IT Security Methods by Industry

After years (okay, decades,… okay, okay, centuries…..  damn it… alright! alright already, eons… are you happy now?  yes.  I’m THAT freaking old.  I still remember coal-fired computers and horse-drawn airplanes and shit.  My birthday cake is a slice of tree trunk of matching rings, but the table can’t hold the weight anymore.  sheesh!)

What was I saying?  …. (eyes wandering left and right…. … . . .          …  .         …. . .      .   .  )

oh yeah!  I’ve amassed a data set that accurately summarizes the predominant security practices or strategic “methods” leveraged by each major US industry. I warn you: this is highly scientific information.  It may require additional consumption of various questionable substances just to remain conscious while trying to read it all. Here goes.

Idiocracy-LB-1

Banking

Method: Place sufficient restrictions on the adoption of new technologies, so as to (A) mitigate unknown vulnerabilities and exploits, (B) insure that those with knowledge of older, proven exploits have died from old age, and (C) keep certain aging consultants employed (because they’re married into your family).  And besides, what’s wrong with COBOL?

Insurance

Method:  Never leave important IT decisions up to any one person, ever.  In fact, the more people involved, the greater insurance that the decision will eventually be reliable, maybe.  Larger companies focus on perfecting multi-role hyper-proliferated subterfuge logic branching and coalescing processes.  In layman’s terms: they foster greater variety among responses to decision inquiries.  Many have invested heavily in processes which depend entirely on custom hand-stitched, stone-carved, natural leather encased software, usually written by someone who left or died long ago.

Defense Manufacturing

Method: Implement dozens of stop-gap procedures to insure every motion of IT is slowed to the lowest possible, almost un-measurable, velocity.  Think of a Japanese rock garden, only slower.  Where the sand is executive processes and the stones are IT staff, now simply add quick-set cement to the sand mix and sprinkle some water on it.  This insures that even the bad stuff will take forever to make headway, and by that time, the entire system will have been eventually decommissioned.  Forget penetration attempts, even social engineering-based, because they’re often project-oriented, not departmental, so most people have no clue what that next cube is working on.  In fact, they probably don’t use the same network, computers or operating systems.

Legal

Method: Relegate “IT” to whomever answers the Craig’s List ad for an “IT Expert”.  Critical skills include: printer management, thumb drives, recovering lost files and emails, and using Excel databases” (that’s not a typo).  Must also have experience with Macs and Windows XP, particularly with kids games.

If they have any in-house “IT” capacity at all, it’s often enough shock to send a consultant into cardiac arrest.  Due to possible legal implications, it’s best to never change passwords for critical user accounts and never, I mean NEVER, delete anything.  Keep everything forever, or as long as you can afford somewhere to store it.

Travel

Method:  Agents need to be flexible and mobile.  Everything is done on laptops.  Everything remains on laptops.  No time for that silly, trendy, cloud stuff.  No backups, no cloud sync, but OMFG do NOT let anything happen to that precious data on those roaming laptops!  Thumb drives are forgotten like Matt Damon in Interstellar, waiting for someone to give them a hug, only to have their face shield cracked open and their chip tossed away.  Shit.  Did I give away the plot?

Advertising / Marketing

Method: Hire someone quick, and get back to the conference before the food runs out.

Transportation

If it’s airlines, use railroad standards.  If railroads, use airlines standards.  Either way, the older the technology the better.  It’s like a cast-iron frying pan, after years of seasoning, or a vintage wine.

 

Municipal

Method: Deny all requests for pay increases for five (5) years, reduce promotions from once every five (5) years to once every ten (10) years, discontinue any training programs, and for God’s sake: deny all requests for stupid things like newer software and hardware  It worked in 1995, so it should still work!  Hire a consultant to blame internal staff for every deficiency, terminate and reassign to avoid audit trails and blame the contractor afterwards.

Federal Agencies

Method: Same as municipal, but on a much larger scale.  Every four (4) years, change direction from in-sourcing to out-sourcing, and blame the opposite for any failures that remain.  If conservatives win, out-source to private contractors, where expertise and trust are premium values, after all, when has anyone ever heard of a private contractor doing something wrong in a government position?  Then blame liberals.  If liberals win, open up the job requisition flood gates and hire at will.  However, keep GS-rating pay scales at 1995 levels to avoid asking for tax increases.  This helps insure only the highest-quality employees are onboarded from their previous positions as private contractors or foreign exchange students.  Then blame conservatives for any failures.  Think of it as seasonable employment.

Medical/Dental Practices

Method: Hire the first contracting IT firm that actually shows up.  If they wear those spiffy-looking polo shirts with a slick company logo, they might be too expensive.  Ask if your cousin’s friend graduated tech school yet.  You know, the one who puked all over your sofa when he brought her to crash in your apartment while you were out of town.  That one.  If she’s not available, what about that kid that asked you about spark plugs while you were trying to inflate your car tires that day.

 

Summary

See if you can guess which of these most closely matches the photo above.

Top 10 Reasons Your Job Might be Automated

10. Machines don’t give a shit about your favorite sports team, movie, TV or streaming series, cars, food, drinks, types of women or men, tasteless jokes, what you did last night or over the weekend, or what programming language you think is the best.
9. Machines don’t need restroom, smoke, vape, or lunch breaks
8. Machines don’t need to get their kid from the school nurse
7. Machines don’t ask for a raise or better benefits
6. Machines don’t need to rest
5. Machines work faster than you
4. Machines can do the work of more than one of you
3. Machines are better at analytical processes than you’ll ever be
2. Machines don’t horde information about their job
1. Machines don’t sue their employer

Even funnier, is that most people are convinced that THEIR job could never be automated.  No matter what profession they’re in.  Let’s list off some of the folks who were convinced of this as well:

  • Telephone operators
  • Mail sorters
  • Grocery store clerks (in many places)
  • Surveillance aircraft pilots
  • Security guards
  • Punch card handlers
  • Carpet weavers
  • Stock market traders
  • Food and drink vendors
  • Waiters (in many places)
  • Newspaper deliverers
  • Gas station attendants (in most places)
  • Librarians (in most places)
  • Milk delivery (in most places)
  • Movie set demolition experts
  • Camera Film Developers
  • Data center rack engineers (I already hear that giant sucking sound Mr. Perot mentioned)

Interview: Christopher DeCarlo

wpid-wp-1409886754092.jpeg

Preface

I first met Chris while working for another consulting firm.  I was thrown ass-first into leading a software “packaging team”, for a municipal government customer strung out on crack (the customer, not Chris or I).  Well, actually, it was pretty good for the first three years.  And then the crack ran out, and a new dealer rode into town with chain-fed, water-cooled douche cannon, and the story turned tragic.

Anyhow, I interviewed Chris (I think, but it might have been someone else) and it was one of those moments like “oh shit, this isn’t a rock!  It’s a diamond-encrusted Dilithium Crystal, filled with Kryptonite and free food!!!”  Yes.  Chris is one of those rare folks who seems like a 50 year sage in a 20-something package.  Can find the bugs in things like AdminStudio.  Shit, the young man bought a house to fix up, while most goobs his age are blowing it on cheap car rims, flavored lite beer, and Call of Duty tattoos.

An infrastructure whiz-kid. Technical wunderkind.  Says he’s not a developer, but has all the good traits of one.  Figures shit out like MacGyver on IBM Watson juice.  Have I hyperboled-him too much?  Sorry.  If he knocks on your door, hire him.  You won’t regret it.  Let’s go…

Name: Christopher DeCarlo

Job Title: Implementation Engineer

1. Describe what you do for a living – to someone who has no idea what it means.

So, I get paid to stare at a screen for hours, sometimes during ungodly hours, implementing and improving automated stalking systems to learn everything I can about people and the devices they use.  I then openly share this information to those I deem worthy.  I also hit buttons loudly and occasionally I yell while hitting said buttons.

Or, I work with Config Manager in all aspects and also come up with creative solutions to gather new information from a PC or user accounts based on management directives.

2. How did you get into this type of work?

While in High School I was taking every computer class available.  Immediately afterwards the same school system I graduated from was doing a migration away from Novell on to AD and Windows XP at the time.  From then on I was involved in enterprise management systems and automation of those systems.

3. What area or aspect of technology are you most excited about?

Robotics.  And not just robots themselves but even robotic prosthetic limbs and nanorobotics.

4. What gives you the most satisfaction today?

Knowing that all my countless hours of hard work and sweat will be erased of all evidence in about 3-5 years……… oh, you said satisfaction, um… honestly, the act of taking something that is completely broken and fixing it.  You get that bit of satisfaction that us IT people understand when you resolve a major glitch or identify a bug.

[edit: my fault.  I accidentally curmudgeoned him with that “3-5 years” doomsday view. My apologies]

5. Name the 3 most inspiring people in your life or career?

My parents would be #1 as they’ve shown me what hard work truly is, and to have the pride not only in your work but in how you do that work.

#2 would probably be this character I met named Dave Stein.  I can honestly say that, intentional or unintentionally, he helped me not only realize my potential but also the potential in others with his rare ability to teach without talking down to people and his constant humbleness.

#3 would have to be Neil DeGrasse Tyson, his infectious charisma and honest love of what he does…… should inspire us all to do what we love.

[edit: I swear on a stack of plastic, wood-burning hotel Bibles – I didn’t add that or bribe him… yet.  He makes me sound like a decent person].

6. If I hadn’t gone into this field, I’d probably be… ?

A woodworker.  My earliest memories are always the smell of freshly cut wood as my dad would be building a deck, a fence, or even a garage.  The idea that even after 50 years the things that you can build would still be remaining and can probably even illict [sic] great memories from people such as a handmade crib that multiple generations have been raised in, or a favorite chair of a passed away relative.  Those are things that very few fields can truly capture.

7. Favorite place to travel?

When I’m trying to completely zone out to gather my thoughts I like to load up Google Maps and drop the little street view yellow guy in random spots.  One such spot which is always beautiful no matter where I drop him is Iceland.  So I’d like to travel to Iceland one day.

8. What 3 books, movies or other works have influenced you most in life?

Enders Game by Orson Scott Card (Book, though the movie was good too).  The Imitation Game (movie).  Band Of Brothers (Series).

9. There’s never enough … 

time.

10. There’s way too much … 

Politics.

11. What’s your favorite sound?

Thunder.  It’s such a powerful sound from nature and yet also beautiful.

12. What would you say to those who insist that technology has only made life worse?

I probably wouldn’t say anything.  Technology is everything, the wheels on your car is a technology.  The “invention” of fire is technology in use.  There is no escaping it.

13. How do you feel about the importance of college degrees, and certifications as it pertains to IT careers?  Do those credentials mean as much, or more, than they use to?

My opinion is to do what you feel is best for your path.  Getting a degree in the Liberal Arts is not going to help you in IT, you were better off saving your money and getting a few certifications and spending your time in a job gaining experience.  Also, certifications can be a good tool to show your knowledge if your just starting out and don’t have much experience (or money for college).  While I was in high school I had my MCP in Windows 2000 and MCDST in Windows XP, they both showed employers that even without experience I have the ability and potential.  As you start to get 10+ years of experience then certifications don’t matter as greatly as you have the years of experience that companies look for.  BUT you should still be getting a few that are relevant to your path as they can separate you from other candidates that have similar experience as you.  And you might actually learn something while studying.

14. You’ve crashed on a remote island along with 4 other engineers, and 5 sales people.  There’s only enough food for five people total to last a week. What do you do?

Meh, they all taste the same so why bother complicating things with rationing the supplies, drawing straws, or figuring out a pecking order.

15. If you could go back in time and change one piece of technology to end up better today,  what would it be, and why?

Batteries.  A power source that is more efficient, more powerful, smaller, cheaper, and quick to charge should already exist today and would have dramatically changed all the technology we see now.  Battery powered cars would be old news by now.  Society as a whole would be much better off as well (think countries with limited to no access to a reliable power source).

Shameless plug – I have a site PushDeploy.com that I use as a sort of note-taking/article dump to remind myself how I fixed something when I run into the same issue again.  Check it out.

Thank you!

NTP and DateTime and Space Colonies

I just finished up migrating a customer from Windows Server 2008 R2 to 2016 Active Directory.  Thankfully, it was only a single AD forest and domain; nothing too complex in that regard.  I also migrated their DFS namespace from 2000 to 2008 mode.  Afterwards, we gently wrapped their 2008 R2 domain controllers (virtual machines) in duct tape, smothered them in imaginary rags soaked in ether, and carefully loaded them onto little imaginary rafts to paddle out into the river, where they’d be sunk with an imaginary RPG round.

058-1.png

During the process, we ran through the usual checklists of things; DNS, replication, and of course time.  Time, as in NTP.  w32tm, and all that.  Aside from having spent a lot of time on the micro- implications of time back in the early 2000’s, getting immersed in the concepts of NTP stratum, drifts, huff-n-puff, and intervals, I still think about the macro- implications today.  This is particularly apropos with the increased talk about SpaceX, Blue Origin, and so on, and all the talk about Mars expeditions.

That got me to thinking about time on Earth.  Julian dates, 24-hour time, leap years, and so forth.  These Earth-bound notions of seconds, minutes, hours, days, weeks, months, seasons/quarters, years, decades, centuries, and millennia.  And, in turn, that got me into thinking about meetings.  After all, time and meetings go together like politicians and eggs, or ham and drugs, or one of those.  And, for the record, meetings are most closely associated with the time construct we refer to as an “eon“.

Imagine this:

50 or 100 years from now, we may have a colony on another moon or planet.  And that moon or planet is very likely NOT going to share the same cyclical frequency of rotations and revolutions as Earth.  In other words, the relative time from one day to the next, or one orbit around the Sun (or host planet), won’t be the same as that of Earth.  Their local “day” may be only a few hours of that on Earth, or may be much, much longer.

That said, will the concepts of an hour, a week, or a month, be relevant?

What if this imaginary colony rests on a planet that has a pattern of daylight that equates to 48 hours on Earth?  Or it orbits the Sun (or again, host planet) once every 3.5 months of Earth time?  What if one “year” on that remote place equates to less or more than a year on Earth?

Some would argue that their relative (local) perception wouldn’t be significant.  But that’s assuming they wouldn’t have seasons either.  Seasons are what give weight and meaning to relative dates and times on Earth.  Cold and Hot.  Crops grow or whither.  Animals graze or migrate.  You get the idea.  So, seasons have a HUGE impact on the significance of “annual” cycles, because they dictate much of the things on which human life depends.

Just because Earth has seasons, and the only remote places we’ve seen (Moon, Mars, Jupiter, etc.) don’t appear to have any reference of a “season”, doesn’t mean that in 50-100 years we wouldn’t have landed on (and colonized) another place that does have such a phenomena.

Will the locals of those colonies still insist on marking “time” and “date” in Earth units?  If so, why?  And for how long?

Keep in mind that even on Earth, we differ from one region to another on a great many things.  This includes social/civil things, like marriage, drinking, voting, enlisting for armed services, driving, and so on.  We also differ on time.  Some places recognized Daylight Saving Time, and some do not.  While others impose a half-hour offset, rather than a full-hour.  The basic point here is that even on this one ball of dirt and water, we don’t have uniform rules.

Now, add to that, our history of colonization and divestiture.  By that, I mean colonies that fought hard to win their independence (a-hem, cough-cough, no names please).  Some of those fared better than others of course, but, the takeaway is that many of the rules imposed by the former overlord were replaced or banished by the new management.

So, getting back to the plotted course of this diatribe, even if the initial colonization were established with strict Earth-centric rules, there’s nothing to prove, or even expect, that with enough time, the colonists might decide those rules make no sense and would therefore be replaced.

Now comes the fun part.

Imagine, during this interim period, being between the era in which the colonists follow the same rules (minutes, hours, days, weeks, months, years) as on Earth, and the time before they revolt and declare full independence from Earth-mandated taxes, fees and regulations (akin to 1604-1776, let’s say).

There would likely be some business interests that exist on the colonized planet or moon which remain in contact with their Earth counterparts.  I would assume these would be contractors who are initially part of the expedition, much like those who are embedded with today’s exploration and military engagements (you can guess their names I’m sure).  Probably related to things like telecommunications, mineral extraction, human support (medical, subsistence, housing, entertainment, etc.)

At some point, one of the project teams on Earth will be scheduling a meeting with their counterparts on the remote colony.  They’ll click “Friday, April 23, 2117” and “9:00 AM EDT” and when it arrives in the inbox on the other end, what will that mean?

Pick up the voice comm…

(crackling sound)… “Hey!  How are you guys doing?”

“Great!  You sound pretty clear and your video feed is clear as well.  How are you?”

“Not bad. Not bad.  Say…. We were wondering if you guys are available next Tuesday, say…. around 9:00 AM our time?  That would be like 14:35 AM your time, tomorrow.”

“Hold on.  That’s actually around 14:55 AM, but yeah, we should be good.”

“What’s it like there ?  I mean…. how do you sleep and work and all that?”

“Oh yeah.  So, an hour for us, is like 4.25 hours for you, but 4 days for you is like 0.99 days for us.  So our sleep patterns are very different from yours.”

You get the idea.

I think like this all the time.  Like whenever I see a Sci-Fi movie and the aliens are always humanoid (a head, 2 arms, 2 legs, etc.)  I think “what if we can’t even imagine other life forms?”  Even the Star Wars bar scenes are filled with loose variations of this bi-pedal form, with other (Earth-centric) animal features glued onto various parts of the body.

What if they look like a coffee cup?

What if they “talk” in a way that, to humans, sounds like farting?

What if they think extending a hand for shaking is a gesture for sexual activity?

What if a Asian-protocol bow of formality, is seen as a request to be attacked or eaten?

What if?

So, all digression digestion aside, back to the time and date thing.  How will computers will be configured?  How much Y2K-ish work will become heavily in-demand, in order to handle such date/time offsets, especially across more than one remote colony?

I’m guess too, that AI/ML will be so commonplace by then, that we won’t even be aware of the translations that occur in the background.  It’ll be something that we’re taught in school as a “just-in-case the machines crash” scenario, and then will be forgotten.

Date and Time.

 

10 Questions – Ben

Ben didn’t provide any identifying information, so that’s all I have.

1wearandtear

[1] How did you get into a career in IT, and when?

To tell that story, you’d need to be frozen, launched into space, swing around a distant galaxy, and come back when you’ve only aged a year and I’m 50,000 years old.  Then I might be half-way through that story.  The rest of mankind would have died off from sheer boredom by then.

My body would be long gone by then as well, but my mouth would be preserved in a jar filled with some greenish liquid and a bunch of wires connected to a machine with little lights on it.  Bald-headed aliens would be trying to analyze this constantly moving creature and figure out what it wants.

Technically, I started in IT in 1974, but that was a project funded by NASA with our local elementary schools (I programmed a dot-matrix printout of the Pink Panther using COBOL along with 11 other kids in the 2nd grade)

Officially: 1996.  As a “CAD and Windows NT LAN Administrator” for a large defense company.  Weird title.  Weird job.

[2] What big things [in IT] do you see coming in the next 5 to 10 years?

Virtual displays.  Gradually getting rid of video screens, phones with screens and TVs.  Something thinner, lighter, and less stupid-looking than today’s VR goggles.  You’ll be able to share what you’re watching with selected people, like team-mode in video games.  You won’t need a desktop monitor, TV or conference room projectors anymore.

[3] What’s the weirdest thing you’ve seen?

Have you ever sat in an Emergency Room at 2:00 AM on a Saturday night?

[4] What do you think about self-driving vehicles?

Great idea.  They can’t happen soon enough.

[5] Most recent interesting experience?

Walking around downtown Atlanta in September, 2016, at 2:30 AM during the Microsoft Ignite conference.  I handed out leftover vendor t-shirts to some homeless guys and had a really interesting conversation with a Vietnam war veteran.  I’m pretty sure he didn’t recall any of that the next day. (I still laugh at the thought of a bunch of passed out street folks wearing brand new IT vendor t-shirts and ball caps)

[6] Favorite places you’ve visited?

Lots of cities and a few beaches, mountains, etc. from Virginia, to New York, California, Colorado, Oregon, and Georgia.  Trader Joe’s, IKEA, and any Lowe’s or Home Depot when I have a new project going on. (Sam Ash music stores in NYC are incredible)

[7] Hobbies?

Just two kinds: those I can afford, and those I cannot.  In the first group: walking, jogging, mountain biking, eating, drinking, talking smack, and making funny faces.  I have a few others like gardening and pretending I can sing while driving alone.

[8] Favorite Food and Drink?

Indian or Thai (or Bangladeshi).  Beer: Belgian Dark Ales are my favorite.  Wine: Merlot or Malbec.  Aside from that: Tropical Smoothie Cafe “Get up and Goji” is really good.  Cereal (Super Nutty Toffey Crunch, from Trader Joe’s)

[9] Favorite bloggers or sources of Tech Info?

Oh boy.  Just search on “sccm”, “mdt”, “orchestrator”, “sql server”, “azure” or “powershell” and the top 10 hits on any of those are where I hit most.  I still keep my eyes on the CAD/CAM world (check out Ralph Grabowski), since I cut my teeth there for almost 20 years (yes, I still miss writing design automation code in LISP).  My Twitter feed is a big source for daily info ingestion.

[10] If you weren’t working in IT, what do you think you’d be doing?

5-10, with good behavior (possibly).

Thank you!

sir_shower_cat

I’d like to thank the people below for doing an incredible amount of technology and personal exploration, discovery and then sharing generously with the rest of us.  I wouldn’t have imagined ten years ago that such people would exist, nor that they could thrive whilst giving their knowledge so abundantly.  In any case, here’s to you…

Technology 

Special mentions

These are some of the people who have stepped to help me more than I’ve been able to help them.  I still feel indebted to them.

Social / Personal

 

And Now for a Word About Statistics

“Figures don’t lie, but liars often figure.” – Carol D. Wright

peimei

As a testament to how twisted my brain is, I LOVED statistics courses in college. I still do.  I had a 4.0 average (as I recall anyway), and immediately began applying it to everything around me.  Yes.  I’m that messed up.

So, why bring this up now?  Because statistical references play into everything around us.  From politics, to marketing, to work, to budgeting, to well, everything.  In this instance, because so many tech vendors use statistical claims to bolster their marketing charms, I decided to call them out.

Case 1 = “Fastest Growing ____!” claims

When someone says “such-and-such is the fastest growing __ on the planet!” what does that really mean?  Here’s what it means:

Divide the delta (value that denotes the change from state 1 to state 2 for the given time period) by the total number of state 1.  For example, going from 500 to 800 denotes a 62.5% change.  The rate aspect relates to the time period.  For example, if you said you were traveling at 80 MPH, but left off the H (hour) it wouldn’t mean very much.

In the same realm as velocity, a “fastest” claim denotes a velocity.  It implies “rate of change” or “relative change over a given time period”.

So, by itself, without a quantifier, it means very little.  In fact, it’s very often intentionally misleading.  That’s right.  Liars figure.

If a vendor says “Our product is the fastest growing on the market today!“, ask what the total counts (before/after) are.  If their product went from 1 license sold, to 2, that’s a 100% increase.  If their competition went from 100,000 to 150,000, that’s only a pitiful 66% increase.  Obviously their product is better than that pathetic 150,000-seat competitor, right?

Case 2 = Margin of Error

Another area that seems to get little attention (okay, zero attention) is the margin of error.  Often shortened to just “margin” or “MOE”.  This is the score that denotes uncertainty in the findings.  Put another way, the MOE denotes how far “off” the numbers can be, without violating the overall result.

This matters when the comparison between two or more items differs by less than the MOE.  In that case, it means the comparison is a wash.  That’s right.  The difference is so little that it should be considered meaningless (unless you’re aiming to prove indifferentiation).

For example: “Product A is favored by 52 to 48 over Product B” and MOE is 6.  That means it could be anywhere withing each being 6 units/votes/people/etc. higher or lower than the numbers stated. Pay attention to this when you see news or marketing (okay, typically the same thing) pitching something at you.

And now you know.

PS. Statistically, this article could be off by as much as 50% (MOE) 🙂