The Business-Technology Weave

June 26, 2013  11:57 AM

NSA, Surrveillance, and New Parameters for Business Liability Coverage

David Scott David Scott Profile: David Scott

docThe National Security Agency (NSA) has a new data storage facility.  It’s 1.5 million square feet of super computers that harbor massive amounts of information.  Much of it is thought to be our phones calls and texts… at least the relevant metadata surrounding these communications, but there’s been considerable speculation about that here in these forums as well as elsewhere.

Business security folks are already asking critical questions:  Do they store your stuff forever?  Or, what stuff exactly, forever?

In match:  How long do you (or a vendor, on your behalf) presently store?  Many businesses have a destruct trigger for data based on taxonomies and dates.  Many organizations at present also have loose, or evolving, or even no standards for what employees can do with company resources.  Even large enterprises with sophisticated Acceptable Use policies don’t adequately enforce them… so –

What if Feds come at you in future, with charges?  They could be charges based on what your sanctioned corporate data allegedly points to, or they could be charges based on what some long-departed employee did under the aegis of the organization’s banner (remember What is being done in the name of your domain? from I.T. Wars?).  Can you, and your legal representatives, assess the charges on a “bit-for-bit” basis, so-to-speak?  Will you have the relevant data from that period?  Or will you be content to take the Feds word for the alleged transgressions of the past, that must now be answered for in the present?  Oh oh…

Update all:

– Security Policies

– Acceptable Use Policies

– Security Training

– All Data Retention and Destruct Policies

–   Monitor what people are doing with work resources –  the org owns the resources, and all associated content – to include anything so-called ‘personal’ that people are crafting with the org’s resources – make clear the org is monitoring everything, and why (again, get training up-to-speed).

The time is now – right now.

June 17, 2013  1:20 PM

Concerned About Gov’t. Snooping? There’s an app for that

David Scott David Scott Profile: David Scott

PadlockRegardless of the challenge or topic, folks often joke:  There’s an app for that!

Need a date?  “There’s an app for that.”

Hungry… bored… need a plumber… need an airplane mechanic… ?

“There’s an app for that.”

Concerned about government spying?  Someone peering into your e-mails, monitoring your texts, listening in on your phone calls?

            There are at least half-a-dozen apps for that. 

And undoubtedly more on the way.

Seecrypt and Silent Circle each have a nice splash to inform you how they can protect your privacy the next time you use your smartphone.   Each is available online, and I dig that their landing pages are https – that generally doesn’t happen until a few clicks in, definitely at point-of-payment…  as I say, nice touch with the early entrée to that realm.  It may not mean much on a landing page, but… I noticed.

With these and other/coming apps, an encryption of the data makes it difficult or impossible for a third-party to listen in or to learn who you are calling/texting.  These issues are likely to take a higher profile for a couple reasons:

1)  Reports such as these make this a growing concern to a growing body of people.

2)  The concern bridges political ideology:  Republicans, Democrats, Independents and the apolitical are all uniformly concerned about these recent privacy (or lack of…) revelations, and there is already a grapple as to what prudent people should do in protecting themselves.

Therefore, I feel a free license to blog about the issue without political peril, being that this is generally not a political forum.  In other words, the issue trumps politics – and this issue is likely to get very big indeed – even bigger, that is.

Many of these privacy protection companies are based outside of the U.S.; thus they are not subject to U.S. privacy laws and subpoena powers.  However, the makers of these apps state that they will do “the right thing” if public safety is at risk.

That’s where things can get tricky:  How sincere/trustworthy will government requests for content be, and thus, how will these companies adjudicate the requests?  Therefore:  What exactly are you getting for your money?  Be sure to call and ask any of these apps providers, and do your own adjudication.

Harvey Boulter, Chairman of Seecrypt, said “This is an app to restore privacy rights for the average person.  We’re not here to empower terrorists, just to be very clear.  And so if a government comes to us, and says ‘we need help,’ you know, we will cooperate with them to the full extent that we can.”

Most of these app makers state that once a call is finished, all relevant data is destroyed.

Mathew Green, Johns Hopkins University Professor, weighed in on Fox News and said, “I think what a lot of people don’t realize is that the FBI and intelligence agencies have a lot of capability to hack into computer systems, and they can use that ability right now to eavesdrop on people even if they’re using encryption.”

Yeah – what he said.  How exactly are these apps providers going to know that their quality of encryption is enough to thwart government intrusion?

Some of the apps also offer services beyond encryption of phone calls, text and e-mail – into the realm of videoconferencing.  Review the claims for services, terms of services, and all user agreements very carefully.

For businesses:  If you’re building guarantees for clients based on the use of these apps, for purpose of making secure provisions to those clients, be very careful about promises, guarantees, and just how far you lean into these services.  Establish Service Level Agreements (SLAs) at both ends, and set terms for guarantees and damages where failures occur.  Large enterprises will have their attorneys and legal affairs departments as robust support; sole-proprietors and small-to-medium businesses will have to work this very, very carefully.

This burgeoning area of concern regarding communications, government activity, and privacy is bound to become an ever-larger issue… it’s not likely to go away, in my humble opinion.

NP:  Led Zeppelin, Live at the BBC; real nice hearing vintage Zep live, raw, organic – in the cozy confines of the BBC studios – an aural delight.  Everyone is in fine form here.

June 16, 2013  3:22 PM

An Aggravate of Agencies Advises: Banks, spec up your security NOW

David Scott David Scott Profile: David Scott

CyberBanks are being warned with greater frequency and urgency to bolster their cyber security against a growing threat from hackers, organized crime, hacktivist groups, and rogue states.

U.S. regulators are urging everyone from large institutions, such as JP Morgan and Bank of America, to the smallest of local banks to be ready for new scales of attack and hack.  And it’s not just the threat of stolen money, and impacts to balances.  Banks also harbor critical information:  Credit card numbers; social security numbers, account numbers, and of course names and addresses and other collateral information – all sorts of reinforcing info that makes for a comprehensive record of you and yours, and thus there exists a wide avenue for identity theft (as if a 0 or negative balance weren’t enough of a worry).

But the threat goes further still:  There’s a furtherance of worry about peril to the entire financial system – not just stolen money, or stolen customer identities – but the economy itself could be destabilized as a whole.

Just as we guard against attacks to our energy and other physical infrastructures, we need to do the same for our financial infrastructure – and the emphasis is being made by the Treasury Department, the Department of Homeland Security, the Federal Reserve, and others.  The Wall Street Journal says these agencies are “very worried” about the present state of readiness, and the threat of attack.

According to Michael Crittenden, Wall Street Journal reporter, the hacker threat is growing and this is recognized by regulators.  “This has been an ongoing process for some time.  Regulators want banks to focus on these issues…  These are big issues; they want top executives at banks of all sizes to focus on this, to make sure that they have the systems in place, and that the government itself is ready to deal with such a thing.  Both banks and the government need to work together to make sure we’re ready for any potential attacks.”

A massive cyber attack could wipe balances, throwing general commerce into disarray for… who knows how long?  Data can be restored under most circumstances – but if an attack succeeded in looping and wiping and corrupting… the nation could not stave off general chaos for long with an economy in limbo.

Of course, the economy and the related ability to conduct commerce (buying food, anyone?) touches all of us in our daily lives, whether we’re overtly thinking about it or not…

so let’s hope that a responsible forward edge (RFE) and allied solutions are being defined, developed, and deployed in these regards.

NP:  The Cure; Mixed Up

June 9, 2013  12:09 PM

Can You Hear Me Now? Gov’t. Surveillance and ‘Metadata’

David Scott David Scott Profile: David Scott

The NSA Campus at Ft. Meade MD_creditThere’s been quite a bit of churn in the news lately about government surveillance of the internet and phone calls.  The PRISM program seems to point to a massive government pry into private data by the National Security Agency and other government entities.

I’ve read the claims that “spying” includes eavesdropping on private phone conversations, and the opening of private data and communications on the internet.  However, according to the president, “No one is listening to the content of people’s phone calls.”  Rather, the official word seems to be that the U.S. government is collecting “metadata”… phone numbers, duration of calls, participants, and…  well, I’m not sure I caught it all, but other “attribute” type features of calls – not the actual content of the calls – at least according to the president, attorney general, and other government officials – as of the day I was catching this.  However, one should never make the mistake that metadata and content/data are mutually exclusive.  They are not.  More on that in a bit.

According to James Clapper, Director of National Intelligence, in a statement released June 6th, a court order is necessary to “query” data:

“The court only allows the data to be queried when there is a reasonable suspicion, based on specific facts, that the particular basis for the query is associated with a foreign terrorist organization.”

Being that the term “data” is used, vice “metadata,” in the statement above, the implication again seems to be that the content of calls is not being accessed, absent the strict necessity of a court order, as granted upon “reasonable suspicion” of terrorist activity.

In all of these regards, it might be wise to revisit a simple definition of “metadata.”  What does I.T. Wars have to say about it?  Well, metadata is simply data about data.  Simple enough.

Therefore, most IT and business folks – those who are near the stream of records management – know that a solid set of metadata almost always includes elements of content – in the form of high-value keywords for example (in augmenting a mere collection of record attributes).  After all, a database of record names, (call participants), positions on a clock (of call initiation), duration (of call), and other dry stuff like that is pretty meaningless.  How is anyone supposed to ascertain if a particular phone conversation, or content of something on the ‘net, is worth prying into from a terror/public safety perspective?  It cannot always be strictly based on the who of call participants, etc. …

What sort of content/data feeds a metadata template?  There’s certainly an algorithm paired with a data dictionary of buzzwords/phrases for stripping high-value keywords and phrases out of calls and internet content, adding them to the records set; so that human eyes can focus and dig where interest deems that necessary.  Bet.

The Wall Street Journal reports that collection activity and the scope of the surveillance is much wider than has previously been known.  The NSA has been collecting phone records from more than just Verizon, as originally understood, and includes at&t and Sprint/Nextel also.  The agency has also cataloged credit card transactions.  PRISM gives the NSA and FBI access to servers run by AOL, Apple, facebook, Google, Microsoft, skype, Yahoo!, YouTube, and paltalk.  [Update:  The Week reports:  Analysts at the National Security Agency can now secretly access real-time user data provided by as many as 50 American companies, ranging from credit rating agencies to internet service providers, two government officials familiar with the arrangements said.]

The Washington Post obtained a document that revealed that this allows the government to collect audio and video chats, photographs, e-mails, documents, and connection logs to track potential terrorists.

Jonathan Turley, of George Washington University, says that all of our communications are being fed into a massive data bank that the government has access to – and that it’s a major violation of privacy.

The thwart of terror, and apprehension of the progenitors of terror, will require methods that are frequently intrusive – particularly by past standards – but it is important for Americans, and particularly people at the technical/business points of privacy, to understand where this is all going.  Be positioned to speak within your respective organizations to staff regarding expectations of privacy (or lack thereof).  Further, IT and business leaders must be positioned to discuss their organization’s standing vis-à-vis government surveillance with outside clients and partners – even if only to surmise that standing by best guess.  Why?  Because questions are going to come – and you’d better occupy a reading on the scale above “Ignorant.”  Understand that we’re not talking about the routine oversight of Federal standards that apply to normal business contexts:  Oversight of physician office labs, for example, in certifying them as compliant with Federal standards – stuff like that.  Rather, we’re talking about the pry about, or into, records that has been wholly unanticipated until now.

What will you say to a client who asks, “Does your organization occupy any special new category of oversight by Federal authorities?  Does the data you harbor regarding our organization, as one of your clients, come under any sort of review or intrusion by virtue of our association with you?”  And… your answer is?…  Be aware that your answer(s) will involve your legal affairs office/legal representation.  Governance and leadership should begin getting some understandings and structures in place now.

Again, don’t make the mistake that metadata and content/data are mutually exclusive (irrespective as to how your org treats them).  They are notMetadata can be anything you deem it to be:  It can include critical content, and that’s important for privacy advocates, civil libertarians, business leaders, IT leaders, and indeed all Americans, to know as these discussions, reviews, and adjustments go forward.

Pay attention.    :^ )

NP:  Eddie Money, Life for the Taking.

June 6, 2013  1:52 PM

Secret E-mail Accounts: How many does your organization have?

David Scott David Scott Profile: David Scott

EnvelopeRecent high-profile news events regarding the e-mail activities of government employees provides some lessons and cautions for both the private and public sectors.

It was revealed that the Health and Human Services Secretary Kathleen Sebelius has several e-mail addresses besides her official one, at least one of which has been characterized as “secret.”  There are at present several other political appointees using secret e-mail accounts in their conduct of official business.  This is a practice that complicates any agency’s responsibilities and fulfillment of legal obligations upon public records requests and congressional inquiries.

I don’t know if Ms. Sebelius has a nefarious reason for multiple accounts, outside of her official government one, but I do harbor some sympathy:  she said she receives 27-28,000 e-mails to a public account, and 400 to the private account.  It seems reasonable to have a discretionary address for Government business and another for Public communication.

However, in another case, the EPA Administrator, Lisa Jackson, had an undisclosed account for official communications with an alias – “Richard Windsor” – thus discretionizing that account from Freedom of Information (FOI) survey.  That’s a problem.

It also begs the question for organizations:  What are your employees potentially doing outside the official sanction and channel of your organization’s e-mail system (with org data and org-specific communications)?

When speaking about a weave of business and technology, the weave doesn’t get much tighter than the conduct of daily business communications and e-mail.  There are other things that are just as tight, and even more timely (Tweets, chat windows, etc.), but e-mail’s capacity for both communication and transfer of large attachments (whether docs, presentations, videos, etc.), e-mail and business conduct go hand-in-hand.

Large enterprises are wise in having very lucid policies concerning use of e-mail.  First and foremost (if you have a fairly conventional and comprehensive policy) is the understanding that anything created, residing, and transported into and by your e-mail system is owned by the organization.  Thus, policy is that the organization can look at anything within the system at any time.  Human Resources can utilize, and disciplinary activity can be based upon, e-mails in the disposition of cases involving inappropriate behavior and communications, for example.

It is very important to make this part of your e-mail policy (which is part of your overall content and acceptable use policies), known to the organization:  New hires should be apprised during New Employee Orientation, and regular staff get reminded/updated during periodic refreshers, which can be annual, semi-annual, ad hoc, or any schedule the organization deems necessary.  A very important feature of comprehensive Content Management/Acceptable Use policies is that the organization’s information, data, business intelligence, is truly contained by the organization (hence “content”).  Now, this doesn’t mean it has to reside inside the four walls of a building, or various collateral buildings at whatever locations the organization inhabits; rather, this means the organization has some kind of system of management and reporting for electronic data, wherever it resides (same for hardcopy).

Increasingly, however, employees are creating gmail, Facebook, and other accounts at work, on work time, and with work resources (devices, systems, bandwidth, time).  These accounts are not only being used for personal “business,” there are cases where work-related correspondence and content is being shared through, and residing on, these personal means.

I’m aware of a very large, sophisticated, organization that discovered a romantic relationship between one of their employees, and an employee at a client.  The relationship blended romance, official company-client communications, share of content, and quite a bit of inappropriate gossip about colleagues.  This org is now conducting meetings and surveys to discover just how widespread a problem it may be, and is re-working all of their HR, business, and IT policies.

Beyond specific “secret” accounts for conducting business communications, there is of course the inappropriate exposure of all kinds of things to inappropriate forums, such as disclosure of corporate secrets to Facebook accounts and audiences, for example.  Once anything is put in any forum, it is harbored and dispersed as content – and is outside the control of the organization for dissemination, disposition and destruction.

Be absolutely certain you prohibit the concept of secret e-mail addresses, or if you prefer, “outside” or “alternate” e-mail addresses and the loosening of content to various forums – unless your organization sanctions it for some reason.  I can think of orgs that may want various personnel to have addresses that are specific to various outside domains for marketing purposes – but tightly control that, and document that use in policies.

But put everything into policy.

June 4, 2013  12:37 PM

You’re Being Hacked: Book ‘I.T. WARS’ Predictions Acknowledged

David Scott David Scott Profile: David Scott

asymmetric threat

The dogmas of the quiet past are inadequate to the stormy present.  The occasion is piled high with difficulty, and we must rise with the occasion.  As our case is new, so we must think anew and act anew.

–   Abraham Lincoln

I happened to catch an NBC story about Chinese hacking concerns:  They mentioned that a recent Washington Post report indicated that Chinese hackers had stolen information on more than two dozen U.S. weapons systems, to include the Patriot Missile system and the F35 Joint Strike fighter

After setting the background of hacks from nation states, the NBC report went on to note that in the emerging world of cyber warfare, it’s not just governments that pose large threats.  A Newsweek cover story “You’re Being Hacked,” quotes a ‘security analyst’ (in the NBC report’s words), who is quoted as saying:

“…a single individual is very capable of waging cyber war at a level we previously attributed only to intelligence agencies or crime syndicates.”

I.T. Wars made this point back in 2006, believe it or not.  What we’re talking about here is asymmetrical threat and force:  A single individual – vs. an entire country, for example.   Consider this extract and treatment from the book’s last chapter:


Terror Attack:  Today, possibilities of comprehensive national catastrophe (to any nation) are no longer in the realm of Science Fiction, or held in abeyance through MAD (Mutually Assured Destruction, as during the Cold War).  We face extremely large harm from asymmetrical sources:  Sources that are weaker than their opponents in conventional terms.  They can’t compete through strength in numbers:  neither by membership; number of conventional arms; or even in the numbers of their sympathizers.  Their goals can be anathema to the vast majority.

But these asymmetric forces’ business and objectives (that which they’ll do, in support of their desired outcomes, respectively) are as strong as they can possibly be.  In fact, their business trumps any concern for survival of any specific individual of their own.  And, their objectives include the stated destruction of whole societies.  We must realize too, that with these groups, an effective internal check-and-balance on unreasonable actions diminishes rapidly as the size of the considered group diminishes.

However, tremendous will – even infinite will – means nothing without some form of power.  Today, power is moving closer – closing a divide – with this tremendous will of the relative few.  Soon, if not now, weapons representing delivery of catastrophic harm will be available to the few – no matter how vile their agenda, no matter how onerous their task in procurement.  Our argument here is not the specific “who” – that is not necessary in setting the awareness.  For the present, we can emphasize a keen awareness that asymmetric attack forces are closing a divide: Until recently, the achievement of their objectives was denied because of the simple divide between their will to dispense widespread destruction, and their means to do it.

It is reasonable to assume that once closing a divide between will and means, a complete dedication to “business” will be paired with extraordinarily damaging “technology.”  One group or another will “pull the trigger” once closing this divide.

[Extract, I.T. WARS, Ch. 21 – What’s At Stake:  Lessons of the Business-Technology Weave, Copyright 2006 BookSurge Publishing]


Hacking, and cyber warfare, by individuals certainly represents power and weaponry in the hands of the few.

Now, pair that extract with some BTW articles from earlier this year:  Seek out the ones that discuss hacking for sport, whereby a single individual takes down a company, or a bank, or a government agency’s ability to conduct its mission – for sport… and bragging rights.  Also consider the Competitor Hack (CH), first defined and branded here at BTW, whereby a single individual, either rogue or with company sanction, decides to disable a competitor by hacking into their business systems and bringing them down.  More here.

Once again, I like to propose solutions, and can refer the reader to my treatment of Disaster Awareness, Preparedness, Recovery (DAPR) –  vs. standard Disaster Recovery (DR).

It’s interesting to note that the general mainstream press and consciousness is catching up to warnings, concepts, and (hopefully) solutions that I debuted years ago, and again I refer interested readers to the concept of DAPR – it is a defined discipline whose time has come.

NP:  Herbie Mann at the Village Gate, 1961.  Check it.

June 2, 2013  10:32 AM

Devices Distracting You at Work?

David Scott David Scott Profile: David Scott

Nap PodIt used to be just phone calls or co-workers dropping by to see if you wanted to go get coffee.  But today, there’s plenty to help you lose focus at work.  Heck, some orgs seem to be contributing, and are even providing napping places (and nap “pods”).  They claim it aids focus and productivity – I don’t know.

But lack of focus and effects of diminished concentration on productivity are a real problem, fueled by e-mails, Tweets, phone calls (both professional and personal; on company and personally-owned devices), IMs, social chats, and the predictable cubicle “drive-bys.”

According to NBC News, the average worker is interrupted once every 11 minutes.  (Heck, it’s not even worth investing in nap pods under those circumstances).  Further, NBC states:  “Once interrupted, researchers found that it took at least 25 minutes to get focused back on the original task.”

In examining that statement, it seems a person would never get back on the original task … you’d be 11 minutes into the necessary 25 for re-focus, and… ping!… or ring!…  you’re interrupted again.  Once resolving that interruption, you’re back at Square One – or in this case, Minute One, of the necessary 25 minutes for re-focus… 11 minutes later  etc. – so I’m a little skeptical about the 25 minutes for re-focus (I can usually get back in the groove in about 30 seconds).  But the interruptions can definitely be a nuisance – and a problem.

Interruption at work is not as dangerous as distractions during driving, such as text messaging, or even glancing at GPS, but they should still be managed.  Many companies are creating “phone-free” hours as much as possible – internally dialed, that is.  Many suggest hours whereby people stay out of e-mail too – for productive, heads-down, work.  If something is critical, then of course exception-type phone calls are most definitely made – or an in-person swing-by to an office or cube.

There’s also something else to be considered beyond the uninvited interruption, and that is the self-initiated, pro-active, interruption:  Idle surfing of the web, the social calls that any particular worker generates, thus interrupting themselves – whether by phonecall, IM chat agent, text message, and so forth.  These must be managed too.  Here, the self must provide some oversight, but the organization should make reminders and cautions in the monthly staff meetings; supervisors can remind during weekly meetings, etc.

What do you think?  Are interruptions a large problem where you work – either for you, your teams, or your sense of the organization’s general productivity?

I’d be interested in your thoughts.

NPThe Ramsey Lewis Trio in Chicago, as recorded live at The Blue Note, original LP.  Great cover; great session.

May 30, 2013  11:46 AM

Exercise Your Brand

David Scott David Scott Profile: David Scott

Exercise Your BrandYou’re different, you’re good at what you do, you’re branded, you have a profile “out there.”  Now what?

Wherever you are – in business for yourself, or at an organization somewhere – you have to help those around you to do better.  That may, or may not, involve helping them to brand themselves.

Sounds kind of selfish, but you may not want stellar team members looking too good in too many places (from a branding perspective) lest someone rip them off with a better offer – much as we like to see everyone get ahead.  On the other hand, you want clients and internal customers to know they have the best team going for them.  Strike a balance, but in all regards help those around you to make the best possible deliveries that they can.

In terms of exercising your differentiators and brand, become an active listener, and learn to make ever-better targeted deliveries.  Get the whole of the team actualizing in that way.  You can’t be a “brand” alone – you have people you work in concert with; you have people who work for you; you have people you work for (both in terms of direct supervision, and in terms of your internal and external customers, members, constituents, etc.

You have to help people to understand why they need your services, and why they need yours over all others’.  You have to be able to communicate to others what you can do to help them do their jobs better.

Be able to tie what you do – to what they want and need.  Be able to express regarding the successes you’ve had in the past, in order to convey how that relates to their goals and destinations.

As you begin to build and advertise your differentiators and brand, be wary of mixing the personal and professional:  You want a voice, but you want it to advance your career.  Unless you’re a political commentator, or a Better Business Bureau-type endeavor, don’t be espousing radical political views, or slamming competitors.  Stay on the positive, and promote your vision and abilities.  Advance your career by detailing and proving who and what you are.

Above all, be certain to be who you say you are.  Inspire others to follow suit.  Live up to your branding with every interaction you have.

Express yourself clearly; follow-through; deliver; follow-up.  You’ll be in demand.

NP:  Springsteen 3-LP boot boxset from ’78.

May 30, 2013  10:55 AM

Keep Differentiating Yourself

David Scott David Scott Profile: David Scott

Differentiate YourselfContinuing from yesterday:  Once you feel you’ve differentiated yourself, perhaps perfecting and advertising your brand, you really have no laurels on which to rest.  You must continually look for new opportunities to shine.  Here, I mean not only to shine in delivering excellence in terms of solutions, service, and engagements (with people, subordinates, superiors, departments, and other orgs), but you must shine in the forums and venues we spoke of yesterday.

Continue the march with the whitepapers, the blogging, and your quality content to Comments in forums.  Get known at tradeshows and seminars.  I was in NYC back in December for a CrowdFunding event.  I was rather surprised that the overwhelming number of people in the room sat silent, even when solicited for comments and questions.  You can bet I stood and spoke, and that folks knew I was an author and blogger.  This, in-turn, had people speaking to me during breaks – and naturally I knew who I wanted to seek out based on what certain other folks had said.

Google your name:  Hopefully something comes up.  A neat trick is to put something unique on your business card – besides your name.  “John Smith” won’t get a John Smith very far.  Nor is “David Scott” all that unique.  However, a bunch of my business cards floating around with that name, paired with “The Business-Technology Weave” provides for a nice handle when Googling.  You can do similar – and should.  Don’t rely on your organization’s business card:  You’re a free citizen, and can get your own cards to indicate your general standing in the business/IT world.

“Brand” your capabilities – on your resume, and in your online bio.  Reference that bio everywhere you participate online.  How do you brand your capabilities?  If you’re a software developer, mention how your brand of developing is particularly mindful of ROI, TCO, and TtV, for starters.  Weave in the unique treatments you bring to the efficiency of your development projects.

If you’re an IT Director, espouse your oversight of projects, and the unique oversights you bring to them; the specific methods you use to balance the project team in terms of members and other resources.  If you’re not doing something unique, then what and who are you?  Some cookie-cutter cut-out of a back-of-the-envelope IT Director?  NO!!!  Get imaginative here – you know yourself best, and hopefully – hopefully – you’re doing something well that is different and that you are proud of.  Otherwise, get your imagination in gear and here at least is awareness for necessary activity – everything starts with awareness.

Any jobholder, at any strata of the organization, can craft and exercise differentiators in service to three things:  Your brand; your org; and… yourself.

Next:  Living up to your brand – exercising and progressing your differentiators.

NP:  Nazareth:  Please Don’t Judas Me (from “Hair of the Dog”; original LP)

May 29, 2013  12:57 PM

Differentiate Yourself

David Scott David Scott Profile: David Scott

Differentiate YourselfI saw a segment on television that provided recent college graduates with advice on what NOT to do in an interview.

Some of the advice included not asking about vacation time; avoiding “blanking” when asked to provide key differentiators regarding yourself; failing to research any specific organization at which you’re interviewing, and some of their specific goals, customers, etc.

But for anyone, recent graduate or old saw, what SHOULD you do?

Consider developing a “professional brand” as part of an overall career strategy.  For example, I branded myself as the primary purveyor of “The Business-Technology Weave” – a business-IT methodology and culture with an accrual of reinforcing efficiencies in service to best ROI, lowered TCO, and efficient TtV – all of that in service to superior business outcomes.  [More on all that if you care to rattle my cage, or read my book].  I can look a client in the eye and say, “I close divides, direct purpose, and achieve results.”

I realize I’m blowing my own horn here, but doing these things has brought me a set of clients, and upon engagement with new clients, we’re half-way down the road by virtue of their understanding of me, and how I’m already primed to understand their general business concerns.

So… back to you:  What are you doing to differentiate yourself?  Get published.  Write a blog.  Write a book.  Can’t write a book?  Write a pamphlet.  Put it online.

Write a whitepaper.  Then another, and another.  Join, or better yet, create a group in a social network, publish these things and  lead some discussions.  Create content and get it out there in service to your brand.

Get something more going than a LinkedIn profile; connect with others in LinkedIn groups and forums – become known by contributing and helping people.  Create a blog, provide comment to others, explore Twitter chats and discussions (although I’m ignorant regarding Twitter – dunno why I’ve resisted).

We’ll continue with some other ideas tomorrow…

NP:  “Blue Monk,” Thelonious Monk,

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: