Thursday, August 29, 2024

10 Years with Kanban: A Journey of Simplicity

A decade ago, I was introduced to a tool that would revolutionize how I approach work—Kanban. I started with Trello, moved through GitHub, and now I’ve integrated it into Notion. Over these years, I’ve come to realize that Kanban is more than just a productivity hack; it’s a philosophy of work management that remains as relevant in 2024 as it was when it first took shape.

What is Kanban?

At its core, Kanban is a visual system for managing work as it moves through a process. Originating from Toyota’s manufacturing line in the 1940s, Kanban was designed to improve efficiency and reduce waste by visualizing workflow and limiting work in progress (WIP). The word "Kanban" literally means "signboard" or "billboard" in Japanese, reflecting its emphasis on clear, visual communication.

But let’s strip away the jargon. Kanban is simply about making your work visible. It’s about knowing what’s being worked on, what’s up next, and what’s been completed. This visibility drives focus and clarity, helping you to prioritize effectively and avoid the chaos of multitasking.

How to Kanban: The Basics

Whether you’re leading a team or managing your own workload, Kanban can be a game-changer. Here’s how to get started:

  1. Visualize Your Workflow: Start by mapping out the steps your work typically goes through—from the moment a task is conceived to its completion. In Trello, GitHub, Notion, or any other tool, this usually involves creating columns that represent different stages like "To Do," "In Progress," and "Done." For individuals, think of these columns as your personal task pipeline. By visualizing your tasks, you turn your workload into something tangible, making it easier to track progress and identify what needs your attention.
  2. Limit Work in Progress (WIP): One of Kanban’s most powerful principles is limiting the number of tasks in progress at any given time. This focus prevents the cognitive overload of juggling too many things at once and pushes you towards completion before starting something new. As an individual, a good rule of thumb is to limit yourself to 1 to 3 "In Progress" tasks at a time. This way, you stay focused and ensure that each task receives the attention it deserves, ultimately leading to higher quality work and less stress.
  3. Prioritize What Moves from "To Do" to "In Progress": With your WIP limits in place, the next crucial step is prioritization. Not every task in your "To Do" column carries the same weight or urgency, so it’s essential to determine which tasks should move into "In Progress" first. To do this, consider factors such as deadlines, the importance of the task, the potential impact, and any dependencies that might affect other tasks. By prioritizing effectively, you ensure that your most critical or high-impact tasks are addressed first, allowing you to maximize your productivity and achieve your goals more efficiently.
  4. Manage Flow: Managing flow is about ensuring that tasks move smoothly from one stage to the next without unnecessary delays. Picture your workflow as a pipeline: tasks should move steadily through it, like water through a pipe. When a task reaches the "Done" column, it creates a vacuum or open space in your workflow. This space is crucial because it signals that you’re ready to take on a new task from your "To Do" list. By continuously monitoring this flow, you can identify and address any bottlenecks—points where tasks are getting stuck or moving too slowly. The goal is a smooth, steady flow of tasks, ensuring that your personal productivity remains high and that you’re always moving forward.
  5. Make Process Policies Explicit: Clarity is key in Kanban, even when working alone. To avoid confusion and ensure consistency in how you handle your tasks, define and agree on the rules for moving tasks between stages. For instance, you might decide that a task can only move from "To Do" to "In Progress" if it’s clearly defined and you have the necessary resources to complete it. By making these rules explicit, you create a personal workflow that’s predictable and efficient, helping you avoid unnecessary delays and ensuring steady progress.
  6. Implement Feedback Loops: Continuous improvement is at the heart of Kanban. Regularly review your Kanban board to assess what’s working and what isn’t. This is where feedback loops come into play. Set aside time for personal reflection—whether daily, weekly, or monthly—to analyze your workflow, identify any recurring issues, and brainstorm ways to improve. For example, if you notice that certain tasks consistently get stuck in "In Progress," you might need to adjust your WIP limits or tweak your approach to those tasks. The goal of feedback loops is to foster a habit of continuous improvement, ensuring that your personal productivity continues to grow over time.

Now, let’s step outside the conventional wisdom. Most people view Kanban as a tool for software development or manufacturing, but its principles are universal. Whether you’re leading a team, managing your own work, or even balancing personal projects, Kanban’s adaptability makes it incredibly powerful across various domains.

What’s often overlooked is Kanban’s potential to foster not just efficiency, but intentionality. In a world obsessed with doing more, Kanban teaches us the value of doing less, better. It’s a reminder that productivity isn’t about how much we can cram into our day but about making meaningful progress on the things that truly matter.

Why You Should Kanban

In 2024, where the pace of work and life continues to accelerate, Kanban offers a counterbalance. It’s a simple yet profound approach to work management that encourages focus, clarity, and continuous improvement. By making your work visible, limiting distractions, and fostering intentional progress, Kanban can transform how you approach both your professional and personal life.

If you haven’t tried Kanban yet, or if you’ve been using it only in a narrow context, I challenge you to expand your perspective. Think of Kanban not just as a productivity tool but as a way to bring more intentionality and purpose into your work. It’s more than just moving cards across a board; it’s about mastering the flow of your life’s work.

Monday, February 26, 2018

Pwned Passwords

On February 22, 2018, Troy Hunt released the V2 update to Pwned Passwords.

Pwned Passwords is a service that checks to see if any of your passwords have been leaked in any third-party security breaches. Troy also provided a new API that allows you to lookup a password by using its hash. That means you don't have to send over the password that you want to check.

I created a short Python script that performs the check against the API. It'll hash your password on your local system and check the hash for you against api.pwnedpasswords.com.

The code repository can be found on github.

As an example, here I'm checking for  `password` as the password. In this example, Over 3 million accounts have been found from third-party breaches using the weak password of `password`.


Monday, February 6, 2012

Retrieving a Stolen iPhone in Under 72 Hours

Image representing iPhone as depicted in streamingmedia.com
Image via streamingmedia.com

Within 53 hours I was able to get a stolen iPhone safely into police custody. Here's a rough timeline of the steps I went took to get the phone back to the rightful owner:


Saturday, 2/4/2012 @ 8:45 AM -- iPhone was "lost" (i.e., stolen).
  • Called stolen iPhone and it rang four times before going to voicemail, suggesting that it was powered on and had reception. Used the "Find iPhone" app to locate the phone using the Apple ID credentials of the stolen iPhone, but it was unable locate the phone.
  • Using the "Find iPhone" app, sent lock code to stolen iPhone to ensure that it was locked and required an unlock code to access the phone.
  • Using the "Find iPhone" app, sent messages with sound to the stolen iPhone stating that the phone was lost and to call ###-###-#### (my Google Voice number). No response.
  • Shortly thereafter the iPhone was powered down by the "someone" who had possession of the phone.
  • I had the owner of the stolen iPhone change passwords to accounts accessed by the iPhone (e.g., Gmail, Dropbox, etc).
  • Setup the email account used as the Apple ID of the stolen iPhone to forward a copy of all mail from "noreply@me.com" to an account I setup at Boxcar. The reason for doing this was to have push notifications sent to my phone moments after the stolen iPhone would be powered on and receive the commands that I sent from the "Find iPhone" app.
    • There's a Boxcar iOS app that I installed on the device that I was doing the tracking from.
  • Opted not to report the phone as stolen with AT&T yet since I wanted to be able to continue tracking the phone. 
  • Also opted not to remotely wipe the iPhone via the "Find iPhone" app for the same reason.
  • The "Erase all data on iPhone after 10 failed passcode attempts" option was turned off on the iPhone. This was a good thing since it prevented the stolen iPhone from being wiped by 10 failed passcode entries and becoming un-trackable. 

Sunday, 2/5/2012 @ 10:00 AM -- the iPhone was powered on by "someone" and the location of the phone was identified.
  • I received a push notification from Boxcar showing that an email from noreply@me.com was received. That meant that the stolen iPhone was powered on and was now locatable.
  • Used both the "Find iPhone" and "Find Friends" iPhone apps by Apple to track the location of the phone.
    • Another option was logging into iCloud with the Apple ID and password associated with the stolen iPhone ... which I did.
  • Location of the phone tracked to a residential address.
  • Used Google maps and street view to look at the house.
  • Identified the owner of the house using PropertyShark.
  • Gathered information about the owner using Intelius.
  • Again, sent messages with sound to the stolen iPhone stating that the phone was lost and to call ###-###-#### (my Google Voice number). No response.
  • The phone was powered down by the "someone" who had possession of the phone roughly five minutes after it was powered on.
  • Checked AT&T for any unauthorized calls. There were no unauthorized calls.
  • A police report was submitted online to the police department where the phone was stolen. 
    • The police department where the phone was currently located (different city than where the phone was stolen) would not accept a report directly since the theft occurred in a different city.

Monday, 2/6/2012 @ 10:46 AM -- the iPhone was powered on and left on.
  • Using both the "Find iPhone" and "Find Friends" apps, the GPS location of the stolen iPhone was the same address as the address that was identified on Sunday.
  • A police report was submitted online to the police department. The location of theft was intentionally left vague, implying that the theft occurred in the city where the phone was currently being tracked to. The police department was willing to accept the incident report.

Monday, 2/6/2012 @ 1:04 PM -- Called the records and dispatch departments of the PD from the city where the stolen iPhone was currently located.
  • Gave the incident report tracking number to dispatch.
  • After a lengthy conversation, dispatch agreed to send an officer to the house and that the officer would call me back if I needed to cause the stolen iPhone to make a sound.

Monday, 2/6/2012 @ 1:36 PM -- Received a call from the responding officer.
  • The police officer stated that he went to the residential address.
  • The officer stated that the owners of the house were at the residence.
  • The police officer gained possession of the phone.
  • The police officer asked me for the unlock code and some contact data that was on the phone to verify ownership.
  • The officer relayed the convoluted story that the individual who had stolen the iPhone told him.
  • We agreed to check the phone into the police department's chain-of-custody and the stolen iPhone will be picked up by the rightful owner soon.
  • Called the police department from where the phone was stolen, stated that the iPhone was retrieved by another police department, and the case was closed.
... and that's a happy ending.

Apple has more information about locating a lost or stolen iPhone here.

Tuesday, January 17, 2012

Koobface Analysis

Today Facebook announced that it will share the data it has collected about the group of people behind the Koobface virus. Facebook didn't provide any details about the "Koobface gang". However, in a separate blog post independent researchers Jan Drömer and Dirk Kollberg of SophosLabs did provide details of their analysis. I found the SophosLabs article a very interesting read in that it details the painstakingly slow process investigators must endure to piece security incidents together and that given enough time and resources "cybercrimes" can be solved.

"Up until now, Drömer and Kollberg's research has been a closely-guarded secret, known only to a select few in the computer security community and shared with various law enforcement agencies around the globe" ... "At the police's request we have kept the information confidential, but last week news began to leak onto the internet about Anton 'Krotreal' Korotchenko - meaning the cat was well and truly out of the bag." -- Graham Cluley, Sophos analyst
Link to Analysis: http://nakedsecurity.sophos.com/koobface/

Monday, December 19, 2011

DHS Cybersecurity Strategy and New California eCrime Unit

WASHINGTON - JANUARY 08:  The Department of Ho...
Image by Getty Images via @daylife
A couple of interesting items within the information security world...

I. The Department of Homeland Security has released a new cybersecurity strategy document with a two-pronged approach:
  1. Protecting critical infrastructure today
  2. Building a more secure cybersecurity ecosystem for the future
Download the Blueprint for a Secure Cyber Future document (PDF).

II. California Attorney General Kamala D. Harris has announced the creation of a new eCrime Unit to investigate and prosecute technology crime.

"The primary mission of the eCrime Unit is to investigate and prosecute multi-jurisdictional criminal organizations, networks, and groups that perpetrate identity theft crimes, use an electronic device or network to facilitate a crime, or commit a crime targeting an electronic device, network or intellectual property." READ MORE

Wednesday, December 14, 2011

America the Vulnerable

Interesting approach to computer security
Image by formalfallacy @ Dublin (Victor) via Flickr

During my commute to and from work I recently began listening to the audiobook, "America the Vulnerable: New Technology and the Next Threat to National Security" by Joel Brenner, narrated by Lloyd James. The audiobook was downloaded from Audible.com.

I’m currently half-way through the unabridged audio and am enjoying it. The book is an eye-opening reminder of what many of us within the InfoSec industry are already aware of as we analyze security events on a daily basis. American national security, our economy, physical and energy infrastructure, financial system and our own privacy are at risk and that if security isn't built into our systems, our systems won't be secure. From what I’ve listened to so far, Brenner does a good job of laying out the cyber-threat facing the United States.

I hope to finish the audiobook by the end of this week as I’m interested in hearing what Brenner has to prescribe as a solution to the problem. Though I have yet to finish the audiobook, I recommend it as a must read for anyone interested or with career in cybersecurity.

Monday, December 12, 2011

New Reader Poll - CISSP Exam

CISSP Logo
Image via Wikipedia
I just posted a reader poll that's now viewable on the right-hand column of this blog. I want to get opinions from those of you that have your CISSP certification. There are two questions in the poll:

  1. If you are a CISSP, did your employer at the time encourage you to take the CISSP exam? (Yes/No)
  2. If you are a CISSP, did your employer pay for you to take the CISSP exam, or did you? (Employer paid/you paid)

The poll can also be accessed directly from here.

As for the value of a CISSP vs. other certifications ... that's for yet another posting.