Lost in the Forest

Little by little, and almost without realizing it, we have been filling up with technological tools in order to protect our assets, also technological. And above all to keep our privacy and our sensitive data safe and away from cyber-criminals who might take advantage of them or misuse them.

The issue goes even beyond the false sense of security that you might think that by installing an anti-malware or antivirus on my device you are already fully protected. «You are already vaccinated» is said with a face of relief, when it neither works like the real vaccines, nor do they assure us the total protection towards some disease (This refers about an spanish expresssion, I don’t know if in english are the same).

It also doesn’t give much more protection to have two different antimalware installed (sometimes even more) than having just one.

It has definitely been proven that buying detection/protection technology is not synonymous with increased security and, on the contrary, by doing so and believing that we are, it exposes us more.

This is the subject of the article IT Governance (which you can access by clicking here)based on a study by VMWare and Forbes which, although carried out in the UK, I’m afraid is repeated without major variations in each of our environments.

And the thing is, we’ve concentrated on tactics and forgotten about strategy. When the former without the latter, it doesn’t get us very far and it’s not very profitable.

I will briefly explain this last statement.

In general terms, an strategy is the way in which some general objective will be achieved, taking care of all the aspects that will be involved and generating general guidelines and metrics to review in the medium and long term.

Tactics, on the other hand, focus on specific aspects that must be resolved in the course of executing a strategy. They do not so much take into account the long-term environment of the problem, but rather the specific problem itself.

So, focusing only on tactics is like being lost in a forest with no more landmarks than the trees nearby, no map and no idea where you’re going. Sooner or later we’ll end up going around in circles.

Returning to the subject of this article, we see that in practice we are reacting to the incidents that are presented to us or to those that we see more and more frequently in our environment. And we become compulsive buyers of solutions for this or that threat, for this or that vulnerability. The report notes that 74% of respondents plan to invest in new detection technologies even though a significant number of them already have 26 or more such tools!

No wonder the dark side is in the lead and rising. Even more so if we add to this the already known gap between the demand for information security professionals and their supply, which leads us to hire «converted» individuals from the dark side to be in charge of the strategies, when by their nature they are eminently tactical. Topic I have addressed in: Could be Messi a top goalkeeper?

How to get out of this problem then?

Obviously cover the space that we are skipping and that can no longer be ignored. The Strategy.

This consists, first of all, of looking up at the equipment and the network, and seeing with a little more vision the technological and non-technological ecosystem in which the information we want to protect is immersed.

We can outline and simplify this ecosystem in three main areas:

1. Internal. These are all those agents who only have contact with another internal or borderline agent.
2. Limit. Those agents who have contact with internal and external agents.
3. External. Those agents that can only interact with limit agents, whether they do so effectively or not.

We can think that the general objective for our strategy is to avoid that an External agent uses some limit agent, to violate some internal or limit agent.

The current problem is that, unlike some decades ago, the «limit» is already practically everything. We just have to think about every element we use for our daily life and how each one of these devices already has contact with agents outside the business network and inside the business. BYOD has greatly boosted what we used to call the edge and is no longer so. It is, in my view, the center of where we should focus our strategy.

As I said above, the first thing to focus our strategy is to clearly define what we must protect, and these objectives, not because they are general, must be less precise. It is simply the equivalent of the mission that a company would have. If you think about a company’s cyber security, you only have to define the company’s Mission and Vision with respect to the business in which you apply it, and you already have a guideline as to where you should direct your security efforts.

And this is very important because perfect security does not exist, and therefore we need clear and prioritized horizons on which to base the tactics that we will be using and which are of a varying nature according to the circumstances of the environment that arise. But it’s not just about waiting for an attack to react (it’s too late when this happens and it only leaves us the option of activating the emergency and recovery plans, if they exist), not just about performing vulnerability assessments every 5 minutes and then mitigating some of them because business continuity doesn’t allow us to mitigate all of them, nor about filling up with tools like walls, crocodile pits or archers pointing out from the top of the castle if they are all in the wrong place.

If we know what we must protect, we must focus on these assets and analyze behaviors.

YES, behaviors. We have to know what is the normal state of things in the three layers mentioned above, so if we detect any abnormality we can use all our traditional security toys to increase or decrease our protection accordingly.

For example, we usually all have malicious emails that our antispam tool detects and controls according to some levels that we leave fixed. But, do we know where those emails come from?

If we can know this, a general increase in malicious mail would make us make security decisions one way, and if this increase comes from the same site, suspicious and with a reputation for attacks, it would make us vary and make other types of security decisions. In other words, our protection tactics would vary depending on the characteristics of the change over a baseline that we call «normal».

Although today we have advanced tools that are based precisely on this principle of behavioral analysis for both the internal network, point and edge devices or analysis of the big data that is presented in the environment of our object of protection, generally based on Artificial Intelligence and of which I have been able to evaluate a couple with very good results, it is not necessary to have them to begin with. First, they are usually quite expensive, and second, if we don’t know what to analyze, these tools will be underused.

I recommend a work of analysis in terms of basic levels to start and helped by reports (that most traditional tools already bring) accompanied by our good excel of always, to generate our own indicators of «normality» to start and make comparisons over time to learn which are the acceptable variations and which are not. Start with whatever you have at hand, whatever you know how to use better or are more critical of, but start now!

This will only consume you man-hours, but overall it is a smaller investment than a state-of-the-art tool that is underutilized. Little by little along the way the right tools will naturally emerge for you, and the investment will justify itself, moreover with the assurance that it will be fully exploited.

If we think holistically all the time, when circumstances change the adaptation will be faster.

…. And we will be able to get out of the forest!

A sheep fable

A farmer had 30 sheep that he had to take out to pasture every day at the beginning of the day, to return them to his barn at night.

Since it was just him, the storage mechanics were next:

He would arrive with a sheep and throw it with a rope, tie it to the side of the stable door, open the lock on the door, take the sheep and put it in. He closed the gate with the padlock and went to the next sheep.

At one time, the farmer had to leave his farm for several days so he asked his neighbor to help him by taking care of his sheep where he was not. He explained to him in detail the procedure to be followed, and he left confident that his flock would be well cared for.

For the first couple of days, the friend followed the farmer’s instructions to the letter, even though he thought the process he was following was not the best, since having to padlock the fence for every sheep that came in seemed to be a waste of time. So, on the third day he decided to optimize the process. Instead of opening and closing the lock each time, he got slightly longer loops to leave the animals tied up inside the fence. This would save movement and time.

It worked perfectly on the 3rd and 4th, and the good neighbor was happy.

At a short distance, a prowling wolf was observing this change in the routine that was previously in place and was gradually approaching without the person in charge noticing, until in the evening of the 5th day and when many sheep were already tied to the stable inside the fence, he entered willing to obtain a succulent booty.

Finally when the neighbor returned with the next sheep to guard, he found that there were several loose ties from the sheep which, in their desperation, had managed to break free and flee; several wounded sheep and signs of blood on the ground indicating the dragging of one of them already dead.

---

Many times we do not understand what the processes are for and why there are safety regulations. We think they are to prevent us from doing wrong, when in most cases it is to protect ourselves from disasters and attacks. In view of this, and before questioning procedures and rules, we must try to understand why and what they are there for.

• A cumbersome process is better than no process at all.
• Security is not always to prevent something from escaping, it is also to prevent something from entering, and vice versa.
• Reducing process times does not necessarily mean more profit or better.
• Asking to raise any standard for comfort or agility, sure causes problems.

Just to mention some of the «morals» of the fable. You will have others, go ahead with your comments.

Decade change, paradigm change?

We are living in a time when danger has become a constant in our lives.

At least as far as the cyber world is concerned.

But we are still doing the same thing we did years ago to protect ourselves: buying and buying tools. So much so that we have become fanatics, and every time an attack has the necessary publicity, the wallets of the organizations open up and ask us about the new toy we «need» to protect ourselves from that particular attack.

And then we keep repeating the same behavior that we had more than 40 years ago, in which, with the birth and rise of personal computer viruses, the more antivirus we had installed, the more secure we felt. The tools changed, but the behavior did not.

Next year, attacks are expected to continue to increase and according to some specialized publications, ransomware and phishing will maintain their reign.

So what do we do?

• On the one hand, the first one has become so sophisticated that it is almost impossible to detect it until the attack is obvious, and at that moment the attack is already being modified so that in practice the next one will be a completely different and new malware. In practice we will be living a permanent zero-day attack.

From my point of view, it is necessary to decide to generate a human team dedicated to security intelligence so that together with tools for analyzing behavior in networks (internal and external) it is possible to constantly patrol and analyze the ecosystem of the network and the cloud, in search of anomalous or suspicious situations. For this purpose, these tools must use artificial intelligence, which together with human intelligence will be the key to success.

• The second is the simplest to be used by attackers, since it is a technique that has been used even before the birth of this technological era, and the victim is precisely the human component, for which it is not yet possible to buy a tool that prevents him from falling into the tricks used by cybercriminals.

All that remains is to deepen in campaigns that allow each one to have the greatest number of criteria so that the protection is exercised by each one, according to the culture of cybersecurity that is available. We must try by all means that this culture permeates deeply within our being, in the same way that in the physical world we are taught from childhood not to open to strangers or to look at both sides of the street before crossing. That is how basic our level is in this aspect.

The rest: New tools, Penetration tests, Vulnerability analysis, etc. They must continue to be done. It is part of permanent cyberhygiene, and nothing of the above rules them out. However, the latter are more oriented to security tactics, and what we have failed in is strategy. We don’t have one. Without strategy we are condemned to always go after the bad guys, the key to make the leap is to push it without doubts or fears. I firmly believe that no doubt when we generate strategies in which to support and generate the right tactics, we will begin to turn the trends.

However, for the time being I hope that in this coming year, we will begin this path and stop thinking that the more toys you have, the safer we will be.

Could be Messi a top goalkeeper?

The Incident

May 2017.Telefonica Spain, among other companies, suffers a massive ransomware attack.

Those of us who follow this case, also remember the efforts made by Chema Alonso, (in charge of the company’s cybersecurity) to lower its profile or to dissociate itself from the problem.

El Mundo Daily, in its electronic version wrote:

Many Twitter users are blaming Alonso for contradicting himself, because in their tweets he denies being inside Telefónica and that security does not depend on him directly, despite the fact that the company’s corporate website assures that he is «responsible for global cybersecurity and data security».

The Manager

Chema Alonso is a famous Spanish hacker. Probably the largest in that country and among the most capable in the world. His biography mentions that he is a systems engineer and a doctor in Computer Security from the Universidad Rey Juan Carlos in Madrid (although today that doctorate is not published on the website of that university).

An infinity of awards and eminently technical articles really brilliant.

How, then, can this company be attacked and be successful?

Beyond the standard answers like no one is perfect or the best hunter will miss the hare, in my opinion the explanation goes for the subject of the skills needed to fill the position of security manager.

A hacker’s activity can be summed up as finding a vulnerability and concentrating on reviewing the different ways to exploit it, then concentrating on building and using the tools necessary to execute the selected form to complete its goal.

The activity of those who defend information systems is to worry about eliminating or mitigating each and every one of the existing vulnerabilities, known or unknown, in order to prevent, detect and prevent the information they contain from being affected or violated in any way.

Can you see the difference?

The incident mentioned is just one example of what is happening in some organizations. In light of the fact that cyberattacks have been increasing, the need for professionals to enable us to be prepared for them, prevent them, detect them and, if necessary, react appropriately has become a race against time and against the lack of this type of profile in the market.

It has turned to see, then, precisely those who in one way or another have the necessary skills to violate the security of companies, turning them to the «white» side, hoping that if they know where to enter, they can contain their colleagues in their attempts to do the same.

Unfortunately, with this approach, organizations will still be far from generating an integrated security strategy, and will continue to be filled with tools to stop the various types of attacks. Those that are fashionable at the time.

We’re misusing our cards.

We believe that by filling ourselves with successful and skillful strikers in all positions of a soccer team, we are guaranteed to win every game and we are not.

Anyway the solution is not, from my point of view, to think that we should leave aside the experts in attacks and vulnerability review. What needs to be understood is that each element within a cybersecurity scheme must have the right skills profile so that they can carry out their specific activities with complete freedom and confidence, in addition to interacting naturally with the other actors in this ecosystem.

In my mind, these actors in general can be classified in two Internal and External (or support).

Internals

Within an organization, it is necessary to establish, not always formally, two basic areas: a centralized one that must be in charge of the strategy and the analysis of information, and a distributed one that must execute the guidelines that the first group defines. I call the first INTELLIGENCE and the second EXECUTORS.

This is how the following action diagram is configured:

Intelligence members should be able to see the broad spectrum of attack possibilities, know the priorities of the company, and establish the priorities with which the different threats should be addressed according to the assessment made of the potential damage. It must be remembered that there is always more to protect than available resources, so the ability of this team to optimize these resources with the right strategies is fundamental. We are talking about defending and not attacking.

It should also be noted that the Executors do not necessarily belong to the information security team, but are mostly external, such as for example:

1. Infrastructure: setting up and maintaining perimeter security and network patrol tools.
2. Development: Including in its applications the codes necessary to ensure security in the use of these.
3. Users: Actively respecting policies and procedures, as well as actively participating in campaigns to generate a culture of security.

Externals

On the other hand, every security scheme needs to be reviewed and tested periodically. At this point the white hat Attackers are well received, since with their skills they can test the strategy that the internal team implements.

It is not convenient that these actors belong to the organization, since it is important that they do not know beforehand either the strategies or the implemented security tools. But at the same time, it must be a team that is trusted for its integrity, beyond its expertise. It must be remembered that they will know the weaknesses that they may have, so they must be reasonably sure that they will let us know the totality of the findings found.

Conclusion

With this organizational scheme, we will be able to better understand the competencies needed for each actor depending on the team in which they are located. Moreover, it is easy to implement as it makes use of elements that already exist within any organization such as the Executor team. It is only neSpanish Versioncessary to concentrate on the Intelligence team, which can be made up of only one person initially. While with the external team, you can wait until there is adequate maturity and eventually hire if it is considered necessary.

Each stroke leaves us with lessons to learn, I suppose the company I started with exemplifying the reality of many others has done so as well. The important thing is not finally the names with which the different positions are covered, but that the skills are adequate. We can’t put Messi on goal and expect him to be a good goalkeeper, his function is to attack.

We were free

Sometimes I succumb to my obsession of questioning the realities that present themselves to me as true and/or to some sentences that attempt to philosophize about some aspect of life, and that are given for certain without further analysis.

I understand that most people are just trying to have fun in a light way, rather than inviting people to digress about the subject. I apologize beforehand to those who think it’s inappropriate to do so.

However, my obsession is still there, and this is particularly the case with the image that accompanies this text.

It Indicates:

When the phone was tied with a wire, Humans were free..

It depends that what you define like free.

I remember that in my professional beginnings, when there was no use today with mobile phones, I had to stay long hours on duty at the office waiting for some incident to happen that fortunately never happened. Losing valuable time of family life or simply of recreational leisure. Today most guards can be done remotely, which means I can do whatever personal activities I need, as long as there is no incident. If he doesn’t show up, I’ve earned that time for myself.

Another aspect of this technological change relates to meetings. Before mobility, when it was necessary to meet it was only in person, forcing all the people involved to move to the place agreed for it, with the consequent waste of time in this movement. Today I can be in meetings from any location with a signal, and my time dedicated to the meeting is only as long as it takes, earning for me the time associated with travel.

These are only two examples.

I know that you will also be able to give examples to the contrary, and I invite you to do so and to talk about it. For my part I am available even though it seems a little serious, because I understand that the image is not intended to go beyond being a meme.

Those that did not exist before the current mobility.

Push or Wait

I’ve read somewhere that luck doesn’t exist, that is actually the result of the combination of preparation plus opportunity. And while in a way it’s right, and those who complain of «bad luck» I think it’s often that they haven’t had enough preparation to take the opportunities that present themselves along the way, I’m also not comfortable thinking that it’s all about being very prepared waiting for the right occasion to arise. I think this is just a part of the film.

We have at least two ways of dealing with the future, from a complex organization to even a personal one.

One of them is to draw up a master plan that governs our future actions and/or decisions, and to push the necessary changes to comply with it. If you like, it is a proactive way to move forward to where we want to go to the end. For this we must have clear from the beginning where we want to reach and what level of flexibility we will maintain if we admit the possible variations that may arise during the journey.

Another is to take advantage of opportunities as they arise, but this must be based on a very strong culture of strengthening of capacities above all other participants.

There are many success stories for both scenarios.

If we take it into the IT arena, and put ourselves in the CIO second level scenario (see CIO’s Path), we can see that both strategies are applicable. In this analogy the opportunities can be represented by the requirements (sometimes very challenging) of the business with systems, so a solid base of growth and constant training of the team to develop the necessary skills and competencies or above what is needed, would facilitate us to successfully leave each of the proposed challenges (or imposed as you want to see).

Another choice is to draw up a plan in accordance with the company’s strategic plan, so as to go even one step further than what the business needs at a given time, and thus ensure the appropriate IT support required. However, this does not free us from requirements not contemplated by us that must be met anyway, so we must also incorporate the flexibility factor in our plans.

Of course, these two sides have pros and cons, among which can be mentioned:

Planning

Advantages	Disadvantages
Organizes activities and causes them	If uncertainty increases, the accuracy of the plan decreases
Anticipate Changes	Unexpected changes destabilize it
Allows you to set up controls	Limits the scope in particular initiatives
Allows the team to know the direction it has	Masks opportunities outside the stated objectives

Strengthening of capacities

Advantages	Disadvantages
Allows to be prepared for the variable circumstances of the environment	Cannot anticipate long-term objectives
Responds to changes	Controls are only established for particular and not general activities
Uncertainty doesn’t affect her much.	Risk that enhanced capabilities will not respond to future demands
Allows flexibility in exploring particular initiatives

As can be seen, these advantages and disadvantages are annulled if we put them together with each other of each paradigm, so the question immediately arises: Can we carry out the two in parallel?

In my opinion, it is possible, although of course this involves a greater difficulty than only holding on to one of them.

In order to be able to do this, it is at least necessary to be clear that the following must be achieved permanently:

• Integral training plan for the work team

Ideally, there should be a constant flow of training in the work team and, although it is not possible for everyone to do it at the same time, look for at least part of the team is always learning something new or perfecting itself. In this way we are not only prepared for new tools or challenges that may arise, but also try to respect the interests of each individual in the team. With this it will have achieve as an added product a very important good for the group: loyalty.

• Knowledge of the business (or the businesses if it is a corporate)

As I have mentioned in previous articles, IT is not an isolated box that only has to make the lights of the site are on, it goes beyond and to leave the first level CIO, it is imperative to leave the room of systems and see that there is beyond there. First the business or company in which you work and at a slightly more advanced level the environment in which the company moves, environment and future.

• Knowledge of Directors/Owners.

I add this point because beyond the strategic plans, the mission and vision that the company has put into beautiful reports and charts (and that even some of these points in many companies are not even written), what is being thought and felt by those who head the organization will allow the best possible plan to be generated as an area both for strategic accompaniment, as well as eventually influence the direction taken as a business.

With these three points as a base, we can establish a framework that allows us to take advantage of both schemes to face the future. Is it more intense work? Yes, since we have to prepare in the specific aspects to carry out the guiding plan that directs in general the trip of the area, but we also have to prepare well in general issues and trends, allowing us to take the opportunities that present themselves along the way. However, I believe it is worth it, and in these changing times it is already a must.

Emergency Room (ER)

I understand that medicine has much longer than the areas of Technology evolving and learning how to make its work more efficient. Moreover, I understand that working with human lives is infinitely more delicate than what we have to do with a company’s systems.

However, I am also convinced that it is always good to look to other areas from which to draw lessons and learn, so that their best practices can be adapted so that we can evolve towards providing the best possible service.

One of the lessons that medicine can give us is the clear differentiation between the different ways of caring for patients depending on the circumstances. That is to say, it is not the same to see a healthy patient in the consultation for a preventive check-up as it is to see a person with some symptom they want to know what they have to treat, or someone who comes to the emergency department with a commitment to their life.

In the technology simile, for the first two we have more or less a scheme to follow, but for the third one I have not found that there is any standard procedure for doing things. I know that someone will tell me about DRP procedures, but I talk about the little disasters, that don’t requires a complete restore or recovery, I mean, I refer to do something to avoid it, when the system present the first symptoms.

A few weeks ago, a release was complicated and there was a risk that the area being treated would be left without service. The consultants in charge insisted that the same procedure should be followed as for a preventive review of the systems. That is to say: to gather the information, to take it to him to analyze, to elaborate a diagnosis and to debate the ways to follow. This would take several days, and they showed no sensitivity towards their clients or users who were unable to perform their normal tasks with the consequent harm this caused to all. It was necessary to act extremely quickly and effectively, and the consultants did not understand that this required a different approach.

I have seen this scenario repeated too many times, and in general with consulting firms. In my opinion it is often because there is no compromise between the product they deliver and the business they want to reach. That is why it is necessary to establish a procedure to «revive» systems and act effectively and efficiently in this type of emergency. It is not a matter of restoring from a backup, it is a matter of avoiding having to go there at some point.

To this end, I believe that it is useful to establish the following 3 criteria:

Anticipate potential scenarios

What could go wrong? Usually whoever sells us a product tries by all means to make us believe that it is perfect and without fail. This is never true and you have to be prepared for whatever comes your way. In order to do this, it is necessary to review and understand the system to be incorporated as best as possible, and to see the possible failure scenarios that may arise. Although reviewing it internally is complicated, in the integration with other systems and the dimensioning of the infrastructure, if we can prepare. And a lot of it.

Perform tasks in parallel

However, even though meticulous preparation work has been done, there can always be contingencies that arise at the moment or, worse still, much later when the system is fully operational. In this sense, when working in an organized and parallel way, we will get an advantage in terms of total downtime or problem solution time.

We need to locates the appropriate parameters to be checked immediately, independently of the system in question. For example, check the stability of the network around the conflict point (latency, outages, etc.); or availability of satellite servers on which the system depends (availability of the active directory if authentication is linked to it, for example). Each of these parameters is read immediately as soon as a problem is reported and the result is placed in a collaboration group in a matter of minutes. The effect is similar to when you are monitored for vital signs in urgency and told to your treating doctor. In this case, when the analyst comes in to check, he or she no longer has to ask for each of them, but has them in sight and can act with this background in mind. This saves minutes and sometimes hours over doing the same revisions on demand and in a serial mode.

It’s the way to work collaboratively and it’s the same as when they measure your pulse or take your blood pressure, they are the vital signs that help you to have a complete picture and avoid assumptions that generally lead to bad decisions.

Staying calm is not the same as going slow

Generally speaking, the procedures in «Peacetime» go at a pace that is not acceptable in an emergency. However, acting fast does not mean acting thoughtless. For this purpose, it is also important that procedures have been established in advance in order to achieve the best possible results from the two previous points. If there is a team that has already given me all the possible variables that need to be reviewed, the analyst only has to focus all his time and effort on one thing: uniting all the variables he has in front of him to reach the best conclusion, and if he only does one thing, the minutes he has are used to the maximum and with the calm required for reflection, without wasting time.

With this scheme, I have found that the solution times becomes to an a half of the original times.

However, the heaviest task I have to do is to be making the difference to the consultants I work with, not all of them, but to the vast majority of them. I sincerely hope that this will improve and that they will not look like what they do today: technology mercenaries.

 

My Way

Establishing a common thread that mark the CIO’s work, whatever the company or industry in which he operates is not easy. Each company, even if they belong to the same industry, has its own particularities, typical of an organization that, when formed by people, is changing permanently in its organizational culture and in its processes, especially in the present day in which the environment demands a quick and constant adaptation to it.

In this way, there are aspects that must be taken care of and increased, so that they form part of our good practices in terms of the management and leadership of our teams, which we must carry out.

1. Listen to your user (Customer)

You need to be always the «Best Friend» of people what you give your services. Especially because the specimen called «User», frequently to come to us with a solution in mind that, in my experience, is usually not what they really need. You have to look underneath everything that says what is their real need is and find a way to satisfy it in the most agile, simple and concrete way possible.

I have put some more comments about this in the article (in Spanish) «Primero lo primero» (click here)

We should always be borne in mind that the «User Experience» (UX) should not only refer to the final product that can be delivered to they, but to the entire process from the first contact to the satisfaction of their need. In this sense it is useful to think of them as our Clients, as if we were a consultant and we need them to buy the solution we are providing.

2. The important thing is business (information) NOT technology

Would you talk on the phone to a person sitting next to you?

I guess not (although I did see it done sometime). It is much more effective to turn around and speak to him directly in the traditional and analogous way, face to face.

What if he is at across the corridor, further away?…the answer is likely to be either «it depend» and different variables will come to play such as the immediacy with which the answer is needed, whether it is possible to move or not from one place to another, and even climatic factors to decide when the use of technology (telephone) becomes necessary.

The important thing is that the technology chosen is in function of the needs that must be solved and for that we must be clear about something that is very difficult for us to assume: Technology is not the goal, it is just the tool.

And it is in this way that in recent years progress has been made in the awareness of those who lead the technology areas that their functions are now more strategic than operational. You need to know who your customer is (business and systems), what they want and what they need (they are two different things). It can be very attractive to enter into Artificial Intelligence projects with Big Data to establish interfaces with the final customers, but if the problem is that Logistics does not have the right tools it needs, more traditional (therefore less challenging),use the latest technology in the front-end will be don’t any usefully.

Technology only for Technology, in a business it is useless.

3. Take care of your team

All that is done is through others, who are part, permanent or temporary, of the work team. The team must be able to know exactly what is expected of each of them and must be allowed to do what they do best. What we must always bear in mind at this point is that if we have been working in a sector for some time now, the team we have is the one that you have formed and decided to work with us, so if we cannot have confidence in what they will do, the problem does not lie with them but with the person who chose them.

But we must also be attentive to their motivations and needs, although not all of them can be satisfied at the same time, I have found that the knowledge that they can have personal achievements through collaborative or team work, keeps them permanently wanting to show what they can achieve.

Likewise, we must be grateful. The equipment is our hands and we must constantly be recognizing it. The thought of «They only do their job for what they are paid for» is the worst poison that can be used to achieve the synergies that will make the Systems area a real contribution to the business and not just a few equipment loaders.

---

Regardless of where I have been, I have tried to respect these three guidelines and it has worked to a greater or lesser extent, I have found it gradually along the way and they have become part of what I do every day.

How ever, the details and the «weight» given to each one at a given moment depends on the environment in which one finds oneself, the specific culture of the organization and the «intuition» of each one of us, that is where one has to find the right balance, and as each time is different only remains to do things in the way each one does. In my case, my way.

 

The new SuperFriends

I have nice memories from my early years, having a truly funny time seeing the superheroes cartoons.

Batman, Superman, Wonderwoman, Aquaman, Ironman, etc.

However, when they really caught me, was when they leave their lonely avengers personality and they starting to do work in group, like a team. The first of them that I saw, was the fantastic 4, where  the elasticity, invisibility, strength and the fire, although it can be used by separated, at combining they became in a super powerful force that no one enemy will can to defeat.

The same thing happens with the Justice League: ability, superforce, prowess, intelligence, communication capabilities, was a kit that ensure the success of any mission. More over, when one of them stay alone, generally the problems begun.

At the last NRF has returned to my mind those memories, when I saw different Artificial Intelligence (AI), all of they promotion like Virtual Assistant, doing the same thing each one, with almost identical demos:

• Hi NNN
• How I can help you?
• Please assign to Dan a task
• Agree, assigned , anything else?
• Yes NNN, please teel me the status os the work that I assigned to you yesterday
• It is in progress…

And so on every module I saw

It is only necessary to replace NNN by the name of the AI on duty, even those who did not attend the meeting. Erika, Siri, Cortana, Alexa, etc. They all show themselves doing exactly the same thing.

Isn’t it time to specialize these new technological tools?

In other words, it is not the same to have Virtual Assistants of attention to the general public, than to function as task organizers, or as Help Desk agents.

Each task requires special characteristics, which although they can be trained in each one, if we incorporate them from the beginning we can reduce training and implementation. If we also establish standards so that they can communicate with each other and pass on tasks, the synergy and efficiency that can be achieved will be much more than what we are currently focusing on.

And that’s because AI-Rose can perfectly take care of probing and receiving feedback from customers. We pass them on to AI-Mike who would be in charge of coordinating, scheduling and seeing that the activities are executed. For its part, AI-Sonia reviews the needs of the company’s production units to generate preventive tasks and ensure that everything is in optimum conditions for the execution of human tasks. (The names have been changed to protect the innocent)

The speed and efficiency of reaction and prevention could give us a basis to generate productive activities that today are not within our reach and efficiencies so that competitiveness increases considerably.

Just think that the AI tools we build should not compete with each other, but rather create niches of individual advantages that can be integrated into the new Super Friends.

 

 

 

Seeing toward 2018

I definitely believe that the break-in of WannaCry changed the scenario in which technology has been moving until now.

Information security went from being a backdrop, to a protagonist in the plans and strategies of the IT areas of various industries.

In a painful way for many companies that experienced it in their own flesh, and in a distressing way for those of us who were close witnesses, this event put us abruptly into the reality that we were lethargic.

And Wannacry wasn’t hard to fight:

1. As always, and like all ransomware, It took advantage of the human carelessness that is the cornerstone of the penetration strategy of this type of attack.
2. It used a vulnerability not so new and familiar from the operating system in which it was installed.
3. It had a kill-switch that was easy to detect and use. Which finally stopped the attack.

When we recovered from this event, Information Security becomes from being the uncomfortable guest to the protagonist of the party. Among other lessons that have been learned from this are the following:

• An Antivirus and a Firewall is not enough to be secure.
• Operative System Updates must be permanent and not conditional on «Business Requirements»
• We need to worry about all dimensions of enterprise information architecture
• Network is not physical anymore, now is virtual, and security must to incorporate this approach.
• Each element of the information security architecture must interact and coordinate with each others. We need to do that all of them work together.

Perhaps because of the same reason, we have noticed that there is also another point that is beginning to be drawn on the computer security map, and that is that of prediction. Once we have the technological elements working together, they will be generating valuable information that we can store in some way. This information may be used to analyze and predict potential attacks or violations on our network, based on the behavior of each party and the interactions between them. For this it is necessary to use BigData tools and artificial intelligence that together can find interrelationships and patterns beyond what a human intelligence can do.

And it’s that in this year we have also witnessed the generalization of concepts such as Artificial Intelligence and the Internet of things, both together with very popular devices such as smartphones and wearables. The former have been the driving forces behind virtual assistants such as Siri or Cortana, while with wearable ones we can count on sensors that provide us with information about the most varied characteristics of ourselves and the environment that surrounds us. Thanks to this popularization, it has been demystified that this type of technology is unattainable due to how complex or expensive it can be.

Ok. it is not cheap, but it is true too that the current cost are affordable and completely justifiable according the benefits that they bring us.

Anyway, in the beginning year, and unless another technological meteorite like ransomware with witch I started this article hit us, I think that we are working hard in three things:

• Information Security Intelligence
• Interrelation and coordination of (poorly called) artificial intelligence and humans
• Predictive analysis with the information that we have accumulating.

I no longer eat silos isolated but interact with each other.

At least that’s what I’ll be working on.

Happy new year 2018!