Wednesday, November 9, 2016

Gridlock in New York City

Foot and vehicle traffic in the city have ground to a complete halt as Republican voters have streamed into the city to have their wives and daughters looks rated and pussies grabbed by President Elect Trump.

Maybe There's a Bright Side?

Trump has made lying to investors is way of doing business, then running the businesses, often into the ground, however he liked.

The good news here is that the voters are the investors. Moreover, Trump has never cared about any of the states that voted for him and won’t again for 4 years. He’ll only do their bidding if it lines his pockets or those of his friends. Maybe he won’t ruin America, our civil rights, and blow up the rest of the world like he’s promised to.

Let’s just hope he doesn’t run this investment into the ground too.

Good News

The new president won't be coming for my gun... Bad news, he's probably coming for my non-white wife and children.

 Oh, and I wasn't really worried that Hillary would take my guns...

Just to Clarify

Ghee is butter

Thursday, May 15, 2014

Thank You Satya Nadella, for Saving the Internet... for a while

A while back, I asked if Satya Nadella was going to reverse MSs decision to stop publishing security patches for XP, for free.  I didn't get a call or email from Mr. Nadella and MS did not change their overall plan.

That said, MS decided to release the big Internet Explorer patch and include XP. This is a particularly big bug and would be devastating to the web, if left unpatched.

I am curious how those who are paying millions for XP support feel about the rest of us getting this for free.

Thank you Satya Nadella for saving the web.  I look forward to the next XP security update. I know you will do the right thing when the next big bug comes.

Sunday, February 23, 2014

Tech Job Postings are Funny! Post 2 Caradigm

In my last post, I promised to make fun of companies based on their job postings.  Some are silly, some are crazy, and some are unintentionally telling about a companies culture... A word to HR and recruiting, don't let your job ads destroy your company's facade of hugeness.

Enter Caradigm a joint venture between Microsoft and GE!  From the press release, this seems to be all about real-time healthcare data. They are talking about interoperability and collaboration with patient data.  Done right, this is great stuff, however, we are talking about highly sensitive personal data in a very regulated space, in terms of data security.

Microsoft and GE are two of America's largest companies.  I'm sure they have thought this all through... Caradigm is hiring the Information Security Manager. Copy here. While this role sounds like the manager of all InfoSec at Caradigm, surely they mean Manager in Information Security.  The top InfoSec role at a company of this stature, with its hands in or on so much highly regulated data, must be a VP or maybe even a C level role. Then again, maybe they didn't think it all through and don't think security is important enough to pay a high salary for.

Security covers a lot of ground; policy, risk management, governance, vendor management, architecture, hands on techy stuff around hosts, network stuff, app layer stuff.   The top role would cover all that.

And here is are a few of the job requirements...  That looks like the whole list to me.  Did we leave anything for the CISO to do?

• Participates in the architecture governance process. Provides technical guidance to project teams and vendors as appropriate.
• Implement Enterprise Information Security Standards
• Plans and supervises the support and maintenance for the enterprise information security including:
- Environment administration of all access rights to the overall network and applications within the network
- Monitoring
- Vulnerability scanning
- Firewall administration
- Risk assessments
- Penetration testing
• Plans, supervises and participates (either personally or through team members or vendors) in every project within the environment to assure that security standards are maintained while meeting the business requirements
• Coordinates all audit requirements related to Information Security across all platforms and projects working directly with process owners and vendors to ensure compliance
• Sponsors the teams, which analyzes all vulnerability and patch requirements and assess their impact to the Security environment. Integrate this team’s strategic roadmap into the overall IT strategy to ensure a plan to protect its information assets into the future.
• Maintains accountability for responsible information security program governance through formal reporting
• Develops and implements an information security risk profile that prioritizes risk and the investment and financial strategy required to mitigate those risks
• Creates and maintains security architecture for the enterprise and participate in the solution selection and process development
• Develops security requirements for information technology infrastructure initiatives, selected enterprise applications and, as appropriate, reviews and approves security design of initiatives
• Understanding of appropriate leading-edge security technologies and services
• Matrix managing large virtual, remote, and global project teams (15+ members)
• Hiring, developing, leading, motivating, performance managing, and coaching a cross-section of security and technology professionals and managers
• Understanding of emerging technologies and their impact on security architectures: Service Orientated Architecture, Enterprise Frameworks, Message Based information exchange, etc.
• Project managing in the security arena in a healthcare customer facing role
• Information Security Architecture technologies and concepts: Firewalls, intrusion detection, assessment tools, encryption, certificate authority, etc.
• Information systems security, including such areas as identity and access management, security program policies, processes, and procedures
• Understanding of information security and the relationship between threats, vulnerability and information value in the context of risk management
• Excellent vendor management skills with demonstrated experience. Comprehensive understanding of the physical security discipline, focusing on operations. Strong cross-team and cross-group collaboration skills.

I wont beat them up any more myself, but it looks like the top IT role is a Director level job.

Friday, February 21, 2014

Tech Job Postings are Funny! Post 1

I get a lot of recruiters emailing me and I get job postings in my RSS feeds.  Many of these postings are unintentionally funny, some are downright embarrassing, and some just leak a lot of information about a company.

I've decided to start posting some of these with commentary.  The one that finally made this decision for me is from . A copy can be found here. I've added bold for emphasis.

The almost certainly illegal and super ageist posting title is what caught my eye: "Systems Engineer - AWS Simple Storage Service (S3) -University Candidate: May 2014 Grads Only".

It was the wonderful nonsequitur requirements for job experience that really hooked me.

  • Experience running and maintaining a 24x7 Internet-oriented production environment, preferably across multiple data centers, involving (preferably) at least hundreds of machines.
  • Demonstrable expertise around specifying, designing, and/or implementing system health, performance monitoring tools, and software management tools for 24x7 environments.
  • Experience with very large distributed systems such as multi-terabyte storage farms, and/or horizontally scaled request processing fleets

Sure, there are plenty of 2014 Grads with expertise in the book sense and maybe some even in a more practical sense, but, really how does a grad get to a place where their college and work lives intersect with a large 24x7 operation?   Maybe I need to open my mind.  Maybe Amazon wants a 12th year senior who has been working in enterprise architecture while going to school at night?   That eliminates the ageism too!!

Inputting falsified referrals to this site violates the terms of service of this site and is considered unauthorized access (hacking).