I wonder why more folks in the blogosphere aren't talking about why IAM is overhyped...



IAM is usually presented as an easy technology focused solution sold by vendors and large insulting firms, but in actual fact it is really about change management. IAM requires touching virtually all of the business and lots of stakeholder management, time and experience to make successful.

Maybe Nishant Kaushik, Pat Patterson and others would be willing to talk about what commonly sold benefits are overhyped? This is not to say that there are not benefits to be had, but that it is not nearly as easy to get as most sellers of this technology will lead you to believe...

If you want to get a clue about Web Services and XML security, consider attending the training class at OWASP which will be taught by Gunnar Peterson who is one of the smartest security professionals on the planet. Gunnar is unique in that he not only understands security, but can align it nicely with enterprise architecture considerations...

There is an untold story of many individuals within India who have lost their sense of work/life balance. Is America guilty of destroying relationships in India...



The youngest victim of outsourcing is the death of Aditya Mohan which is tragic. I suspect though that there are multiple tragic stories here. I suspect that the client in which Mohan was working for, stayed focus on their deadlines and didn't even pause for a minute to acknowledge the tragedy.

When I first entered IT, I was surrounded by compassionate individuals. Nowadays, compassion is no where to be found and has been replaced with process, maturity models and metrics. Pretty much every methodology in existence attempts to make humans more plug-compatible removing the human aspects of technology from the equation.

Sadly, Americans in IT have figured out a survival strategy where they manage the work of offshore workers while they not only outsource work, but also outsource lost of compassion for others, loss of humility and most importantly loss of life.

I am one human alone in the wilderness and unlike the masses, will stop and take time to acknowledge the loss of someone who was kind and made a difference to many...

Obama - "John, what would you do in the event of a cyber attack?"

McCain - "My friends... I did not have a computer for 5 1/2 years. I was not able to google my name to see how many hits I would get. I was getting hit, my friends."

Obama - "John, that's not the question. Do you have a plan for this potential security threat."

McCain - "Well you see, my friends. Senator Obama wants to bring up these topics that I know nothing about because he doesn't have a plan for Iraq but to lose a war to win an election and he wants to raise your taxes. I will chase down every threat and defeat it."

Obama - "How do you propose we defeat a virus or a trojan horse?"

McCain - "First of all... I know how to win wars and I know what to do with horses. I have horses at most of my homes and I have never had any problems with them. I have some Arabian horses and that experience, my friends, has taught me how to deal with Arabs when they get frisky. I even have some Budweiser horses - can't get more patriotic than that. and "B", I have just been to the Dr. for my weekly checkup and I am clean - no viruses my friends."

Obama - "You know what, I give up. I see how you managed to pick Sarah Palin for VP."

Pray, Fast and Be Charitable...

In my travels, I have never ran across an employment agreement that obliges employees to do overtime...



Even if you receive good overtime pay, surely there is no obligation. Why do so many folk say yes to overtime so freely and then talk as if they are doing it under protest. Is that what "mandatory overtime" is?

An interesting yet loosely correlated observation is that the folks that fall into this trap tend to be savage believers in ethics yet have no clue as to the ethics of overtime. Should I feel obliged to do overtime if I have the opportunity? Can I say NO to overtime without feeling guilty even if I only planned to watch Spongebob Squarepants re-runs that evening?

Do the answers to those questions change depending on how often overtime is cheduled? Do the answers change depending on how urgent overtime is? Do the answers depend on whether your boss grew up was once a developer and observes practices around strong technical leadership or does it change if your enterprise culture is shifting towards perception is reality?

Common describes beliefs or propositions that seem to most people to be prudent and of sound judgment without dependence upon esoteric knowledge. The trouble is there are extremely few beliefs or propositions that "most people" can agree upon...

Folks have noted that many practitioners of enterprise architecture come from a technical background and are suboptimal in terms of speaking in the language of the business. This trend has morphed into cliche phrases such as IT should align with the business. I think the mediocrity of enterprise architecture though is do to another challenge...



It is not enough to write blueprints, standards, and guidance for architects and designers. EA need to build living, self-documenting systems that provide real time metadata linked to financial and resource usage data that result in graphics that allow business manager to make decisions about the ongoing value of processes, technology, and infrastructure investments.

One general observation of IT as an entity is that within the last ten years, we have stopped figuring out better ways of writing software. Book authors no longer care to publish, book buyers no longer care to read and process is now more important than competence especially in an Indian outsourcing context.

So, we understand the pendulum effect. The question that needs answering is when will the swing back to having enterprise architects focus on what they are most competent in will occur...

Do business analysts understand the distinction...



In the past, I have blogged about the fact that while American developers can work with requirements, but Indian IT outsourcing developers need specifications, the subtle distinction between requirements and features hasn't been deeply discussed.

For the word overloading crowd, my distinction will be lost. Anyway, In deciding what to do next, what the first step is, one must consider requirements in order to implement desired features. A feature is more or less encapsulated in a general statement meant to define what a user might expect. A requirement is a more specific and concrete statement to define what a programmer must consider in the coding of and actualization of the desired features.

The real question is should business analysts separate these two notions?

Anyone else notice that technorati has a serious update lag? They need to increase capacity asap or otherwise become irrelevant. Hopefully, when they are purchased by Google next week, the performance will be fixed soon after...

As a member of OWASP, one of the premier user groups that is focused on making application security visible, I started to noodle what it would take for OWASP to provide awards to software vendors who have great products but also are even better at enabling community at both a global and local level.

If you had to establish an awards program, what would you outline as requirements?

I know of many public relations professionals but none who contribute their knowledge to charitable causes. I wonder what you would get if you combined open source with public relations?



I have realized that my futile attempts of encouraging industry analysts to provide deeper coverage on open source will go nowhere. The challenge is that analysts have substituted spoonfeeding for actual research where open source projects will almost always lose against their closed source counterparts.

So, instead of fighting the analyst game where the only way to get coverage is to reach deep into your pockets and pull out lots of lint, that open source projects instead consider the notion of open source public relations.

Open source projects shouldn't get in line to issue press releases but instead should always result in leveraging the answer that is most open. In analyzing other methods that were viral such as the 2,000 Bloggers project, why can't others within the community leverage the same tactic?

For example, OWASP has several thousand attendees throughout the planet. Imagine if a simple message went out asking all attendees to post one and only one blog entry that contains links to each other. Everyone who cares about Web Application Security and their blog ranks would rise immediately.

Popularity in the blogosphere is driven by links and we all know that hyperlinks subvert hierarchy. So why aren't you already linking to OWASP...

As I walked out the door this morning, I looked up and saw a 747 really, really, really low over my house with its landing gear down. It was interesting to see such a large plane flying so low and slow, it almost looked like a really big toy suspended in the air.



As I headed out the door to Home Depot to search for the most perfect Mugo Pine to add to my Bonsai collection, I glanced to my left and watched one car run into another. It wasn't too bad and I continued along.

As I turned into Home Depot, a Black SUV came barreling out of the lot and ran into a middle aged lady. The driver kept on going with his front fender literally swinging to the right. Other drivers had stopped to check on the lady and I decided to follow the vehicle. I noticed up the street not one but two police cars parked in front of the local strip club (Newington) and I decided to turn in. The police cars had tinted windows and I pulled up to the car and there were no officers in the vehicles. I drove around the lot hoping to find them but had no luck.

I drove back to Home Depot and checked on the lady and it took over five minutes for the police to show up (Berlin). They took the information and indicated that the guy was speeding away had just snatched a ladies purse in BJ's Wholesale Club. She was insured by AIG so I hope that the claims department there takes good care of her.

Anyway, I drove and finally parked and was walking to the garden section when some irate guy bumped into me while arguing with his wife in a very physical way. I gave him the look and he knew then that an apology wasn't optional.

On the way back, I passed the strip club and as I was driving by noticed that the two officers were now breaking up a fight between two women. All of this was before lunch.

Anyway, I did find the perfect tree...

Has anyone noticed that the largest IT employer on the planet almost never talks about web application security? There employees never blog about it, they never do seminars on this topic and their employees almost never attend user groups such as OWASP at a ratio of smaller organizations.

On the surface, one could simply say that IBM has a vast internal community but according to many IBM insiders when challenged to identify which IBM community takes on this topic, none have been able to provide an answer. Should the marketplace expect more leadership from IBM in this regard or are we content by having Microsoft and Oracle lead the way...

Shouldn't enterprise 2.0 have a stronger notion of community? Should it contain a way for enterprises to not only focus on business drivers but the greater good of society? Shouldn't enterprise 2.0 have methods for folks in one enterprise to collaborate with folks in another?

How do I link my work persona with my personal life? How do I let folks in other enterprises in my local area learn about an upcoming OWASP Chapter Meeting?

So many questions, not enough answers...

Here is my profile on Kiva. Consider getting your own...

Abbie Lundberg, editor in chief of CIO magazine wrote on this topic but left out some important insights...



How many CIOs do you know that attempt to treat IT as business as usual where every problem gets rephrased as a challenge that is immediately confronted by a thinly veiled chock-a-block eye candy Powerpoint presentation that lacks substance or becomes an opportunity to see buy a product on the magic quadrant to fill a niche when they should have instead focused on a longer term view by encouraging their existing vendors to do help them enable the strategic intent. Being a CIO requires more than handwaving.

Back up the school bus and bring in your favorite insulting firm to help you with strategy without realizing that this isn't just about them pulling something out of their knowledge management systems and charging you six figures to do search and replace with a little bit of ceremony piled on top. While this is a different circus, using the same clowns won't get you that far.

As a profession, we need to stop bullshitting as we are more reactive now than in any other time in history. There is nothing truly strategic that IT does. OK, I know that your incestual habit of word overloading is going to cloud your thinking, but stick with this thought for a moment and acknowledge that crisis is what gets most projects funded and being proactive rarely works. Let's skip the whole perception thing and look at reality by figuring out how long it takes for your enterprise to roll out upgrades to new products that will obviously provide more features that can be leveraged as the litmus test.

Nowadays, it is rare to see a CIO stay in the same position for more than five years. If everyone knows this dirty little secret, then can we really expect someone in that role to truly think strategic? I would wager that turnover within IT organizations only serves to benefit those who are turning over and in the long haul hurts the business. The mindset of show me the money now is more important than loyalty, stewardship or even fiscal responsibility. It is no longer about making business better, it is though all about what you can sell within a specific time horizon.

Let's throw the baby out with the bath water. Did your enterprise just get a new CIO? I bet he/she walked in the door thinking that whatever the last person did wasn't right and know that they were brought in to do things differently. So, doing things differently will most certainly address perception management but different doesn't mean better, it simply means different.

CIOs you have been wildly successful in outsourcing all the folks who otherwise would have sucked up to you and have been successful in reducing expenses by outsourcing to India. What's next? Oops, you have no clue as you may be a one-hit wonder.

Within my own network of enterprise architects, I rarely run across any of them that aspire to become a CIO no matter how well positioned they may be. The funny thing is that most enterprise architects have an understanding of cause and effect and therefore understand that doing things differently may not always be the right answer. Yes, change is needed within most IT shops but it is more than just rolling out a brand new shiny process. It is also more than just selling the notion of governance as most folks really don't want to step in it. Change has to be targeted at winning the hearts and minds of those within IT such that change is something that isn't sold but something folks truly want to do for themselves.

Which does your CIO care more about? The morale of the troops or the perceptions of their boss? Of course both are important, but which is more important? Leadership requires followership and you can't be simply appointed a leader. Leadership and management are not interchangeable words. For CIOs that haven't figured out this dirty little secret, maybe you have already noodled that the acronym for CIO may stand for Career Is Over...

Many folks are aware that Industry Analyst Brenda Michelson of Elemental Links was recently seeking to create a panel at an upcoming conference on SOA practitioners who also understand enterprise security considerations but fell short.

Sadly, in my own network I too fell short in finding folks who understood both. The funny thing is that both of us could find folks who understood both but worked for consulting firms but neither of us could find folks who understood both but were employed by large enterprises.

My general reaction to this is that is the start of a trend that could potentially be the anti-thesis to business/IT alignment. When a growing number of IT professionals are favoring contract work over permanent employment because of the better pay on offer, it says that no one that is qualified may be looking out for the best interests of the enterprise and the enterprise architecture may suffer.

Another take on this problem space says that HR isn't doing their job in that they don't allow for much flexibility in terms of compensation for salaried employed but can be very flexible since HR usually isn't involved with contractors that they are ultimately devaluing their own role.

Anyway, using consultants for your enterprise architecture initiatives is somewhat dangerous and if you are thinking long-term, then you should have HR policies that allow this to be accomplished. Maybe, we need to discuss IT/HR alignment?

While in Trinidad, I observed how many job opening signs there were in business. Many of them were politically incorrect according to US standards. One sign specifically asked for males while another asked for nice looking Indian females.

At some level, discrimination occurs in every culture whether it be race, religion, gender, sexual orientation, whether you are a process weenie or prefer lighter-weight approaches and so on. The conversation that has never occured in America is how is this best addressed.

Many within corporate environments have simply changed their terminology and may reject candidates for other stated reasons while much of the practice still is status quo.

I wonder if it is actually better for society if we were to not mislead folks into applying for positions that they cannot be possibly even considered for? While aspiring for growth and other positions is healthy, encouraging otherwise wasted efforts surely has an effect on productivity.

Besides, wouldn't it be more beneficial to humans to know that you didn't get hired because you look like Lurch from the Adams family than to get a generic response stating that you weren't the right fit?

I guess I have lots of opinion and no opinion on this topic at the same time. Anyway, it is fascinating to observe other cultures and think for a moment that at least in this regard, Trinidad is not following the worst practices of the United States and our approach to human resources. For the record, I am savage believer in equal opportunity, so don't get it twisted...

There are lots of articles in the media regarding the declining trend as to why young folks eschew IT as a profession. Many folks including myself attribute much of the dislike towards outsourcing but I suspect that this isn't the whole truth.

The funny thing is that I know more folk who have either retired early or left IT because of incompetent managers who pushed them over the edge with bureaucracy than I do who have left because they were displaced by their jobs being taken by Indian outsourcing firms.

Sadly, industry analyst firms such as Gartner and Forrester can't really survey their clients for this type of data to get at the root cause as it would be politically incorrect for even HR to capture this aspect as part of an exit interview. I wonder though if folks feel I am at least partially right?

A part of me believes that American's who lose jobs as part of outsourcing is punishment for us exercising our right to remain silent when it comes to the wrath we inflict upon other countries...



I speak infrequently about cultures I admire and figured I would take the opportunity to give praise to several nations and things that I like. Let's start with India. While the country is poor in financial terms, it is culturaly rich. Imagine a place where regardless of whether you are Hindu, Christian or Muslim, you can openly acknowledge your religion and others will respect it. Imagine a place where you can have your children watch Channel Zero on TV and not be worried that nudity, violence or other immorality will confront your four year old. Imagine a place where you can watch movies as a family and don't have to always worry about the rating of a movie or certain forms of gratitious sex.

Welcome to India and Trinidad. Two great nations who are becoming less of third world countries and more equal participants in a global economy. Yet, the question remains as to how these nations can grow and thrive without becoming a clone of America. As these two nations do more trade with the United States, they aren't just creating jobs but are also trading immorality with the US. As more countries interact with the United States, they also tend to pick up ideas of our criminal enterprise as they learn a lot by watching TV. Murder rates are increasing, teen pregnancy is increasing, divorce rates are increasing and the sanctity of marriage and a culture of values is being traded for a culture of the dollar.

During my honeymoon eleven years ago, I got to see wonderful movies such as Yes Boss. On my most recent visit, I learned that all the movie theaters that used to show Indian movies are now closed. Bollywood has been replaced by Hollywood. As a nation becomes more industrial, it also loses its underlying culture. Imagine being on a Caribbean island where fruits such as Mangoes, Oranges, Breadfruit and Banana's grow in abundance but you have absolutly no access to them. When it becomes easier to eat fast food such as KFC than it is to eat healthy, it hints that America has been successful in destroying another country.

I remember eleven years ago, when I wanted to call a relative, I used to call the payphone and someone would run and get them. Today, everyone has a cell phone that are in many ways better than what we have. While this is considered progress, sometimes you have to acknowledge at what expense this comes at. If you think American's have a problem with debt, then you haven't talked to the average Trinidadian. The economic model of extending credit in the era of Ronald Reagan and free spending has been applied in third world countries. Sadly, having an economy based on this model will surely collapse.

What is great is that my family has managed to profit from the exploitation of others. One family member is a manager for Coca-Cola and has increased the amount of soda consumption by kids several fold. Other relative is a manager for an appliance chain and has doubled store sales simply by talking about easy credit terms. Some will view my commentary as a success story in that they are doing well in providing for their families while others will see the morale implications of their actions. I wonder what side of the fence do you sit?

While English is the official language of the United States, Americans roll out the red carpet for those who only speak Spanish allowing folks with this mental disorder to remain ignorant...



Have you ever heard the phrase: when in Rome? I guess this applies to most demographics except for those who speak Spanish. While I tend to poke at Indian Outsourcing, I do have the utmost respect for folks from India. People of India make a strong effort to learn not just English but the American form of English. They also manage to keep their own culture but do not require others to adapt to it.

While on vacation in Trinidad, I had the opportunity to talk with my nephew (Hi Robby) who is a firefighter. The previous day, he and his team had rescued a family in a burning building. Depending on one's perspective, his bravery or stupidity caused him to run into a burning building to save a family who only spoke Spanish. While this type of thing is very common in the US, this is the first time he ran across this in Trinidad as folks traditionally from neighboring countries such as Venezuela have adapted.

For those who will get it twisted, my nephew's last name is Salazar so get busy reading into it. The government of Trinidad is now paying him to learn Spanish. While this is a logical reaction, is this really the right thing?

If Trinidad is to survive as a nation, it needs to not repeat the mistakes made by other nations such as the United States...