Tuesday, April 30, 2013

Wrong channel miscommunications

By now we are all familiar with the unfortunate person on Twitter who accidentally uses the company account when they meant to use their personal account to say something. To reduce the chance of this happening I always use a different browser for client work, that way you are clear in your mind on what you are working on.

Just one of those tips that makes online life easier.

Friday, April 26, 2013

Attention comment spammers

You can buy a sponsored link on Reddit for as little as $20. Or you could buy some paid search at your friendly neighborhood search engine. Or you could advertise on Twitter. There are many legitimate things you could do to drive traffic to your site. Unlike comment spam, these techniques would actually work.

Wednesday, April 24, 2013

New to me local tech blogs

GSA News Blog from the Government Development Center

Seville Government Consulting Blog

Small Government Contractors, Legal news and notes for small government contractors Published by Steven Koprince

Hattie's Hammer

Public Contracting Institute

GaggleAMP Blog

The Digital Influence Mapping Project with John Bell

Supply Chain Nation, The Supply Chain blog from JDA

The View from Landmark, Trends and issues in personal computing from Bud Stolker, a long-time PC consultant. The View from Landmark features tips and techniques to make time spent with your computer more productive and rewarding, commentary on new personal computer policies and trends, plain-English explanations of new hardware, software, and network designs and their relevance to you, and answers to common questions. There may be personal material interspersed if Bud believes it is of general interest.

Madwolf Technologies, a managed services company


CDW Solutions blog

Claraview Blog

Cranium Softworks

Dataprise – CEO Blog, Dataprise CEO David E Eisner's Personal Blog



Expert Choice


Media relations for technology companies

First of all social media is a subset of media. Certainly special considerations apply to social media, but it should be treated as an aspect to your overall media relations effort.

Start by identifying the reporters who cover your field. While it may sound counter intuitive, you should define your business as narrowly as possibly, at least for internal purposes. Your chances of placing a story will be greatly enhanced by sending it to the reporters who cover that precise beat.

Get familiar with the reporters before you send them a pitch. If you don't have time to do that and run your business, hire a professional. Getting familiar with reporters is easier than ever. Almost all technology reporters are on Twitter, follow them. Even if you are not inclined to Twitter, you should have an account for listening purposes.

If you are a small company, your chances of placing a story are more difficult that ever, With publishers cutting positions, the competition for remaining space is tougher than ever. On the other hand, you can just use a press release service to put your story out and at least it will be on the web to be picked up by search engines. You should also put it on your website, in html. For small news announcements, a blog post should suffice.

Blog posts should occur regularly, not necessarily often, but predictably. Refreshing content gives people a reason to return to your site. Again, if you don't have time to blog regularly, hire a professional.

Now the big question, to Facebook or not to Facebook, that is the question. At this time I would say not if you don't want to. For software companies Facebook is still optional. If you are selling directly to consumers, I encourage you to set up a Facebook page and regularly update its content. If you don't have time, or are not inclined, hire a professional.

Tuesday, April 23, 2013

NIEM 3.0 Public Review

The National Information Exchange Model (the data model used by law enforcement and first responders) has made NIEM 3.0 available for public review from today until May 6, 2013. NIEM is looking for both technical and non-technical comments. If you have an opinion about this now is the time to comment

Thursday, April 18, 2013

The limits of keyword libraries

George Hulme explains it brilliantly:

it's the holistic optimized way to a solutions approach to communication utilization
For paid search a proper keyword library is absolutely essential. However, using it for blogging and other online copy writing will produce the sort of copy that only a search engine bot could love..

Tuesday, April 16, 2013

Who is your audience?

Do you know the names of the reporters who cover your industry? If you are a flack you do; but if you are a business owner you might not. You might know who your favorite reporters are, but not everyone who covers your industry. You should know them (or hire someone who does know them). If those reporters are on Twitter, you need to follow them.

You should follow your customers, your competitors, your employees (not to check up on them, but to learn from them, have some faith in your hiring process), industry analysts, and anyone prominent in your industry. 

Social media is your virtual store front window. It gives prospects and reporters a chance to view your business in a very low pressure manner. It gives them a preview of what to expect.

Social media is the online version of the social hour before a business meeting. It is an occasion to exchange gossip and get to know people personally. In other words, social media is a chance to strengthen existing relationships and build new ones. That is why too much attention to SEO and search engines is so destructive. It diverts your attention from where it needs to be, on your human audience.

Blog around the Potomac

Jessica Robertson gives us the Federal Communicator's Toolbox for Personalization.

Ben Licciardi talks about the searches that are as much about  learning and problem-solving as they are about locating.

Gary Climo explains that with Big Data setups, the rule is collect the data first and worry about it later.

More of the local zeitgeist on Potomac Tech Twitter list.

Wednesday, April 10, 2013

Cyber Security Framework Workshop, April 3, 2013

The April 3 workshop was mobbed, the Department of Commerce auditorium was filled to capicity. I assumed that it would be thinly attended like the meetings of the Federal XML work group; but there must have been something like 500 people there. Clearly people are interested and are planning on following the process very closely. I hope that means that we will build a better standard that gains broad compliance.

This workshop was designed to gain industry's perspective. The first panel had Russell Schrader of VISA, Terry Rice of Merck, Michael Paypay of Northrop Grumman, and Reid Stephan of St. Lukes Health System.

Russell Schrader of VISA described the Executive Order as sensible, and was pleased with the request for private sector feedback. He also expressed the need for international cooperation, and that there is so much more to be done.

Schrader described security as being core to VISA's brand promise. He reminded that audience that VISA as one of the founding members of the Payment Card Industry Council, and suggested that PCI offers a template for cyber security coopoeration. He described the PCI system as scalable from the small merchant to the large.

Schrader described cyber security as a continuing process, that there is no box to be checked. He described VISA's approach as Prevent, Protect, and Respond, saying that, "we try to stop trouble before it begins."

Schrader called on NIST to build on what already exists and aim for global scalability. He was especially concerned that NIST not create contradictory procedures.

He stressed the need for information sharing, and that it was necessary to create a legal framework for law enforcement. (I assume that he meant over and above the work of NEIM.)

Michael Paypay, Chief Information Security Officer for Northrup Grumman, described his work as "where the rubber meets the road". He said that it was extremely important to Northrup protect the information that the government has entrusted to them.

Paypay described the defense industry as having a collaborative approach, going on to describe himself as "representing all my aerospace brothers." He said that cyber security not an area where aerospace competes, but rather they cooperate.

Paypay observed that there is no common lexicon of roles and responsibilities in cyber security. He also said that bench-marking against other people can be a problem. He described government "best practices" as very helpful, in particular NIST 800-53.

He said that it was important to identify what is appropriate for your business, going on to say that you cannot simply protect protect your perimeter; but that it was necessary to build a layered defense, and go through each layer in order to identify risk.

Reid Stephan said that it had been an eye opening experience to join health care industry, we are catching up to other industries. He said that the National Health ISAC looks to existing standards such as the 800-30 guide to risk assessment. He suggested that it was better to integrate existing standards and best practices rather than building something from scratch. Stephan pointed out that cyber security risk management had to be balanced with business risk management, going on to say a risk based approach rather the control based approach would be more practical.

Stephan lamented the lack of robust intra and inter industry collaboration, and that the framework needs to address this sort of collaboration. He went on to observe that the cyber security framework will will never be finished, but become a dynamic standard.

Terry Rice of Merck thanked Commerce and NIST for hosting the workshop. Rice pointed out that life sciences, including pharmaceuticals, has been identified as critical infrastructure. The pharmaceutical industry is already working with DHS to protect their information.

Rice reiterated the point others had made, that cyber security is not binary - as in one is not either secure or insecure. He lamented lack of metrics for risk assessments and said that NIST is in a good position to help with this. Rice said that in 2005 the pharmaceutical industry established a not for profit organization to establish digital standard standard for a bio-pharma digital signature. He said that security required authenticity, that is non-repudiable information. He described the NIST-800-63 guidelines as useful.

He reminded the audience that the DEA has established a standard for doctors' digital signature for controlled substances. Rice also spoke about the need for anonymity for persons searching for information about sensitive medical conditions.

Rice pointed out the need for skilled workers, lamenting that computer security is not a required for computer college students.

Rice echoed others call for an international approach, for example, how would the cyber security framework apply to a foreign owner of critical infrastructure?

He said that we have to include privacy as part of the framework. In this he underscored the Executive Order's inclusion of the federal government existing privacy guidelines.

At this point Patrick Gallagher opened it up for a general discussion asking, "How do we support adoption? How should the framework think about supporting adoption?

Michael Paypay said that everyone in the company has to be trained in security. He said that Northrup Grumman's spear phishes their own employees, providing remedial training for people who get it wrong. 

Both Stephan and Rice pointed out that good compliance does not equal security. It is necessary to make sure that people understand, and you have to tread carefully when dealing with doctors.

Schrader said that you have to make sure people understand the need for security procedures.

Gallagher asked Schrader how VISA persuades its service centers and merchants be compliant. Schrader replied that VISA merchants are looking for something to implement that makes sense for their situation. 

Panelists agreed that we need safe guards around data, whether in storage and transit.

Paypay observed that not all threats are the same. DDoS not affect business like Northrup Grumman as "we don't do business through the website."

Panelists agreed on the need to establish common vulnerabilities and not create new standards where there is an existing one.

Terry Rice talked about the need for metrics to measure and manage risk.

Gallagher asked the panelists how they talked about risk, and their bosses role in risk management, "how do you make cyber secuirty relavent to the C Suite? Schrader replied, "look at the daily paper, you can't run a company without knowing about these incidents, education not necessary at VISA."

Reid Stephan said that one "can't take a fear approach." It is necessary to have a consistent process to measure risk, and establish a relationship and seen as a partner, that gets you a "seat at the table."

Michael Paypay said that at Northrup-Grumman "we are lucky because our executives understand this. Also, our customers are highly educated about cyber security- they don't have a cut and dry practice for security."

Gallagher pointed out that in the US the government does not establish cyber security standards - "how can we exploit the fact that we work together?"

Schrader said that "you don't want to codify standards" because of the continuing changes in IT.

The next Cyber Security Framework Workshop will take place in Pittsburgh from May 29 through 31

Cyber Security Framework website

Grant Gross: US NIST: Industry should lead creation of cybersecurity framework

Brian Browdie: Cybersecurity Framework Demands Input from Industry, Official Says

J. Nicholas Hoover: No Bold Moves On U.S. Cybersecurity Framework

Jason Miller: NIST, industry begin journey to develop cyber framework

Molly Bernhart Walker: NIST sorting comments on cybersecurity framework

Monday, April 01, 2013

We provide solutions for our customers' culinary needs

So what is the business? Is it a pizza delivery service? A Chinese restaurant? Or is it a grocery store? It could be any of the above.

No Pizza place, Chinese restaurant, nor grocery store would describe itself in such a manner; but this is common in technology. Every other industry describes itself in clear terms with an eye to catching the eye of its prospective customers.

I don't know why technology marketers embrace such vague copy. I thought that SEO would change this. After all, if you are a Cloud Computing company, it is in your SEO interest to say so on your homepage. Your company has a better chance of floating to the top of search results if you describe your services in the clearest possible terms. But for whatever reason, technology continues to embrace the sales killing rhetoric of IT market speak.