is an award-winning ISO 27001:2013 and ISO 9001:2015 certified Service Disabled Veteran Owned (SDVOSB) company specializing in cybersecurity with offices and locations around the country. Our work is truly global as we support customers all across the U.S., Europe, Middle East, and Asia. We are America’s fastest growing cybersecurity company in 2019 and a national “Best Workplace” according to Inc. Magazine. We also received the Department of Labor HireVETS Platinum Medallion for our veteran-focused hiring, training, and retention programs in addition to numerous other accolades.

  • Seek Partners, Not Prospects

    Sales today is not what it was twenty or even ten years ago. Organizations have become leery of the cold call (or email) and direct mailing often goes direct-to-landfill without so much as a cursory glance. A couple decades ago, and still in many places today, sales was all about volume. Business development people would estimate that, for example, for every 100 doors slammed in their face, 10 or 12 might open and let them in, of which they might close 1 or 2 deals. This is the shotgun style of sales – sporadic and dispersed. It may have been effective in the pre-internet days of yore, but there are better uses of your business development time nowadays.

    The so-called “hard sell,” for the most part, is thankfully on its way out in many industries. The type of pitches and coercion they use to sell people timeshares aren’t conducive to high-touch industries where customers have options and engagements are longer term. This is where relationship building comes in. Customers nowadays want people they can trust, people who will provide a solution for them, even if it isn’t in your own best interest. They want companies who will go the extra mile to truly understand them, and take the time to get to know them personally and professionally. Romance them so to speak, though in a professional, not physical, way.

    Customers should be our partners. We should get to know them like family, and have their best interests in mind all the time, not just when they can are forking over their hard-earned cash. The size of their budget shouldn’t matter as much as their long-term potential. This is because you never know when that 2-person shop down the road will turn into a 200 person corporation or that entry-level administrative assistant will become the next vice president of something, and they will remember how you treated them and helped out in those early days.

    However, in order for this to work, you have to choose your customers carefully, just as they evaluate you. Find ones that share values and ideals. Ones that understand that sometimes the lowest bidder isn’t the best option for a particular type of work (being lowest-cost provider is seldom the best place to be for any business in terms of sustainability, but that is a topic for another post).  A customer that doesn’t take advantage of your time and expertise or mistake your occasional generosity for being a pushover target. This also means “firing” clients who violate this partnership trust, as well. In the end, these long-term provider-client relationships bear more fruit and provide a vibrant source of referral work, but require a lot more up-front investment and time. You have to be patient, not pushy, and guide the potential client in a direction which suits them best, not force them one direction or another solely for your own selfish benefit.

  • Smart(er) Government Through Openness

    We live on the cusp of an era which could be booming with troves of freely available data and other resources, created and curated lovingly by technical experts of all types, and made easily accessible through a web browser or mobile device. We need an Open Source and Open Data revolution in government to make this a reality, but it needs our help to happen.

    Government is still (and will probably forever continue to be) replete with archaic procurement mechanisms and privacy rules dating back decades, even centuries. New regulations are piled on year after year, and few are ever removed. Data of all flavors and formats are hoarded, even stuffed into old coal mines, without any concern for accessibility because of pre-internet practices established when Amazon was just a forest in South America. But there is a new hope on the horizon, as many agencies are starting to awake from their decades-long innovation-less slumber starting at several levels, but most pronounced in cities large and small.

    Starting some years ago with crime and zoning maps, such as those compiled by the City of Chicago, to the recent implementation of an SMS text citizen survey system in Philadelphia and data collection applications such as those created for citizens to report on everything from potholes to storm damage, there is a municipal renaissance underway which has the potential to improve access of citizens to their government in an unprecedented manner. But it needs evangelists from individuals and companies alike.

    It’s not like it is charity work, either, with reputable analysts estimating so called “Smart Cities” to be a $200 billion industry which encompasses everything from cloud computing and Big Data to the Internet of Things (sensors) and website platforms specifically designed for data accessibility and citizen communications. There has never been anything like it, but we need to find ways around ridiculous procurement mechanisms and a risk-averse culture to reach its full potential.

    We need to bring data out of its current moldy storage bins and into the open for citizens and companies alike to build upon it with all the power of the population. We need to find ways to create lower barriers to entry in order to overcome entrenched personnel and burdensome procurement processes. We can do this by proposing change in multiple smaller doses instead of an overnight revolution and finding ways to make such changes easier for civil servants to implement with limited budgets and siloed organizational authority. Only then can we change things city-by-city, agency-by-agency until our government is as we need it to be – full and open for all to learn, build and explore.

  • Add Value, Not Complexity

    Add Value, Not Complexity

    Very often IT professionals have to pick up where many others have left off. All things started somewhere, but very few of us actually get to experience the ground floor and understand the mentality during the time a system was first conceived and created, especially in large organizations. What started off as a novel idea or approach to accomplishing something may now be a hodge-podge monolithic system of bolted on (or loosely tied together) features bound together by the technical equivalent of duct tape and first-aid bandages. This happens everywhere all the time; from the smallest mom-and-pop shop to the largest federal government agency. It seems to be human nature in dealing with technology to try and avoid starting over but often at the cost of endless complexity later on.

    Sometimes it’s best to just rip the bandage off straight away, unfurl the reams of tape binding all the little pieces together and start anew. This doesn’t mean, however, that you lose your data or the precious knowledge built up across the years or decades. What it does mean is that you find a way to port that information to a newer, faster and simpler solution either in bulk or as a phased migration. That new solution needs to, this time, be built with modularity in mind in anticipation of being replaced (or wholly upgraded) one day in the not-too-distant future.

    Modularity in IT systems is the key to success (and future cost savings), and with the proliferation of web services (how computers “talk” to each other over the internet) there is no need for proprietary protocols and obtusely complex interfaces. All that should remain is your data, but the format (how it is stored) and logic (how it is processed) can and should change to kIntegrationeep pace with modern advancements. I’m not saying to do such a thing for every passing technological fancy, but at least once every 7 to 10 years a formerly shiny “novel” technology becomes so outdated that costs to maintain it skyrocket, as does its inherent risk in supporting it. This is because your vendor has probably moved onto something else much more modern long ago and does not provide adequate patching or security fixes (or does so only at an extreme, untenable cost).

    So, all that being said, we must plan and budget with replacement in mind from the start no matter how large or small the technical infrastructure may be. The simplest way to do so is to build IT systemAbstract networks of limited complexity, but high modularity as previously stated. This makes replacement comparatively easy because these coupled technology components can be upgraded one-by-one over a period of years without having to throw thousands (even millions) at a large monolithic system upgrade all at once. The mega-upgrades of yesteryear have proven to be a recipe for failure. The approach to build with the entire lifecycle in mind, in a modular, standards-based manner that focuses on the data, not only the logic, is what adds value, not complexity, and thus saves tremendous costs over the lifetime of the system.

  • Inside Jobs: Why The Best Software Engineers Never Stop Learning

    Inside Jobs: Why The Best Software Engineers Never Stop Learning

  • The Pace of Change

    Things change. That is inevitable. Whether for the better or worse is generally a matter of perspective. For example, on one hand, the price of goods that used to be outside of the buying power of the average household or business 50 years ago has generally come way down and, thus, affordable to millions who otherwise would never have even considered such a purchase (think cars, computer hardware, software, or mobile phones). However, on the other hand, prices on some of these goods have been suppressed heavily through the use of cheaper overseas labor and, more recently, automation which has lead to job losses in once formidable sectors of the economy. How you perceive this change in the economic landscape is mostly a matter of where you look at it from – as a consumer who can afford incredible things once reserved for wealthy people and corporations or as a former producer who lost their business or job because of the ways things changed.

    That being said, shifts in economic trends happen all of the time, pushed by the forces of technology. IfImage you aren’t paying attention and educating yourself constantly in preparation for them, then it is almost a certainty you will eventually find yourself or your business obsoleted by the competition, regardless of your industry. These types of dramatic changes used to happen over periods of decades, such as the decline in the steel industry or railroads, which generally allowed for people and businesses to have enough forewarning to update their skills and infrastructure over time. But the pace of these shifts has sped up abruptly in the past several years due to a number of factors, including the most recent recession which has left companies scrambling to cut costs by any means possible and the advent of on-demand computing platforms such as “the Cloud.”

    These forces and resources are the reason why we are seeing a sudden shift to technologies that can adapt and scale up or down based upon current needs, versus the technologies of yesteryear with huge upfront and ongoing maintenance costs, even if your business need or level of use decreases dramatically. The problem with the latter scenario of yesteryear is that these older style systems have the same (or even greater) costs over time without any consideration for how much use of the system is actually occurring. It’s like the computing equivalent of having three of the five members of your family move out, but you’re still stuck with a six bedroom house for life that you have to maintain indefinitely on your own – oh, and did we mention it has cracked walls, lead paint, and leaky pipes? That doesn’t make a whole lot of economic sense to continue to maintain, but companies still do it with their legacy IT systems instead of choosing to migrate to something far more modern, secure, and cost efficient. It could be the other way around as well. Imagine your five person family suddenly becomes ten when the in-laws move in, what then? An on-demand, scalable system will grow with you easily, but the older way of going about things will require thousands, even millions, in extensions, patches and enhancements to accommodate the increased demand.

    We, as business owners and employees alike, have to accept that we live in an era of almost constant technological evolution and it requires that we build our businesses, processes and systems with this flexibility in mind. Adopting or developing software, products and computing systems with near limitless potential scale that can be essentially streamed on demand to end users on a month-to-month or even day-to-day basis has become far more of a competitive advantage in this landscape, one which has made the difference between merely surviving and thriving for many. Those people and companies who have gained this fluid adaptation response to technological change are the ones who typically come out ahead of everyone else in the market. So, is your use of technology as flexible and efficient as it should be to ensure your success? If you aren’t so sure, perhaps it’s time to bring in a professional in this area to make a quick assessment (which we can do for free or at very low cost).

  • What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least)

    What to do about Heartbleed, a gaping security hole affecting 66 percent of the Internet (at least)

  • Coding vs Engineering: What You Need To Grow Your Startup

    There is an age-old debate about what qualifies as “Software Engineering” versus “Programming” or “Coding” and it stems from a misconception in many parts of the tech community about exactly what true engineering entails. As software engineers do not generally have the rigorous certification processes in the United States that our civil and other engineering counterparts do, there tends to be a lot of people calling themselves “engineers” when, in fact, they are more like “coders” or “programmers,” not that it is a bad thing by any means.  They both have equally important parts to contribute to the field of software development, just at different levels and with different responsibilities.

    So, what exactly qualifies someone as a Software Engineer?

    Software Engineering is a highly technical field, but also one that is not merely concerned with writing code. Software engineering is typically much more about the process and lifecycle of software development than actual programming. Software engineering is thinking about the long term and big picture utilizing a systematic methodology. In other words, building systems for tomorrow and not just features for today. Software engineers are sort of like technical project managers in that the processes of developing software are established and/or managed by them, but unlike project managers in that they can jump in to help guide, validate and work with code or supervise junior programmers. Different organizations treat software engineers in different ways, but the one thing that always remains the same is that engineers are process oriented first and programmers second.

    And a coder, programmer or “hacker” is…? 

    Let me break this down a little more. Coders and programmers generally refer to the same thing – basically, someone who writes software based on requirements or specifications, whereas “hackers” typically refers to a more “shoot from the hip” and less organized, but more creative, way to produce software or systems. On the software development spectrum, engineers are at one end and “hackers” at the other – but that is not to say you can’t be a little bit of both at the same time. Almost anyone can learn to code in as little as a few weeks because the effort involved in creating software has decreased dramatically over the years but engineering, however, takes much more experience, education and time to get right.

    Moving from “coder” to “engineer”

    Most young companies begin with a single person creating their product or managing their IT operations. They don’t have the luxury of hiring enough personnel to establish a junior-senior hierarchy. Since coding (or programming, or hacking) is an entirely different mindset than management, all startups typically begin operations without proper engineering processes. It is when things pick up, and the business grows, that there is a need to standardized for the sake of quality, security, stability and predictability. No more can we edit code on the live server through FTP, no more half-baked verbal requirements or seat-of-the-pants scheduling, no more skipping comments and documentation, no more selecting your technology stack simply because you read about it on a blog and it sounded hip, and no more excuses for lacking adequate test coverage. Your business needs to start thinking and acting more methodically if you want to grow without falling apart at the seams.

    The move to an engineering-based operation typically starts with the hiring of experienced talent, whether a person or a business, to implement the needed processes. Someone who is familiar with bringing order to the lawlessness that generally is startup coding. In doing this for many other companies, it is something that I can say with confidence can only be learned from a varied combination of education and experience.

  • Working Ridiculously Long Hours is a Sign that Something is Wrong

    Ever find yourself bragging about working a 60, 80 or even 100 hour work week or publicly complaining on social media about that incessantly heavy workload of yours? This is not a badge of honor. It is generally a sign that something is wrong, and it could be the way you go about your work.

    We’ve all heard the old adage “work smarter, not harder” and this tends to ring true for a number of reasons. When I say “smarter” here I’m talking about choosing more efficient ways of going about things over using raw labor hours spent on a task as your metric for productivity. Smarter work does not mean that you should kick up your feet and call it a day after putting in the bare minimum. First and foremost as a reason for not working longer than you should have to, however, is that study after study has shown that our effectiveness as workers decreases dramatically after just 8 to 10 hours daily, or about 40 to 50 hours weekly. Pushed even further, there is also a severe amount of cognitive degradation caused by those marathon work sessions which some people boast so openly and proudly about. Some studies have shown that simply saying awake more than 19 to 24 hours without rest is akin to having a 0.1% blood alcohol content, well above legal limits in the United States for driving. Longer term sleep deprivation has also been shown to cause other severe physiological side effects including depression, hallucinations, confusion, weight gain, and much more, including harming our short term memory which is critical for work-related tasks. As the average nightly rest has plummeted from 12 hours about 100 years ago to just 6.8 hours today, we have to realize that there are going to be substantial impacts to health and productivity. So why again are so many people so proud of these countless hours wasted not working to their full potential?

    Some researchers have gone even further, proposing that this strong desire to outwork the other guy (or gal) in terms of labor hours alone is a major contributing factor causing so many popular tech startups, as many as 75%, to outright fail. This seems very plausible given the detrimental effects a constant push to produce has on actually getting things accomplished effectively and efficiently. So why do we do it? It’s human nature I suppose, at least in this country, to outdo your competitors – real or imagined – by any means possible. This is especially true if you lack the necessary experience, training or processes to work at peak efficiency. If you’re working 60 or more hours per week, you must be getting ahead of them, right? Not necessarily. In fact, the opposite is generally true and we should stop treating longer work days and weeks as a competitive advantage just because it is popular.

    Yet another reason this occurs is that some individuals simply want to look and sound relevant. Putting in (or pretending to put in) those few dozen extra hours every week means you must be that much better at your job or more important to your organization, right? Not at all. Perpetuating this myth only hurts others, especially up and coming startup and business leaders, by making them believe that working marathon hours is smarter and the only way to get ahead. But, if someone is putting in all those extra hours legitimately and failing to get ahead it is almost always a sign of processes breaking down, inadequate training, or a lack of the necessary skills and experience to efficiently perform their job.

    Processes, love ’em or hate ’em, are what will make or break your business and preserve your sanity. We’ve had the opportunity to help several companies implement standardized processes for everything from IT support and software development to operations and project management. Because of this, I can say confidently, speaking from experience, that investing resources up front to do this will absolutely save you precious time and can even prevent failure of crucial projects or your business in general. That being said, without standardized processes you simply aren’t managing time effectively, balancing workloads properly, or operating at peak efficiency. You’ll find yourself constantly struggling to catch up, regardless of the amount of hours being put in. If this sounds at all familiar, it may be time to bring in an expert to help put things in line. After all, those absurdly long hours spent working not only negatively affect your team’s health and well-being, but also have detrimental impacts on their personal and family lives as well which further impact their productivity. In the end, family is all that matters and there are some simple techniques to streamline your business or technical operations today which will enable you to spend more time with them. That is ultimately what counts.

  • On Hiring Veterans

    What if I told you there was a large pool of incredibly talented, disciplined and eager employees out there just waiting for the right opportunity but find themselves passed over because of a lack of understanding regarding their particular skills? Well, there is. They are our military veterans.

    Study after study has shown that the benefits of hiring someone with military experience, regardless of their profession while they served, is hugely beneficial for the employer in terms of raw company performance. Don’t believe me or need a little more convincing? Here’s some more reading material: 1  2  3  4 …  and the list goes on an on. New studies and reports come out almost monthly touting the benefits that hiring veterans brings to your bottom line.

    To surmise some of the findings, according to a recent 2012 study conducted by the Center for a New American Security (CNAS), they found that not only do veterans make good employees, they typically rate amongst the best of all employees time and time again. Beyond teamwork, discipline and their rapid ability to acclimate to changing environments, veterans bring unparalleled levels of loyalty, dedication, work ethic and character to the mix. The only thing holding them back is an inability to translate their skills effectively for corporate America and an unfair stigma associated with military service in certain circles.

    Some of the aforementioned positive attributes, as well as the 11 or so others mentioned in the CNAS study and so many others, are the primary reasons that we actively recruit military veterans. Not only do we seek them out, but our goal is to also train and prepare them for a fulfilling technology career as best we can, regardless of how comprehensive their technical background may be. This is because they already tend to have a foundation of relevant professional skills that just can’t be taught in a classroom, but are shaped solely by experience. This gives them a valuable edge, as intangible as it may be at first. The rest can typically be learned over time on the job or in a class.  For the employer, giving a veteran a chance to prove themselves is one investment that pays innumerable dividends over time. It is what makes our particular team special, and what makes us able to serve our clients as well as we do around the clock.

  • Fast, Cheap, Good-Enough Software Is Not Good For Business

    Cheap, Fast or Good Software – Pick Two. Pick Right.

    Software Development

    There is a lot of buzz out there about the pace at which software is being made today. Forty-eight hour hackathons, endless “sprints” pushing developers to their breaking point to crank out new features, and countless nights trying to finalize “just one more” feature which was added to the project scope at the last moment. Many of us have been there. The issue is that the prevailing perception appears to be that cheap, fast code is “good enough” for everyone. However, that is not at all the case and here we intend to quickly describe why cutting corners is simply not good for business regardless of what the up-front tangible costs may be.

    The problem first seems to occur when the “business” side of organizations make their push to generate new revenue through the creation of new features or products and, at the same time, insist on cutting back drastically on programming costs by outsourcing to far less experienced developers. In such a situation, the pressure is on from the get-go to deliver as fast and cheaply as possible. However, what they don’t realize is that for every $100 saved in costs or gained in revenue by launching a few weeks early with this “good enough” code created by comparatively cheap novice labor, your company will end up spending $1000’s more at some point in the future when conditions necessitate hiring senior developers to patch, refactor or outright replace that code. Believe me, it will happen.

    This type of thing is a problem we’ve been seeing more and more of and one that we have been hired to fix many times now: software running just fine for years at a time even, but then completely breaking down or getting hacked at some point because of poor coding, bad architecture or insecure practices brought about by business pressure to launch fast while drastically reducing development costs. You can’t possibly expect positive results in such a scenario in the long term. In some cases, these problems can easily become catastrophic if not fixed immediately and most often they will require capital outlays in the range of tens of thousands of dollars (or more) to effectively remedy the situation. So, in raw economic terms, that $5000 you saved a couple years ago during development just became a $50,000 expense to fix a broken or insecure product.

    What Can Be Done To Make Things Better

    Don’t fall into the “cheap and fast is good enough” trap. Insist that software is developed right the first time around and stand strong when there is pressure to do otherwise. Unless your particular organization is perfectly fine with the increased legal liability and the ruinous effects on their reputation that insecure, buggy software brings about, it is far wiser to devote a few more senior development resources and budget some more time for your coding and testing regimen up front. Also, get some standardized processes in place if you don’t already have them. Software development is no longer the wild west full of rogue cowboy/cowgirl coders – someone is going to have to support that product, so be considerate if you care at all about your career and professional reputation. Best practices are named such for a reason.

    While I’m on the subject of standardized processes and best practices – you are testing…right? I’m talking the full gamut – unit, functional, component, integration, etc. – whatever is needed based on the scope and scale of your application. If not, the problem is even bigger than what I just described and it’s time to completely reevaluate your development practices (something we’re quite good at doing for you, by the way, to get you on track for success). Even in the era of “lean” teams, startups and businesses, there is absolutely no excuse for putting your users at risk with insecure, buggy code that wasn’t tested and reviewed adequately before a launch or release.

    So, after all is said and done, here are a few tips to get on the path to software development success:

    • There should be at least one very senior development resource for every three to five junior or mid-level ones on your team. This is to ensure that all code is, at the very least, reviewed by someone with enough experience to know when something isn’t quite right.
    • Test, test and re-test. At the minimum, functional testing (black box or white box) is needed. But, we almost always advocate for a multi-tiered approach consisting of unit testing through end-user acceptance testing for every new feature at different intervals. You need to include time for this in your schedule, or accept that you’ll be producing a bug-ridden product which will ultimately be reviled by your users or clients.
    • Don’t cut corners for the sake of saving time or money up front. You need something delivered rapidly? Either plan to spend a little more money to get it done right or plan on producing a vastly sub-par product. Need something done cheaply? Then either give those junior developers you just brought on ample time to get up to speed or plan on and budget for your product needing a complete overhaul at some point in the near future.
    • Processes. Too much becomes a bureaucracy, too little and it’s utter chaos. Find your particular balance and put in place just enough of them to get everyone on the same page. Standard processes need to be documented, even if just in a quick bulleted list that is distributed to new team members. While you’re at it, do a little research and see what other organizations have in place or hire a company specializing in software project management, like us, to set your projects on the road to success with a set of documented best practices tailored specifically for your organization’s needs.

    I’m sure some of you reading this will have your own stories and tips, so I encourage you to share them in the comments section.