Data Is The New Solar Energy

You’ve probably been hearing a lot about analytics and artificial intelligence in the past couple of years. Every software platform under the sun is looking to increase their visibility into the way that networks and systems behave. They can then take that data and plug it into a model and make recommendations about the way things need to be configured or designed.

Using analytics to aid troubleshooting is nothing new. We used to be able to tell when hard disks were about to go bad because of SMART reporting. Today we can use predictive analysis to determine when the disk has passed the point of no return and should be replaced well ahead of the actual failure. We can even plug that data into an AI algorithm to determine which drives on which devices need to be examined first based on a chart of performance data.

The power of this kind of data-driven network and systems operation does help our beleaguered IT departments feel as though they have a handle on things. And the power that data can offer to us has it being tracked like a precious natural resource. More than a few times I’ve heard data referred to as “the new oil”. I’d like to turn that on its head though. Data isn’t oil. It’s solar energy.

As Sure As The Sun Comes Up

Oil is created over millions of years. It’s a natural process of layering organic materials with pressure and time to create a new output. Sounds an awful lot like data, right? We create data through the interactions we have with systems. Now, let me ask you the standard Zen kōan, “If a tree falls in the forest and no one is there to hear it, does it make a sound?” More appropriate for this conversation, “If two systems exist without user interaction, do they create data?”

The fact is in today’s technology-driven world that systems are creating data whether we want them to or not. There is output no matter what happens with our interactions. That makes the data ever-present. Like our glorious stellar neighbor. The sun is going to shine no matter what we do. Our planet is going to be bathed in energy no matter if we log on to our email client today or decide to go fishing. Data is going to be generated. What we choose to do with that data determines how we can utilize it.

In order to use oil, it must be processed and refined. It also must be found, drilled out of the ground, and transported to stations where it can be converted to different products. That’s a fairly common way to look at the process of turning data into the more valuable information product we need to make decisions. But in the world of ever-present data do we really need to go looking for it? Honestly, all you need to do is look around and you’ll see it! Kind of like going outside and looking up to find the sun shining down on us.

Let’s get to the processing part. Both forms of energy must be harnessed and concentrated to be useful. Oil requires refineries. Solar power requires the use of plants to consolidate and refine the collected energy from solar panels that generate electricity or heat energy that is converted into steam-powered electricity. In both cases there is infrastructure needed to convert the rew data to information. The key is how we do it.

Our existing infrastructure is based on the petroleum economy of refinement. Our standard consumers of oil are things like cars and trucks and other oil-powered fuel consumers. But the world is changing. Electrically powered vehicles and other devices don’t need the stopgap of oil or petroleum to consume energy. They can get it directly from the electrical grid that can be fed by solar energy. As we’ve adapted our consumption models of energy, we have found better, cleaner, more efficient ways to feed it with less infrastructure. Kind of like how we’ve finally dumped clunky methods for data collection like SNMP or WMI in favor of things like telemetry and open standard models that give us more info in better fashion than traps or alerts. Even the way we handle syslog data today is leaps and bounds better than it used to be.

Lastly, the benefits to standardization on this kind of collection are legion. With solar, the sun isn’t going away for a few billion more years. It’s going to stick around and continue to cause amazing sunrises and give me sunburns for the rest of my days. We’re not going to use up the energy output of the sun even if we tried. Oil has a limited shelf life at best. If we triple the amount of oil we use for the next 30 years we are going to run out completely until more can be made over the next few million years. If we increase the amount of solar energy we use by 10x over the next hundred years we won’t even put a dent in the output of the sun that we received in a minute during that time.

Likewise, with data, moving away from the old methods of collection and reporting mean we can standardize on new systems that give us better capabilities and don’t require us to maintain old standards forever. Anyone that’s ever tried to add a new entry to an archaic old MIB database will know why we need to get more modern. And if that means cleaner data collection all around then so be it.


Tom’s Take

Generally, I despise the allusions to data being some other kind of resource. They’re designed to capture the attention of senior executives that can’t imagine anything that isn’t expensive or in a TV series like Dallas. Instead, we need to help everyone understand the merits of why these kinds of transitions and shifts matter. It’s also important to help executives understand that data needs time and effort to be effective. We can’t just pick up data and shove it into the computers to get results any more than we can shove raw crude oil into a car and expect it to run. Given today’s environmental climate though, I think we need to start relating data to newer, better forms of energy. Just sit back and enjoy the sunshine.

The Conundrum of Virtual Conferences

Okay, the world is indeed crazy. We can’t hide from it or hope that it just blows over sooner or later. We’re dealing with it now and that means it’s impacting our work, our family lives, and even our sanity from time to time. One of the stalwart things that has been impacted by this is the summer conference schedule. We’ve had Aruba Atmosphere, Cisco Live, VMworld, and even Microsoft Ignite transition from being held in-person to a virtual format complete with shortened schedules and pre-recorded sessions. I’ve attended a couple of these so far for work and as an analyst, and I think I’ve figured it out.

If you come to a conference for content and sessions, you’ll love virtual events. If you come for any other reason, virtual isn’t going to work for you.

Let’s break this down because there’s a lot to unpack.

Information Ingestion

Conferences are first and foremost about disseminating information. Want to learn what new solutions and technologies have been launched? It’s probably going to be announced either right before or during the conference. Want to learn the ins-and-outs of this specific protocol? There’s probably a session on it or a chance to ask a professional engineer or architect about it. There’s a lot of content to be consumed at the conference. So much, in fact, that in recent years the sessions have started to be recorded and posted for consumption after the fact. You can now have access to a library of any topic you could ever want. Which comes in really handy when your boss decides in November that you’re going to be the new phone person…

Because all this content has been recorded and published before, transitioning the content to a virtual format is almost seamless. The only wrinkle is that people are going be recording from their home instead of a blast freezer ballroom in the Mandalay Bay. That means you’re going to need tighter control over things like environment and video recordings. Your people are going to have to get good and talking and setting up their screens to be effective. Most good presenters can do this already. Some need some coaching. Most are going to need a few takes to get it right since they aren’t going to be editing together their own video. But the end result is going to be the same. You’re going to have great content to share with people to be consumed over the course of days or weeks or even months.

Keynotes are a little bit harder to quantify in this content category. They are definitely content, just not for tech people. Keynotes are analyst and press fodder. It’s a packaging of the essence of the event in an hour-long (or longer) format designed to hit the important points for tweets and headlines. Keynotes are very, very, very rehearsed. No one tends to go off the script unless it’s absolutely necessary. Even the off-the-cuff remarks are usually scripted and tested for impact ahead of time. If a joke fails to land, just imagine the three others they tried that were worse.

But keynotes at a virtual event can be more impactful. Because you can do some editing you can put together different takes. You can inject some emotion. You can even use it as a platform for creating change. I specifically want to call out the Cisco Live keynote from Chuck Robbins this year. It wasn’t about tech. We didn’t really hear about protocols or hardware. Instead, Chuck used his platform to talk about the drivers of technology. He stood up and told the world how we need to use our talents and our toys to build a better world for ourselves and for everyone around us. Chuck didn’t mince words. He postponed Cisco Live by two weeks to highlight the struggles and causes that are being shown nightly on the news. He wanted us to see the world he and his company are trying to help and build up. And he used the keynote slot to push that message. No flashy numbers or sparkly hardware. Just good, old fashioned discussion.

Virtual Hallways

Every positive thing should have something corresponding to balance it out. And for virtual conferences, it’s the stuff that’s not about content. Ironically enough, that’s the part that I’ve been so steeped in recently. Sure, Tech Field Day produces a lot on content around these events. I’m happy to be able to be a part of that. But the event is more than just videos and slide decks. It’s more than just sitting in uncomfortable chairs in a meat locker nursing a hangover trying to understand the chipset in a switch.

Conferences are as much about community as anything else. They’re about seeing your friends in-person. Conferences are about hallway conversations about random topics and taking a taxi to a bar halfway down the Vegas Strip to meet up with a couple of people and some person you’ve never even heard of. It’s about meeting the co-workers of your friends and pulling them into your circle. It’s about sharing hobbies and life stories and learning about the crazy haircut someone’s kid gave themselves right before they left.

Community matters to me most of all. Because a conference without a community is just a meeting. And that part is missing virtually. I did my best with an attempt to do Tom’s Virtual Corner with our community. I was shocked and pleased at the number of people that joined in. We had over 50 people on the calendar invite and over a dozen connected at any one time. It was wonderful! But it wasn’t the corner that we know and love. It’s not that it wasn’t special. It was totally special and I appreciate everyone that took time out of their day to take part. But there are some things that are missing from the virtual experience.

I’ll take myself for example. I have two problems that I have to overcome at events:

  1. I’m a story teller.
  2. Other people need to talk too.

If I get on a tear with number one, number two won’t happen. At an in-person event it’s easy enough for me to deal with the first one. I just pull interested people aside for a small group conversation. Or I wait for a different time or another day to tell my story. It’s easy enough to do when you spend sixteen hours around people on average and even more well into the night with friends.

However, those above things don’t really work on Zoom/Webex/GoToMeeting. Why? Well, for one thing you can only really have one speaker at a time. So everyone needs to keep it short and take turns. Which leads to a lot of waiting to talk and not so much for listening. Or it leads to clipped quips and not real discussion. And before you bring up the breakout room idea, remember that mechanically there is a lot of setup that needs to happen for those. You can’t just create one on the fly to tell a story about beanbags and then just hop back into the main room. And, breakout rooms by their very nature are exclusionary. So it’s tough to create one and not want to just stay there and let people come to you.


Tom’s Take

This is just a small part of the missing aspect of virtual conferences. Sure, your feet don’t hurt at the end of the day. I’d argue the food is way better at home. The lack of airports and hotel staff isn’t the end of the world. But if your primary focus for going to events is to do everything other than watching sessions then the virtual experience isn’t for you. The dates for Cisco Live 2021 and Aruba Atmosphere 2021 have already been announced. I, for one, can’t wait to get back to in-person conferences. Because I miss the fringe benefits of being in-person more than anything else.

Security and Salt

One of the things I picked up during the quarantine is a new-found interest in cooking. I’ve been spending more time researching recipes and trying to understand how my previous efforts to be a four-star chef have fallen flat. Thankfully, practice does indeed make perfect. I’m slowly getting better , which is to say that my family will actually eat my cooking now instead of just deciding that pizza for the fourth night in a row is a good choice.

One of the things I learned as I went on was about salt. Sodium Chloride is a magical substance. Someone once told me that if you taste a dish and you know it needs something but you’re not quite sure what that something is, the answer is probably salt. It does a lot to tie flavors together. But it’s also a fickle substance. It has the power to make or break a dish in very small amounts. It can be the difference between perfection and disaster. As it turns out, it’s a lot like security too.

Too Much is Exactly Enough

Security and salt are alike in the first way because you need the right amount to make things work. You have to have a minimum amount of both to make something viable. If you don’t have enough salt in your dish you won’t be able to taste it. But you also won’t be able to pull the flavors in the dish together with it. So you have to work with a minimum. Whether its a dash or salt or a specific minimum security threshold, you have to have enough to matter otherwise it’s the same as not having it at all.

To The Salt Mines

Likewise, the opposite effect is also detrimental. If you need to have the minimum amount to be effective, the maximum amount of both salt and security is bad. We all know what happens when we put too much salt into a dish. You can’t eat it at all. While there are tricks to getting too much salt out of a dish they change the overall flavor profile of whatever you’re making. Even just a little too much salt is very apparent depending on the dish you’re trying to make. Likewise, too much security is a deterrent to getting actual work done. Restrictive controls get in the way of productivity and ultimately lead to people trying to work out solutions that don’t solve the problem but instead try to bypass the control.

Now you may be saying to yourself, “So, the secret is to add just the right amount of security, right?” And you would be correct. But what is the right amount? Well, it’s not unlike trying to measure salt by sight instead of using a measuring device. Have you ever seen a chef or TV host pour an amount of salt into their hands and say it needs “about that much”? Do you know how they know how much salt to add? It’s not rocket science. Instead, it’s the tried-and-true practice of practice. They know about how much salt a dish needs for a given cooking time or flavor profile. They may have even made the dish a few times in order to understand when it might need more or less salt. They know that starches need more salt and delicate foods need less. Most importantly, they measured how much salt they can hold in their cupped hand. So they know what a teaspoon and tablespoon of salt look like in their palm.

How is this like security? Most Infosec professionals know inherently how to make things more secure. Their experience and their training tell them how much security to add to a system to make it more secure without putting too much in place to impede the operations of the system. They know where to put an IPS to provide maximum coverage without creating too many false positives. And they can do that because they have the experience to know how to do it right without guessing. Because the odds are good they’ve done it wrong at least one time.

The last salty thing to remember is that even when you have the right amounts down to a science you’re still going to need to figure out how to make it perfect. Potato soup is a notoriously hard dish to season properly. As mentioned above, starchy foods tend to soak up salt. You can fix a salty dish by putting a piece of a potato in it to soak up the salt. But is also means that it’s super hard to get it right when everything in your dish soaks up salt. But the best chefs can get it right. Because they know where to start and they know to test the dish before they do more. They know they need to start from a safe setup and push out from there without ruining everything. They know that no exact amount is the same between two dishes and the only way to make sure it’s right is to test until you get it right. Then make notes so you know how to make it better the next time.


Tom’s Take

Salt is one of my downfalls. I tend to like things salty, so I put too much in when I taste things. It’s never too salty for me unless my mouth shrinks up like a desiccated dish. That’s why I also have to rely on my team at home to help me understand when something is just right for them so I don’t burn out their taste buds either. Security is the same. You need a team that understands everything from their own perspective so they can help you get it right all over. You can’t take salt out of a dish without a massive crutch. And you can’t really reduce too much security without causing issues like budge overruns or costly meetings to decide what to remove. It’s better to get your salt and your security right in the first place.

Attention Resource Deficit

How much did your last laptop cost? You probably know down to the penny. How much time did it take for you to put together your last Powerpoint deck or fix an issue for a customer? You can probably track that time in the hours you recorded on your timesheet. What about the last big meeting you had of the department? Can you figure out how many hours combined of time that it took to get the business discussed? Pretty easy to calculate when you know how many people and how long it took.

All of these examples are ways that we track resources in the workplace. We want to know how many dollars were invested in a particular tool. We want to figure out how many hours someone has worked on a project or a proposal. We want to know how much of the company’s resources are being invested so we can track it and understand productivity and such. But when’s the last time you tracked your personal resources? I’m not talking about work you do or money you spend. I’m talking about something more personal than that. Because one of the things that I’ve seen recently that is starting to cause issues is the lack of attention we pay to our attention resource.

Running in Overdrive

Our brains run a lot of processes in our body. And a lot of those processes work without attention. Bodily functions like breathing, digestion, and our endocrine system work without us paying attention. That’s because these systems need to work for us every time without stopping. That’s the power of automation.

But the rest of our processes need our attention. Our cognitive processes and higher-order functioning need us to pay attention. Yes, even those tasks that you say you can do without thinking. They require you to pay some sort of conscious attention to what’s going on. And that comes out of your attention budget.

Ever wonder why people are good at multitasking? It’s because they are capable to splitting their attention budget up and paying attention to a couple of different things at the same time. Just like a multitasking computer, human multitasking is just devoting a portion of your attention to a different task for a little bit while you work on something else. But have you ever seen what happens when a CPU gets overloaded with tasks? Sluggish, slow, and unusable.

The same thing happens to people when their attention is drawn in too many different directions. When we exhaust our attention budget we let tasks drop and we stop being able to do things effectively. We have a pool of resources we can use and when those run out we have to take resources from other places. That’s when tasks start getting dropped and such.

People don’t tend to see attention as a finite resource. They see it as a bottomless well that always has a little more available when it’s necessary. We create tools and ideas and systems to help us manage it better. But all those tools are really designed to add a bit more of our fracture attention back to the resource pool. In reality, we’re still shuffling resources back and forth and not really adding to the overall pool. It’s not unlike dealing with a CPU with a finite amount of resources. You can’t get more than this no matter what tricks you use. So you need to learn how to deal with things as they are.

Retreating From the Redline

Internal combustion engines work best when they’re running in their power band, which is the area where they are most effective. The effectiveness of the engine drops off as it approaches the redline, which is the maximum amount of performance you can get without causing damage to the engine. It’s the hard limit, if you will. To apply this to our current discussion, you need to run your brain’s attention span in the power band of focusing on the right tasks as you need to and avoid pushing past the redline of inattention and letting things drop. But how can you do that knowing you have to work from a finite pool of resources? Your brain isn’t a CPU or an RPM gauge on a car. There isn’t a magic meter that will tell you when you’ve exceeded your resource pool.

Step One is the reduce the number of distractions you have. That is way harder than it sounds. There are some easy things you can do that have been documented over the years:

  • Set your email to only update in time segments. Every 15 minutes or even every hour for non-critical stuff. The less time you spend attaching yourself to a constantly-updating mailbox the more productive you can be.
  • Sign out of unnecessary Slack channels. The more you have open, the more attention you’re going to pay to them. And the less attention you have for other things too.
  • Limit social media engagement. Ever find yourself sucked into Facebook or TikTok? That’s by design. The operators want you to stick there and not do anything else. If you have to monitor social media for your job, create rules and lists to keep you focused on task. And save the causal stuff for another day.
  • Use the Pomodoro Technique. I’ve written about it before, but this is a great way to force your brain into focusing for short bursts. Once you can train yourself to block out distractions you can get a lot accomplished.

The second way that I find that I can help refuel my attention pool is to use checklists or some other method of dumping my brain contents in a way that lets me focus. I can put down things that need to be done and check them off as they are completed. But I don’t just put major projects like “Boil the Ocean” or “Put a spaceship on Mars”. Instead, I break everything down into simple, achievable tasks. Why? Because crossing those off the list gives you back some of the attention you dedicated to them. It’s like the programming equivalent of garbage collection. By returning your attention resources back to the pool you have more available to tackle bigger and badder things on your list. And when you ever feel like you aren’t getting enough done you can go back and see all the things you’ve crossed off!


Tom’s Take

I have a double whammy of being unfocused on my best days and being too forgetful to write things down. So I understand the issues of attention resource problems. As much as anyone I really wish I could just wave a magic wand and be able to pay closer attention to what I’m doing. The tricks above are ways that I cope with what I have to deal with. In fact, the number of times I got distracted even just writing this post would probably shock most people reading this. But we work with what we have and we do what we can. The key is to recognize that your attention is a resource that is just as valuable as money or work time. Treat is as such and plan for use and you may find yourself feeling better and being happier and more productive in a number of ways.

The Hook Brings You Back

If I asked you to summarize the great works of literature in a few paragraphs, how would you do it? Would you read over the whole thing and try to give a play-by-play of the book? Would it be more like Cliff’s Notes, summarizing the major themes but skipping over the details? Maybe you’d offer up the conclusion only and leave it as an exercise to the reader to find out? There are a lot of ways to do it and almost all of them seem insurmountable.

What if there was an easy way to jump right into starting to discuss a topic or summarize something? What if you could find a way to easily get people interested in your ideas? Believe or not, it’s not as hard as you might think. People usually freak out because they feel like there are too many places to start when they want to write something. They decide to try and figure out the perfect way to get going and, more often than not, they paralyze themselves with inaction.

So how do you get things moving? You have to find the hook.

By Hook or Crook

What’s the hook? Most people think it’s like a fish hook. Something you set to reel someone in. And that’s not far from the truth. The hook, when talking about writing or even music, is a section that is designed to catch your attention and keep it. The hook is what’s responsible for those catchy choruses you can’t get out of your head once you hear them.

But the hook is also the way you can get into a heady topic. The hook is the way you get things start. You find the attention-catching part of the story or the topic that you want to talk about and you grab it. Set the hook. That’s the first step. Figuring out what you want to talk about and setting that hook.

The key is to avoid getting overwhelmed. Don’t try to say too much. The hook doesn’t work if it’s too big. It doesn’t work if it’s too complicated. You have to find something small and relatable if you want people to bite. You need a single idea. A single topic of some kind. Make it easy and your audience will surely bite on it.

Reeling Them In

Okay, so you’ve successfully set the hook. Now what? Do you just tug and tug on it until you get what you’re after? Every fisherman knows that’s a bad idea. You have to gently pull and convince your quarry to come. You have to build something that leads people to where you want them to be.

Writing is no different. You have your hook but you have to support it with facts and evidence. You have to come back to your main idea and reinforce it over and over. That’s how the hook gets into the reader’s mind. You have to make sure they aren’t going to forget it. The hook is the takeaway from the piece you’re writing.

When your reader finishes you want them to have that idea ringing in their ears and in their head. You want them to think of your idea like a chorus from a song. Resonating and repeating. Not in the insidious ear worm kind of way. But in the way of your favorite movie scenes or favorite songs. Something that they enjoy and want to keep coming back to.

Fishing In Practice

Okay, so this is all well and good when you’re trying to sit down and write something. But what about when you’re listening to a presentation? How can this help you with your pre-writing?

The biggest thing to do is to start looking for hooks early. Most good presenters will tee up an idea or a theme and run with it. They’ll do most of the hard work for you. All you have to do it pick up on it. Find the theme running through everything and start taking notes about it. Using things like mind maps are great for this style of note taking because you’re going to try and pull all your details back to that main hook.

But what if there isn’t a hook? What if the main idea is scattered or the presentation isn’t built in such a way as to present something that has a clear, definitive theme? Well, that’s where the creative part comes into play. You’re going to have to do a little fishing of your own. You need to look at the media you’re given and try to find your hook. You may have to try a few things out first to get something worth talking about. But once you find the hook in the information you’re given you’re going to want to run with it. That’s how you know you’ve found something good.


Tom’s Take

A lot of my briefings and other coverage writing on Gestalt IT uses this kind of style now. I try to find the hook to pull people in to read about what I’m discussing. It’s not always mean or nefarious. Instead I want to engage people and show them how I look at things. Hopefully it gives them a new perspective and helps them understand deep technical topics. And maybe it’s enough to bring them back for more along the way.

Tom’s Virtual Corner at Cisco Live US 2020

One of the things that I look forward to most during Cisco Live is the opportunity to meet with people. It’s been quite a few years since I’ve been to a session during the conference. My work with Tech Field Day has kept me very busy for the past several Cisco Live events. But at the end of the day I enjoy strolling down to the Social Media hub and talking to anyone I see. Because people make Cisco Live what it is.

The Legend of Tom’s Corner has grown over the years. It’s more than just a few tables in a place where people hang out. It stands for a community. It means a lot to so many different people. It’s about meeting new friends and catching up with old ones and feeling like you belong. For so many, Tom’s Corner and the Social Media Hub is the center of Cisco Live.

And yet, we now live in extraordinary times. The plan we had for what Cisco Live would look like for us earlier this year is radically different right now. Prohibitions on travel and meetings in large groups means we will be experiencing Cisco Live from our homes afar instead of the Mandalay Bay in Las Vegas. The sessions we attend will be online. The keynotes streamed without seating and traffic directions. Although the office chairs at home will probably be more comfortable than conference seating.

But what about that in-person aspect to things? What about meeting up at the Social Media Hub and hanging out with all our friends? Well, the social media aspect to the event is going to be even more important now. Twitter and Slack and iMessage are going to be our primary forms of communication. We’re going to be twice as social even without being able to be around people thanks to the need to use programs to connect. But it’s not going to feel the same without being able to see someone.

A Virtual Corner

Because things are so crazy and because we’re not all going to get to be in the same place this year to hang out at Tom’s Corner, it’s time to bring Tom’s Corner to the virtual landscape of Cisco Live. Thanks to the power of Zoom and the patronage of Tech Field Day, we’re going to be holding Tom’s Virtual Corner at Cisco Live US 2020!

With the power of the revolution of technology and video chat we’re going to have the option to hang out and chat just like we always do! Granted, we’re not going to have to fight over places to sit this year so it may be better this way. Also, less walking! We’re going to have the meeting running from about 8:00am PT through 1:00pm PT so don’t worry if you can’t join right at the start. I’m sure there are going to be people coming and going all day.

In order to be a part of Tom’s Virtual Corner at Cisco Live US 2020, you’re going to need to send me an email at tom@networkingnerd.net or a DM on Twitter with the email address you want the calendar invitation sent to. Yes, that’s a very manual process. But given the number of people that like to invade Zoom calls this is a necessary precaution. Just send me an email with the title “Tom’s Virtual Corner Invitiation” and I’ll make sure you’re on the list. After that we can get everything going just like if we were hanging at the actual corner.

This is supposed to be a fun time to hang and enjoy the company of each other in a format that is hard to replicate, so a couple of ground rules:

  • Disruptive attendees may be kicked at the discretion of the hosts.
  • Follow Wheaton’s Law as the Prime Behavior Directive. If you have a question about whether or not you’re violating that law, you probably are.
  • Be respectful of your peers and friends. Make this a positive experience for everyone. I don’t want to have to be the fun police but if that needs to happen so be it.

It’s that simple. Be cool, act cool, and we’ll have fun.


Tom’s Take

I’m going to miss the Social Media Hub this year. I’m going to miss my friends and I am also going to regret not getting to make new ones. But maybe we can salvage a bit of that spark this way. We might miss the sign pic or the crazy antics that happen with giant Lego figures or tiaras or unicorn masks. But we’ll be there in spirit and that’s what counts. And, if nothing else, the tenth anniversary of Tom’s Corner next year is going to blow the roof off the place!

Anthology Product Marketing

I’m a storyteller. I realize this based on the fact that I tell them a lot. I’ve been told by a lot of people that I tell stories all the time. I’m okay with this. And a lot of the time I’m totally good at it. But one of the side effects of being someone that enjoys telling stories is that you recognize them in others and you start critiquing.

One of the more recent trends I’ve seen in product marketing revolves around stories. We’ve seen people telling all kinds of narratives about how disparate pieces of the puzzle fit together. It’s important because it frames the discussion for everyone. But I’ve also noticed some companies focus less on the framing story and more on the pieces. And it made me realize that’s a different kind of story.

Pieces and Parts

Merriam-Webster defines an anthology as a collection of selected literary pieces or passages or works of art or music. When I think of an anthology movie or video series, I think of a collection of disconnected stories around a framing device. Sometimes that device is as tenuous as a shared narrator, such as the Twilight Zone or Tales from the Crypt. That these series have been made into movies shows how well the format can be adapted to longer media.

Whereas a typical drama has a beginning, middle, and end that follows the same characters throughout the whole runtime, anthologies tend to have segments that focus on a specific piece that’s not necessarily connected to the rest. It doesn’t have to be connected because it’s a self-contained piece. The only connection to the rest of the story is the framing device.

If you’re brain is already working on how to extend this to technology, you’ve probably already equated the framing device to the usual “positioning statement” that’s given at the beginning of a presentation. Here’s the strategy or the vision for how we want to change the world. The individual pieces that the company makes are the parts of the anthology. They are the singular stories that tell the bigger narrative. Or at least they’re supposed to.

In the case of the Twilight Zone, there is no connection aside from Rod Serling telling us about the story. It’s like he’s reading them out of different books. On the opposite side of the spectrum is Pulp Fiction. This is probably the most beloved Quentin Tarantino movie. It’s a tightly-integrated anthology. All three stories are interwoven with each other. Even though they are three separate narratives they share the same characters and setting. Characters from the first story appear in the second and third. It feels like a real connected narrative.

The difference between Pulp Fiction and the Twilight Zone is pretty apparent. So too does the difference between companies that have tightly integrated the story for their individual pieces versus a company that has just put someone in front of the parts to tell you how it should all work together.

Discussion in the Details

When you’re deciding how to tell your product marketing story, ask yourself every once in a while “How does this tie into the big picture?” If it takes you more than ten seconds to answer that question yourself you’re on the road to an anthology series and not a cohesive story. Always refer back to the original statement. Frame your discussion along the lines of the basic premise of your story.

Think of it like writing paragraphs in middle school. Have a main idea and a couple of supporting details that refer back to the main idea. Always make sure you’re referring back to the main idea. If you don’t you need to evaluate what you’re trying to say. If you want a cohesive discussion you have to see the thread that ties everything together.

That’s not to say that every product marketing story needs to be tightly integrated and cohesive across everything. In fact, trying to tie some random piece of technology into the bigger story with a random framing device can feel stilted and out of place. It has to make sense in the narrative. Claiming you have a cohesive strategy for cloud storage is great when you add in telemetry and SD-WAN support. But if you try to pivot to talking about 5G and how it supports your cloud storage you’re not going to be able to tie that into anything without it feeling out of place.

Go back to the basics. Ask yourself what the story is. Don’t try to focus on the pieces. Focus instead on what you want to tell. Some of the best anthologies work because they have different storytellers contributing to the overall piece. If you have a story from a single storytelling you get some exciting integration. But if you have different ideas and visions working together you can come up with some really interesting discussions. Don’t sell your people’s ideas short. Just give them the direction they need to make it work.


Tom’s Take

Before anyone starts filling in the blanks about who the company in question might be, the answer is “all of them”. At some point or another, almost every company I’ve ever seen has failed at telling a good story about their technology. I don’t fault them for it. Marketing is hard. Making deep tech work for normal people is hard to do. I’m not trying to single any one company out. Instead, what I’m saying is that everyone needs to do a better job of telling the story. Focus on what you want to say. Figure out how to make your vision sound more like Infinity War and less like Twilight Zone. The more integrated your message, the less likely people are to focus on the parts they like the best to the detriment of the rest of the story.

The Devil Is In The Licensing

If you don’t already know that I’m a co-host of a great podcast we do at Gestalt IT, here’s a great way to jump in. This episode was a fun one to record and talk about licensing:

Sometimes I have to play the role of the genial host and I don’t get to express my true opinion on things. After all, a good podcast host is really just there to keep the peace and ensure the guests get to say their words, right?

Double Feature

I once said that every random feature in a certain network operating system somehow came from a million-dollar PO that needed to be closed. It reflects my personal opinion that sometimes the things we see in code don’t always reflect reality. But how do you decide what to build if you’re not listening to customers?

It’s a tough gamble to take. You can guess at what people are going to want to include and hope that you get it right. Other times you’re going to goof and put something your code that no one uses. It’s a delicate balance. One of the biggest traps that a company can fall into is waiting for their customers to tell them what they want to see in the next release. Steve Jobs is famous for having said the following:

Some people say, “Give the customers what they want.” But that’s not my approach. Our job is to figure out what they’re going to want before they do. I think Henry Ford once said, “If I’d asked customers what they wanted, they would have told me, ‘A faster horse!'” People don’t know what they want until you show it to them. That’s why I never rely on market research. Our task is to read things that are not yet on the page.

Granted, it’s a bit different when you’re building a cutting edge consumer device. And if you look at the track record of Apple it’s not spotless. But when you’re trying to figure out what features need to be built into an operating system you should probably know what your customers want.

But no choice about including code or features comes without a cost. Even if you have engineers on staff writing code day and night you’re going to incur a work cost. Development is measure in hours and hours equate to dollars1. If you have a team of hundreds working on a single feature you’re going to rack up some pretty significant costs. And including that feature in the base operating system only makes sense if you’re trying to capture market share or address a huge issue your customers have.

But how can you track adoption? Number of downloads of the OS or the program? Not a great measure if it’s something everyone needs to install. If you were trying to track the number of Apple Mail users based on the number of people running iOS on a device you’d be pretty far off the mark. Just because it’s installed doesn’t mean it’s used. So how can we track that feature and recoup some of the development costs at the same time? That’s right! Licensing!

The Double-Edged Sword

Licensing, in and of itself, it’s evil. You have to agree to a license every time you use software. Even if you’re using something with a license that says you can do whatever you want with it. The inherent evil part of the license is when it’s applied in an unfair way.

A friend once told me that a networking vendor had a great idea on how to recoup the costs of developing their software-defined strategy. Instead of charging more to turn the feature on for the whole switch they wanted to charge per flow that used the feature. The rest of the room was speechless. How in the world can you charge for a feature in a switch by the flow? Even with bundling of the licenses you’d incur a significant amount of costs just to operate whatever that was. Amazingly enough the person that suggested it had come from a consumer productivity software background, which per-use licensing was the norm.

The idea is sound. Charge people for what they use. But the application failed. Could you imagine someone charging you per phone call? It’s happened before. Remember when calling cards were a thing? You could pay a few cents a minute to talk. Today? The idea of mobile phones and unlimited voice plans makes the idea of per-use phones antiquated at best.

Another great example of licensing backfiring is when Cisco decided they wanted to start charging a license fee for each different phone type they sold. After all, it should cost more to connect a video phone than it should to connect a regular desk phone, right? After spending years fighting against Device License Units (DLUs) and watching them get tossed to side in favor of modified user licensing because of the rise of software over voice, I realized that this is a game that really never ends. I was the proud owner of an old unlimited data plan from back in the day when the iPhone first came out and my provider wanted to charge you more for the voice minutes instead of the data. Today the data usage is much more valuable to them. Trends change. Devices change. And that means you have to keep your licensing fair and even.

Would you license a firewall per hundred flows? Per VPN connection? Maybe per concurrent MAC address? These are all things that have been done before. I have installed firewalls that could be “upgraded” to more capable units by removing an artificial limit on the number of concurrent users. It was wrong to me but the company made money. It was an easy “fix” to get a few hundred dollars more plus some recurring support revenue. But did it accurately reflect the way that the users operated the device? Not really. It was more about getting extra funding for some other feature or for keeping your business unit in business.

The dark side of licensing comes from greed. Ensuring proper feature adoption or tracking development costs is fine and dandy. But when you charge more just because you can it becomes wrong. Worse yet, when you charge a fortune to keep all but a select few from using your feature set it’s even worse. You can’t expect to feel good about yourself charging a million dollars to license a feature that you really expect only a couple of customers to use. But that’s happened before too. And we’re not even going to get into the argument from the podcast about licensing being tied to the myth of “shareholder value”. I’d need another 2,500 words for that one.


Tom’s Take

Licensing is a necessary evil. We have to have rules and guidelines to use things properly. We also have to have a way to tie development to use. Most modern software is going to charge you for some feature, whether it’s a model of paying once for every major update or a freemium model that lets you pay a regular fee for regular updates. I can’t predict that market any more than I can predict the end of unlimited data plans and DLUs. But I can say that if licensing stops being about keeping software use sane and keeps running down the path of keeping shareholders deliriously rich, you’re going to find out that licensing was the real villain all along.


  1. Or the currency of your region ↩︎

Failure Is Fine, Learning Is Mandatory

“Failure is a harsh teacher because it gives the test first and the lesson afterward.” — Vernon Law

I’m seeing a thread going around on Twitter today that is encouraging people to share their stories of failure in their career. Maybe it was a time they created a security hole in a huge application. Perhaps it was creating a routing loop in a global corporation. Or maybe it was something as simple as getting confused about two mailboxes and deleting the wrong one and realizing your mail platform doesn’t have undelete functionality.

We fail all the time. We try our hardest and whatever happens isn’t what we want. Some of those that fail just give up and assume that juggling isn’t for them or that they can never do a handstand. Others keep persevering through the pain and challenge and eventually succeed because they learn what they need to know in order to complete their tasks. Failure is common.

What is different is how we process the learning. Some people repeat the same mistakes over and over again because they never learn from them. In a professional setting, toggling the wrong switch when you create someone’s new account has a very low learning potential because it doesn’t affect you down the road. If you accidentally check a box that requires them to change their password every week you’re not going to care because it’s not on your account. However, if the person you do that to has some kind of power to make you switch it back or if the option puts your job in jeopardy you’re going to learn very quickly to change your behavior.

Object Failure

Here’s a quick one that illustrates how the motivation to learn from failure sometimes needs to be more than just “oops, I screwed up”. I’ll make it a bullet point list to save time:

  • Installed new phone system for school district
  • Used MGCP as the control protocol
  • Need to solve a PRI caller ID issue at the middle school
  • Gateway is at the high school
  • Need to see all the call in the system
  • Type debug mgcp packet detail in a telnet session
  • A. Telnet. Session.
  • Router locks up tight and crashes
  • Hear receptionist from the other room say, “Did you just hang up on me?”
  • Panic
  • Panic some more
  • Jump in my car and break a couple of laws getting across town to restart router that I’m locked out of
  • Panic a lot in the five minutes it takes to reboot and reassociate with CallManager
  • Swear I will never do that again

Yes, I did the noob CCIE thing of debugging packets on a processing device in production because I underestimated the power of phone calls as well as my own stupidity. I got better!

But I promise that if I’d have done this and it would have shut down one phone call or caused an issue for one small remote site I wouldn’t have leaned a lesson. I might even still be doing that today to look at issues. The key here is that I shut down call processing for the entire school district for 20 minutes at the end of the school day. You have no idea how many elementary school parents call the front office at the end of the day. I know now.

Lessons have more impact with stress. It’s something we see in a lot of situations where we train people about how to behavior in high pressure situations. I once witnessed a car accident right in front of me on a busy highway and it took my brain almost ten seconds to process that I needed to call emergency services (911 in the US) even though I had spent the last four years programming that dial peer into phone systems and dialing it for Calling Line ID verification. I’d practiced calling 911 for years and when I had to do it for real I almost forgot what to do. We have to know how people are going to react under stress. Or at least anticipate how people are going to behave. Which is why I always configured 9.911 as a dial peer.

Lessons Learned

The other important thing about failure is that you have to take stock of what you learn in the post-mortem. Even if it’s just an exercise you do for yourself. As soon as you realize you made a mistake you need to figure out how to learn from it and prevent that problem again. And don’t just say to yourself, “I’m never doing that again!” You need to think about what caused the issue and how you can ingrain the learning process into your brain.

Maybe it’s something simple like creating a command alias to prevent you from making the wrong typo again and deleting a file system. Maybe it’s forcing yourself to read popup dialog boxes as you click through the system to make sure you’re deleting the right file or formatting the right disk. Someone I used to work with would write down the name of the thing he was deleting and hold it up to the screen before he committed the command to be sure they matched. I never asked what brought that about but I’m sure it was a ton of stress.


Tom’s Take

I screw up. More often than even I realize. I try to learn as much as I can when I’m sifting through the ashes. Maybe it’s figuring out how I went wrong. Perhaps it’s learning why the thing I wanted to do didn’t work the way I wanted it to. It could even be as simple as writing down the steps I took to know where I went wrong and sharing that info with a bunch of strangers on the Internet to keep me from making the same mistake again. As long as you learn something you haven’t failed completely. And if you manage to avoid making the exact same mistake again then you haven’t failed at all.

Eventually Secure?

I have a Disney+ account. I have kids and I like Star Wars, so it made sense. I got it all set up the day it came out and started binge watching the Mandalorian. However, in my haste to get things up and running I reused an old password instead of practicing good hygiene. As the titular character might scold me, “This is not the way.” I didn’t think anything about it until I got a notification that someone from New Jersey logged into my account.

I panicked and reset my password like a good security person should have done in the first place. I waited for the usual complaints that people had been logged out of the app and prepared to log everyone in again and figure out how to remove my New Jersey interloper. Imagine my surprise when no one came to ask me to turn Phineas and Ferb back on. Imagine my further surprise when I looked in the app and on the Disney+ website and couldn’t find a way to see which devices were logged in to this account. Nor could I find a way to disconnect a rogue device as I could with Netflix or Hulu.

I later found out that this functionality exists but you have to call the Disney+ support team to make it happen. I also have no doubts that the functionality will eventually come to the app as more and more people are sharing account information so they can binge watch Clone Wars. However, this eventual security planning has me a bit concerned. And that concern extends beyond Mice and Mandalorians.

Minimum Secure Product

If you’re figuring out how to secure your newest application or a new building or even just a new user, you first have to figure out what “secure” looks like. If you have trouble figuring that out, all you need to do is look at your closest competitor. They will usually have a good baseline of the security and accessibility features you should have.

Maybe it’s basic device and user controls like the Disney+ example above. Maybe it’s encryption of your traffic end-to-end, as Zoom learned a couple of weeks ago. Or maybe it’s something as simple as ensuring that you don’t have a hard-coded backdoor password for SSH, like Fortinet remembered earlier this year. The real point is that you can survey the landscape and figure out what you need to do to make your product or app meet a minimum standard.

On the extremely off-chance that you’re developing something new and unique and never-before-seen in the world, you have a different problem. For one, you need to chill on the marketing. Maybe you’re using something in a novel and different way. But unless you’ve developed psychic powers or anti-gravity boosters or maybe teleportation you haven’t come up with anything completely unique. Secondly, you still have some references to draw on. You can look for similar things and use similar security controls.

If your teleport requires a login by a qualified person to operate you should look at login security for other industries that are similar to determine what is appropriate. Maybe it’s like a medical facility where you have two-factor authentication (2FA) with smart cards or tokens as well as passwords or biometrics. Maybe it’s a lockout system with two operators required to engage the mechanism so someone’s arm doesn’t actually get teleported away without the rest of them. Even if your teleport produces massive amounts of logs you should keep them lest someone show up on the other pad with a different color hair than when they left. Those logs may be different from anything ever seen before, but even Airbus knows how to store the flight data from every A380 flight.

Security isn’t a hard problem. It’s a series of challenges that must be overcome. All of them are rooted in common sense and discovery. Sure, you may not know all the problems right now. But you know what they look like in general and you also know what the outcome should look like. Common sense comes into play when you start thinking like a bad actor. If I were able to get into this app, what would I want to do? Maybe I want to sign up for the all-inclusive package and not get a confirmation sent to an account. So put a control in place that makes you confirm that. Sure, it reduces the likelihood that someone is going to sign up for something without realizing what they’ve done. But the side effect is that you also have happier customers because they were stopped from doing something they may not have wanted to do. Your security controls served a double purpose.


Tom’s Take

Ultimately, security should be about preventing bad or unwanted outcomes. Theft, destruction, and impersonation are all undesired outcomes of something. If your platform doesn’t protect against those you are not secure. If your process requires intervention to make those outcomes happen you’re not there yet. Disney+ could have launched with device reports and the ability to force logoff after password change. But the developers were focused on other things. It’s time for developers to learn how to examine what the minimum requirements are to be secure and ensure they’re included in the process along the way. We shouldn’t have to hope that we might one day become eventually secure.