Thursday, January 31, 2008


Links for 2008-01-31

  • Telecommuting at AT&T
    You would figure that a telephone company would be the first to appreciate the costs savings around telecommuting. a company that once was a poster child for telecommuting, is downsizing its long-running telework program and requiring thousands of employees who work from their homes and other virtual offices to return to traditional AT&T office environments. Doesn't this feel bass ackwards?

  • Open Source in India
    The Indian Institute of Science in Banglore is holding one of the world's largest open source events on the planet. Hopefully bloggers from Wipro, Infosys, HP and Oracle will be blogging that day. I sure wish I could attend.

  • Facebook employees know what profiles you look at
    They also see which profiles a user has viewed -- a major privacy violation. If you've been obsessed with a workmate or classmate, Facebook employees know. If Barack Obama's intern has been using the campaign account to troll for hotties, Facebook employees know. Within the company, it's considered a job perk, and employees check this data for fun.

  • The Enterprise Architect, a Leader in Enterprise Transformation
    The leader will have a vision, an ideal that inspires people and determines them to follow. He would be finding solutions where few can. A leader does the "right things" some say, but also should do the "things right", a good manager/administrator does.

  • Ruby on Rails
    Check out this code listing where the first statement is: require 'java'...

  • Using Technology to fight poverty
    I haven't had much interaction with practitioners of Enterprise Architecture in the non-profit world but look forward to having conversations in the future.

  • What did Oracle ever do for open source?
    Here is a great article by Matthew Aslett regarding some of the cool technologies Oracle has contributed. Oracle, could you please do a better job of promoting your contributions? I wonder if Matt or Raven Zachary have any insights into open source contributions by CA and BMC?

  • Oracle Open World
    The thought process of folks in the ECM domain is fascinating, especially when it comes to how ECM should converge with enterprise security concerns. At some level, many vendors in this space can get away with a lot in that most folks in this domain don't come from a software development background. If you aren't familar with Bex Huff, you need to read his blog as he never gets offended and genuinely wants to help others gain valuable insight. Everytime I jab him, I get jabbed back and learn something I didn't know before. Bex Huff is good people.

  • | | View blog reactions

    Wednesday, January 30, 2008


    Latest Thoughts on Hiring Top Talent...

    One thing I have found interesting is how employers can't find talented people and talented people cannot find employers. I have seen many examples of top notch people with rare specialties of applied for jobs at companies asking for those specialties yet they cannot even get an acknowledgment that there resume has been received.

    Maybe some discussion is in order regarding the overusage of automation in the recruiting process. Have you visited jobs sites such as Monster lately? Notice how companies go out of their way to not provide information on real humans that are doing the hiring? A strategy where companies expect candidates to send their resumes into a blackhole is comical.

    I think we all know where the biggest problem with employers not being able to find people. However, it has been that way for decades yet employers do nothing about it...

    | | View blog reactions



    I've been BlogTagged by Billy Cripe of Oracle to write eight things that you may not know about me and then to tag eight others to do the same. It started here.

    Here we go:


    1. met my wife in Kentucky Fried Chicken. I ordered a two-piece and she was eating a drumstick and fries.

    2. prefer food that is either Kosher and/or Halal and definitely organic.

    3. was first suspended in sixth grade for chasing down a kid who threw a ball at me (Hi Eric)

    4. am a member of the NRA. My weapon of choice is an EEA Witness 45 loaded with Federal Hydrashoks. My wife has a Colt 38 Detectives Model loaded with Black Rhinos.

    5. have one of the most diverse families on the planet that comprises white, black, hispanic, Chinese, Indian, Native American. Likewise, in my family we have Christianity, Judaism, Islam and Hinduism represented. At family reunions I offend all members equally.

    6. am the son of a model. My Dad in his early days used to model spacesuits. One of the suits he modeled was worn by astronauts on the moon.

    7. live in a digital world yet I still remain analog. I don't own an iPod, Blackberry or even cell phone. I still listen to vinyl on my Technics turntable at home and have a cassette deck in my Ford Explorer. I don't have cable TV nor satellite. The only channel we watch is PBS.

    8. am religious and believe that regardless of your belief in Judaism, Christianity or Islam that there is just but One God to whom all praise is due. For those who don't align to these faiths, if I ran for president, I would make it law that those folks should receive the gasface by those in their presence...

    I now BlogTAG: Sameer Tyagi, John Newton, Nick Malik, Taran Rampersad, Alex Fletcher, Bob Blakely, Pat Patterson and Gunnar Peterson...

    | | View blog reactions


    Links for 2008-01-30

  • The war for talent is over...
    I wonder if any HR folks actually read blogs?

  • Outsourcing - no so hot
    Good to see a balanced perspective. This blogger doesn't seem to be afraid to admit that he is Christian which is refreshing.

  • Documentum vs Open Source
    The question was asked whether open source provide the same level of service and support as Documentum which the answer should be No! Have you ever noticed how Documentum folks are forced to support themselves? Ever notice Documentum employees such as Craig Randall deeply participating in the solutions and challenges that customer bloggers face?

  • The advantage of being non-Agile
    I really get annoyed when project managers don't understand that the definition of light vs heavy doesn't matter and it is more about choosing the lightest way possible...

  • | | View blog reactions

    Tuesday, January 29, 2008


    Why your employer sucks at finding top talent!

    I was in Home Depot looking for a 4" PVC Grommet when I ran across a developer who works for a local company. He gave me verbal feedback on my blog entry on Does your enterprise suck at finding top talent? and suggested that there is a quiet desperation within his own shop since much of his management is from Accenture. I figured I would share some of his thoughts that he shared with me...

    While is comment was related to Accenture, I believe the actual firm doesn't matter as the pattern is oft-repeated by global firms where you could substitute any other and still come out with the same answer.

    Anyway, he asked, did your boss come up through the ranks or did he have a shiny MBA from some prestigious school? The former obviously is empowered in that others may desire to work for him/her over the person with credentials but no experience.

    Let's say you are at the top of your game and you go looking for new work opportunities for a multitude of factors (such as getting a boss you aspire to become like, the elusive work/life balance, avoidance of outsourcing and so on). Most of the top talent is not unearthed nor usually given the right opportunities to shine. The reason being in his opinion, is that leadershipmanagement seldom are "top talent" themselves.

    Usually they have worked their way to a level of incompetence. Sales people for instance shine when they bring in the new clients, hit targets, etc. They then yearn for the management job, most sales people do not make good managers, yet this form of talent yearns for a management position, so they move on, or get promoted to a level of incompetence. All loose out.

    Becoming a partner is primarily a sales function, yet many IT executives who have worked for large insultancies have this background. The funny thing is in order to survive, one must surround themselves with others from the same background in that the masses will find your message and approach confusing. You counter the conspiracy by filling the corridor with chock-a-block eye candy that lacks any substance and prefer the pitch of the dog and pony show. As the troops morale slides into eternal decay, you wonder why you are a lost soul wandering around alone in the wilderness.

    One figures out that alignment is a secret codeword for less do more selling. If an IT executive doesn't really know the business and doesn't even know technology, do we really believe the business is going to be happy with IT? I have been known to say from time to time that freedom is a road seldom traveled by the multitude and it is the job of modern IT executives to make sure things stay this way...

    | | View blog reactions

    Monday, January 28, 2008


    A Biblical perspective on IT Outsourcing...

    Some belief that there should be a strong separation between business and religion while others acknowledge that God should be part of every day life and should guide one's judgment...

    There is but One God!

    Regardless if you are a practitioner of Christianity, Judaism or Islam, it can be acknowledged that God is absent from the modern workplace. Many folks don't consider what they ought and some view business and religion as separate. So my answer here won't give you an answer of what folks actually do when they consider this question, but my layman's sense of what they'd need to consider Biblically in determining what to do.

    The parable of the Good Samaritan comes to mind (Luke 10:25): who is my neighbor here, that I should be concerned with helping him? In a global sense, the worker in a country whose labor rates are such that they entice us to outsource can be considered my neighbor. His rates are lower because his opportunities are fewer and outsourcing to provide him an opportunity is a good thing. However, if the effect were to cost my neighbor down the street his livelihood, though, outsourcing would be a bad thing. Deuteronomy 24:6 tells us not to take someone's millstone/means of working as security if it impacts their livelihood So, you'd have to look at whether you were truly taking away someone's livelihood: if so, you don't outsource without replacing the livelihood you'd otherwise take away...

    Pray, Fast and be Charitable...

    | | View blog reactions

    Sunday, January 27, 2008


    Links for 2007-01-27

  • A common weakness in OpenLDAP
    It is interesting to see how a thread on how identity provisioning tools and their lack of true interoperability with Active Directory gets twisted into a discussion on the merits of OpenLDAP. What is interesting is that the comparison is solely technical and doesn't provide any rationale related to how much it would cost to maintain OpenLDAP vs ADAM. You will also notice mention of one and only one Fortune enterprise that uses it as their primary directory service. Of course, the mentioned company is in the consulting business so this isn't surprising. Maybe the mention of a bank or retailer in the Fortune ranks is in order. I suspect the economics nor the customer base simply aren't their...

  • Central identity management is a high priority, whilst biometrics is not
    One aspect of using biometrics that is rarely mentioned is that it could leak medical information. For example, a scan of one's fingerprint may show that James Robertson has several genetic defects he doesn't want others to know about. Likewise, a retinal scan may show that Robert McIlree did inhale explaining the reason for love of heavyweight processes. Turning your identity management architecture into something that could put you out of compliance with HIPAA needs to be carefully thought about. I suspect though that if it is written in SmallTalk and has lots of ceremonial heavyweight process then James and Robert won't mind.

  • OpenGroup EA Conference
    Hopefully folks will check out Mike Walker's presentation and share their thoughts afterwards in the blogosphere.

  • Donate rice and test your vocabulary
    Good to see that others are making a difference to end poverty.

  • Authorization failed in DFS-based service
    This posting is intriguing and explains creating a service in Documentum. One should ask themselves whether a consumer of a service should be receiving Java exceptions. The principle that a service consumer shouldn't know what language a service provider is written in is violated. Likewise, the notion of authorizing the consumer being a battle is equally intriguing. I would think there is a way to tell the service provider which service consumers are allowed to invoke it? I assume that Craig Randall will be fixing this in the next release?

  • | | View blog reactions


    Does your enterprise suck at finding top talent?

    Figured some fresh perspectives are in order...

    Generally speaking, top talent avoids enterprises who outsource like the plague. It may be the fact that there is a strong correlation between top talent and patriotism and watching jobs that belong in the hands of Americans moving offshore simply doesn't feel right to them. Even if top talent has no ethical/moral struggle with outsourcing, they do understand that part of finding a great employer is the ability to also have conversations with smart peers in which outsourcing removes the ability to have deep conversations.

    Likewise, top talent never applies for a job; they're so good they get the jobs they want through their friends and references. You'll never have access to these people unless you happen to be a personal friend to one of them. Do your IT executives spend time on recruiting or do they think this is the sole responsibility of the HR department? When was the last time you had the opportunity to network with enterprise architects? Do enterprise architects feel compelled to solve this problem? After all, many of them believe in people, then process, then tools - in that order. Are they willing to live up to what they speak?

    The next generation of top talent, is still in school and they have yet to realize they're that good. It's possible to hire these guys if you find them before anyone else does, and this can be done by offering students "awesome" internships. I bet your enterprise doesn't have the ability to bring in folks out of college and pair them up with an experienced enterprise architect who can show them the ropes. Does the IT leadershipmanagement acknowledge that if you can't find top talent today, you can at least make effort to start building them for tomorrow? Most of the interns you'll recruit probably won't be top talent, but the ones that are, will be well worth the investment.

    It is funny that the process-oriented IT executive who struggles to figure out how to find top talent won't look in obvious places. If you want to find competent security professionals, have you ever thought about attending a local OWASP chapter meeting? If you are looking for talented J2EE developers, have you ever considered lurking where folks who participate in the creation of open source hang out?

    Now for the most obvious way to find top talent is to stop torquing current talent! When businesses stop caring about the employee, what will they naturally do? What do you folks think? Isn't it expensive to find, shuffle and retrain employees that don't care about the mission? It makes sense for an individual candidate to pick a company where they enjoy the position and intend to stay there. Businesses would be best to find top people and work to keep them there by giving appreciation, raises, perks, promotions, etc. Carrot and stick, the old-fashioned way. There's no secret to sound management policy...

    | | View blog reactions

    Saturday, January 26, 2008


    Are you an Architect employed by an Insurance Carrier?

    In 2007, I attempted to establish the One Hundred Enterprise Architects Meme that was only partially successful. I have found that out of my network, I know lots of folks in other verticals but very few in my own and hence figured my 2008 goal would be to connect to others within the insurance vertical.

    If you happen to be an Architect or any flavor IT executive that is employed by an insurance carrier, I would love for you to connect to me via LinkedIn. You may send the invite to: linkedin at jamesmcgovern dot com.

    | | View blog reactions

    Friday, January 25, 2008


    The root cause of weak Enterprise Security

    My significant other and I had a conversation last night on why many large enterprises with talented IT security professionals continue to lose their customers data. In my belief, the blame doesn't belong in IT but does belong in the human resources department...

    As an agilist, I am a firm believer in people, then process, then tools; in that order. If we look at the people problem, one can chalk it up to buffoonery as that it what I did when both the State of Connecticut and the folks at the Department of Veteran's affairs lost my data but that doesn't tell the whole truth.

    Consider the modern day enterprise where the folks running the asylum didn't truly come up thru its ranks. In the same way we probably wouldn't want our local police chief to not know how to arrest a criminal and simply defer the decision downward to others, we do think that this behavior is OK for our IT executives. Human resources has allowed folks who are really good at perception management to run IT but otherwise aren't competent enough to understand bad security practices even if they were written on a billboard blasted in front of their face. Should you as a customer have to rely on the ability of someone in the know to sell the problem spaces and distill it down to a couple of PowerPoint bullets or would you rather have someone in charge that intuitively understands?

    This may come as a surprise, but on September 10th, 2001 the notion of secure airplane doors actually existed and there were sales folks making calls on that day. Did you know that some airlines had purchased them intuitively while others such as American didn't. Do you believe that the executives at Israeli airlines as one of its buyers had competencies in place while American only had perception management and bean counters who didn't understand the value proposition?

    While it is amusing to attack executives, it is more important to understand what occurs in the trenches. Imagine a scenario where four college students graduate from a prominent university and all decide they want to become IT professionals. The first student says that he wants to work as a server administrator. He hits the books and learns Windows, Solaris or whatever operating system in use and becomes productive. He decides after the first six months that he has a handle of his job and doesn't need to learn anything else until the next product upgrade several years from now.

    The second student observes the behavior of the first student and realizes that while time spent learning was temporary, it was time consuming and difficult. In order to avoid the pain himself, he decides to become a project manager. He knows that resources such as PMBok exist and that his shop has an interest in becoming CMMi certified but realizes that even if he doesn't pay attention, someone else sooner or later will reduce everything he needs to know down to a checklist that he can simply follow. Even if this doesn't happen, he can ignore any notion of practice and simply rely on intuition.

    The third student realizes that he is pretty good at office tools and has mastered the usage of Powerpoint. He realizes that he doesn't even have to make the effort to understand the details of any problem space and simply realizes that if he leverages the executive approved Powerpoint template, he can come up with much of his information by simply reading Gartner reports. He gets really good at using buzzwords such as alignment, best practices and innovation and incorporates into every presentation. He is a believer in reuse, but only when it comes to Powerpoint decks and not SOA services or even code.

    The forth student decides he wants to become a IT security professional. He realizes that he first needs to understand technology and may learn the same thing as student one but to become really competent, he may also spend additional time learning software development. Now that he has multiple competencies, he realizes that it is not good enough just to know how something works, but also needs to figure out in dynamic situations how things may break, he spends even more time. He attempts to help others write high-quality valuable working software but is met with resistance at every turn.

    Ask yourself, in a modern enterprise which role has the most likely chance of becoming CIO? Ask yourself as a consumer, which one would you want to be in charge? Ask yourself why you think the two answers are different and more importantly should they be? Do you believe that the folks in these roles should all be compensated the same? I bet you will start to conclude on your own that there are multiple undiscussed deficiencies in the way human resources work in large enterprises...

    | | View blog reactions

    Thursday, January 24, 2008


    Enterprise Architecture: So, what will be my next position?

    Over the last couple of days, folks have asked me why I continue to do my same position and haven't changed employers. I figured I would answer this question publicly...

    Usually when one changes employers, they hope to make some aspect of what they don't like go away. This change almost always results in higher compensation which is further stimulus to make things happen. For me, while I understand that pretty much every single one of my industry peers is compensated more than me, I am not savage in pursuit of more money.

    The one thing I miss from my consulting days was the opportunity to interact with different people every single day. As an enterprise architect, one gets pretty good at selling. The problem though is that you sell to the same people every single day. Whatever I am pitching today, will change tomorrow but the target of the pitch remains the same. The only solution to this problem would be to figure out the equivalent position for a large software company such as Microsoft or Oracle where I can not only pitch different problem spaces but also pitch to different people.

    Some have asked why I have returned to consulting. After all, the billing rates would literally let me earn more than double of what I currently make as a salary. The funny thing is that I enjoyed consulting but really hate travellingcommuting. You may notice that some folks use the word travel and commute interchangeably but I choose not to. If you asked me to fly from Hartford to Dallas next week and then to Denver the following, I would consider this traveling and not have any issues with it. However, if you asked me to fly to Chicago every week for a six month assignment, I would consider this commuting and would immediately run in the opposite direction.

    So, the characteristics of my next position need to have lots of variety. I always figured that one of the better opportunities for me would be to be the leader of the security practice for a consulting firm such as Cognizant, Accenture or Wipro where I run the entire security practice for the Americas and the regional partners/chief architects report up to me.

    There are times where becoming an industry analyst is appealing. The ability to have hundreds of distinct conversations with folks who work for hundreds of enterprises is fascinating. I also like the idea that many industry analysts work from home. On a side note, isn't it kinda interesting that most enterprises can outsource to countries thousands of miles away let don't have good programs for allowing their own employees to work from home more often.

    I suspect that one characteristic of the ideal position is that I need to be recruited instead of just applying. The notion of a hiring manager tracking me down is very compelling. If you want me, I want you. I guess applying means that I have to sell my value proposition where recruiting means that you have already figured it out...

    | | View blog reactions

    Wednesday, January 23, 2008


    The untold conversation around user-centric identity and federations...

    Today, I will share perspectives on why enterprises aren't rapidly embracing user-centric approaches...

    Many folks know that I am an advocate of both CardSpace and OpenID and would like to see them successfully used in B2B scenarios as I am tired of all of the conversations around consumerish approaches. There are several realities one must acknowledge to make the user-centric ecosystem larger that haven't yet been discussed.

    So, let's say that I would like to take the lead in figuring out ways for insurance agents who can do business with any insurance carrier to have a way to not have to remember all of the expiry, complexity and history requirements each and every insurance carriers forces on outsiders and believe that Cardspace is a potential solution. I have identified that there are at least 200 other insurance carriers that would make great partners for figuring this out, yet I don't have any contacts in these firms to get the conversation started.

    It would be somewhat logical for me to ping Ashish Jain and Patrick Harding of PingIdentity, Pat Patterson of Sun, Kim Cameron and Mike Jones of Microsoft, Nishant Kaushik of Oracle and so on in hopes of them being able to wire me up to the appropriate peers. The problem then becomes one of motivation and/or impediment depending on one's perspective. Minimally, software vendors are in the conversation in order to make a sale while in a federation approach, this can't happen until multiple players at least are introduced to each other and have a conversation first.

    Some vendors will pull out their bag of tricks, the notion of not disclosing who their customers are, so even if we could make this happen from a technical perspective, we could figure out the relationship aspects which is more important. Even if I could bring along Microsoft, Oracle, Ping, Sun and other participants to the table, the conversation would still devolve into technical comparisons that I would be forced to moderate while ignoring the business challenge of federation.

    So, exactly how do vendors expect the notion of community formation to occur? Maybe one of them will talk about it. The funny thing is that they are of the belief that they don't have to play a part in making this happen and can merely sit back and wait for us customers who aren't connected to each other to magically figure it out. If these companies are venture funded, I hope their funding gets cut.

    Someone will sooner or later ask why about industry vertical consortiums such as ACORD and why they can't be leveraged without acknowledging that consortium activities are distortions of how things work in the real world. For example, a specification for how to handle web services security was being proposed. Do you think anyone from IT in any carrier participated or did we rely on some software vendor who wanted to sell something to do all the work in terms of creation of comprehensive documentation while not a single carrier actually had a conversation around it with each other?

    Do you think that folks in the enterprise that work for AIG that participate on ACORD actually talk to their security folks? If vendors who want to make OpenID or CardSpace successful, they need to assist large enterprises in the act of community formation and not think about everything being a sales lead upfront. You have to create the marketplace before you start marketing...

    | | View blog reactions

    Tuesday, January 22, 2008


    A Common Weakness in all Identity Management Products

    I bet you didn't know that pretty much all identity management products suffer from one big design flaw related to integration with Active Directory...

    Consider for a moment, how many Fortune enterprises have Active Directory in a production environment. Out of the Fortune 500, Sun is the only hold out. You would think that if Active Directory were so pervasively implemented that software vendors would want to deeply integrate with it, but nothing could be further from the truth.

    There are several directory services products available in the marketplace including Active Directory Application Mode (ADAM), Sun One Directory Server, OpenLDAP, and Oracle OID. Do you think that the identity management products from Sun, BMC and Oracle support all of them? Do you think that bloggers from these companies will share their roadmaps or will hide deficiencies?

    Within the Active Directory product family there is an intriguing product called ADAM which provides high quality but cheap directory services capabilities within an enterprise setting. An enterprise deploying this product can setup multiple instances of directory services to be used within an application specific context while keeping the security aspects centralized.

    One specific feature that every security person would want to take advantage of is the notion of bind redirection. The idea behind this says that you can connect to an instance of ADAM and perform normal LDAP queries but when it comes to authentication, you are in essence redirected to a domain controller.

    The usage scenario says that attributes such as my preferences for food at the company picnic would be stored in ADAM while my password would be stored in AD. In today's tools, there is no good way of specifying interoperability with any of the identity management tools. Hopefully, the likes of Pat Patterson, Jeff Bohren, Nishant Kaushik, Gerry Gebel, Jackson Shaw and Bob Blakely will start having a public conversation on how to gain interoperability in the world of identity management.

    On a side note, I was reading the blog of Laurence Hart who is absolutely brilliant when it comes to ECM and a previous entry he wrote on LDAP synchronization. Bet you didn't know that the product he referenced can't also synchronize with ADAM...

    | | View blog reactions

    Monday, January 21, 2008


    Are folks who are left-handed smarter?

    I strongly believe there is a connection between left-handedness and the capability of logical thinking...

    Minimally left-handers are more capable of adaption than right-handers. In the old days, they have to learn to use right-handed things in a right-handed world. They used to be downright persecuted. They would be beaten at school for trying to write with a pen in the left hand. Today, I bet if folks in corporate America were to actually track statistics, you would also find that the best architectures are realized by folks who are left handed.

    Did you know that a left-hander has never started a war, nor outsourced jobs to India? Did you also know that left-handed folks tend to have higher IQ's and make for better bloggers?

    | | View blog reactions

    Sunday, January 20, 2008


    Enterprise Architecture and the communications problem...

    Have you ever heard an IT executive discuss how the enterprise has a problem communicating. Here is my latest perspective on this topic...

    Gaining consensus, buy-in or whatever phrase you happen to prefer is important. Minimally, it is vital that everyone knows everything they need to or at least how to find it out. The thing that most folks forget is that communication has a cost. The cost of communication is at least linear to the number of people who need to receive it.

    James Tarbell and I frequently acknowledge that a simple conversation in the hallway may end up having to be put on slides to be presented to IT executives and therefore enterprise architects should carefully choose what to communicate and to whom.

    What is the lost ROI when folks always CC an executive on project communications? Does the entire world need to be invited to participate in every decision?

    | | View blog reactions

    Saturday, January 19, 2008


    Links for 2008-01-19

  • He knows nothing - Nicolas Carr is back
    I can't figure out why he gets so much attention.

  • It's not the code, stupid
    Programming is not about programming. Many CIOs need to untwist their perspectives.

  • Why you need more than one software vendor
    Diversification is always a good strategy. Sadly though, CIO magazine didn't mention open source as one method to achieve this goal.

  • | | View blog reactions

    Friday, January 18, 2008


    Links for 2008-01-18

  • Ruby, Rails and Risk
    Kinda interesting that the Ruby on Rails community hasn't yet embraced secure coding practices and think more like Microsoft in the early days by focusing solely on features.

  • Business Analysts Body of Knowledge
    Everyone has a body of knowledge nowadays except for Enterprise Architects and CIOs. I wonder if the problem is that this demographic doesn't actually have anything to document?

  • Cures for complexity lacking
    Good to see that folks understand that good governance doesn't actually reduce complexity.

  • The importance of reference architecture
    Reference architectures are crucial tools that allow organisations to reduce the cost and time to implement technology solutions. In typical software projects a large amount of time is spent exploring technology options and assessing the appropriateness of solutions. This is where reference architecture provides the most value.

  • The role of patterns in Enterprise Architecture
    Governance is important but reusable patterns are more important.

  • Agility as a hiring strategy
    An agile organization is different. An employee who flourishes in an agile organization is different. The techniques for finding and retaining agile employees are different...

  • | | View blog reactions

    Thursday, January 17, 2008


    Enterprise Architecture: Why Do People Make So Many Mistakes?

    Have you listened to IT executives speak mindless dribble regarding the adoption of popular industry strategies and have walked away not having neither a clue as to what they actually said nor even any understanding of the problem space they are attempting to solve...

    Do you think us enterprise architect types always understand the whims and desires of IT executives? Please have sympathy on us as we are caught in the middle of two polar opposites. If you consider for a moment that phrases such as military intelligence is an oxymoron, then what would you also understand that at times, the phrase enterprise architecture also shares much of the same characteristics.

    Consider that folks make horrific, CMMI certified repeatable mistakes for at least one of the following reasons:

  • Incomplete knowledge:We often make decisions on subjects where we don't know all the relevant facts

  • Poor communication:People don't always share all necessary knowledge with decision makers

  • Changing conditions:A decision based upon today's information may turn out to be wrong tomorrow

  • Pressure:People often make mistakes when they have to make decisions too quickly or when under stress.

  • Complexity:Systems can become so complicated that the developers cannot keep all the details straight. There are limits to the ability of people's minds to process information.

  • Lack of strong technical leadership: Consider the fact that most technology executives nowadays don't actually know anything about technology, it causes us to take important issues where the details matter and to distill them into chock-a-block eye candy Powerpoint where at some level, all abstractions lie.

  • Since the enterprise is filled with silly little creatures attempting to survive, maybe the most CMMI certified repeatable process is to not learn from the mistakes of others. After all, if we did, would we still be outsourcing to India only to have to bring work back in-house?

    Imagine walking into a hospital to have heart surgery only to have self-taught surgeons operate on you? Should enterprises allow for self-thought methodologists to spread process throughout the enterprise?

    | | View blog reactions

    Wednesday, January 16, 2008


    Links for 2008-01-16

  • Thinking about SOA definitions
    This posting reminds me of enterprisey behavior in that everyone has to heist their leg and add their own smell to every popular phrase.

  • Stellent vs Documentum, Managing Users
    Bex noticed some difficulties as well in how the DFC handles user management and probably is aware that the DFS is deficient in that it has no support for user management at all, but didn't provide his two cents as to whether he believes that Documentum should take forward steps to eliminate the user store. He did acknowledge that it really shouldn't have been there is the first place though.

  • | | View blog reactions

    Tuesday, January 15, 2008


    A gift of knowledge...

    Gunnar Peterson provided me with a copy of the book Dhandho Investor which I finished reading last night. Around the holidays, I typically receive various trinkets from software vendors but receiving something that will have a lifetime of dividends is rare.

    If you haven't read this book, I suggest you pick up a copy...

    | | View blog reactions


    Enterprise Architecture: Why is it so difficult to sell lightweight approaches...

    I would love to blame Robert McIlree and others who are process weenies but the problem is much deeper...

    We must first acknowledge that we are all silly little creatures whose behavior neatly plots against a bell curve known as the technology adoption lifecycle which represents the opportunity to sell products into a given market. Moving from left to right, one sixth of the curve is the early market, one third is the early majority, one third is the late majority, and one sixth is the laggards.

    The early majority tend to be either visionaries or pragmatists who are competent consumers of technology. They will only buy proven approaches of which lighterweight methodologies such as Extreme Programming have certainly satisfied. The enterprisey types tend to accurately label themselves as consertative and are usually late to the game. Being late to the game tends to mean that you expect very mature approaches at commodity prices hence the love of CMMi and outsourcing.

    We must acknowledge that IT nowadays lacks more than a handful of visionaries who are on a mission to change the enterprise for competitive advantage. Most enterprise architects can focus on commotization but few can focus on innovation. Visionaries will see ways to apply your new technology that you probably never imagined. This means that they will require you to extend and enhance your product to meet their needs.

    The sad fact is that many enterprise architects fail at selling lightweight approaches because of their inability to communicate and become part of the problem, are simply complacent, have zero clue that things could be better or simply don't care. What is especially sad is that many enterprise architects fear change, even more fear risk and most importantly, the vast majority fear blame.

    If enterprise architects don't have courage then the enterprise will be cursed with outsourcing, CMMi and other popular but otherwise approaches of questionable value. Minimally though I need to publicly acknowledge that Robert's blog provides valuable information for laggards who are conservative and should be circulated to those enterprise participants who aren't capable of anything else...

    | | View blog reactions

    Monday, January 14, 2008


    Consulting Firms and Event Sponsorship

    Many folks know that I am the lead for the Hartford CT Chapter of OWASP. I was recently approached by a consulting firm who wanted to sponsor some of the door prizes for the next event by providing 20 1GB USB Thumb Drives with their logo. Part of me wants to reject the request while another part of me wants to see others participate in the same manner...

    Everyone uses thumb drives almost everyday which means that the Thumb drive will be traveling across the world acting as a sign of recognition and has a great return in terms of branding. If that logo drives traffic to their company then its worth every penny.

    In simple economic terms, a 1GB Thumb Drive goes for about $20. If you were to provide 20 of them for a grand total of $400, that is pretty cheap in terms of how many impressions one could make. Likewise, the anticipated attendance for our next user group meeting is about 200 folks which equates to $2 per person/impression. Consider the fact that the CISO's, CTO's and Enterprise Architects from many of the local firms will be in attendance, I doubt you could get anywhere near this value proposition in a commercial conference.

    Would love to hear your thoughts, proposals and ways to increase the value proposition for all involved parties...

    | | View blog reactions

    Sunday, January 13, 2008


    My trip to India has been postponed...

    I was looking forward to hooking up with Punit, Apoorv Durga and especially doing charitable work as George Mathew and I so passionately blogged back and forth about. Sadly, the OMG SOA conference was being sponsored by Ada Software of Kolkata has been canceled.

    I guess I have to figure out ways of doing charity remotely...

    | | View blog reactions

    Saturday, January 12, 2008


    Why India will always lag in terms of technology understanding...

    I did some quick math and realized that folks in India don't have the opportunity to attend industry conferences at the same frequency as folks in America...

    In times of budget crunches, IT managers feel that they can scale back the amount of folks who attend industry conferences. The notion of sending a delegate whose job it is to capture notes that others can simply read is fascinating but otherwise not back testable as making any sense.

    I have asked several folks from various Indian outsourcing firms who have been in IT at least five years and have achieved about a 5% hit rate in terms of those who have actually attended an industry conference themselves. Much of the time, I receive blank stares whenever I ask this question with several indicating that the act of learning directly is somehow a privilege.

    While I understand the economics of conferences and the differences in compensation, a smart business person would over time come to understand that if India is ever to achieve technical equality with America, it needs to ensure continuing education that is on par which goes above and beyond once and done academic degrees...

    | | View blog reactions

    Friday, January 11, 2008


    Outsourcing Firms: Tactics for how they steal your data?

    Yesterday, I think I observed data theft from an employee of an outsourcing firm...

    One of my sons is currently studying Jiu-Jitsu where I take him to class twice a week. Many parents multitask by watching their children and bringing home work. One parent that was sitting next to me had their laptop powered up and was doing some work. Being the inquisitive shoulder-surfer, I first noticed that unlike my own employer, their laptop didn't have any disk encryption software that provides a challenge at bootup.

    The second thing while shoulder surfing is that this individual seemed to have production quality data on their hard drive with lots of personally identifiable information. I happen to have recognized a particular name/address combination. I immediately began to think about if this laptop fell into the wrong hands, what troubles would ensue.

    In a quick ping to several associates who work for various outsourcing firms, it seems as if many of them give their employees laptops but yet haven't invested money in providing security for them. Should their clients minimally expect that consulting firms who have privileged access into their IP protect their own laptops by using full disk encryption products such as PGP, Pointsec, Ultimaco, etc or do I somehow have it twisted?

    | | View blog reactions


    Links for 2008-01-11

  • SDLC - The Dream Team
    Great thoughts on the SDLC dream team and why they end up failing.

  • Outsourcing is a political Hot Potato
    I wonder if most IT folks in America understand that Hillary Clinton will cause you to lose more of your peers at work?

  • IT Career Advice - Don't forget the Fifth Element
    Gunnar would like to think that vendors, analysts and others will spend more time in 2008 interviewing and listening to the people with their hands on the wheel. Consider for a moment that many of us enterprise types would like to centralize authorization, yet the vendors know that their internal design of their products are horrific and therefore will avoid us like the plague. The key isn't just listening, but actively fixing.

  • | | View blog reactions

    Thursday, January 10, 2008


    Indian Outsourcing Firms are Horrific at Networking

    Many folks are aware that I have started a local chapter for OWASP where I have attempted to invite many of the transient resources from outsourcing firms such as Wipro, Cognizant, TCS, Accenture and others to participate. Guess what I discovered?

    One individual who will remain nameless wanted other folks from his firm to participate and realized that there was no way for him to even figure out which of his peers were working in the area. He proceeded to ask his Chief Architect in the area whom he learned also didn't have the ability to know who was deployed in the area.

    He figured out that the best way to figure out who was deployed in the local area for his firm was to email a bunch of folks in Chennai whom could provide him with the contacts for the lead of each customer account in the area whom then could put him in touch with whomever happened to be deployed in the area.

    The funny thing though is that this outsourcing firm has locations in places other than Chennai and I bet you have already guessed that the folks in Chennai have no ability to know who is deployed in the same account if the person happened to come from another development center such as Delhi or Bangalore.

    My original charge to this individual is that networking with others is a good thing and that participation in user groups such as OWASP is an even better thing. The thing I asked for him to figure out is how could OWASP chapter leads be successful in sending out invites to members of his firm if even he couldn't quickly figure it out.

    If you think about how many employees work for Accenture, Wipro, Cognizant, Infosys, Satyam, TCS, etc that are in the United States on L1 Visas, you would probably come up with 10K to 20K in terms of headcount. How many of these individuals know about user group meetings that are happening right in their backyard?

    | | View blog reactions

    This page is powered by Blogger. Isn't yours?