Warning, today is a bit of a rant. I had an email and chat exchange with a friend that wasn’t treated well recently and felt compelled to ramble.
Ethics is extremely important in business as it is the foundation of relationships. Ethics in the IT business is especially important as members of the Technology team(s) are responsible for representing IT to the wider business. Through the relationships IT builds with the business it is able to better understand the needs of the business itself and can develop real value through the strategic use of IT, using the collective smarts (IP) of the team. The Technology teams inside an organisation supports the business’ strategy, balances the wider strategic needs of the organisation and business units with the explicit needs of IT and IT strategies. Unethical behaviour can destroy this.
Let me be clear, when I say unethical I mean behaviour that isn’t:
- Done with Integrity;
- Performed Efficiently; and
- Respectful of Property
Our individual actions ultimately reflect our ethical beliefs.When we are in a position of authority these also shape the way those around us operate.
The consequences of unethical behaviour in our IT teams is that it breaks the relationships, both internal to the team and the external ones to the organisation. This can cause team-members to become disconnected and jaded, holding back the IP that could make a difference between completing that aggressive project on time, creating that innovative new product or demoralise the wider team around them. The greater flow on affect is that IT will become disconnected from the business (again) and relegating it to that group that just cost a lot of money and doesn’t deliver anything.
It is easy to be dismissive in the heat of corporate action, but let’s face it, for the most part corporate IT is not life and death. Take the extra minute to think about the repercussions of the decisions you make and the actions you take, it may mean the ultimate success or failure for the perception of IT in the business.
OK I think I’m prepared for that Ethics section in today’s exam!
It is awesome to see that Ian Latter’s work on bypassing all security measures to exfiltrate data via the screen is starting to be received by the InfoSec community. Today an article written by Richard Stiennon on Ian’s presentation at COSAC has been syndicated through to Forbes. Well done Ian!! this follows up on a post I did in July when I was allowed to start talking about TGXf.
As part of Ian’s presentation preparation (and in response to a number of CFP reviewers NOT READING HIS SUBMISSIONS) he also prepared a number of videos demonstrating the capability of ThruGlassXfr along with his ThruKeyboardXfr.
ThruGlassXfer Open Letter (PDF) – TGXf VER8 FPS5 GD
Android smart-phone in flight mode, downloading a PDF from Youtube via a Laptop screen
TGXf Demo – Open Letter PDF, ANSI (Terminal) Version 1 at 8 FPS
(i.e. you don’t need graphical access to steal data)
TKXf Demo – Keyboard upload of virus to hardened Windows platform
(i.e. I can type a virus into Windows .. stop me)
TKXf Demo – Keyboard upload of payload via Windows to Linux
(i.e. I can type any payload into anything via anything .. stop me)
TCXf Demo – Attacker exfiltration from Linux via socket over PuTTY/XPe/HP Thin Client
(i.e. I can route anything via anything over screen and keyboard)
And my personal favourite!!!!!
TCXf Demo – IP networking over Screen and Keyboard!
Yes that last one is a functional network over TGXf and TKXf…
As a Security Enthusiast I love seeing this, though I have to say as a Security Technology Vendor and IT Outsourcing and Management Supplier it causes me pause. Now I finally have that enthusiasm back to write that paper on the risks of BYOD.
Yesterday I decided that I’d no longer be an armchair commentator on the state of IT services and the direction it, as an understanding as a discipline, is going. So to that end I ponied up my own own money and bought myself a membership to the itSMF (IT Service Management Forum) and robbed myself in to participate in the next Special Interest Group meeting at the end of the month.
The itSMF isn’t as sexy as the technology groups and bodies that I’ve been a part of before, but I think that it is a lot more real and accessible to the non-technical in the industry (yes, there are a lot of non-technical people in IT) and a way of bridging the gap between IT and “the business”.
I hope to gain some insight into the wider Australian market’s changes and perceptions as well as supply my 1st hand experience and understanding when it comes to solutioning, negotiating and delivering Technology and IT Services in the APJ market.
photo credit: Chimpr via photopin cc
I found this paper earlier in the week. I honestly wish I found this three or four years ago, as it is a great pre-cursor for understanding how to break up a business and set the appropriate technology strategy to support the overarching business strategy.
It pulls together a number of ideas I’ve been playing with over the last few years with regards to business-mapping and lets me see, what appears to be, the embryo of a lot of the thinking in support of Simon Wardley’s model. The origin is an article by Nicolas Carr, 2003, Why IT doesn’t matter. I never realised it was from a larger thesis, I read the HBR article 2 years ago.
His main recommendations for IT are
- Spend Less
- Follow, don’t lead
- invest only when risks are low
- focus on vulnerabilities rather than opportunities
This is all based on the view that IT is not of strategic importance because:
- Technology is expensive so not everyone can afford it.
- Not everyone will be sufficiently imaginative to see the potential
- Those who exploit it early may be able to lock-in customers, markets or business in a way that is difficult to break or match.
These all read like excuses, putting It into the “too hard” basket. If we treated HR with the same contempt we’d never employ anyone because people are really expensive, I might not be able to use them to their potential, I’m locking by business into relying on those people because they know a lot about me.
This attitude also explains why so many people can’t see the chess board when it comes to business strategy in general; if you ignore it because it’s hard and copy the competition, you’ll be fine.
This is a very raw emerging thought – Catching up on the reading I need to do for University and a few things started to come together. I realised that business (people in them) still think of themselves as relatively static entities in a market that doesn’t change. This was highlighted when I was reviewing two different frameworks for business strategy; Michael Porter’s Generic Strategy model (something I’ve used in the past) and D’Aventi’s Hyper-competition model. Click in the image to see the two models.
I’m still working through my thoughts on this and how to use, but I think that as a whole as markets thrash through the product -> commodity phases, the markets represent a hyper-competitive one and the strategies listed by D’Aventi seem to be more appropriate.
That said, you could also use the D’Aventi model as a targeted selling technique on a case by case basis. As the relevant IT adoption maturity of the potential customer will vary, as will their perception of the Technology and it’s capability.
Regardless of the use, the models are definitely only useful for short term game. I don’t want to get to the point of lazy generation of strategy statements. More looking at ways to direct thinking appropriately, for the given situation.