Two Percent, Five Percent, More?

I was reading Seth Godin today and he makes this claim:

If 2% of a population takes coordinated action, it makes a difference. If 5% do, it can change everything.

https://seths.blog/2022/05/the-ones-who-didnt-help/

It’s not 2% or 5% as a claim without any context. Rather, if we know what percentage is required to make a difference, if we can increase that, even marginally compared to the overall population, we are better for it.

Applying this to technology, we aren’t going to be able to convince everyone. But if we can get some idea of what percentage it would take to cause a change for the better, we should focus on those most likely to adopt. A lot of changes in technology have started with an initially modest adoption. And while I believe the “shun” statement was tongue-in-cheek, I definitely agree with how Seth concluded his post:

Instead, we have the chance to find and connect and celebrate the people who care enough to make a difference.

Reading more efficiently

In IT, we have to read a lot. For instance, understanding how to set something in Azure or Okta or vSphere may mean we are consuming 5 or more “articles” to get the gist of what we need to do. The better we are at reading and extracting the information pertinent to the task, the faster and more accurately we can accomplish our work.

If you’re still pretty much a word-by-agonizing-word reader (with apologies to Jeff Moden and RBAR), the following may help you read quicker and retain the information better:

How to Read a Book a Week by Peter Bergman (Harvard Business Review)

Architecture – Commonality is an accelerator

In IT, commonality is an accelerator. When I say commonality, I mean commonality of:

  • Components, like libraries
  • Object models
  • Interface definitions
  • Tools

Let me give you an example. Imagine I have 3 different scrum teams, each supporting 3 different but interconnected applications. They each need to develop API calls for their system to talk to the other 2. The typical approach is for developers on one scrum team to have to learn the APIs of the other 2 systems. However, while I’m learning the APIs of those other 2 systems, I’m not working on my own system’s product backlog. Wouldn’t it be great if there was a standard API which all 3 systems implemented? Standardized methods with standardized parameters would mean each team could simple call to the standard. There wouldn’t be any wasted time having to learn the internals of a different system. That would be definitely accelerate work and deployment of features for each team.

Is there some additional work for each team? Yes. They’ll have to take their APIs and build an interface layer that maps to the standard. However, that does two things:

  • It ensures the folks who know the system the best are the ones building the interface layer, rather than a team supporting a different system trying to figure things out.
  • It also ensures each team is familiar with the standardized model, meaning their ability to implement interfaces with other systems should accelerate.

Think about if each team had to learn the other teams’s systems. We actually lose more time than just the learning. We also lose time due to the following:

  • Troubleshooting errors due to not having a full understanding of the other system. This is for both teams: the team learning and the team supporting.
  • The supporting team effectively has to mentor each learning team. This isn’t something that’s easy to put in the product backlog. So it usually shows up as untracked/unplanned work.

Commonality reduces the time spent on those two things. So overall, if I have a standardized API interface, if I have commonality on my systems, I should be able to build faster and ship faster.

Architecture – The Perfect Enemy

When I was younger, I always wanted the perfect solution to an IT problem. I remember getting into argument after argument trying to insist upon the perfect configuration, setup, or whatever it was to meet the need.

The problem with looking for the perfect solution is that there are a lot of considerations that aren’t taken into account. These things apply not only to the problem at hand, but broader. Let’s look at some of them:

  • The overall cost in money
  • The amount of human effort it will take to get it implemented.
  • The timeline it will take to implement.
  • The complexity it introduces to the environment.

One issue that we encounter when insisting on the perfect solution is we bypass the good enough solutions. And often times the work and cost difference between good enough and perfect is substantial. By focusing on perfect, we end up committing people whom can be used elsewhere far longer than a good enough solution. we end up spending more money. In short, we reduce overall what the organization can get accomplished.

When we focus on perfect vs. good enough, we also potentially violate lean and agile principles. Lean and agile would indicate we get a minimum solution together as quickly as possible for feedback, for testing, for learning information we didn’t know we needed. From that initial offering, we get the knowledge we need to improve. And by iterating quickly, we end up developing the solution the user needs, not the one we had in our heads.

And that points out another issue with perfect solutions. They are perfect based on what we know at that point in time. But we don’t know what we don’t know. What we may envision as a perfect solution may be far away from is the best solution. We just don’t have the information to see that. Therefore, it’s not good to focus on the perfect. It’s the perfect based on incomplete information. And the perfect is the perfect enemy to architecture.

Webinar on Data Security and Compliance

Tomorrow, July 13, 2021, I will be giving a webinar on data security and compliance. Here’s the sign-up link:

SQL Server Data Security and Compliance sign-up (free, but registration required)

Here’s what we’ll be covering:

Every enterprise organization must meet particular data security and compliance requirements such as GDPR, CCPA and HIPAA. With so many Microsoft SQL Server databases in our enterprise, we need an automated way to discover, scan and identify sensitive and personal information so that we know what data needs to be protected. In this webinar we’ll first consider the configuration settings that are tied to data security/compliance. Then we’ll start looking at how SQL Server performs data security, especially authorization and auditing, and what tools are available to us. We’ll also briefly cover data classification, data masking and data encryption, as those are part of most data security/compliance efforts as well.

Geek Sync: Meeting Security Benchmarks and Compliance with Microsoft SQL Server

Tomorrow, April 28, 2021, 12 PM EDT, I will be talking about meeting security benchmarks and compliance requirements with Microsoft SQL Server. Here is the registration link:

Geek Sync | Meeting Security Benchmarks and Compliance with Microsoft SQL Server

Here is what we’ll be talking about:

In today’s IT landscape, we are faced with meeting an ever increasing number of laws, regulations, and industry standards. The good news is that the majority of these different requirements overlap with each other and we can configure our SQL Servers accordingly. In this webinar we’ll take a look at those standard configuration settings you should be setting in your environments as well as what you’ll be auditing for in order to meet all of your compliance criteria. We will start with the recommended security “good” practices for managing identity and permissions. From there we will move on how to audit SQL Server, both with security changes and actual activity. There may be specific items you need to account for and we’ll walk though how to set those up within SQL Server. Finally, we’ll briefly discuss what it would take to deploy this across your entire environment, especially using the functionality provided out of the box by Microsoft and with tools like PowerShell.

Webcast Recording – Building a Proper SQL Server DB Security Model

The recording for my presentation on Building a Proper SQL Server DB Security Model is now available. It’s right at an hour long and in it I present a framework if you’re building your own model from scratch as well as a short portion on how to handle third party solutions.

Registration (free) for Building a Proper SQL Server DB Security Model recording

Webinar – Building a Proper SQL Server Database Security Model

Tomorrow, March 9, 2020, at 3 PM EST, I will be giving a presentation on how to build a database security model in SQL Server. We’ll primarily focus on if you’re developing a homegrown application/system and what rules you should follow as well as a framework which helps reduce the security complexity. However, we’ll also cover at the end what you can do about 3rd party products. Sometimes, there, the right approach pays dividends. If you’re interested, here’s the webinar information:

MSSQLTips – Building a Proper SQL Server Database Security Model Registration Page

Here’s the description:

You’ve been asked to assist with designing or improving the security model for a SQL Server database. How do you go about doing this? What are the things you should look at? What can make a tangible difference?

In this webinar we’ll look at the two paths for securing a database: a home-grown application versus supporting the database for a third-party application.

We’ll first walk through the home-grown application where we are designing the database from scratch. In this design phase we’ll talk through the important features SQL Server gives us which allows us to build the security model we need. Then, with an understanding of those features, we’ll look at how to apply those design principles to existing databases, whether they are home-grown and already deployed or belong to third-party applications. As part of considering that third-party application scenario, we’ll also talk about the options your organization has based on actual practice.

In both paths we’ll focus on the Principle of Least Privilege while attempting to keep the security model as simple as possible. In addition, we’ll talk about what you can do to protect sensitive or PII data, whether through permissions, encryption, or a combination of both.

[Coping] Hidden Wounds

Through high school and college, I carried deep wounds due to what was going on at home. Only a handful of people outside of my family knew what what was happening. I didn’t want to share what was occurring for a number of reasons: thinking about it brought more pain, it was deeply embarrassing, and I partially blamed myself even though logically I knew I had no part in causing those wounds.

We’ve had almost a full year of dealing with COVID as it exploded in the world. Many of know at least one person who has passed because of this disease. Here in the USA there has been tremendous social unrest and unprecedented political turmoil. There are a lot of wounds being taken, some of them deep. Most all of them are hidden.

And that’s the problem. When we know a co-worker’s parent passed away, for instance, we expect them to have periods where they aren’t their normal selves. If the death was unexpected, even more so. But with hidden wounds, someone may act in a manner that is aggressive, uncooperative, or belligerent, seemingly without cause. Perhaps they seem extremely pompous or arrogant. Or they may act burnt out or disinterested. There are other behaviors, but those were the ones I exhibited the most when I was there. It’s a dark, dark place, especially if you don’t have any idea of how to begin healing.

If we knew someone was hurting and they acted in any of these ways, we’d likely respond in a compassionate and understanding way. Or at least, we’d hope to be the type of person who does. But if the wounds are hidden, we don’t know. Likely until the person is either forced to reveal the wounds or they begin healing and can speak about them, we won’t know. Even in cases where it would seem that a person has to say something about what’s hurting them, they may not. In fact, they might sabotage further. I know. I did. Repeatedly.

So how do you deal with people who may be carrying hidden wounds? The people who helped me the most were the ones whose default behavior was compassion and understanding. They didn’t assume anything. That’s the way they were. They knew some folks were hurting. They knew some folks were just that jerks or didn’t care. Either way, they were committed to act the way they did consistently towards everyone.

One could say let a person’s actions over time be the deciding factor. But the problem with that is how long the person could be taking wounds and then how long it takes to heal after that. There was a strong five year period where I suffered those deep wounds I kept hidden. But it was about 10 years later before I finally began to heal. Key word: began. It was years later before I had better acceptance and control over what I went through. In total, 20+ years.

So as you are coping, remember there are others who are coping, too. If you have hidden wounds, you understand how hard it can be to share what’s hurting. And also how hard it can be to control your emotions and behavior when that pain flares. Recognize that others may be, and likely are, dealing with hidden wounds, too. Respond to them how you would want to be treated, too. That may be what starts or accelerates your healing process. It was for me.

[Coping] Dum Spiro Spero

Dum Spiro Spero – “While I breathe, I hope.”

Because it’s the motto for South Carolina, it’s on the state seal. As a result, it is part of The Citadel’s hat brass. As I knob I shined at least 3 different pieces of hat brass every day. And every day I saw that motto.

The South Carolina Governor’s School for Science and Mathematics and The Citadel, the Military College of South Carolina, are both difficult places by design. How they are difficult is different: SCGSSM is academic and The Citadel is military. My time at both was harder because of things going on out of my control outside of school that deeply impacted me. Only a handful of people were aware of it all. I am grateful for them.

During that time, I never lost hope. Maybe it was the motto. Maybe it was I too stubborn to give up. But the motto is one to take to heart. While we have breath, we can still see things change for the better. While we breathe, we can be a part of that change. Don’t let the current situations around you discourage you to the point of giving up or believing there’s nothing you can do. You can, as long as you don’t give up hope.

Previous Older Entries