Looking For a Mentor? Don’t Forget This Important Step!

With the insanity of the pandemic and the knowledge drain that we’re seeing across IT in general, there’s never been a more important time than right now to help out those that are getting started on this rise. The calls for mentors across the community is heartwarming. I’ve been excited personally to see many recognizable names and faces in the Security, Networking, and Wireless communities reaching out to let people know they are available to mentor others or connect them with potential mentors. It’s a way to give back and provide servant leadership to those that need it.

If you’re someone that’s reading this blog right now and looking for a mentor you’re in luck. There are dozens of people out there that are willing to help you out. The kindness of the community is without bounds and there are those that know what it was like to wander through the wilderness for a while before getting on the right track. They are the ones that will be of the most help to you. However, before you slide into someone’s DMs looking for help, you need to keep a few things in mind.

Make Me One With Everything

The single most important step you can take to increase your chances of being mentored or being set up with someone to help you out is simple in theory but hard in practice:

You NEED to do your homework.

Sound contrite, right? You don’t know what you don’t know. You need to figure out what you have to have, right? Why not ask someone that has been there and have them tell you everything?

Let me give you the perspective of someone who mentors and teaches in all aspects of my life. The scouts, professionals, and students that come to me and say, “Tell me everything I need to know” are usually the ones that listen the least and forget the most. They are the people that haven’t done their homework. They haven’t looked up what interests them or tried to figure out what knowledge they’re missing. They want answers but don’t have questions. Without questions, answers are meaningless.

Moreover, telling someone “everything” is a recipe for disaster. How does a mentor know what to focus on? What areas interest you? In security, are you offensive or defensive? Do you enjoy writing reports or using tools? Do you want to be a per-work consultant or have a steady, if not smaller, paycheck from a single organization? How can a mentor know where to point you if you haven’t done this basic homework?

Let me give you an example that happened to me in the last week. I got a DM from someone I’ve never talked to before. They politely asked if I could answer a couple of questions for them. I said sure with some hesitation. Usually this means they’re looking for some very broad advice or they need help with their homework. When the questions appeared in my inbox, I asked for some clarification. In this instance, it was someone that needed to understand queuing mechanisms. Once I determined I wasn’t doing someone’s CS homework for them, I read up on the topic and explained what I thought was the case. I was pleasantly surprised to get a response that they had read the same paper and it sounded right but they wanted to understand deeper. We talked for a bit and I feel like the person walked away from the exchange with a greater understanding.

What made me happy in this situation is that the person did the work ahead of time instead of just saying, “teach me how this works”. They wanted to understand, not just get the answer to a multiple choice question. They were curious and wanted to learn the right way. These are the kind of people that benefit from mentors. They are self-motivated and willing to do the work to get ahead.

Help Is Always Given To Those Who Ask

You may have heard the phrase, “Help will come to those that help themselves”. It’s another bit of cliche that means you need to be as active in the process as the person you are seeking knowledge from. If you just show up and say, “I need to know everything starting from scratch”, you’re sending the message that you aren’t invested. Mentors don’t want to help those that aren’t invested.

On the other hand, if someone comes to me and says, “I tried this and it failed and I got this message. I looked it up and the response didn’t make sense. Can you tell me why that is?” I rejoice. That person has done the legwork and narrowed the question down to the key piece they need to know. They don’t need to “boil the ocean” so to speak. They have a specific need that can be met.

Mentors are people too. Maybe they enjoy teaching and guiding more than others but they have limits on their energy just like you would. If a mentor spends more time exerting themselves trying to teach someone everything starting from zero, they’re going to burn out. However, teaching someone that just needs a little extra push to get over the hump of a hard problem is a much better use of everyone’s time. The mentor gets the reward of seeing their student understand and the mentee gets the satisfaction of getting it right and doing the work before they ask for help.

Asking someone for help is never easy. It’s an admission that you don’t have all the answers and you need to rely on others. In a profession where being smart and knowing everything is seen as a sign of success it can be humbling to admit you need something from someone. However, I find that those that need the least amount of help from having exhausted their capabilities are usually the ones that learn the most over time and rely on their peers and mentors the least. They know what to do and where to start. They just need a helping hand to get over the line.


Tom’s Take

I am always willing to be a mentor for anyone that needs help. I can help you understand protocols, tie tripod lashings, and teach you more than you ever wanted to know about building space probes or speaking in public. That’s the life I’ve chosen for myself. However, I ask that all those that seek my mentoring help also commit to learning. Do the extra work ahead of time. Narrow your focus to what is essential to get over the hump. Realize that the more you do for yourself the more meaningful it is for you. And remember that those that mentor you are also on the learning journey themselves. Just as they help you, so too do others help them. And one day you will find yourself in the position to mentor others. Showing the investment and determination to go the extra mile for yourself is the example that you will set for those that come later.

Securing Your Work From Home

UnlockedDoor

Wanna make your security team’s blood run cold? Remind them that all that time and effort they put in to securing the enterprise from attackers and data exfiltration is currently sitting unused while we all work from home. You might have even heard them screaming at the sky just now.

Enterprise security isn’t easy, nor should it be. We constantly have to be on the offensive to find new attack vectors and hunt down threats and exploits. We have spent years and careers building defense-in-depth to an artform not unlike making buttery croissants. It’s all great when that apparatus is protecting our enterprise data center and cloud presence like a Scottish castle repelling invaders. Right now we’re in the wilderness with nothing but a tired sentry to protect us from the marauders.

During Security Field Day 4, I led a discussion panel with the delegates about the challenges of working from home securely. Here’s a link to our discussion that I wanted to spend some time elaborating on:

Home Is Where the Exploits Are

BYOD was a huge watershed moment for the enterprise because we realized for the first time that we had to learn to secure other people’s devices. We couldn’t rely on locked-down laptops and company-issued phones to keep us safe. Security exploded when we no longer had control of the devices we were trying to protect. We all learned hard lessons about segmenting networks and stopping lateral attacks from potentially compromised machines. It’s all for naught now because we’re staring at those protections gathering dust in an empty office. With the way that commercial real estate agents are pronouncing a downturn in their market, we may not see them again soon.

Now, we have to figure out how to protect devices we don’t own on networks we don’t control. For all the talk of VPNs for company devices and SD-WAN devices at the edge to set up on-demand protection, we’re still in the dark when it comes to the environment around our corporate assets. Sure, the company Thinkpad is safe and sound and isolated at the CEO’s house. But what about his wife’s laptop? Or the kids and their Android tablets? Or even the smart speakers and home IoT devices around it? How can we be sure those are all safe?

Worse still, how do you convince the executives of a company that their networks aren’t up to par? How can you tell someone that controls your livelihood they need to install more firewalls or segment their network for security? If the PlayStation suddenly needs to authenticate to the wireless and is firewalled away from the TV to play movies over AirPlay, you’re going to get a lot of panicked phone calls.

Security As A Starting Point

If we’re going to make Build Your Own Office (BYOO) security work for our enterprise employees, we need to reset our goals. Are we really trying to keep everyone 100% safe and secure 100% of the time? Are we trying for total control over all assets? Or is there a level of insecurity we are willing to accept to make things work more smoothly?

On-demand VPNs are a good example. It’s fine to require them to access company resources behind a firewall in the enterprise data center. But does it need to be enabled to access things in the public cloud? Should the employee have to have it enabled if they decide to work on the report at 8:00pm when they haven’t ever needed it on before? These challenges are more about policy than technology.

Policy is the heart of how we need to rebuild BYOO security. We need to examine which policies are in place now and determine if they make sense for people that may never come back into the office. Don’t want to use the VPN for connectivity? Fine. However, you will need to enable two-factor authentication (2FA) on your accounts and use a software token on your phone to access our systems. Don’t want to install the apps on your laptop to access cloud resources? We’re going to lock you out until we’ve evaluated everything remotely for security purposes.

Policy has an important role to play. It is the reason for our technology and the driver for our work. Policy is why I have 2FA enabled on all my corporate accounts. Policy is why I don’t have superuser rights to certain devices but instead authenticate changes as needed with suitable logging. Policy is why I can’t log in to a corporate email server from a vacation home in the middle of nowhere because I’m not using a secured connection. It’s all relevant to the way we do business.

Pushing Policy Buttons

You, as a security professional, need to spend the rest of 2020 doing policy audits. You’re going to get crosseyed. You’re going to hate it. So will anyone you contact about it. Trust me, they hate it just like you do. But you have to make it happen., You have to justify why you’re doing things the way you’re doing them. “This is how we’ve always done it” is no longer justification for a policy. We’re still trying to pull through a global pandemic that has costs thousands their jobs and displaced thousands more to a home they never thought was going to support actual work. Now is not the time to get squeamish.

It’s time to scrub your policies down to the baseboards and get to cleaning and building them back up. Figure out what you need and what is required. Implement changes you’ve always needed to make, like software updates or applications that enhance security. If you want to make it stick in this new world of working from home you need to put it in place at the deepest levels now. And it needs to stick for everyone. No executive workarounds. No grace extensions for them to keep their favorite insecure apps or allowing them to not have 2FA enabled on everything. They need to lead by example from the front, not lag in the back being insecure.


Tom’s Take

I loved the talk at Security Field Day about security at home. We weighed a lot of things that people aren’t really thinking about right now because we haven’t had a major breach in “at home” security. Yet. We know it’s coming and if it happens the current state of network segementation isn’t going to be kind to whomever is under the gun. Definitely watch the video above and tell me your thoughts, either on the video comments or here. We can keep things safe and secure no matter where we are. We just need to think about what that looks like at the lowest policy level and build up from there.

Learning To Listen For Learning

Can you hear me? Are you listening to me? Those two statements are used frequently to see if someone is paying attention to what you’re saying. Their connotation is very different though. One asks a question about whether you can tell if there are words coming out of someone’s mouth. Is the language something you can process? The other question is all about understanding.

Taking Turns Speaking

“Seek first to understand,then to be understood.” – Stephen Covey

Listening is hard. Like super hard. How often do you find yourself on a conference call with your mind wandering to other things you need to take care of? How many times have we seen someone shopping online for shoes or camping gear instead of taking notes on the call they should be paying attention to? They answer is more often than we should.

Attention spans are hard for everyone, whether you’re affected by attention disorders or have normal brain chemistry. Our minds hate being bored. They’re always looking for a way to escape to something more exciting and stimulating. You know you can feel it when there’s a topic that seriously interests you and pulls you in versus the same old staff meeting each week when we just run down a list of notes that haven’t changed in weeks.

The second reason why listening is harder for us is because we’re often waiting for our turn to talk. Be honest with yourself on this one. During your last five conversations with people, were you really listening to what they were saying? Or were you just waiting for an opportunity to jump in with a statement or opinion? And, in all honesty, was that statement just something you were going to say to prove that you were paying attention the whole time?

I admit I have huge issues with attention and listening myself. My brain is always racing a thousand miles an hour with the statements people make. If it’s a briefing I’m usually thinking about use cases or applications of technology or where the next steps will go. If it’s a discussion about a topic with opinions I’m listening for their position and formulating my response by taking their arguments and finding counter arguments. If it’s a boring meeting or status update session I’m usually working on my own list or trying to cross tasks off to get ahead with my time.

Whatever your reason for not paying attention, you have to realize that doing it means you’re not focused on the message. In classic communications training, the lesson is that there are three components to a message:

  1. The sender
  2. The receiver
  3. The message

People focus on the first and the third a lot. They optimize how to deliver a speech or how to craft the perfect message. The second part of the list is the one that gets neglected. How does the receiver act in the communication? Do they pay attention actively and summarize the content? Do they ask questions to seek better understanding? Or are they bored? Are they looking for their opportunity to turn things around and make themselves the primary sender?

Seeking Understanding

It’s been a long hard road for me at Tech Field Day and Gestalt IT to learn how to listen and understand and not just hear and hope for a chance to speak or tell a story. Stephen Foskett (@SFoskett) has helped me a lot by making me sit back and listen and get people talking instead of dominating the conversation. My time with the BSA Wood Badge program has also given me a lot of tools to help.

Here are a few ways that I work on listening with the intention to understand:

  • Taking Notes – This is something that I work hard on because with every conversation I tell myself I have a great memory and then I remember that I’ve forgotten I don’t. I’m a voracious note-taker. If a piece of paper has a square inch of space and there is a pen in reach I will write on it. Sadly, this means there are notes all over the place with zero context that have been lost to time. My note taking strategy has evolved to embrace things like pre-notes, where I start the notes for a briefing or conversation ahead of time to capture important questions or thoughts to ask, written electronic notes with my iPad and Notability where I can write things down on the fly without having to stop to think about typing, and consolidation of notes, where I go back and add those notes to a program like Agenda. Yes, it’s extra work but that extra work helps me summarize, categorize, and draw conclusions during the consolidation process. It’s like reading your study notes back a second time or rewatching a sports play to catch the nuance of the action.
  • Comprehension Questions – When you’re in a briefing, it’s easy to fall into the trap of just repeating back the thing you heard a minute ago to prove you’re paying attention. When I’m teaching my Scouts something and I ask them if they’re paying attention, some of the time they’ll do this to me. I fight back by asking them what that last thing they told me means to them in their own words. I want them to be thinking the whole time and not just listening for their name. Critical thinking is a skill we have to develop just like a fastball or juggling. The way to increase it is to be able to ask a summarizing question in a briefing. Speakers will pause frequently to ask, “Are there any questions? Is this making sense?” This is your chance to jump in with a summary and a question. Quickly summarize the important point – “You said BGP is broken” followed by a question, “Can we fix it with identity validation or something like PKI?” A word of warning on this one: remember to ask a question seeking knowledge. Don’t just state an opinion trying to prove you’re smarter than the speaker and then ask them what they think about your opinion.
  • Take The Lead – This one is especially important for people that interview others or podcasters that deal with shy guests. There are times when you realize the person you’re talking to is smart and capable but doesn’t communicate well. If you see that you’re going to need to jump in a take an active role in the conversation, but from the perspective of teasing out their knowledge. Leading them to where they need to be to be comfortable or expressive. My good friend Ethan Banks (@ECBanks) does an amazing job of this on his podcasts. He asks questions in a way that gives the speaker a clear opening to seize on his words to tell their story. It’s like watching an episode of Perry Mason where the star lawyer asks a question in the right way to make the witness tell the story they’re afraid of telling. When you do it right, it seems like you’re just very curious and the speaker does the job of telling the story. If you do it wrong, you’re dominating the conversation and putting words in someone’s mouth. If you really want to practice this part, ask your kids (or someone close to you) how their day went. Don’t let them stop at “fine” or “good”. Encourage them to expand on that by asking very leading questions about specific parts of the day or topics of interest. You’ll be a pro in no time.

Tom’s Take

Did all of that make sense to you? Did you hear me? Did you listen? Video content creation and blog posts are hard tools for communication because we’re cutting out the second part of the communication process. I don’t get to see your understanding or ask questions that allow you to consolidate your knowledge. I have to hope that the topics here are things that you enjoy and understand, even if you have to go back and read them a couple more times. I promise that if you work on the things above in the coming months you’re going to find yourself a better, more active listener with a lot of knowledge gained. And that’s a learning lesson worth listening to.

Do You Do What You’ve Always Done?

When I was an intern at IBM twenty something years ago, my job was deploying new laptops to people. The job was easy enough. Transfer their few hundred megabytes of data to the new machine and ensure their email was all setup correctly. There was a checklist that needed to be followed in order to ensure that it was done correctly.

When I arrived for my internship, one of my friends was there finishing his. He was supposed to train me in how to do the job before he went back to school. He helped me through the first day of deploying laptops following the procedure. The next day he handed me a different sheet with some of the same information but in a different order. He said, “I realized we had too many reboots in the process and this way cuts about twenty minutes off the deployment time.” I’m all about saving time so I jumped at the chance.

Everything went smashingly for the next month or so. My friend was back at school and I used his modified procedure to be as productive as possible. One day, my mentor wanted to shadow my deployment day to see how I was doing things. I invited him along and we did the first one. I pulled out my deployment docs and made sure to follow the procedure so I got a good grade. When we were done, my mentor pulled me aside and said, “I noticed you went pretty fast and did some things out of order. Why?” I mentioned that my friend and I had modified the deployment procedure a bit to make it easier and faster. That’s when my mentor hit me with a phrase that I’ve spent a lot of my career deconstructing:

“But this is the way we’ve always done it.”

You Do What You’ve Always Done

Process isn’t a bad thing. It makes jobs easy to break down into steps to assess timelines as well as being able to make a job repeatable. There’s nothing worse than a process that only lives inside the head of one person. If you can’t replicate your job you can’t ever stop doing it. Sure, it may be hard to write things down sometimes but you have to have a way to capture that data.

However, process all needs to make sense. If the process for starting my computer involves pushing the buttons in a certain order, there should be a reason for it. If the process for starting my computer also includes extra steps, such as getting a cup of coffee or banging on the monitor twice, there needs to be a reason for those too. Maybe the employee really likes coffee? Or maybe the startup process for the computer takes long enough that you can get a cup of coffee by the time the login is complete and if you try to do it earlier you’re going to run into slowness or indexing issues.

Documenting the steps is important. You also have to document the reasons behind the steps. Why must we tackle the project in this specific order? If you are doing Task A and then Task B why can’t you do the second task first? If you have no good justification then you should be able to do them in any order. But if Task B requires something from Task A to be able to be completed you need to document that. Otherwise people are going to do them out of order and miss steps.

Going back to our IBM deployment guide, why did there need to be so many reboots in the original document. Well, some of them were necessary. We needed to change the machine name before we joined it to the domain. We needed to log in with the username locally to create the profile before we logged in with the domain account so everything was created properly (this was NT4 domain days). Now, the instructions had us rebooting after every change, which added 3-4 minutes to every step along the way. My friend and I knew we could cut that down and do multiple changes for each reboot as long as they didn’t depend on the others being done first. But the original process was the “way it had always been done” and we had to prove it was better this way.

You’ll Always Get What You’ve Always Got

It’s not enough to challenge the process for no reason. Maybe your way is better. Or faster. Or just easier. But you have to prove it. You have to be willing to examine the process and ensure that what you’re doing is objectively better. It’s like taking a shortcut to work. It may feel faster for you. However if it takes 2 minutes longer on your drive is it really worth it? Or are you doing it because you don’t like driving or walking the other way?

Back to IBM and the laptop deployments. In order to get the revised process approved, I had to prove it was faster and provided the same output. I had to go into the lab and deploy using the old method and capture all the settings and data. Then erase the machine and deploy using the new settings and repeat the data capture process again to make sure the results are the same. Once I could prove that the new process resulted in the same output, we could move on to the second step.

Step Two involved timing the deployment. Now, in order to make sure I wasn’t juicing the numbers in either direction, we had our oldest, slowest laptop deployer use the new instructions. He would regularly take over an hour to setup a new machine with the old directions. We handed him the new page and told him to use this instead. Same steps, just in a different order. He went through them all cold twice and managed to average around 45 minutes for his deployment. He even remarked that our process was better.


Tom’s Take

Once we had it proven that it was faster and easier to do the things the new way we updated the deployment procedures before the next group of interns arrived. I had left my mark on things and proven that “this is what we’ve always done” isn’t always the best justification for things. But you do have to justify why your way is better. Facts beat opinion every day of the week. And if you aren’t willing to do the work to prove why you can make things better, you’ll always be where you are right now.

Imposters Among Us

Have you been playing Among Us? If you haven’t, your kids definitely have. I found out about it a few weeks ago because my children suddenly became Batman-level detectives and knew how to ask the kinds of interview questions that would make the FBI proud. In short, the game is all about finding the imposters in your midst based on their behavior and voting them out of the group to win. Sometimes you get it right. Other times you get it wrong and vote out someone who was doing legitimate tasks. It’s all a matter of perception.

Now, let’s look at another situation where we see this kind of behavior in a different light. You probably guessed where this is going already. We’re going to talk about Imposter Syndrome in our non-gaming lives and how it affects us. We may even make reference to pop culture along the way.

Where You Need To Be

I was thinking about this because something I said a few years ago at Security Field Day 1 popped back up in my feed. I was giving a speech at the beginning of the first day to the delegates and I wanted them to know that I understood that they may feel like they didn’t deserve to be there. I wanted to reassure them that they were where they needed to be. So I said something along the lines of the following:

You are here in this position because you earned it and deserve to be here. It would be an insult to those above and around you to think otherwise. If you have doubt in yourself, trust in those around you that they know who is best for your role.

Thanks to Kori Younger for recalling that specific part of the speech. Imposter Syndrome is hard to overcome because we really do feel like everyone else around us knows what they’re doing and we’re the odd ones out. We feel like we don’t know how to proceed or what to do. And that feeling can be crippling at times.

The idea that we don’t know what we’re doing is really called “learning”. It’s something that we do all the time. We apply lessons and intuition to find new solutions to problems, even ones we don’t feel qualified to do. We feel more comfortable doing this in areas where we have more knowledge or feel more confident, but rest assured we apply it all over the place, especially when confronted with situations we don’t completely understand or feel comfortable working on.

Earlier this year I took a Wilderness First Aid course for an upcoming Scout high adventure trip. Now, I must admit that I’m a terrible doctor or medical professional. I don’t like the sight of blood and I tend to focus on things without having a big picture. WFA is all about what happens when you find yourself in the back country far away from a hospital and what to do to handle situations. After a while, the solutions all kind of started sounding the same. You need to assess, stabilize, and almost always evacuate when critical. Now, that whole process sounds fairly simple when boiled down. But considering the crazy amount of things they want us to know about, like Acute Altitude Sickness, Hypoglycemia, and even things like concussions that cause cerebrospinal fluid leakage, you can see how easy it is to quickly be overwhelmed. However, the training up to that point helps you understand what to do: assess, stabilize, and evacuate if needed.

Applying A Process

Training and baselines help us overcome imposter syndrome in real life. We do similar things in IT or in other lines of work. When we encounter something we don’t understand or we feel overwhelmed by, we repeat the same process.

  • Assess – What is going on? Does this look like something I’ve seen before? The more it looks like a previous experience the more knowledge I can apply. Trust what you know. Being wrong because you applied an incorrect lesson is better than being wrong because you did nothing. Your experience will always serve you well. Trust those instincts.
  • Stabilize – This is where we spend a lot of our time. How can I fix this problem? Or stop it from getting worse? How can I get back to point where things work well enough to be able to reassess or make a different decision? Stabilization is the work that goes on in a process. A problem that is 100% stable is fixed. A problem that is 25% stable is better than it was with room for improvement. We need to apply lessons and things from our experience here too. Seen OSPF fall over before? Let’s try some things to get the routing table stabilized. Seen someone slice open their finger with a pocket knife before? We know how to fix this so it won’t reopen.
  • Evacuate – This one is a little more tricky. Sometimes we can’t fix something. Or we don’t know what’s wrong. So what do we do? Sit there wringing our hands? Scream at the sky? No, we get help. In WFA, evacuation is all about getting better help, whether it’s a first responder at base camp or a doctor in a hospital. In a professional setting, evacuation is more about finding the right help to get past an issue. Asking a mentor or senior person about the issue. Calling the support line. Asking someone on Twitter if they’ve ever seen this before. These are all great examples of evacuation from a situation. There’s no harm in asking for help. But there is harm in not asking for help when you need it.

Remember that everyone else around you is doing the same things you’re doing above when you find yourself in a situation you don’t completely understand. Some look more expert because they have better knowledge to relate to the problem. It doesn’t mean they’re smarter than you or better than you. It means they’re more adept at this problem for this time. Some people are more suited for things than others.

To quote Einstein, “Everyone is a genius. But if you judge a fish by its ability to climb a tree, it will spend its whole life believing it’s stupid.” If we only judge people harshly by their ability to adapt to unknown situations with a minimum of information and then spend hours in post-mortem meetings laying out why they didn’t do everything right, we’re going to make them feel like imposters. Instead, let’s cut them some slack and remind ourselves that we probably couldn’t do as well as they did in the same situation. And if we could have done better than they did, this is a time to step up to the plate and mentor them to make them better. Apply your knowledge to theirs and they will succeed next time. Hoard your knowledge and you will forever believe that they are the imposter.


Tom’s Take

Among Us is all about finding imposters in our midst based on their behavior and what tasks they’re doing. Real life is all about proving we aren’t imposters by doing things and showing our worth. As much fun as the game might be trying to figure out who the imposter is, our reality should be spent more on encouraging people to feel better and mentor them through the process of believing in themselves and applying their knowledge to a problem to have a successful outcome. We should be focusing on making everyone better and more confident. There’s nothing suspect about that.

When Will You Need Wi-Fi 6E at Home?

The pandemic has really done a number on most of our office environments. For some, we went from being in a corporate enterprise with desks and coffee makers to being at home with a slightly different desk and perhaps a slightly better coffee maker. However, one thing that didn’t improve was our home network.

For the most part, the home network has been operating on a scale radically different from those of the average corporate environment. Taking away the discrepancies in Internet speed for a moment you would have a hard time arguing that most home wireless gear is as good or better than the equivalent enterprise solution. Most of us end up buying our equipment from the local big box store and are likely shopping as much on price as we are on features. As long as it supports our phones, gaming consoles, and the streaming box we picked up we’re happy. We don’t need QoS or rogue detection.

However, we now live in a world where the enterprise is our home. We live at work as much as we work where we live. Extended hours means we typically work past 5:00 pm or start earlier than 8:00 or 9:00. It means that we’re usually sending emails into the night or picking up that project to crack a hard problem when we can’t sleep. Why is that important? Well, one of the arguments for having separate enterprise and home networks for years was the usage cycle.

To your typical manager type in an organization, work is work and home is home and n’er the twain shall meet, unless they need you to work late. Need someone to jump on a Zoom call during dinner to solve an issue? Want someone to upload a video before bed? Those are reasonable requests. Mind if my home wireless network also supports the kids watching Netflix or playing Call of Duty? That’s a step too far!

The problem with enterprise networking gear is that it is focused on supporting the enterprise role. And having that gear available to serve a consumer role, even when our consumer office is also our enterprise office, make management types break out in hives.

Technology Marches In Place

Okay, so we know that no one wants to shell out money for good gear. I don’t want to pay for it out of my pocket. The company doesn’t want to pay for something that might accidentally be used to do something fun. So where does that leave the people that make enterprise wireless access points?

I’ll admit I’m a horrible reference to my friends when they ask me what kind of stuff to buy. I tend to get way too deep into things like coverage pattens and device types when I start asking what they want their network to look like. The answer they’re usually looking for is easy, cheap, and simple. I get way too involved in figuring out their needs as if they were an enterprise customer. So I know that most people don’t need band steering or MIMO support in the house. But I still ask the questions as if it were a warehouse or campus building.

Which is why I’m really starting to question how the planned rollout of technologies like Wi-Fi 6E is going to happen in the current environment. I’ll buy that Wi-Fi 6, also known as 802.11ax, is going to happen as soon as it’s supported by a mainstream consumer device or three. But elevating to the 6 GHz range is an entirely different solution looking for a problem. Right now, the costs of 6 GHz radios combined with the operating environment are going to slow adoption of Wi-Fi 6E drastically.

Home Is Where the Wi-Fi Connects

How hostile is the wireless environment in your house? Aside from the odd microwave, probably not too bad. Some of the smart utility services may be operating on a separate network for things like smart electric meters or whole-home DVR setups. Odds are much better that you’re probably in a nice clean radio island. You don’t have to worry about neighboring businesses monopolizing the air space. You don’t have to contend with an old scanner that has to operate on 802.11g speeds in an entirely separate network to prevent everything from slowing down drastically.

If your home is running just fine on a combination of 2.4 GHz for older devices or IoT setups and 5 GHz for modern devices like phones and laptops, what is the advantage of upgrading to 6 GHz? Let’s toss out the hardware argument right now. If you’re running on 802.11ac (Wi-Fi 5) Wave 2 hardware, you’re not upgrading any time soon. Your APs are new enough to not need a refresh. If you’re on something older, like Wi-Fi 5 Wave 1 or even 802.11n (Wi-Fi 4), you are going to look at upgrading soon to get some new features or better speeds now that everyone in your house is online and gobbling up bandwidth. Let’s say that you’ve even persuaded the boss to shell out some cash to help with your upgrade. Which AP will you pick?

Will you pick the current technology that has all the features you need in Wi-Fi 6? Or will you pay more for an AP with a feature set that you can’t even use yet? It’s a silly question that will probably answer itself. You pay for what you can use and you don’t try and break the boss’s bank. That means the likelihood of Wi-Fi 6E adoption is going to go down quickly if the new remote office has no need of the technology.

Does it mean that Wi-Fi 6E is dead in the water? Not really. What it does mean is that Wi-Fi 6E needs to find a compelling use case to drive adoption. This is a lesson that needs to be learned from other protocols like IPv6. If you can’t convince people to move to the new thing, they’re going to stay on the old thing as long as they can because it’s cheaper and more familiar. So you need to create a new device that is 6 GHz only. Or make 6 GHz super fast for things like media transfers. Or maybe even require it for certain content types. That’s how you’re going to drive adoption everywhere. And if you don’t you’re likely going to be relegated to the same junk pile as WiMAX and ATM LANE.


Tom’s Take

Wi-Fi 6E is the great solution for a problem that is around the corner. It has lots of available bandwidth and spectrum and is relatively free from interference. It’s also free from the need to adopt it right away. As we’re trying to drive people toward Wi-Fi 6 11ax infrastructure, we’re not going to be able to make them jump to both at once without a killer app or corner case requirement. Wi-Fi 6E is always going to be more expensive because of hardware and R&D costs. And given the chance, people will always vote with their wallet provided their basic needs are met.

Thoughts From Networking Field Day 23

I know I’m a little late getting this post out but Networking Field Day 23 was a jam-packed event with lots of things to digest. I wanted to share some quick thoughts about it here that should create some discussion amongst the community, hopefully.

  • If you don’t believe that wireless is the new access edge, go look at Juniper. Their campus networking division is basically EX switching and Mist. That’s it. Remember how HPE called Aruba a “reverse acquisition” years ago? And how Aruba essentially took over the networking portion of HPE? Don’t be surprised to see Juniper getting more misty sooner rather than later. And that’s a good thing for everything that isn’t a carrier or service provider router.
  • Network monitoring became telemetry and is now transforming into digital experience. What is the difference to me? Monitoring devices tells you point-in-time information. Telemetry gives you the story of those point-in-time measurements over the course of days or weeks and can help you find issues. Experience is all about how that looks to your users. Problems don’t always affect them the same way it might appear on a dashboard. Likewise, things you don’t always see in your alerts can affect users in unforeseen ways. Honestly, you’re going to have to have all three going forward if you want your employees and your customers to be happy.
  • SD-WAN is moving away from being connectivity only. It’s starting to be focused on application experience and enablement. Sure, that means there’s some connectivity pieces under the hood. But, just like your mobile phone, you don’t care how your favorite app is communicating with the cloud as long as you can get there. Likewise, we are soon going to care less about our connectivity (as long as it works) and more about how quickly we can get our users to their favorite locations. Simplification indeed.
  • Whether we realize it or not, enterprise networking is going to change as we know it. Forget about your home networking connection. You’re going to have to get your home network inside the router to be more like an enterprise than a home. You need switches and enterprise APs to ensure your employees have the best connectivity. Yes, this means you’re going to have spend more money on your remote workers. And yes, this also means there’s a good chance the equipment is going to be used for non-business related traffic. But the alternative is to hamper your workers with substandard connectivity because not everyone can afford 802.11ax APs and gigabit switches on a remote worker budget.

Tom’s Take

Stay tuned for more coverage from Networking Field Day as well as some more networking thoughts!

A Decade of Blogging

Today is a milestone for me. Ten years ago I picked up a virtual notepad for the first time and committed my first blog post to the ether. It’s been a wild ride ever since. It also marks the milestone of being the job that I’ve held the longest so far in my career.

Blogging has been a huge boon for me. I’ve become a better writer in the last decade. I’ve learned how to ask the right questions and get good material for a story instead of just putting out what someone wants me to say. I’ve learned that being a pseudo-journalist is a thing you can do and have fun with.

I’ve written a ton over the years. 751 posts, as a matter of fact (counting this one). I’ve always tried to hold myself to a standard of getting something out once a week. Aside from the few times when I’ve tried to push that to twice a week I’ve held up pretty well. Yeah, I’ve slipped and the day job has gotten in the way more than once. However, keeping myself to a strict schedule has ensured that my attention stays focused on this blog and that it doesn’t lapse into irrelevance any more than normal.

It’s also opened up a lot of doors for me. Blogging was how I got introduced to the Packet Pushers and raised my profile from “crazy nerd that writes” to “crazy nerd that is a podcast guest.” That got me involved with Tech Field Day and from there things went all the way to Mars. In fact, it was Tech Field Day that helped me understand the importance of writing and to rededicating myself to what I do. And to the job interviewer that considered my blogging to be a hobby, not unlike restoring cars or fishing, I think I can safely say it’s become way more than either of us could have imagined.

I’m still creating content all over the place. In addition to all the stuff I do for my day job at Tech Field Day, I write coverage from our events and the briefings I take at Gestalt IT. I have started making videos. I am part of a weekly podcast that covers IT news and lets me be a little snarky now and then. I’ve seen the shift of content moving from written words to spoken words to video and beyond. There’s no shortage of information being shared today, even if some of it is shared in formats that favor shorter attention spans.

What more is there to write about at this point? I go back and look at my early posts and laugh at how I originally wanted to get my thoughts down about structured troubleshooting. And then it morphed into CCIE studies. Then SDN. Or maybe engineering woes. All of it has been growth for me. I’ve learned how to argue and not assassinate character. I’ve seen how people can take different sides of the same argument. I’ve even seen how the things we have settled years before come back around for a new generation of networking pros to argue over again and again.

I love this place. It’s one of the reasons why I’m the only writer here. And trust me, the content mills are always emailing me to put up sponsored posts. But I keep turning them down because this is my place for my thoughts. I want those of you that still read along with me to enjoy what I think about something or know that what I’m saying isn’t a post that was compensated. Knowing where I’m coming from hopefully helps you all understand how the forces in the market and the community drive what we see, what we learn, and what we do with it all.


Tom’s Take

I’m glad I made it through my warm up period for blogging. The funny thing about writing is that you just keep getting better and better as you go along. Who I am hasn’t really changed. A few of the certifications are retired or expired. Twitter is still a thing that I do. But this is where I belong. It’s my home and my work and the place where I get to be me. I hope the next decade is as much fun and as meaningful for all of you as it has been for me!

Solve the Simple Problems

One thing I’ve found out over the past decade of writing is that some problems are easy enough to solve that we sometimes forget about them. Maybe it’s something you encounter once in a great while. Perhaps it’s something that needed a little extra thought or a novel reconfiguration of an existing solution. Something so minor that you didn’t even think to write it down. Until you run into the problem again.

The truth behind most of these simple problems is that the solutions aren’t always apparent. Sure, you might be a genius when it comes to fixing the network or the storage array. Maybe you figured out how to install some new software to do a thing in a way that wasn’t intended. But did you write any of it down for later use? Did you make sure to record what you’ve done so someone else can use it for reference?

Part of the reason why I started blogging was to have those written solutions to problems I couldn’t find a quick answer to. What it became was way more than I had originally intended. But the posts that I write that still get the most attention aren’t my long think pieces on the state of the networking industry or multiplied engineers. It’s the simple solutions to questions or problems that keep driving traffic here day after day.

Look Around

A lot of my great posts come from me asking simple questions. How does BPDUGuard work on a switch? Why does the Apple Watch not unlock my MacBook? What is up with this SFP not working? When you ask the questions you have to figure out the answers. And that’s the hard and rewarding part of the puzzle.

I challenge you to go search out a simple problem. Say it’s an issue with data not being shared between two devices. The search results will almost always turn up a few pages that have a litany of solutions that are basic troubleshooting steps. Things like:

  • Ensure the devices are connected
  • Reset the network settings
  • Unpair and repair the devices
  • Restart everything
  • Call Tech Support

You’ve probably stumbled across these before. And the sad truth is that running down that laundry list of solutions will often fix issues, which is why they keep getting boosted back into the search results. But you know what’s missing? They why of the problem. It’s not enough to just toss things at a problem in the hope that it starts working again.You have to also figure out what went wrong and why it happened.

Networking people always want to know why something went wrong because we want to make sure it doesn’t happen again. Security people are even more stringent about figuring out the why behind a problem. They want to stop a potential breach or plug a hole that needs to be dealt with. So to them a solution is just a temporary fix until you can confirm that something won’t happen again.

This is why the work that writers do is so important. We explain the why behind problems. We figure out what caused something to go off the rails and then how to fix it so it doesn’t happen again. Those are the kinds of posts that get the most attention. Because they’re specific about the fix, enlightening about the education behind the problem, and most importantly aren’t just a laundry list of fixes to throw at something until it works.


Tom’s Take

If you’re someone out there that’s looking to start writing down your solutions to problems, you need to start with the questions behind what’s going on. It’s not enough to just regurgitate the fixes and hope that one of them has some kind of magic that works. You need to investigate, understand, and explain what’s going on. Once you can do that, you will have created something that gets lots of attention and will encourage you to keep up the questions for years to come.

 

A Place for Things and Things in Their Place

This morning I was going to go for a run and I needed to find a rain jacket to keep from getting completely soaked. I knew I had one in my hiking backpack but couldn’t locate it. I searched for at least ten minutes in every spot I could think of and couldn’t find it. That is, until I looked under the brain of the pack and found it right next to the pack’s rain cover. Then I remembered that my past self had put the jacket there for safe keeping because I knew that if I ever needed to use the pack rain cover I would likely need to have my rain jacket as well. Present me wasn’t as happy to find out past me was so accommodating.

I realized after this little situation that I’ve grown accustomed to keeping my bags organized in a certain way both for ease of use and ease of inspection. Whether it’s a hiking backpack or an IT sling bag full of gadgets I’ve always tried to set things up in simple, sane manner to figure out how to find the tools I need quickly and also discover if any of them are missing.

Pocket Protection

I’ve always favored bags with lots of pocket space to keep my tools organized. Places to put things like battery packs, USB-C hubs, console cables, and even laptop power adaptors are important. And when everything has its own spot its easier to find in a pinch. You don’t often have the chance to see what you’re looking for in a dark server room or in a tight airplane seating row. Therefore, having a specified pocket for things makes it quick to search by feel.

It’s also important to locate items near their intended uses. For me, oft-used items like headphones or Lightning cables go nearest the outside for rapid access. My passport goes in a slash pocket for ease of retrieval on international trips. When I have other items that aren’t as necessary or frequently used, such as a first aid kit or an old VGA adapter for a MacBook, I put them in pockets that aren’t as likely to be used often.

Sometimes you have to make your own pockets. I’ve used a variety of organizers and other pouches over the years to help create order from the chaos of a big open space in a bag. Some, like the Grid-It are nice because they are quick and easy to reconfigure. However, the more complicated the organization structure the more likely you are to just chuck the parts back into the void and hope they come out on the other side. I’ve started to use clear bank bags as my primary method of cable organization in my messenger bag and they seem to work much better. They keep the adapters and other odds and ends from flying around everywhere.

Where’s Waldo?

The other reason I like the idea of a specific place for everything in my bag is being able to figure out quickly that something is missing. If I always keep a screwdriver in a specific pocket and it’s not there I can assume I’ve either lent it to someone or left it somewhere I shouldn’t have. It also allows me to do a quick inventory of my bag to figure out if things are out of place between trips or truck rolls.

One example of this is Cisco rollover console cables. When I worked for a VAR I had to carry one of these things to get console access to routers more often then I would like to admit. However, I didn’t just carry one. I always carried two. I liked the idea of having a backup just in case because that’s the kind of person that I am. But I also used it as a learning experience for the techs that I trained. I would carry a spare and then ask them to borrow their console cable. Usually, the response would be a blank look or fumbling in the pockets of their backpack for a cable they knew they didn’t have. I would then explain the importance of having all the tools you needed every time you made the trip. Then I would give them my spare cable to carry around with them. I often remarked, “Now that I’ve given this to you the next time I need one or you need one we both know you’ll have it.”

It was also easy for me to check my bag and make sure I needed to replace items that had gone missing. Maybe I remembered that my other tech had my screwdriver and I needed to go retrieve it. Or perhaps I needed to put another console cable back in my bag after loaning out my first one. I even would check my secret snack compartment from time to time to make sure I replaced my granola bars and almonds that I would invade during late night cutovers without pizza or other food. After all, a functioning brain in IT is just as important as a functioning router.


Tom’s Take

My organization methods may not work best for everyone. But you need to have a method to your madness. If you don’t you won’t know if you have the right tools for the job. If you don’t know which tools you need you wont know if they’re missing. If you don’t know where they are you won’t have them when you need them. It’s all a matter of experience and methodology. Once you build your method, stick to it. Keep up with things and make sure you spend some time every once in a while going through everything just to make sure you have it when you need it. Then you can thank your past self for thinking ahead instead of cursing yourself for leaving your pack a mess.