I've always been a huge fan of the mantra, "The good Lord helps those who help themselves." It just always has resonated with me and I've used it many times in my life when I've been sitting around, feeling sorry for myself or praying for some miracle or change in my life that just wasn't happening fast enough or even at all. It was my personal "call to action"; my rallying cry that got me to put away the nacho chips and get out of my PJ's and make it happen for myself. It recently occurred to me in both my personal life and my professional life that sometimes there are those who can't or won't help themselves. How do we handle these situations as a family member or a friend without becoming an enabler? How do we continue to help without letting resentment build to the point of anger because we feel taken advantage of? What if there are innocent people involved through no choice of their own that deserve a fighting chance? I fear that as many of us suffer through this horrible economic climate and a government that seems to create entitlement programs that enslave people on a daily basis, more and more of us will be asking these questions about folks in our lives. I'm clueless on the personal side and don't even know where to begin. Since not being able to solve a problem makes me incredibly uncomfortable, let's move to how this relates to data security. I think my life in the trenches of data breaches, security incident response, and litigation support puts me in a unique position to offer a bit of guidance.
How does a consultant whose profession is to help people have security in business processes help those who can't or won't help themselves? Why when we read of data breaches daily do we think that it will never happen to us? I remember watching a show on Animal Planet about people having wild animals such as monkeys and tigers for pets. The recurring theme was that if you have these types of pets long enough, eventually they will viciously attack you. You'll probably end up dead, but the lucky ones end up without faces, extremities, or genitals. While a security breach won't doom you to life with a prosthetic nose or ears, it could certainly make you think that being attacked by a wild animal would be less painful and stressful. The owners of those animals all had the same mindset - that it would never happen to them. And certainly the guy who sold them the tiger or monkey wasn't talking about how they have been known to attack their loving owners. If these folks would have consulted with an independent animal expert, might they have mitigated the risks better, i.e. let's not have the chimp sleeping with us and roaming free on the property? Or might they have decided not to purchase the "pet" at all and instead been guided to a nice loving Golden Retriever? While he might pee on the floor when he gets excited to see you, it's a pretty safe bet that all your body parts will be safe. An independent expert who is selling you nothing but their expertise is one of the most important things anyone involved in risk mitigation and management can have.
I'm a big fan of questions because being willing to ask questions and seek answers has always been way more beneficial to me than someone handing me an answer. So let's start with the professional context of this dilemma that I see at Reclamere for clients and prospective clients. As the Data Security Experts, we live, sleep, eat, and breath data security. Not only do we proudly call ourselves this, but our team has the actual experience, education, certifications and credentials to back it up, as do many other firms. Being completely dedicated to data security consulting in our forensic and risk management practices, we are vendor agnostic and sell no software or hardware. We don't design networks, or configure firewalls. The only thing we have to "sell" in this division is our significant expertise. Particularly in our forensic practice, we see the aftermath of situations where an organization knew to do something to better protect themselves but chose not to for one reason or another. Or more often, IT security folks in organizations knew they needed help, but had been denied the financial resources they needed due to lack of support from the powers that hold the purse strings. Each of these scenarios inevitably lead to security incidents for which the organization is less than prepared to deal with. While the cold, profit-driven business person could look at this as a great opportunity - "Hey, pay me now to help you with preventative/preparation consulting or pay me way more later to help clean up the mess and figure out who did what" - that just doesn't pass the gut check for me. Our duty is to our client; to be the zealous advocate for our clients' data security. Obviously a lawyer makes more money when a client gets sued than when they consult on matters before escalation to the point of litigation. Lawyers have gotten an arguably bad rap; however I have yet to deal with any who aren't passionate about helping their clients stay out of trouble before the fact. Reclamere's security team and executive leadership has the very same attitude as ethical lawyers. We're here to help before an incident occurs.
That's all well and good, however many clients fail to see the need for any outside advice on their security posture. They've got an IT staff or person that keeps things running and a vendor from which they buy their hardware, software and possibly system design. Why do they need a third party to evaluate the security of the operation, tools or designs against fraud, exploits, or attacks? IT security gets incorrectly lumped into the same category as IT operations. Most companies would never dream of thinking that since they have a bookkeeper they don't need a CPA. Just the way that doctors now specialize because of the complexity of medicine, IT professionals now specialize in various disciplines due to the ever increasing complexity of all IT related matters. The person who keeps your network running, printers connected, VPN available, and anti-virus up-to-date is not the same person you should rely on to independently validate that the entire system is secure. The financial and retail sectors have understood separation of duties for decades as it pertains to inventories and financial matters. Viewing every single person in your organization as a "role" may seem impersonal, but it's much easier to create rules for roles than it is to justify why "John" can't have access to certain things on your network. While you may trust John, your network administrator with your life, someday John may be gone. Whether he wins the lottery or gets hit by a bus, someday you will have another person in that role and most likely you will be starting from ground zero in the trust department. By already having an outside security consultant who does a once-a-year checkup, or takes a look if something seems awry, your organization is well on its way to having peace of mind and significant risk mitigation. Your checkup may be as simple as a penetration test or as complex as a full-blown security audit. A true advocate for your security will work with you to find the solution and frequency that's right for you. They also will not sell any of the hardware, software or designs that they are auditing. Wouldn't that be kind of like the fox guarding the hen house? Is the guy who sold you your firewall and implemented it going to find his own vulnerabilities? If he finds them, how likely is he to tell you about them? Yes, here is ASK on her soapbox - security consultants shouldn't sell hardware, software or engineering. And value added resellers and OEM's shouldn't provide audit or assessment consulting on the products they sell, promote or design. Let the fur fly - tell me where I'm wrong, but just like your CPA or comptroller evaluates your accounting practices and financial management, your should not be relying on your hardware or software vendor or network engineer for your security assessments.
So, if I did have to give you a Top 3 List of things that people should do to help themselves in their organizations but often fail to do, what would they be? Well here goes, in order of priority:
1. LOGS, LOGS, LOGS!! Sorry, fellow geeks...I know they suck resources and can slow systems down. I know they are a hassle to monitor. Unfortunately, if you have a security incident that leads to a data breach and/or litigation, not having good log management and monitoring in place will put your organization at a significant disadvantage. Law enforcement will want to see logs. Forensic experts will want to start with logs. Your insurance carrier is going to possibly deny coverage if you don't have logs. Opposing counsel in litigation is going to make you look like a Micky Mouse operation if you don't have logs. These are the facts of life. While shows like CSI make computer forensics look quick and easy, nothing could be further from the truth. When an organization has an incident but failed to keep logs, the forensic team begins right out of the gate at a disadvantage that just drives up costs to the client. There are great VAR's out there who have great products for log and event management. The great news is that the costs have come down and those products are now affordable to SMB organizations.
2. USER ACCESS MANAGEMENT!! Many folks enjoy shows where forensics are used to solve crimes. Reality is way more complex, particularly in digital forensics. While we can often determine exactly what was done on a machine, even if data has been destroyed, we rarely can definitively link the activity to a single person. Putting a person in the chair at the keyboard is often impossible due largely to poor user access management. In most small businesses in particular, users share computers with shared log-on credentials. Every user needs their own user name and password. Passwords MUST be complex and security policy must force changes to the passwords regularly. As with the other 2 things listed here that you must do to help yourself, I know this one isn't easy either. Requiring complex passwords with frequent forced changes are unpopular with the end users. Creating multiple log-on credentials creates more hassles than having a single credential that everyone shares. When there is a security incident, shared access to systems again makes the work of investigating the incident more expensive and time-consuming and lowers the probability of finding relevant or strong evidence.
3. SECURITY TESTING!! We can all be bad when it comes to having our annual physicals; however the one thing we moms and dads are always good about is annual checkups for our kids. We know our kids are basically healthy. We know that the vast majority of kids grow up and never have a serious health issue. We know that the teachers and coaches are doing great jobs with them and all is well. Why then do we bother with checkups for them? Because they are the most treasured part of our hearts and souls. Your data is the most valuable asset in your organization. I know it's politically correct to say that people are, but the harsh reality is that people can be replaced. Money can be borrowed. Data that is stolen, destroyed or compromised can often times never be replaced, rebuilt, or recovered. Data loss can literally bankrupt a business. Treat the security of your business data like it is the health of your child. Look to an outside expert once a year, at least, to check it over. Make sure your consultant is truly a trusted adviser; a zealous advocate for your data protection and security.
You guys who read my posts know I love a good debate. I love to learn from you and banter about the world of IT security. So bring it on! :)
For those of you who are bummed about all the Geek Speak in this week's post, I apologize. I'll try harder next week to mesh the professional and the personal better.
Thursday, September 9, 2010
Wednesday, August 25, 2010
Back From Down Under
Wow, where to begin? Maybe what I learned on my 2 week business trip/vacation Down Under? Okay, here goes:
1. I love Australia - what an amazing country! The city of Sydney is as wonderful as NYC. Great public transportation, food, shopping, and amenities that are so friendly to families and those with physical disabilities.
2. I love Australians - what amazing people! When I think of the history of Australia and compare it to the founding of America, it makes sense that we felt so at home among the locals. We all come from European roots; underdogs and persecuted folk who needed or were forced to leave our homeland for a new world full of hardship and adversity. Those of us who live today are the hardy stock that survived and we are resilient and independent and hardworking thanks to those ancestors. The women are so stylish. Not sure if fashion moves from west to east like the weather, but if it does, I can tell you ladies that the color black is going to be very in for fall and so are tall riding boots. It's winter in Sydney right now and the ladies were mostly dressed in black and I saw riding boots and other varieties of tall boots on so many women. Personally, I love both, so I really am hoping that the fashion I saw in Sydney is headed our way for fall.
3. Airlines should consider charging full fare for babies. You knew I couldn't get through this post without saying something controversial, right? After spending a 13 hour flight with 2 children under the age of 18 months (I've been told that children of this age difference are affectionately referred to as "Irish Twins"), I can tell you that it is unfair to the other passengers in the row, not to mention unsafe for 2 children of this age to be sitting on the laps of their parents. In a row of 4 seats, there were 6 human beings. I wasn't aware until this flight that there were only oxygen masks for 5. From a space perspective, it was not fair to the children or the other two adult passengers to have to have endured the situation either. I'm sorry, but if you can't afford full fare for your child to have a seat and oxygen mask, then you probably shouldn't be making the trip - at least not a trip of 13 hours. Okay, enough of that soapbox speech. Those of you who know me know that I don't get all mushy over babies anyway...I find the possibility of them being contagious too high to risk holding them and smelling their sweet little heads. Never seeing another baby on a flight would send me into waves of delight that I can't even put into words. While I have felt this way for sometime, particularly after Orlando flights, I've now become adamant about it after enduring 13 hours of crying every 90 minutes by one or both of them with regularity of which one could have set a clock.
4. 15 days of close family time is just too damn much. I love my husband and son with all my being BUT...there is truly such a thing as too much of a good thing when it comes to family time. Maybe this is due to the fact that I'm a girl and they are guys, mentally of which they are both approximately 15 years of age. There's only so much rugby a girl can take, only so much farting that a girl can take, only so much non-stop tourist activities a girl can do. The true measure of a quality vacation to me is how many straight hours can I plop myself down on the beach and read, followed by a nice long afternoon delight (aka NAP). The Keating men judge a vacation by how much they can possibly pack into a day. But as if these differences weren't enough, most of you who know me at all know that I am the most reclusive person in my personal life. I could easily be left on a deserted island and as long as I had good reading material, I'd be perfectly content. Next year it's a house boat on Lake Raystown with a duration not to exceed 7 days.
5. The Kindle works in Australia...YAY!!! Vacation book tally - 5. I'm positive I had an excellent vacation because I managed to read 5 books; 4 in totality and 1 I'm still working on. First, "A Dog's Purpose" was just the very best book I've ever read in my life. I know it's cliched, but I laughed, I cried, I cheered, I read it cover to cover without ever putting it down aside from bio-breaks. "Me of Little Faith" had me laughing out loud numerous times. At this point, I've come to view arguments over religious denominations as absurd. This book solidified my opinion in a very humorous way. Just as we would laugh if people were to argue the virtues of Santa vs. the Easter Bunny, Lewis Black has a way of making one think without being preachy. Read it if your faith (or lack thereof) is strong enough to laugh at the absurdities of your own faith with the same gusto as another. Another book that had me laughing loudly out loud was "Shit My Dad Says". I understand there now is a TV show based on this book, so some of you may be familiar with this. What made this book so special for me is that it proves that an outspoken parent with strong opinions can successfully raise a successful child to adulthood. As a mom with a big mouth and lots of opinions about our world today of "fairness" and "self esteem" and "helicopter parenting", I do worry that maybe I'm a bit too curmudgeonly. I worry that my kid could end up needing years of therapy to recover from our strict rules, my outspokenness, my black and white opinions. While I'm sure I'll continue to worry, this book shows that as long as it's all done with lots of love and legitimate praise, the kid will be just fine and most likely succeed beyond my hopes and dreams. Since my husband was reading "Justice: Crimes, Trials, and Punishments" and raved about how good it was, I downloaded it too. After a few pages, I realized that I had read it before, but it is so good that I re-read it. He spent a bit too much time on the OJ trial for the second time I read it, so I skimmed that mostly, but it truly was worth the second read. Finally, I'm still working on "Cyberwar". I had been told by some colleagues that I highly respect that this book was a "must read". I have to say that I couldn't agree more! Anyone who works in computer security certainly must read this book. So far, I think the scariest part of this book is the serious and in-depth analysis that it gives regarding the "Smart Grid"; that wireless system that eventually all our homes and businesses will be interconnected to for measurement and management of our electric usage. I just had to scratch my head and wonder why it is that in this day and age, if something has an off/on switch, why is security an after thought at best and never even a thought at all at worst??
6. Reclamere is the greatest place to work on the planet. I wish for my son to have a job that he misses while on vacation. While I couldn't wait for vacation to get away, after the first 5 days, I couldn't WAIT to get back!! One of the greatest things any of us in life can aspire to have is a job that we truly love. During my absence, we have really interesting forensic projects come in. I was so bummed to be on the other side of the world and not be involved in them. On the other hand, I was so impressed with how our team never missed a beat without me. Guys like Jason, Tom, Bud, Kevin, Joe, and the account managers kept it all going and their skills in project management was so impressive. One of the most difficult things for a business owner to ever accomplish is letting go - hire people better than yourself and then give them the resources they need and get out of their way. When a business owner has a team like this on board, letting go is so much easier - never easy, but certainly easier. Thanks team.
7. Getting the flu after vacation is a great way to get over jet lag and lose your vacation weight. Unfortunately, on my first scheduled day back, I was flat on my back with a bug. While putting me further behind, this was particularly awful timing as I was scheduled to tag team with Jason on a training session on e-discovery and computer forensics for a major client. I had been looking forward to this project ever since we were fortunate enough to have been awarded it. I personally like the client contact very much and have a very high professional regard for him. Being awarded the project was a tremendous honor and teaching this course for his team was so exciting for me. Much thanks to Bud who jumped in and took on my portion of the class at the last minute. Jason, professional that he is, didn't miss a beat and adjusted the curriculum at the last minute. A little bird told me that the class went very well. I had no doubt. Thanks for bailing out the boss, guys! You are the greatest!!
8. NAID Australasia has an incredible future ahead. While the flights to and from Australia stink unless you are in first class, I am so very glad that I decided to accept the invitation to speak at their conference. Demonstrating that it truly is THE global leader in information destruction best practices, NAID hosted a great conference in Sydney. While we were there to help teach and share information about our profession, the NAID Australasia members taught all of us great information about what they need and expect from NAID to grow and thrive in their corner of the world. The Australasia region has tremendous potential. While this region lacks many if the data privacy and/or data security regulations that we have here in the states, it is clear that this region is home to many US and European based companies. These companies are demanding that uniform standards for best practices in secure destruction be implemented, regardless of the lack of formal regulation yet in the region. Some members in attendance seemed to think that regulation is a magic bullet to further the profession of secure information destruction. I hope our time with them helped them understand that regulation is only one small component of furthering the profession. Awareness, NAID certification, and targeting companies that truly value protection of information will be the greatest ways to promote and further our profession in the region. Thanks to NAID and the generosity of its long-time members with their time, I am certain that those members in the Australasia region are in the hands of great mentors should they seek them out.
9. NAID has some great leadership. While I've always know this, I was reminded of it once again. Our current president, Jim Beran of Shred Right is going to leave some mighty big shoes for Ray Barry to fill next year! Not to take anything away from Tim Oberst of Ohio Mobile Shredding, because that guy did one hell of a job and was also kind enough to take time to attend NAID Australasia and share very valuable insights on growing the business. I think I've just had the time to get involved more with NAID this past year, thus have more involvement with Jim than any of the other past presidents for whom I've had the honor of serving. Speaking of Ray Barry, this guy rocks! Now, in the interest of full disclose and because I never miss an opportunity to tell a funny story...when I first met this guy way back in 2003, I thought he was just another pretty face still a bit too cocky from his days as a frat boy! LOL!!! It didn't take me long to realize once I got to know him that this dude is one sharp guy. (Don't worry, Ray; some of my best friendships started with me thinking that someone was a cocky smart a$$ when I met them - just ask Joe Harford, one of my business partners!). I've sat through Ray's presentations before and always learned a great deal. And to show you how much I value his counsel, I was offered the opportunity in Sydney to leave the conference after my presentation on the last day and go hang with my family in the sunshine. I opted to stay and hear Ray again. And even though this was the 2nd or 3rd time I'd heard him on the topics, I still took a page or so of notes. If you are a NAID member and you are on the fence about attending the 2011 NAID Conference, seeing Ray present is worth it! He's a sales guru!! While I'm not sure if the slate of speakers for 2011 have yet been set, I know he has been one of the most popular presenters in the past, so I'll be shocked if he's not back for 2011. And while Jim's shoes will be tough to fill, I have no doubt that when Ray takes the reins of NAID as our next president, he'll accomplish great things!!
10. I can't wait for the NAID 2011 Conference!! Okay, so I'm really bummed it got moved to Orlando thanks to the flooding in Nashville this summer. I would rather have a root canal withOUT Prince Valium than fly to Orlando. Being stuck in a metal tube a mile high in the sky with screaming children and helicopter parents is SOOOOOO not my idea of fun. But the resort looks amazing and I always learn enough at NAID conferences to justify the return on investment of my time and money. I've had the honor to speak and be a panelist at many NAID conferences in the past. I would love to speak about quality control programs for hard drive sanitization and/or basic data security for data destruction professionals. Are these topics any of you NAID members would like to hear about? As an information security expert with certifications in privacy, information systems auditing, and information systems management, I think I've got the horsepower to bring some great insights to the membership. We NAID folks do a lot of preaching to our clients about data security and privacy, but sometimes I wonder if we are getting all the help we need on taking care of data security and privacy in our own companies. Or as it relates to hard drive sanitization, do we have quality control systems in place that are robust enough to withstand courtroom scrutiny and/or prevent data breaches? If you think these are topics you might be interested in, drop an email to our illustrious CEO of NAID, Bob Johnson. You can find his email on this page (I would have linked directly to his email, but the spammers would have slammed him and I like Bob too much to do that to him).
Well, as usual, I've rambled on far too long, but also as usual, hope I've given you lots to chew on, argue with me about, and taught you a few things too.
1. I love Australia - what an amazing country! The city of Sydney is as wonderful as NYC. Great public transportation, food, shopping, and amenities that are so friendly to families and those with physical disabilities.
2. I love Australians - what amazing people! When I think of the history of Australia and compare it to the founding of America, it makes sense that we felt so at home among the locals. We all come from European roots; underdogs and persecuted folk who needed or were forced to leave our homeland for a new world full of hardship and adversity. Those of us who live today are the hardy stock that survived and we are resilient and independent and hardworking thanks to those ancestors. The women are so stylish. Not sure if fashion moves from west to east like the weather, but if it does, I can tell you ladies that the color black is going to be very in for fall and so are tall riding boots. It's winter in Sydney right now and the ladies were mostly dressed in black and I saw riding boots and other varieties of tall boots on so many women. Personally, I love both, so I really am hoping that the fashion I saw in Sydney is headed our way for fall.
3. Airlines should consider charging full fare for babies. You knew I couldn't get through this post without saying something controversial, right? After spending a 13 hour flight with 2 children under the age of 18 months (I've been told that children of this age difference are affectionately referred to as "Irish Twins"), I can tell you that it is unfair to the other passengers in the row, not to mention unsafe for 2 children of this age to be sitting on the laps of their parents. In a row of 4 seats, there were 6 human beings. I wasn't aware until this flight that there were only oxygen masks for 5. From a space perspective, it was not fair to the children or the other two adult passengers to have to have endured the situation either. I'm sorry, but if you can't afford full fare for your child to have a seat and oxygen mask, then you probably shouldn't be making the trip - at least not a trip of 13 hours. Okay, enough of that soapbox speech. Those of you who know me know that I don't get all mushy over babies anyway...I find the possibility of them being contagious too high to risk holding them and smelling their sweet little heads. Never seeing another baby on a flight would send me into waves of delight that I can't even put into words. While I have felt this way for sometime, particularly after Orlando flights, I've now become adamant about it after enduring 13 hours of crying every 90 minutes by one or both of them with regularity of which one could have set a clock.
4. 15 days of close family time is just too damn much. I love my husband and son with all my being BUT...there is truly such a thing as too much of a good thing when it comes to family time. Maybe this is due to the fact that I'm a girl and they are guys, mentally of which they are both approximately 15 years of age. There's only so much rugby a girl can take, only so much farting that a girl can take, only so much non-stop tourist activities a girl can do. The true measure of a quality vacation to me is how many straight hours can I plop myself down on the beach and read, followed by a nice long afternoon delight (aka NAP). The Keating men judge a vacation by how much they can possibly pack into a day. But as if these differences weren't enough, most of you who know me at all know that I am the most reclusive person in my personal life. I could easily be left on a deserted island and as long as I had good reading material, I'd be perfectly content. Next year it's a house boat on Lake Raystown with a duration not to exceed 7 days.
5. The Kindle works in Australia...YAY!!! Vacation book tally - 5. I'm positive I had an excellent vacation because I managed to read 5 books; 4 in totality and 1 I'm still working on. First, "A Dog's Purpose" was just the very best book I've ever read in my life. I know it's cliched, but I laughed, I cried, I cheered, I read it cover to cover without ever putting it down aside from bio-breaks. "Me of Little Faith" had me laughing out loud numerous times. At this point, I've come to view arguments over religious denominations as absurd. This book solidified my opinion in a very humorous way. Just as we would laugh if people were to argue the virtues of Santa vs. the Easter Bunny, Lewis Black has a way of making one think without being preachy. Read it if your faith (or lack thereof) is strong enough to laugh at the absurdities of your own faith with the same gusto as another. Another book that had me laughing loudly out loud was "Shit My Dad Says". I understand there now is a TV show based on this book, so some of you may be familiar with this. What made this book so special for me is that it proves that an outspoken parent with strong opinions can successfully raise a successful child to adulthood. As a mom with a big mouth and lots of opinions about our world today of "fairness" and "self esteem" and "helicopter parenting", I do worry that maybe I'm a bit too curmudgeonly. I worry that my kid could end up needing years of therapy to recover from our strict rules, my outspokenness, my black and white opinions. While I'm sure I'll continue to worry, this book shows that as long as it's all done with lots of love and legitimate praise, the kid will be just fine and most likely succeed beyond my hopes and dreams. Since my husband was reading "Justice: Crimes, Trials, and Punishments" and raved about how good it was, I downloaded it too. After a few pages, I realized that I had read it before, but it is so good that I re-read it. He spent a bit too much time on the OJ trial for the second time I read it, so I skimmed that mostly, but it truly was worth the second read. Finally, I'm still working on "Cyberwar". I had been told by some colleagues that I highly respect that this book was a "must read". I have to say that I couldn't agree more! Anyone who works in computer security certainly must read this book. So far, I think the scariest part of this book is the serious and in-depth analysis that it gives regarding the "Smart Grid"; that wireless system that eventually all our homes and businesses will be interconnected to for measurement and management of our electric usage. I just had to scratch my head and wonder why it is that in this day and age, if something has an off/on switch, why is security an after thought at best and never even a thought at all at worst??
6. Reclamere is the greatest place to work on the planet. I wish for my son to have a job that he misses while on vacation. While I couldn't wait for vacation to get away, after the first 5 days, I couldn't WAIT to get back!! One of the greatest things any of us in life can aspire to have is a job that we truly love. During my absence, we have really interesting forensic projects come in. I was so bummed to be on the other side of the world and not be involved in them. On the other hand, I was so impressed with how our team never missed a beat without me. Guys like Jason, Tom, Bud, Kevin, Joe, and the account managers kept it all going and their skills in project management was so impressive. One of the most difficult things for a business owner to ever accomplish is letting go - hire people better than yourself and then give them the resources they need and get out of their way. When a business owner has a team like this on board, letting go is so much easier - never easy, but certainly easier. Thanks team.
7. Getting the flu after vacation is a great way to get over jet lag and lose your vacation weight. Unfortunately, on my first scheduled day back, I was flat on my back with a bug. While putting me further behind, this was particularly awful timing as I was scheduled to tag team with Jason on a training session on e-discovery and computer forensics for a major client. I had been looking forward to this project ever since we were fortunate enough to have been awarded it. I personally like the client contact very much and have a very high professional regard for him. Being awarded the project was a tremendous honor and teaching this course for his team was so exciting for me. Much thanks to Bud who jumped in and took on my portion of the class at the last minute. Jason, professional that he is, didn't miss a beat and adjusted the curriculum at the last minute. A little bird told me that the class went very well. I had no doubt. Thanks for bailing out the boss, guys! You are the greatest!!
8. NAID Australasia has an incredible future ahead. While the flights to and from Australia stink unless you are in first class, I am so very glad that I decided to accept the invitation to speak at their conference. Demonstrating that it truly is THE global leader in information destruction best practices, NAID hosted a great conference in Sydney. While we were there to help teach and share information about our profession, the NAID Australasia members taught all of us great information about what they need and expect from NAID to grow and thrive in their corner of the world. The Australasia region has tremendous potential. While this region lacks many if the data privacy and/or data security regulations that we have here in the states, it is clear that this region is home to many US and European based companies. These companies are demanding that uniform standards for best practices in secure destruction be implemented, regardless of the lack of formal regulation yet in the region. Some members in attendance seemed to think that regulation is a magic bullet to further the profession of secure information destruction. I hope our time with them helped them understand that regulation is only one small component of furthering the profession. Awareness, NAID certification, and targeting companies that truly value protection of information will be the greatest ways to promote and further our profession in the region. Thanks to NAID and the generosity of its long-time members with their time, I am certain that those members in the Australasia region are in the hands of great mentors should they seek them out.
9. NAID has some great leadership. While I've always know this, I was reminded of it once again. Our current president, Jim Beran of Shred Right is going to leave some mighty big shoes for Ray Barry to fill next year! Not to take anything away from Tim Oberst of Ohio Mobile Shredding, because that guy did one hell of a job and was also kind enough to take time to attend NAID Australasia and share very valuable insights on growing the business. I think I've just had the time to get involved more with NAID this past year, thus have more involvement with Jim than any of the other past presidents for whom I've had the honor of serving. Speaking of Ray Barry, this guy rocks! Now, in the interest of full disclose and because I never miss an opportunity to tell a funny story...when I first met this guy way back in 2003, I thought he was just another pretty face still a bit too cocky from his days as a frat boy! LOL!!! It didn't take me long to realize once I got to know him that this dude is one sharp guy. (Don't worry, Ray; some of my best friendships started with me thinking that someone was a cocky smart a$$ when I met them - just ask Joe Harford, one of my business partners!). I've sat through Ray's presentations before and always learned a great deal. And to show you how much I value his counsel, I was offered the opportunity in Sydney to leave the conference after my presentation on the last day and go hang with my family in the sunshine. I opted to stay and hear Ray again. And even though this was the 2nd or 3rd time I'd heard him on the topics, I still took a page or so of notes. If you are a NAID member and you are on the fence about attending the 2011 NAID Conference, seeing Ray present is worth it! He's a sales guru!! While I'm not sure if the slate of speakers for 2011 have yet been set, I know he has been one of the most popular presenters in the past, so I'll be shocked if he's not back for 2011. And while Jim's shoes will be tough to fill, I have no doubt that when Ray takes the reins of NAID as our next president, he'll accomplish great things!!
10. I can't wait for the NAID 2011 Conference!! Okay, so I'm really bummed it got moved to Orlando thanks to the flooding in Nashville this summer. I would rather have a root canal withOUT Prince Valium than fly to Orlando. Being stuck in a metal tube a mile high in the sky with screaming children and helicopter parents is SOOOOOO not my idea of fun. But the resort looks amazing and I always learn enough at NAID conferences to justify the return on investment of my time and money. I've had the honor to speak and be a panelist at many NAID conferences in the past. I would love to speak about quality control programs for hard drive sanitization and/or basic data security for data destruction professionals. Are these topics any of you NAID members would like to hear about? As an information security expert with certifications in privacy, information systems auditing, and information systems management, I think I've got the horsepower to bring some great insights to the membership. We NAID folks do a lot of preaching to our clients about data security and privacy, but sometimes I wonder if we are getting all the help we need on taking care of data security and privacy in our own companies. Or as it relates to hard drive sanitization, do we have quality control systems in place that are robust enough to withstand courtroom scrutiny and/or prevent data breaches? If you think these are topics you might be interested in, drop an email to our illustrious CEO of NAID, Bob Johnson. You can find his email on this page (I would have linked directly to his email, but the spammers would have slammed him and I like Bob too much to do that to him).
Well, as usual, I've rambled on far too long, but also as usual, hope I've given you lots to chew on, argue with me about, and taught you a few things too.
Friday, July 30, 2010
Now I Know Why Bosses Hate Summer :)
I can't believe how long it's been since I last posted and how much has happened since then both professionally and personally. I guess that just goes with the blessing of a full and rich life. As we sit here in the midst of vacation season, I can't help but have one of those moments of clarity. Just about every boss I've ever had seemed to have a sense of dread as vacation season approached. Some of them were also a bit grouchy during the summer months. I always wondered, "Gee, why can't they be happy? Sunshine, smiling faces, team members returning rested and refreshed? What's to be grouchy about? Sure hope I never get like that if I'm ever a boss!"
Well, here it is, 2010 and I am a boss. While I much prefer to just be one of the guys, or thought of as a coach to the team, the reality is that the combined weight of our forensic, data recovery, and risk management practices rest squarely on my shoulders. The buck stops here and many of our clients are folks that I've come to regard as more than professional colleagues. Not sure if "professional friend" is the right term, but I take the work we do for them very seriously. When we have Reclamerians out on vacation, I'm very happy for them to have time to recharge the batteries and bond with their families. But I'm painfully aware that our clients do work with us because they truly like our people. And they trust that our people will be there when they need them. Just because someone is out on a vacation, no matter how well-deserved, it still puts a burden on the rest. So if I ever have that "grouchy boss" look on my face about vacations, now you know why!
One of my fondest analogies (and I have many) is that of the double-edged sword. This vacation-thing is exactly that. Truly there is a burden when members of the team are out, but it seems like when a key team member is out, we get some of our most exciting and rewarding projects. Fortunately, we have some of the most professional and dedicated people on our team. They are always available for a quick phone call, always taking a look at email each day, and in extreme cases where necessary, actually doing work on their time off. It's this kind of dedication that goes a very long way with the owners of Reclamere. During the depths of the recession, we made a commitment to not lay off any of our staff, even taking pay cuts to make sure that we could honor that commitment. As we come out of the recession and have one of our best years ever, I am more certain than ever that our ability to hold the team together and even bring on some additional superstars has made a big difference between Reclamere and the competition. So now when someone turns in a request for time off, the pessimist in me may be thinking a sarcastic, "Oh great!", the optimist in me is screaming, "Cool!! Here come some great opportunities!!!".
Speaking of vacations, the Keatings are off to the Outback next week. From August 7th to the 21st, we will be down under in Australia. And if you are a thief who is reading this (or my mother who is worried that I just posted our vacation plans on the Internet) we have a very big dog, a little very loud yapper dog, a house-sitter who will be packing my Taser and last but not least, a robust home security system. ;)
Our first week will be spent in Sydney. I'm so honored to have been asked to speak at the NAID Australasia 2010 Conference. The National Association for Information Destruction is an organization that has been very close to my heart since 2002. Information security and professional information destruction go hand-in-hand. I can't tell you how many organizations have spent hundreds of thousands of dollars on complex security and then forget about the data on their old computers. But thanks to NAID, organizations that use a NAID AAA certified service provider for the destruction of electronic data or paper can rest assured that their data is protected to the highest standards in facilities independently audited annually, as well as subject to unannounced audits at any time.
During our second week, we head up to Cairns to snorkel the Great Barrier Reef. Certainly this will be one of the greatest adventures that the Keating family enjoy together. While the thought of an 18 hour plane trip from LA to Sydney with a 12 year old boy gives me chills, I'm sure it will all be worth it; every last single "Are we there yet?" and "How much longer?"
Finally, for those of you who are country music fans, have you heard the new Miranda Lambert song, "The House That Built Me"? Even if you don't like country music, you should give this one a listen. For those of us of a certain age (you know, grown up, but still have at least one parent alive to let us still feel like a kid again), this song will really hit you in the heart. Last weekend, I went home to my roots to "the house that built me" to hang with the woman who built me, my mom Mary Singer. It was a fast trip home and I went alone as the never-ending Little League season was still going and Doug stayed home to cheer Sammy playing in the "real" All-Star game for Logan Township. Of course this meant I missed a 3-run in-the-park homer by my son, as well as seeing him pitch over a dozen strike-outs against a team of kids who appeared to have shaved that morning and probably drove themselves to the game. Regardless, it was a weekend to be someone's daughter and I'm so glad for it. We had a steamy day in 100 degree + weather at the Harney VFW Crab Feast. Now if you aren't from Maryland or don't have redneck roots, you may not know what a "feast" is. In summer, it's where they throw down the newspaper, break out the tubs of cold beer, and you stand in line with a cardboard box to get your fill of Maryland steamed Blue Crabs, fried chicken, and corn on the cob. You proceed to eat, gossip and be merry with people who are just salt of the earth. In winter, it's usually a bit nicer, like a church basement and the "feast" is all the turkey, ham and oysters you can stuff down your gullet. The biggest fun is watching the blue hairs shove rolls, butter and meat in their purses!! But again, it's a great way to hang with some of the most hard-working, God-fearing people you could ever meet. Once they know your family name (or in my case that I am Roger Singer's daughter), they hug and kiss you and you just know that while you may not see these people again for years, they'd be right there to help if times were tough. What a great day with mom, and what a great reminder of the kind of people from which I come; survivors, loyal and kind. Rough around the edges, but all heart.
Well, here it is, 2010 and I am a boss. While I much prefer to just be one of the guys, or thought of as a coach to the team, the reality is that the combined weight of our forensic, data recovery, and risk management practices rest squarely on my shoulders. The buck stops here and many of our clients are folks that I've come to regard as more than professional colleagues. Not sure if "professional friend" is the right term, but I take the work we do for them very seriously. When we have Reclamerians out on vacation, I'm very happy for them to have time to recharge the batteries and bond with their families. But I'm painfully aware that our clients do work with us because they truly like our people. And they trust that our people will be there when they need them. Just because someone is out on a vacation, no matter how well-deserved, it still puts a burden on the rest. So if I ever have that "grouchy boss" look on my face about vacations, now you know why!
One of my fondest analogies (and I have many) is that of the double-edged sword. This vacation-thing is exactly that. Truly there is a burden when members of the team are out, but it seems like when a key team member is out, we get some of our most exciting and rewarding projects. Fortunately, we have some of the most professional and dedicated people on our team. They are always available for a quick phone call, always taking a look at email each day, and in extreme cases where necessary, actually doing work on their time off. It's this kind of dedication that goes a very long way with the owners of Reclamere. During the depths of the recession, we made a commitment to not lay off any of our staff, even taking pay cuts to make sure that we could honor that commitment. As we come out of the recession and have one of our best years ever, I am more certain than ever that our ability to hold the team together and even bring on some additional superstars has made a big difference between Reclamere and the competition. So now when someone turns in a request for time off, the pessimist in me may be thinking a sarcastic, "Oh great!", the optimist in me is screaming, "Cool!! Here come some great opportunities!!!".
Speaking of vacations, the Keatings are off to the Outback next week. From August 7th to the 21st, we will be down under in Australia. And if you are a thief who is reading this (or my mother who is worried that I just posted our vacation plans on the Internet) we have a very big dog, a little very loud yapper dog, a house-sitter who will be packing my Taser and last but not least, a robust home security system. ;)
Our first week will be spent in Sydney. I'm so honored to have been asked to speak at the NAID Australasia 2010 Conference. The National Association for Information Destruction is an organization that has been very close to my heart since 2002. Information security and professional information destruction go hand-in-hand. I can't tell you how many organizations have spent hundreds of thousands of dollars on complex security and then forget about the data on their old computers. But thanks to NAID, organizations that use a NAID AAA certified service provider for the destruction of electronic data or paper can rest assured that their data is protected to the highest standards in facilities independently audited annually, as well as subject to unannounced audits at any time.
During our second week, we head up to Cairns to snorkel the Great Barrier Reef. Certainly this will be one of the greatest adventures that the Keating family enjoy together. While the thought of an 18 hour plane trip from LA to Sydney with a 12 year old boy gives me chills, I'm sure it will all be worth it; every last single "Are we there yet?" and "How much longer?"
Finally, for those of you who are country music fans, have you heard the new Miranda Lambert song, "The House That Built Me"? Even if you don't like country music, you should give this one a listen. For those of us of a certain age (you know, grown up, but still have at least one parent alive to let us still feel like a kid again), this song will really hit you in the heart. Last weekend, I went home to my roots to "the house that built me" to hang with the woman who built me, my mom Mary Singer. It was a fast trip home and I went alone as the never-ending Little League season was still going and Doug stayed home to cheer Sammy playing in the "real" All-Star game for Logan Township. Of course this meant I missed a 3-run in-the-park homer by my son, as well as seeing him pitch over a dozen strike-outs against a team of kids who appeared to have shaved that morning and probably drove themselves to the game. Regardless, it was a weekend to be someone's daughter and I'm so glad for it. We had a steamy day in 100 degree + weather at the Harney VFW Crab Feast. Now if you aren't from Maryland or don't have redneck roots, you may not know what a "feast" is. In summer, it's where they throw down the newspaper, break out the tubs of cold beer, and you stand in line with a cardboard box to get your fill of Maryland steamed Blue Crabs, fried chicken, and corn on the cob. You proceed to eat, gossip and be merry with people who are just salt of the earth. In winter, it's usually a bit nicer, like a church basement and the "feast" is all the turkey, ham and oysters you can stuff down your gullet. The biggest fun is watching the blue hairs shove rolls, butter and meat in their purses!! But again, it's a great way to hang with some of the most hard-working, God-fearing people you could ever meet. Once they know your family name (or in my case that I am Roger Singer's daughter), they hug and kiss you and you just know that while you may not see these people again for years, they'd be right there to help if times were tough. What a great day with mom, and what a great reminder of the kind of people from which I come; survivors, loyal and kind. Rough around the edges, but all heart.
Wednesday, July 14, 2010
Some Geek Thoughts
First, I must say that I absolutely LOVE Video DownloadHelper http://update.downloadhelper.net/index.html. It is just a must for those of us who have to do presentations or teach classes. There is only so much boring Powerpoint that a person can sit through or present from before brains start to go mushy and eyes begin to close. The app is just an add-on to your browser and when you find a video you like, you simply click the little drop-down menu and choose if you want to download it. Go ahead and get the paid version because that let's you convert the video to a Windows friendly format (instead of that goofy format YouTube uses and some players don't seem to like). By spicing up presentations with video, even the most drab presenter can "kick it up a notch" and get a few laughs, or communicate a complex concept quickly and visually.
Most of you know I am an AVID reader. A fun but informative book that I'm reading right now is "Don't Believe Everything You Think". I'm on chapter 12, so not done yet, but very close. Because I really am a big "gut-check" "common-sense" kind of girl geek, I often struggle with the conflict of how many times my common sense or gut is just spot on right and how many other times it is just dead wrong. This book offers great reasons why this is and how you can be more cognizant of it. Kind of a gut check for the gut or some sense to go with your common sense. Because I work in a field like IT, specifically in forensics and litigation support, and it is changing so rapidly, sometimes there just is nothing else to go on but your gut or common sense. I'm all for anything that can help me get better in those areas!
I just got done an incredible call with a brilliant attorney. She's working on a really scary case with a client where a rogue employee (who also happened to be the system administrator) is in trouble with the law, criminally, from his last employer, in a white-collar crime sort of way. I have to say that every time I work with an attorney like her, I just love project management and my team all the more! This woman gets it. She knows she is the legal expert and that we are the IT experts, and that together, we can be a powerful force to protect her client in a horrific situation. She knows what she does best, and she knows what we do best. In the middle of all that is me. The Geek/Legal interpreter. While she and my team speak the same English language, I prefer to think of it as two different dialects - GeekSpeak and Legalese. Fortunately for the clients of Reclamere, I am fluent in both and I simply love that part of my job. Owning a business with Bob and Joe is way cool. Nice perks and a nice car. But getting to be in the trenches project managing complex e-discovery matters is the absolute coolest thing about my professional life. It truly is my passion. I don't care if we have a hundred on our team and 10 locations, I still want to be in the trenches on this stuff!
Well, Sammy comes home today from St. Francis U. volleyball camp. For 2 days Doug and I have had a glimpse of life when he goes away to college (or military school if the teen years get too much). I missed him tremendously, but I have to say that the freedom to work late and just live in a purely self-absorbed way for 2 days was pretty nice! I'm not going to wish away this amazing phase of our life, raising a kid and being crazy busy. But it was comforting to know that while the empty nest will break my heart, it will only be broken temporarily. Not too long after, it will be replaced by spa days, working late without guilt, and spur of the moment trips to who knows where! The 50's are going to be great in their own way and while I'm not in any hurry to live them, I know for a fact that I won't ever dread them either.
Most of you know I am an AVID reader. A fun but informative book that I'm reading right now is "Don't Believe Everything You Think". I'm on chapter 12, so not done yet, but very close. Because I really am a big "gut-check" "common-sense" kind of girl geek, I often struggle with the conflict of how many times my common sense or gut is just spot on right and how many other times it is just dead wrong. This book offers great reasons why this is and how you can be more cognizant of it. Kind of a gut check for the gut or some sense to go with your common sense. Because I work in a field like IT, specifically in forensics and litigation support, and it is changing so rapidly, sometimes there just is nothing else to go on but your gut or common sense. I'm all for anything that can help me get better in those areas!
I just got done an incredible call with a brilliant attorney. She's working on a really scary case with a client where a rogue employee (who also happened to be the system administrator) is in trouble with the law, criminally, from his last employer, in a white-collar crime sort of way. I have to say that every time I work with an attorney like her, I just love project management and my team all the more! This woman gets it. She knows she is the legal expert and that we are the IT experts, and that together, we can be a powerful force to protect her client in a horrific situation. She knows what she does best, and she knows what we do best. In the middle of all that is me. The Geek/Legal interpreter. While she and my team speak the same English language, I prefer to think of it as two different dialects - GeekSpeak and Legalese. Fortunately for the clients of Reclamere, I am fluent in both and I simply love that part of my job. Owning a business with Bob and Joe is way cool. Nice perks and a nice car. But getting to be in the trenches project managing complex e-discovery matters is the absolute coolest thing about my professional life. It truly is my passion. I don't care if we have a hundred on our team and 10 locations, I still want to be in the trenches on this stuff!
Well, Sammy comes home today from St. Francis U. volleyball camp. For 2 days Doug and I have had a glimpse of life when he goes away to college (or military school if the teen years get too much). I missed him tremendously, but I have to say that the freedom to work late and just live in a purely self-absorbed way for 2 days was pretty nice! I'm not going to wish away this amazing phase of our life, raising a kid and being crazy busy. But it was comforting to know that while the empty nest will break my heart, it will only be broken temporarily. Not too long after, it will be replaced by spa days, working late without guilt, and spur of the moment trips to who knows where! The 50's are going to be great in their own way and while I'm not in any hurry to live them, I know for a fact that I won't ever dread them either.
Tuesday, July 13, 2010
The First Post
It feels a bit presumptuous to have a blog. Am I important enough? Will anyone care what I have to say? Despite these misgivings, I will endeavor to post frequently with material that certainly will interest me; however, I'll hopefully interest fellow mothers, professional women, geeks working in e-discovery and forensics and IT security.
Today I'm working on several interesting projects with clients who really are on the ball. These clients are familiar with Judge Sheindlin's decision in Pension Committee and are either working with us diligently in preparedness or actually are facing a matter and want to try to get it right. How refreshing to see things about identification, preservation, and collection of ESI finally being taken seriously in the mid-market.
Additionally, I am trying to get my presentation set for a speaking engagement where I plan to use the statistics on the Deloitte Forensic Survey and my thoughts on the Pension Committee decision as the basis for better communication, training, and funding relative to e-discovery. If we can get IT and Legal to begin working as a TEAM - communicating and supporting each other - then we can begin to see some real changes! It's a very exciting time to be working in this field.
Today I'm working on several interesting projects with clients who really are on the ball. These clients are familiar with Judge Sheindlin's decision in Pension Committee and are either working with us diligently in preparedness or actually are facing a matter and want to try to get it right. How refreshing to see things about identification, preservation, and collection of ESI finally being taken seriously in the mid-market.
Additionally, I am trying to get my presentation set for a speaking engagement where I plan to use the statistics on the Deloitte Forensic Survey and my thoughts on the Pension Committee decision as the basis for better communication, training, and funding relative to e-discovery. If we can get IT and Legal to begin working as a TEAM - communicating and supporting each other - then we can begin to see some real changes! It's a very exciting time to be working in this field.
Subscribe to:
Posts (Atom)