Tuesday, June 17, 2008

The Coolness of Geek

Steve Zenone looking at Tondelayo - girls were always cool!Apparently, geek is becoming sexy. We've all known that geek was chic [pronounced sheek for those who think I'm saying chick]....but sexy, that's just hot! I think I've been waiting for this since the late seventies:

"The Nerd Girls may not look like your stereotypical pocket-protector-loving misfits—their adviser, Karen Panetta, has a thing for pink heels-but they're part of a growing breed of young women who are claiming the nerd label for themselves. In doing so, they're challenging the notion of what a geek should look like, either by intentionally sexing up their tech personas, or by simply finding no disconnect between their geeky pursuits and more traditionally girly interests such as fashion, makeup and high heels."
Newsweek, "Revenge of the Nerdette", 6/9/2008
As I sit here I get mini flashbacks of typing away on my TRS-80 in elementary school, writing my first snippets of code in BASIC, knowing that in the eyes of the masses I wasn't being cool. Then, in junior high, I graduated to the the Apple II, on which platform I launched my first BBS. Soon after I added multiple phone lines and had sister systems throughout the US. Ahh, the good 'ol days of the lawless wild west, shortly before William Gibson coined the term cyber in his 1982 book, Burning Chrome.

Newsweek Article [link]

-Steve Zenone

Monday, June 16, 2008

Equiped to Get the Job Done

I came across an article in USA Today titled, Some employees buy own laptops, phones for work. The article reports that more and more professionals are buying their own electronic equipment to get their work done. This includes equipment like cell phones and even laptops!

Nearly 40% of professionals recently surveyed by researcher In-Stat paid for a laptop that they regularly carried. Cellphone users often picked up their bill. And company-provided personal digital assistants (PDAs), cameras and Global Positioning Systems (GPS) are relatively rare, says the survey, released Monday.
As many organizations start to withdraw spending on materials and equipment, professionals are having to take matters into their own hands and purchase their own equipment. This reminds me of research done by Buckingham and Coffman. Their research paper summarized the twelve key factors in retaining star employees (there's a connection here - question #2 relates to employees having to purchase their own equipment).

In a nutshell, if employees can answer the below questions in the affirmative, then the work environment is probably very strong and productive:
  1. Do I know what is expected of me at work?
  2. Do I have the materials and equipment I need to do my work right?
  3. At work, do I have the opportunity to do what I do best every day?
  4. In the last seven days, have I received recognition or praise for good work?
  5. Does my supervisor, or someone at work, seem to care about me as a person?
  6. Is there someone at work who encourages my development?
  7. At work, do my opinions seem to count?
  8. Does the mission/purpose of my company make me feel like my work is important?
  9. Are my co-workers committed to doing quality work?
  10. Do I have a best friend at work?
  11. In the last six months, have I talked with someone about my progress?
  12. At work, have I had the opportunities to learn and grow?
As a manager, the above points are worth reflecting upon.

USA Today Article [link]

Monday, June 9, 2008

PCI Security Standards Council Mandates New Vulnerability Scoring

I recently learned that all Approved Scanning Vendors (ASVs) are required to use version 2 of the Common Vulnerability Scoring System (CVSS). Starting July 1, 2008, version 2 will be the new industry standard and all scans will be scored using this system.

Many of the ASVs that I have experience with continue to fail scans based upon false positives. Although PCI DSS requirement 11.3.1 necessitates a network-layer penetration test to be performed at least once a year and after any significant infrastructure upgrade or modification, the automated quarterly vulnerability scans will still show a compliance failure even if the flagged vulnerability is a false positive.

It'll be interesting to see how many merchants will move from compliance status of compliant to non-compliant after July 1.