Why Are These Slides Marked Confidential?


Imagine you’re sitting in a presentation. You’re hearing some great information from the presenter and you can’t wait to share it with your colleagues or with the wider community. You are just about to say something when you look in the corner of the slide and you see…

Confidential Information

You pause for a moment and ask the presenter if this slide is a secret or if you should consider it under NDA. They respond that this slide can be shared with no restrictions and the information is publicly available. Which raises the question: Why is a public slide marked “confidential”?

I Fought The Law

The laws that govern confidential information are legion. Confidential information is a bit different than copyrighted information or intellectual property that has been patented. In most cases, confidential information is treated as a trade secret. Trade secrets can be harmful if they are divulged, since a trade secret can’t be patented.

A great example is the formula for Coca-Cola. If they tried to patent it they would have to write down all the ingredients. While that would protect the very specific formulation of their drink it would also allow their competitors to create something extremely similar with a few changes and create a viable competitor. Coca-Cola chooses to protect this information by ensuring it isn’t widely known. It ranks right up there with nuclear launch codes and Star Search results.

How does the concept of trade secrets and confidential information apply to slides? Well, one of the provisions of confidential information is that distribution must be controlled somehow. This means that you can’t just hand out information to anyone walking by on the street and hope that it stays confidential. You have to control distribution through confidentiality agreements and non-disclosure agreements (NDAs).

Most of the times you are seeing slides marked “confidential” you have implicitly agreed to some kind of confidentiality agreement. You are either covered by an NDA from your employer or from the event you are attending. Even if you didn’t sign an agreement it can still be argued in a court of law that you were invited to the presentation which means the presenter was selective in who could attend. That should meet the requirements of protecting distribution of the information.

I Shouldn’t Have Said That

The other reason why you see slides prominently marked as confidential is because the law says they have to be to be protected. A company can’t release information not bearing a confidential mark and then suddenly decide after the fact that said information should have been confidential. Could you imagine a world where companies routinely try to remove sensitive information from public knowledge because it isn’t flattering? What if they could use an ex post facto declaration to restrict distribution?

Confidential information has to be treated and marked as such from the very beginning to qualify for protection. In order to make sure that there is no chance for a slip up most companies will mark anything remotely sensitive to ensure it won’t come back to bite them later.

But why put the confidential marking on slides that you’re going to show to the world? What if those slide get uploaded to the Internet and shared all over the world as often happens? What purpose could it serve?

The reason to mark slides as confidential is to make sure you can restrict their use whenever you want. Rarely are slides uploaded by a company with a confidential marking. In order for something to be uploaded it has to be cleared through a legal department. So if there are slides out there that exist with a confidential marking it’s more likely someone uploaded them without explicit permission. Which isn’t a bad thing in general.

What if a competitor gets a copy of the slides and starts using the information? Or better yet, what if they use it in a marketing campaign against the company?

If the slide is marked as “confidential”, that allows the company to use legal means to remove the information or disallow use of the information. It means that rather than just complaining or fighting a marketing battle that heavier means can be used to take down anything embarrassing. It’s also more lasting to bar anyone from mentioning anything listed on a confidential slide.

Tom’s Take

I agree that the whole legal need to label everything short of your underwear as “confidential” is just plain stupid. This is the same legal system that says trademarks must be defended to be protected. But the rules are the rules. Which means that any company that wants to protect confidential information must mark it that way from the genesis of the concept. And having the ability to protect those assets also means dealing with misleading marks long after the information has entered the wild. Just make sure you ask the right questions before divulging anything that could be considered confidential.


SDN and the Trough Of Understanding


An article published this week referenced a recent Hype Cycle diagram (pictured above) from the oracle of IT – Gartner. While the lede talked a lot about the apparent “death” of Fibre Channel over Ethernet (FCoE), there was also a lot of time devoted to discussing SDN’s arrival at the Trough of Disillusionment. Quoting directly from the oracle:

Interest wanes as experiments and implementations fail to deliver. Producers of the technology shake out or fail. Investments continue only if the surviving providers improve their products to the satisfaction of early adopters.

As SDN approaches this dip in the Hype Cycle it would seem that the steam is finally being let out of the Software Defined Bubble. The Register article mentions how people are going to leave SDN by the wayside and jump on the next hype-filled networking idea, likely SD-WAN given the amount of discussion it has been getting recently. Do you know what this means for SDN? Nothing but good things.

Software Defined Hammers

Engineers have a chronic case of Software Defined Overload. SD-anything ranks right up there with Fat Free and New And Improved as the Most Overused Marketing Terms. Every solution release in the last two years has been software defined somehow. Why? Because that’s what marketing people think engineers want. Put Software Defined in the product and people will buy it hand over fist. Guess what Little Tommy Callahan has to say about that?

There isn’t any disillusionment in this little bump in the road. Quite the contrary. This is where the rubber meets the road, so to speak. This is where all the pretenders to the SDN crown find out that their solutions aren’t suited for mass production. Or that their much-vaunted hammer doesn’t have any nails to drive. Or that their hammer can’t drive a customer’s screws or rivets. And those pretenders will move on to the next hype bubble, leaving the real work to companies that have working solutions and real products that customers want.

This is no different than every other “hammer and nail” problem from the past few decades of networking. Whether it be ATM, MPLS, or any one of a dozen “game changing” technologies, the reality is that each of these solutions went from being the answer to every problem to being a specific solution for specific problems. Hopefully we’ve gotten SDN to this point before someone develops the software defined equivalent of LANE.

The Software Defined Road Ahead

Where does SD-technology go from here? Well, without marketing whipping everyone into a Software Defined Frenzy, the future is whatever developers want to make of it. Developers that come up with solutions. Developers that integrate SDN ideas into products and quietly sell them for specific needs. People that play the long game rather than hope that they can take over the world in a day.

Look at IPv6. It solves so many problems we have with today’s Internet. Not just IP exhaustion issues either. It solves issues with security, availability, and reachability. Yet we are just now starting to deploy it widely thanks to the panic of the IPocalypse. IPv6 did get a fair amount of hype twenty years ago when it was unveiled as the solution to every IP problem. After years of mediocrity and being derided as unnecessary, IPv6 is poised to finally assume its role.

SDN isn’t going to take nearly as long as IPv6 to come into play. What is going to happen is a transition away from Software Defined as the selling point. Even today we’re starting to see companies move away from SD labeling and instead use more specific terms to help customers understand what’s important about the solution and how it will help customers. That’s what is needed to clarify the confusion and reduce fatigue.


TECH.unplugged And Being Present


I wanted to let everyone know that I’m going to be taking part in an excellent event being put on by my friend Enrico Signoretti (@ESignoretti) this September. TECH.unplugged is a jam-packed day of presentations from people that cover storage, computing, and in my case networking. We’re getting together to share knowledge and discuss topics of great interest to the IT community. As excited as I am to be taking part, I also wanted to take a few moments to discuss why events like this are important to the technology community.


There’s no doubt that online events are becoming the standard for events in recent years. It’s much more likely to find an event that offers streaming video, virtual meeting rooms, and moderated discussions taking place in a web browser. The costs of travel and lodging are far higher than they were during the recession days of yore. Finding a meeting room that works with your schedule is even harder. It’s much easier to spin up a conference room in the cloud and have people dial in to hear what’s going on.

For factual information, such as teaching courses, this approach works rather well. That’s where the magic of pre-recording comes into play. Write once, read many. Delivering information like this cuts down on time spent with the logistics of organization and allows the viewer to watch on-demand. And quesitons that come up can be handled with FAQs or community discussion on a small scale. Again, this works best for the kinds of content that are not easily debated.

Present And Accounted For

What about content that isn’t as cut-and-dried? Hot topics that are going to have lots of questions or opinions? How do you handle an event where the bulk of the time is spent having a discussion with peers instead of delivering material?

Virtual solutions are great for multicasting. When everyone is watching one topic being presented and doing very little interacting everything works just fine. The system starts to break down when those people try to talk to one another. Do you use the general channel? Private messages? Have you been silenced by the organizer before you try to ask a question? What if you want to discuss a topic covered five minutes ago?

Nothing beats a face-to-face conversation for actual discussion. There’s an dynamic that can’t be matched when you get ten people in a room and give them a prompt to start talking about something. There is usually lively debate and sharing of viewpoints. Someone is going to share a personal experience or be the voice of reason. Still others will play the devil’s advocate or be a contrarian. Those are concepts that are hard to replicate when screen names take the place of a nametag.

Another important part of being present for events like this is meeting like-minded people and engaging them in real conversation. In the world of social media, we often form relationships with people in the industry without having actually met them. While that does make it easy to build a network of people in the community to talk to, it also doesn’t allow you to hear someone talk or engage them in a meaningful talk of more than 100 characters at a time or nested comments.

There’s something magical about having in-person discussions. It is a very different thing to defend your opinion when looking someone in the eyes versus behind a keyboard. Without instant access to search engines you need to know the evidence to support your opinion rather than relying on someone else to do it for you. When you prove your point in a real life meetup people remember being there.

Tom’s Take

Virtual meetings are great for some specific things. But you can’t beat the importance of being around people and talking about something. Being present for an event makes it have much more of an impact. I’ve heard from countless people telling me how Cisco Live feels so much different when you’re there because of the people you are around. There’s a reason why Tech Field Day is an in-person event. Because you can’t beat the magic of being around other like-minded people to discuss things.

Be sure to check out TECH.unplugged and see the list of speakers for the September event. And if you just happen to be in Amsterdam be sure to sign up (it’s free)! We want you there!

The Score Is High. Who’s Holding On?


If you haven’t had the chance to read Jeff Fry’s treatise on why the CCIE written should be dropped, do it now. He raises some very valid points about relevancy and continuing education and how the written exam is approaching irrelvancy as a prerequisite for lab candidates. I’d like to approach another aspect of this whole puzzle, namely the growing need to get that extra edge to pass the cut score.

Cuts Like A Knife

Every standardized IT test has a cut score, or the minimum necessary score required to pass. There is a surprising amount of work that goes into calculating a cut score for a standardized test. Too low and you end up with unqualified candidates being certified. Too high and you have a certification level that no one can attain.

The average cut score for a given exam level tends to rise as time goes on. This has a lot to do with the increasing depth of potential candidates as well as the growing average of scores from those candidates. Raising the score with each revision of the test guarantees you have the best possible group representing that certification. It’s like having your entire group be members of the honor roll.

A high cut score ensures that unqualified personnel are washed out of the program quickly. If you take a test with a cut score of 800 and you score a 500, you quickly know that you need to study quite a bit more before you’re ready to attempt the exam again. You might even say to yourself that you don’t know the material in any kind of depth to continue your quest for certification.

What happens if you’re just below the cut score? If you miss the mark by one question or less? How much more studying can you do? What else do you need to know? Sure, you can look at the exam and realize that there are many, many more questions you can answer correctly to hit the right score. But what if the passing score is absurdly high?

Horseshoes and Hand Grenades

I believe the largest consumer of purloined test questions is not the candidate that is completely clueless about a subject. Instead, the largest market of these types of services is the professional that has either missed the mark by a small margin or is afraid they will not pass even after hours of exhaustive study.

Rising cut scores lead to panic during exams. Why was a 790 good enough last time but now I need an 850 to pass? It’s easy to start worrying that your final score may fall in between that gray area that will leave lacking on the latest attempt. What happens if you miss the mark with all of the knowlege that you have obtained?

Those are the kinds of outcomes that drive people to invest in “test aids”. The lure is very compelling. Given the choice between failing an exam that costs $400 or spending a quarter of that to have a peek at what might be on the test, what is stopping the average test taker besides morality? What if your job depended on passing that exam? Now that multi-hundred dollar exam becomes a multi-thousand dollar decision.

Now we’re not talking about a particular candidate’s desire to fleece a potential employer or customer about knowledge. We’re talking about good old fashioned fear. Fear of failure. Fear of embarassement. Fear of losing your livelyhood because of a test. And that fear is what drives people to break the rules to ensure success.

Cut Us Some Slack

The solution to this issue is complicated. How can you ensure the integrity of a testing program? Worse yet, how can you stem the rising tide of improper behavior when it comes to testing?

The first thing is to realize what drives this behavior. Should a test like the CCIE written have higher and higher cut scores to eliminate illicit behavior? Is that really the issue here? Or is it more about the rising cut score itself causing a feedback loop that drives the behavior?

Companies need to take a hard look at their testing programs to understand what is going on with candidates. Are people missing the mark widely? Or are they coming very close without passing? Are the passing scores in the 99th percentile? Or barely above the mark? Adjustments in the cut score should happen both up and down.

It’s easy to look at testing groups and say, “If you just stuided a bit harder, you’d hit this impossibly high mark.” It’s also very easy to look at scores and say, “We see that many of you are missing the mark by less than ten points. Let’s lower that and see how things go from here.”

Certification programs are very worried about diluting the pool of certified candidates. But is having more members of the group with scores within a question or two of passing preferable to having a group with absurdly high passing scores thanks to outside help?

Tom’s Take

I’ve taken exams with a 100% cut score. It’s infuriating to think that even a single wrong answer could cost you an entire exam. It’s even worse if you are financing the cost of your exam on your own. Fear of missing that mark can drive people to do lots of crazy things.

I’m not going to say that companies like Cisco need to lower the cut scores of exams to unrealistically low levels. That would cheapen the certifications that people have already earned. What needs to happen is that Cisco and other certification bodies need to learn what they are trying to accomplish with their programs and adjust all the parameters of the tests to accomplish those goals.

Perhaps raising the cut scores to more than 900 points isn’t the answer. Maybe instead more complex questions or more hands-on simulations are required to better test the knowledge of the candidates. These are better solutions that take time and research. They aren’t the false panacea of raising the passing score. The rising tide can’t be fixed by making the buoys float just a little higher.


Objectivity Never Rests


Being an independent part of the IT community isn’t an easy thing. There is a lot of writing involved and an even greater amount of research. For every word you commit to paper there is at least an hour of taking phone calls and interviewing leaders in the industry about topics. The rewards can be legion. So can the pitfalls. Objectivity is key, yet that is something where entire communities appear to be dividing.

Us Or Them

Communities are complex organisms with their own flow and feel. What works well in one community doesn’t work well in another. Familiarity with one concept doesn’t immediately translate to another. However, one thing that is universal across all communities is the polarization between extremes.

For instance, in the networking community this polarization is best characterized by the concept of “ABC – Anything But Cisco”. Companies make millions selling Cisco equipment every year. Writers and speakers can make a very healthy career from covering Cisco technologies. And yet there are a large number of companies and people that choose to use other options. They write about Juniper or install Brocade. They spend time researching Cumulus Linux or Big Switch Networks.

Knowing a little about many things is a great thing. There is no way I could have done my old VAR job had I only known Cisco gear. But when that specialization is taken to an extreme, you get the mentality that anything or anyone involved in the opposite camp must be wrong on principal. It does happne that some choose to ignore all other things at their own peril. Still others are branded as “haters” not because they truly hate a position but because others have taken comments and pushed them beyond their meaning to an extreme to serve as a comparison point.

Think a bit about the following situations that have been mentioned to me in recent months and look at what the perception is in certain communities:

  • Cisco vs. Not Cisco
  • Cisco vs. VMware
  • Cisco vs. Whitebox
  • VMware vs. OpenStack
  • VMware vs. Docker
  • EMC vs. Not EMC

The list could go on for many more entries. The point is that people have drawn “battle lines” in the industry around companies and concepts to provide contrast for positions.

Objectivity In Motion

How does the independent influencer cope with all these challenges to objectivity? It’s not unlike navigating a carpet full of Lego bricks with no shoes on.

The first important step is to avoid the trap of being pigeonholed as a “hater”. That’s easier than it sounds. Simply covering one technology or vendor isn’t going to cause you to fall into that trap. If someone writes a lot about Juniper, I simply assume they spend the majority of their time with Juniper gear. The only time they cross the line into the territory of anti-Someone is through calculated commentary to that effect.

The other important step in reference to the above is to keep your commentary on point. Petty comments like “that’s a stupid idea” or “no one in their right mind would do it like that” aren’t constructive and lead to labels of “hater”. The key to criticism is to keep it constructive. Why is it a stupid idea? Why would someone choose to do it differently? These are ways to provide contrast without relying on generalizing to get your point across.

The third and most important way to avoid losing objectivty is to keep the discussion focused on things and ideas and not people. As soon as you start attacking people and crticizing them your objectivity will always be called into question. For example, a few years ago I wrote a review of a short book that Greg Ferro (@EtherealMind) wrote about blogging. I disagreed with many of his points based on my own experiences. In my post, I never attacked Greg or called his blogging ability into question. Instead, I addressed his points and provided my own perspective. Greg and I have had many beers since then without wanting to choke each other, so I think we’re still friends. But more importantly, we’re still objective about blogging even though we have different opinions.

Tom’s Take

Objectivity is hard to gain and easy to lose. It’s also easy to have it taken from you by people that feel you’ve lost it. It wouldn’t be a stretch to look at my last blog post about Meraki and assume that I “hate” them based on my comments. But if you read through what I wrote, I never say that I hate the company or the people. Instead, I disagree with a choice they have made with their software. I still feel my objectivity is intact. If Meraki decides tomorrow to implement some of my ideas or something similar, I will be more than happy to tell everyone about it.

You can never stop looking at your own objectivity. When you get complacent you have lost. You need to constantly ask yourself why you are writing or speaking about something and how objective you are. If you are the first person to question your own objectivity it will be much easier to answer those that question it later.

Meraki Will Never Be A Large Enterprise Solution


Thanks to a couple of recent conversations, I thought it was time to stir the wireless pot a little. First was my retweet of an excellent DNS workaround post from Justin Cohen (@CanTechIt). One of the responses I got from wireless luminary Andrew von Nagy (@RevolutionWifi):

This echoed some of the comments that I heard from Sam Clements (@Samuel_Clements) and Blake Krone (@BlakeKrone) during this video from Cisco Live Milan in January:

During that video, you can hear Sam and Blake asking for a few features that aren’t really supported on Meraki just yet. And it all comes down to a simple issue.

Should It Just Work?

Meraki has had a very simple guiding philosophy since the very beginning. Things should be easy to configure and work without hassle for their customers. It’s something we see over and over again in technology. From Apple to Microsoft, the focus has shifted away from complexity and toward simplicity. Gone are the field of radio buttons and obscure text fields. In their place we find simple binary choics. “Do You Want To Do This Thing? YES/NO”.

Meraki believes that the more complicated configuration items confuse users and lead to support issues down the road. And in many ways they are absolutely right. If you’ve ever seen someone freeze up in front of a Coke Freestyle machine, you know how easy it is to be overwhelmed by the power of choice.

In a small business or small enterprise environment, you just need things to work. A business without a dedicated IT department doesn’t need to spend hours figuring out how to disable 802.11b data rates to increase performance. That SMB/SME market has historically been the one that Meraki sells into better than anyone else. The times are changing though.

Exceptions Are Rules?

Meraki’s acquistion by Cisco has raised their profile and provided a huge new sales force to bring their hardware and software to the masses. The software in particular is a tipping point for a lot of medium and large enterprises. Meraki makes it easy to configure and manage large access point deployments. And nine times out of ten their user interface provides everything a person could need for configuration.

Notice that was “nine times out of ten”. In an SME, that one time out of ten that something more was needed could happen once or twice in the lifetime of a deployment. In a large enterprise, that one time out of ten could happen once a month or even once a week. With a huge number of clients accessing the system for long periods of time, the statistical probability that an advanced feature will need to be configured does approach certainty quickly.

Meraki doesn’t have a way to handle these exceptions currently. They have an excellent feature request system in their “Make A Wish” feedback system, but the tipping point required for a feature to be implemented in a new release doesn’t have a way to be weighted for impact. If two hundred people ask for a feature and the average number of access points in their networks is less than five, it reflects differently than if ten people ask for a feature with an average of one thousand access points per network. It is important to realize that enterprises can scale up rapidly and they should carry a heavier weight when feature requests come in.

That’s not to say that Meraki should go the same route as Cisco Unified Communications Manager (CUCM). Several years ago, I wrote about CSCsb42763 which is a bug ID that enables a feature by typing that code into an obscure text field. It does enable the feature, but you have no idea what or how or why. In fact, if it weren’t for Google or a random call to TAC, you’d never even know about the feature. This is most definitely not the way to enable advanced features.

Making It Work For Me

Okay, the criticism part is over. Now for the constructive part. Because complaining without offering a solution is just whining.

Meraki can fix their issues with large enterprises by offering a “super config mode” to users that have been trained. It’s actually not that far away from how they validate licenses today. If you are listed as an admin on the system and you have a Meraki Master ID under your profile then you get access to the extra config mode. This would benefit both enterprise admins as well as partners that have admin accounts on customer systems.

This would also be a boon for the Meraki training program. Sure, having another piece of paper is nice. But what if all that hard work actually paid off with better configuration access to the system? Less need to call support instead of just getting slightly better access to engineers? If you can give people what they need to fix my problem without calling for support they will line up outside your door to get it.

If Meraki isn’t willing to take that giant leap just yet, another solution would be to weight the “Make A Wish” suggestions based on the number of APs covered by the user. They might even do this now. But it would be nice to know as a large enterprise end user that my feature requests are being taken under more critical advisement than a few people with less than a dozen APs. Scale matters.

Tom’s Take

Yes, the headline is a bit of clickbait. I don’t think it would have had quite the same impact if I’d titled it “How Meraki Can Fix Their Enterprise Problems”. You, the gentle reader, would have looked at the article either way. But the people that need to see this wouldn’t have cared unless it looked like the sky was falling. So I beg your forgiveness for an indulgence to get things fixed for everyone.

I use Meraki gear at home. It works. I haven’t even configured even 10% of what it’s capable of doing. But there are times when I go looking for a feature that I’ve seen on other enterprise wireless systems that’s just not there. And I know that it’s not there on purpose. Meraki does a very good job reaching the customer base that they have targeted for years. But as Cisco starts pushing their solutions further up the stack and selling Meraki into bigger and more complex environments, Meraki needs to understand how important it is to give those large enterprise users more control over their systems. Or “It Just Works” will quickly become “It Doesn’t Work For Me”.