How to build a roadmap in 7 steps

January 2nd, 2015 Comments off
Reading Time: 5 minutes

RoadMapMoving Information Technology (IT) into the sphere of “the business” is still a challenge in a lot of organisations. How to move up requires that the IT/ICT teams demonstrate value (showing how you can support the business achieve its goals) to more senior executives within the business, where to start is always a hard question. Whilst there are many ways to approach this, the roadmap is one of the simplest ways of getting started.

 

Over the years I’ve noticed that there is little consistency in the generation and development of roadmaps; Infrastructure, Application or even Business structure. This can be for various reasons including:

 

  • There isn’t visibility of the full picture, but you have to show some degree of thought
  • Enterprise Architects are now really Technology Architects so the views are skewed towards a technology, conversely there are consultants posing as Enterprise Architects who have nothing more than an MBA and no experience or exposure
  • Businesses don’t truly understand what they are doing with ICT or why they need to be planned and not reactive
  • It’s a contract deliverable and come hell or high-water you’ll deliver something.
  • Newly minted TOGAF, SABSA or other practitioners attack this discipline with too much vigour that they get quickly shutdown by the business.

 

Regardless of the reason, it is important to be able to show those needing to invest in ICT services, what they are going to invest in and why they are going to invest. I’ve found that providing clear traceability between business objectives, ICT strategies (where available) and the roadmap help you as the architect understand WHY better which helps when presenting up higher the the organisation; communicating in the business’ terms and not techno-speak.

It can also help the CIO/Director of ICT/etc. understand how their organisation is supporting the wider business and its initiatives.

Remember a roadmap is generally for inside an ICT organisation. it requires distilling into bite-sized chunks for management to absorb

So let’s get to it. Building a roadmap can be broken into 7 stages

  1. Confirm the business’ priorities
  2. Current State
  3. Define End state
  4. Identify the measures
  5. Gap analysis!
  6. Sequence the events
  7. Publish the end goal

Read more…

Stealing your data while you watch

December 20th, 2014 Comments off
Reading Time: 3 minutes

medium_4612834833 In IT and IT Security there is a constant complaint about the risks of shadow IT, and the adoption of consumer collaboration and sharing tools. Over the last couple of years we also saw the emergence of novel exfiltration techniques including the persistent ultrasonic technique, where the infected devices  communicates with other compromised hosts via high frequency; or the Twitter based technique, where malware sends out data 140 characters at a time for anyone to read;  and the more recent Video technique, encrypting data in video files and putting corporate secrets onto video sites or later retrieval.

Read more…

Adapting to change with technology

December 13th, 2014 1 comment
Reading Time: 1 minutes

origin_3752428880We all go through change at some point.

Changing your process to meet the new requirements of a product or service in response to market change is a relentless march forward.

Some organisations hold on to a way they do things despite the issues and inefficiencies in them. These might be because of a number of reasons including working around deficiencies in older technologies, individuals or business structures.

Technology and Service organisations spend millions, sometimes hundreds of millions, looking to find the best way to streamline a process and build that into their application(s), why then do smaller organisations  feel the need to customise these applications to meet their, potentially, less efficient processes?

Wanting to become more mature in what you do requires change, so why do companies always fight technological change?

photo credit: AndYaDontStop via photopin cc

Ethics in Technology

November 3rd, 2014 Comments off
Reading Time: 2 minutes

Warning, today is a bit of a rant. I had an email and chat exchange with a friend that wasn’t treated well recently and felt compelled to ramble.

Ethics is extremely important in business as it is the foundation of relationships. Ethics in the IT business is especially important as members of the Technology team(s) are responsible for representing IT to the wider business. Through the relationships IT builds with the business it is able to better understand the needs of the business itself and can develop real value through the strategic use of IT, using the collective smarts (IP) of the team. The Technology teams inside an organisation supports the business’ strategy, balances the wider strategic needs of the organisation and business units with the explicit needs of IT and IT strategies. Unethical behaviour can destroy this.

Let me be clear, when I say unethical I mean behaviour that isn’t:

  • Honest;
  • Courteous;
  • Done with Integrity;
  • Performed Efficiently; and
  • Respectful of Property

Our individual actions ultimately reflect our ethical beliefs.When we are in a position of authority these also shape the way those around us operate.

The consequences of unethical behaviour in our IT teams is that it breaks the relationships, both internal to the team and the external ones to the organisation. This can cause team-members to become disconnected and jaded, holding back the IP that could make a difference between completing that aggressive project on time, creating that innovative new product or demoralise the wider team around them. The greater flow on affect is that IT will become disconnected from the business (again) and relegating it to that group that just cost a lot of money and doesn’t deliver anything.

It is easy to be dismissive in the heat of corporate action, but let’s face it, for the most part corporate IT is not life and death. Take the extra minute to think about the repercussions of the decisions you make and the actions you take, it may mean the ultimate success or failure for the perception of IT in the business.

/rant.

OK I think I’m prepared for that Ethics section in today’s exam!

ThruGlassXfr starts to make an impact

October 2nd, 2014 Comments off
Reading Time: 2 minutes

logoIt is awesome to see that Ian Latter’s work on bypassing all security measures to exfiltrate data via the screen is starting to be received by the InfoSec community. Today an article written by Richard Stiennon on Ian’s presentation at COSAC has been syndicated through to Forbes. Well done Ian!! this follows up on a post I did in July when I was allowed to start talking about TGXf.

As part of Ian’s presentation preparation (and in response to a number of CFP reviewers NOT READING HIS SUBMISSIONS) he also prepared a number of videos demonstrating the capability of ThruGlassXfr along with his ThruKeyboardXfr.

ThruGlassXfer Open Letter (PDF) – TGXf VER8 FPS5 GD
http://youtu.be/IXlYDYjqFLU

Android smart-phone in flight mode, downloading a PDF from Youtube via a Laptop screen
http://youtu.be/2_8GlFdlb0Y

TGXf Demo – Open Letter PDF, ANSI (Terminal) Version 1 at 8 FPS
http://youtu.be/ZrMN54Rooec
(i.e. you don’t need graphical access to steal data)

TKXf Demo – Keyboard upload of virus to hardened Windows platform
http://youtu.be/2Szza7dQZsY
(i.e. I can type a virus into Windows .. stop me)

TKXf Demo – Keyboard upload of payload via Windows to Linux
http://youtu.be/QmROf-Tx92E
(i.e. I can type any payload into anything via anything .. stop me)

TCXf Demo – Attacker exfiltration from Linux via socket over PuTTY/XPe/HP Thin Client
http://youtu.be/sMHx5VDpFjQ
(i.e. I can route anything via anything over screen and keyboard)

And my personal favourite!!!!!
TCXf Demo – IP networking over Screen and Keyboard!
http://youtu.be/PdjhevoBKbs

Yes that last one is a functional network over TGXf and TKXf…

As a Security Enthusiast I love seeing this, though I have to say as a Security Technology Vendor and IT Outsourcing and Management Supplier it causes me pause. Now I finally have that enthusiasm back to write that paper on the risks of BYOD.