Skip to content

A Little Home Tech - Home Automation

In the personal project arena I have been known to overdo things on occasion, to jump in with both feet and go full bore into the task at hand. Some might see it as obsessive, but I prefer to view it as doing things right. I imagine it is a fine line between the two, a line that blurs into the reality that are Andrew Maxim projects. Few other home projects could provide a better example of this than my home automation system; it wasn't just feet first, it was head first through dry wall and electrical wiring and fiberglass insulation.

I had known about home automation only in the vaguest of senses; computer based answering machines, X-10 lighting and whole house audio systems. What I knew really did not interest me much. Surprisingly, or perhaps not so surprisingly, it was my PVR system, SageTV that eventually sparked the interest. In going through the user created add-ons for Sage, I came across one that integrated with a home automation system known as HAL, and the things I read on it I found intriguing.

HAL stands for Home Automated Living and is one of the many companies involved in the home automation "revolution", as well as the name of their software product line. It was their website that first began showing me what this field had become since the days I had first heard about and dismissed the concept as "not being ready". Once my eyes were open, however, I began my usual research phase, looking into all sorts of products from high-end hardware devices to open source software products to user's personal web pages. The more I read, the more I decided this was something I was going to implement in my home.

Primarily as a result of two different people's personal websites, I eventually I narrowed my search down to two competing base products, the previously mentioned HAL system and HomeSeer. Controlling your house through a computer or touch panel is a pretty neat concept and is something almost all the packages out there offer, but controlling your house with your voice is just plain cool and was what narrowed things down to these two products. Paul Koslowsky (using HomeSeer) and Jim Lipsit (using HAL) both had accomplished home automation voice control and provided terrific documentation on the subject matter, as well as a plethora of additional information and abilities of their respective systems. Not to say that other people had not integrated voice control with their systems, but the knowledge shared by these two deserves a definite nod of appreciation.

Both systems had their own quirks and abilities, different ways of handling the same things, different equipment supported, and even different levels of user activity. HomeSeer users are far more vocal on their message forums, which is something I find very appealing in a product that makes use of user customizations. The decision between the two systems finally came down to pricing. The base packages for each were priced about the same, but where as HAL includes all features of a product in that product, HomeSeer charges for a majority of plug-ins to encompass the features which HAL includes.

I wound up purchasing the HAL2000 system from Home Automated Living, actually I purchased HALdeluxe and upgraded to HAL2000. For the electrical control system I went with a UPB based system for the reliability, making use of both HAI and Simply Automated switches and devices, dependent on what they were for and current pricing. A combination of the ClearOne XAP 800, the Russound CAA66, several Crown PZM and MB microphones, and a dozen generic ceiling mount speakers make up the home audio portion of the project. Lastly an Applied Digital Ocelot provides control over sensors and audio equipment.

The system is far from complete, as I not only have several light switches and outlets left to replace, but also am patiently waiting on a few things to happen in the industry. Aside from things like the need for a UPB based ceiling fan control, I am anxiously awaiting the release of HAL version 4 in order to finish off the long standing project of complete audio control. Not that the new version includes this functionality, but rather the HALi interface for version 4, which allows programmers to write additional plug-ins, is rumored to contain the features needed for me to continue forward with my own plug-in entitled HAZ (Home Audio Zoning). Even once that is complete, it will be an ongoing project with my Home Automation system that will likely always be a work in progress, but it's just plain cool to have.

Application Security

As part of the requirements to maintain my CISM designation, I regularly attend ISACA e-Symposium events. These web events are held once a month and, to be completely honest, while my primary purpose of attendance is the 3 cpe received, I do tend to learn a thing or two on the subject matter offered. Sometimes what I learn is just in what I spout out while yelling at the screen (I am known to do this quite often with scientific documentaries on TV), but it gets me thinking at the very least. Yesterday's e-Symposium entitled "Application Security The New Gateway" was no exception; I learned some and spouted off at the non-replying screen more.

The two things that will get me talking back to a screen, computer or television, are when an important subject matter is glossed over or when something simple is over complicated. Experts always seem to like to over complicate things. In an effort to be completely fair to the e-Symposium, each presenter only has a limited time span to cover a wealth of information, so a lot will be glossed over to provide time to focus on their primary topic (which sometimes is a sales pitch).

One of the items glossed over was a statistic from Gartner stating that 75% of attacks occur at the application level. The statistic itself was not glossed over, but rather the reason it is 75% rather than 25%, and I feel that reason is important: System Security. Hackers didn't just decide one day to change their attack methods from network/system infiltration to application hacks; they did it because of path of least resistance. Once upon a time networks and systems were not very secure and allowed an easy path into all sorts of information, but system security became a hot spot and made accessing data through the "old school" methods far too time consuming and difficult. The number of web-born applications has also increased, presenting a doorway to data. And so application level attacks became the way to go.

I actually find it insulting to the security industry that the statistic is not 90+% in favor of application layer attacks, given the amount of time and volume of information regarding the need for good system security practices. It is what it is though, and some people and companies will always prefer to pay tons of money and time in a year or two than to pay a relatively small amount now to protect their investments. They would be better off selling their companies and spending the money at the craps tables in Vegas, a roll of the dice is just that and will always be in favor of the house, but at least this way they would only be wasting their own time and money and not hurting other people.

The second bit of spouting at the screen for this e-Symposium had to do with the over complication of things. Again, to be fair, each of the presenters represents a company and that company would like to get something out of the three hours of otherwise billable time for their expert, so the presentation becomes a partial sales pitch and things get over complicated. And as I said, experts like over complicating things. In reality, application security is not an over complicated item.

There are two main culprits for flaws in any program, lack of security knowledge by the developers and lack of testing during the SDLC (software development life cycle). Both were covered in the e-Symposium, but the solutions really were not, and they are, in theory, the easy parts. First, companies need to require their developers to be trained in development security best practices. It is an investment on both the part of the developer and the company, but it is time and money well spent. Again, pay a little now or a lot later. The SANS Institute now offers training and testing in development security through their Software Security Institute programs. A little costly, but the benefits are huge long term and, as I previously stated, promotes employee retention, which saves more money.

The second part of the solution is something that has been yelled and screamed from the rooftops for as long as companies have been developing software. Give QA the time and resources to properly test software. Yes, deadlines loom and developers get behind schedule, but cutting QA time to meet a launch date is far more costly and time consuming than pushing back a release schedule in order to get the software right. There are a ton of stats available from all sorts of independent groups on that subject, or just look at Microsoft and their reputation as a result of forcing projects to market. Further, QA personnel need to be trained in application hacking and exploitation techniques and it needs to become part of the testing process. Once again, this is time and money well spent in the short and long term of a company.

If those two items are taken care of during application development we will see a vast shift in security incidents. The overall number of incidents might not drop, hackers will continue to do what they do, but the percentages of types of incidents will shift dramatically away from application level. My prediction would be that we will see a number around 60% of all hacks being related to social engineering instead. Some companies, after all, will always want to pay more later than a small amount now. For those who "get it", a little proactive effort will go a long way towards Application Security and keeping your company profits up in the coming years. Just don't forget to cover social engineering.

Where Do Your Loyalties Lie?

When I first enlisted in the United States Navy I had to take an oath of loyalty; to protect the constitution and obey the orders of the President of the United States and officers appointed above me. It was a short and simple oath, but one I, and would assume most persons, did not fully understand until some time later. You see, in no point of that oath was a name other than my own given, only the offices held by the President and my superior officers. It is an oath to the country as a whole, not one single person or group of persons.

The underlying meaning of that oath is something, once understood, that I took with me into the corporate world upon my return to civilian life. Within each and every company that I have worked for there has always been a level of office politics; some very subtle and others that could only be termed as an outright coup. Through it all, that underlying principle of loyalty has been my guiding light, my moral compass in a world where office politics has engulfed so many people. It is often a difficult practice to hold onto, and a stance that has from time to time even ruined friendships.

The principle of my professional loyalties is simple, protect and do what is best for the company I am employed by, for as long as I am employed by it. In a sole proprietorship it is easy, the owner is the company, in other structures it becomes much more difficult a practice. One has to look beyond the internal politics and see the overall mission of the company and follow what is best for it as a whole, not just one man or woman's vision, but the long term survival and growth of the company, including all the people who work under its umbrella. To protect those people and the mission statement that really is the company.

While the principle is simple, in reality the practice is difficult. No one person within a company possesses all the information necessary to know which actions or inactions are best for the company. What I have found as a best practice, for myself at least, is to use the policies and procedures laid out by the company as a primary guide and to hold all employees under the same level of accountability, from the lowest cubicle worker to the CEO. Given a choice between actions, I will always try to choose the one that provides the greatest good for the whole or at the very least, in some no win situations, inflicts the least amount of harm to said company. It is, far too often, not a very popular stance.

One of the saving graces (for my sanity) given this choice of loyalty is in viewing business as business and personal as personal. Some people get that, others don't. I have had to personally fire people who have remained friends years after the fact, but have been ostracized by fellow employees who were upset when I remained with a company after they left. Such business decisions can be upsetting at times, when others allow it to flow into the personal, but were those who take that stance ever truly my friend? And would I even want them back having seen their metaphorical true colors?

I take heart in having seen that these kinds of people are those who (wrongly) feel the company (life?) owes them something. People who are guided by greed and never able to see past their own self to how their actions affect others. Perhaps, in some instances, I am wrong in that view, but the principle of loyalty that I will continue to hold myself to is not wrong, not for me. And some people will get it, and others won't, but it is where my professional loyalties lie.

A Little Home Tech - The PVR

As I have stated previously, I loves me some technology, thus I thought it prudent to cover some of the pieces of technology I use at home in my everyday life. It goes without saying that I have a few computers at home, seven currently in use to be exact, as well as a host of other pieces of technology such as a television, microwave, etc. These are all things I think most people own (ok, maybe not seven computers) or at the very least use daily, and have become an integral part of a lot of people's lives, so it would be a waste of time to talk about these things. Instead, there are a number of "systems" that have become just as integrated into my life, as a television is integrated into the lives of others.

The first is my home PVR system. By now most people have at least heard of the mass market DVR systems available, and a good majority likely owns one flavor or another of the devices. DVR stands for Digital Video Recorder and does exactly what the name implies. It records television shows onto digital media (hard drives, RAM drives, etc) for later viewing, much as the VCR of days gone by did on tape; and for many people these devices have become an integral part of daily life, allowing viewing of television broadcasts at your leisure as opposed to on a set schedule.

Hopefully you noticed that I referred to my home PVR system above and not a DVR system. The difference overall really is a small one in the grand scheme of recording and watching television and mostly entails the PVR being a system running on an actual personal computer, as opposed to a prefabricated hardware device. What that difference means for me, however, is customizations.

While a typical DVR system is capable of recording one or two television broadcasts at a time, the system I am running is currently setup to record five simultaneous broadcasts (and I can add more if need be). A bit extreme one might think, but considering that the past fall television primetime lineup for Tuesday night had 90% of the television shows I watch, all aired around the same time, I would have missed several of the shows with a typical DVR package. On nights such as those, the system will usually be recording four television shows over the course of two hours, with a slight overlap on each recording schedule to allow for early and late starts so as to not miss the beginning or end.

Mostly on the recommendation of my friend, Anthony, but after almost no research, just a trial, I chose SageTV for my PVR system. I know, it is so unlike me to not do much in the way of research, but I was hooked after the trial because of, above all else, the customizations. And not just customizable options created by SageTV the company, but rather the whole host of options and add-ons (most of which are free) created and supported by the SageTV user community.

Aside from recording a few television shows, SageTV is a complete multimedia package; allowing playback of DVDs, music libraries, online content, and, my favorite feature, a personal video library. All at the click of a few remote control buttons. There have been a few hiccups along the road of setting up, tweaking and upgrading my system; some more frustrating than others, but it is well worth the effort when I can pick one of my many movies to watch without having to get up from the couch and search through the stacks of DVDs I own. The ability to watch the BBC television show The IT Crowd through the online content is just one huge added bonus, as was watching my television lineup from a laptop during trips out of state.

All and all, SageTV has definitely won me over, and I hope beyond hope that it will be able to maintain with the eventual switch to encrypted digital broadcasts by the cable companies (search for "cablelabs" and "OCUR" off Google if you want to know what the heck I am talking about). Only time will tell on that front, but until then I will continue to rejoice in my PVR system.

A Good Morning Laugh

I have a routine that I run through each and every morning from the time I slide out of bed until I jump in the car and head off to work. Mostly it consists of getting coffee and a cigarette into me (yes, I know I shouldn't smoke) followed by checking in on a few websites I frequent. It is a slow methodical wake up ritual that gets my brain firing on all cylinders right about the time I step into the shower, and something I rarely deviate from, or, rather, have the need to deviate from.

This morning I deviated. Before I had finished my first cup of coffee I found myself wide awake and full of energy as a result of the first website I visit on Mondays, Wednesdays and Fridays. That site is The PC Weenies, and today I found a surprise there. As I first looked at the newly posted comic, before I read any of the word balloons or scrolled down to the entry regarding the comic, I recognized one of the characters in the strip as a good friend of mine, Harold Bright.

Harold and I worked together for about a year and a half, and became friends prior to his moving off to Seattle with his wife Hollie. Not only is he an excellent Network Engineer, but is also warped enough to take on throwing ideas around with me for possible inventions, mostly in robotics. One of which we have been working on for close to two years now, and despite the distance that now separates our creative yet disturbed brains, we have managed to stay in touch and continue to make progress.

Having not seen Harold for many moons, it was quite the shock to recognize him immediately in the strip drawn by Krishna. Even further, seeing the same scene play out in the strip that has likely happened with all IT people, but which Harold despises on a whole new level, was priceless. Thank you Krishna for bringing Harold and his pet peeve to life so well in your comic, and thank you to Hollie for submitting your husband in order to bring us all a good morning laugh.

My Honey

It's Valentine's Day, so I figured I would talk a little about my honey. It actually is probably more of a rant to be totally honest. You see, my girlfriend, Catherine, and I were recently on a trip overseas and one of our stops was in New Zealand. While we were there we had been told that we have to try, and likely purchase, Manuka Honey.

Now, I hate honey. Always have. I suppose I am one of the few people in the world that does, at least I have met no other people with such distaste for the sugary "treat". Oddly enough, I do really enjoy Mead, which, if you are not aware, is made from fermented honey. I also have a sweet spot for Baklava, along with a few other honey baked goods and candies. Very odd I know, but I have never been known for being normal. The point is I really do not like honey itself, so I was a bit dubious over trying this Manuka Honey. But what is the point of visiting foreign lands if you are not going to try new things, right?

Well, let me just tell you, I loved the stuff. Its color is much darker than typical US honey, with a thick rich flow and what can only be described as an almost graininess. It was fabulous. So we bought three very expensive jars of this wonderful, tantalizing oasis of oral refreshment.

One jar was opened and enjoyed throughout the trip, and was promptly confiscated by customs during out international flight. Knowing my friend Liz's love for honey, I insisted we give one jar to her as a gift from our travels. Leaving one jar for the homestead. Not really much for two people who just dig in with a spoon whenever they pass by it sitting idly upon the counter.

Not wishing to ever be without this new found treat, Catherine managed to find the same name brand Manuka Honey on the web and ordered three more jars of this delicacy, paying a hefty premium for international shipping and such. Only it is not the same. It is Manuka Honey, it is produced by the same company, but it has that horrible flavor that has made me despise honey all these years. I even compared a spoonful to the remaining jar we had brought back with us. There is no difference between the look and texture of the two separate jars of honey, but the flavor, and particularly the after taste definitely tells a different story.

That really is it for me with honey, trying that taste test between the two; it is the after taste of US honey that bothers my palate so. And here is this gem of a honey that I grew fond of so quickly, which contains that same after taste. Tonight I found out why. On the very edge of the label is a small block of words explaining everything so clearly as if there never should have been a question in my mind. "US FANCY GRADE".

So why is it that we must ruin something as simple as honey from a foreign land? Is it that our US honey is so inferior in taste and quality? Or does the FDA require some hidden ingredient in all honey bought or sold within the US borders? There is only "Honey" listed for ingredients after all. Or perhaps there is some sort of pasteurizing process that taints the pure taste of honey? I doubt I will ever know the reasons, but for me my honey will always be untouched New Zealand Manuka Honey.

And you thought I was going to talk about something romantic, didn't you?

The Maxim Maxim

For those unaware, besides being my last name, the name of a magazine, an integrated circuit manufacturer, and countless other companies; a Maxim is a universal truth. A proverb. As you might have guessed, that is where the name of my company came from, Proverbs, LLC. Pretty clever, huh?

It is also the name of a specific proverb coined by my friend Liz. Simply put, the Maxim Maxim states that "For any item that a person is in need of, having specific requirements, and which should be readily available off the shelf, will, in fact, have to be custom ordered and/or manufactured." It is the proverb that I have been cursed with most of my life.

We recognized the Maxim Maxim while shopping for my first high definition television some four years ago. I had done all my research on brands and models, determined the perfect viewing angle from the ideal reclined position upon my couch, and performed all the measurements for distances from the wall, viewer and floor. I found the perfect television, right down to the model number. Research completed, time to purchase.

Only no one carried it in stores, and we went to them all. One store had the same model in a larger screen size, which they offered to sell at the same price. Good deal, right? Except being a larger television would require the screen to sit further from the wall (bigger means a deeper box) and thus closer to the viewer ruining the optimum viewing experience. Much like sitting in the front rows of a movie theatre.

The worst part of the shopping experience, aside from having to go shopping, is that none of these stores could even order the model I wanted for some reason. Or maybe it was just too much hassle for them. I wound up having to special order the television online and pay the extra premium shipping charges. Thus the Maxim Maxim was born.

It wasn't until after that ordeal that I noticed it was something I had always been afflicted with. Some friends (*cough* Heather *cough*) say I am being too picky, but I don't believe wanting shoes and clothes that fit classifies as "picky". Yes, the Maxim Maxim really does hold true for those things as well; from purchasing shoes (I am a men's 10 extra wide, and no one use to carry that size), to buying clothes (30/32 waist, 32 length pants are impossible to find in American stores, not enough girth apparently), to furniture (the stand for above mentioned television was a two week ordeal), to computers, to parts for robots; and the list goes on and on.

At this point when I mention to friends needing an item for something, I will generally produce a tale of the heroic ordeals that I will likely have to go through in order to find said items. "I'll be out of the country for a few months as I travel to the darkest reaches in the Amazon Rainforest in search of the sap of a rare and endangered dwarf tree to mix with the volcanic ash from a long dormant volcano buried under miles of ice on Antarctica and cured with the methane rich waters from the under ocean lakes found only in the Gulf of Mexico. It must all be mixed within the perfect vacuum of space and set to dry under the warmth of a star going super nova. Unless you happen to have an extra bendy straw for my orange juice."

And that is the Maxim Maxim.

Advancing Robotics - Connecting the Dots

I am going to skip ahead of myself, past the few basic robotics entries I have wanted to make and jump to a topic that has been stirring in my mind for quite some time now. Not so ironically that topic is the mind, or at least the mind of a robot. Mostly what I wish to cover is theory; none of it is fact, very little is actually opinion, just theory. While I will be covering robotic AI of sorts, the reason the topic is theory is because the current human understanding of the brain, any level of brain, is still just theory.

I remember reading someplace that the most advanced microprocessors of the modern world are not even equivalent to the brain of a spider. I have watched television documentaries on robotics and seen how the collective "we" envision the future, but fall flat on our faces with its creation in the here and now. And then I have read articles by neurologists and on neurologists, and watched the documentaries on television, and have seen the news; and I understand why we believe the future of robotics is still the future, and why our processors are so weak compared to that of a spider. We do not understand.

Or rather, we understand large amounts of focused information, but can not see past that focus. There was a television show (I believe it was Beyond Tomorrow, but they are all a blur at this point) that covered studying the human brain and charting how the brain controls motor function. Scientists were using this with neuro-implants to allow patients (and a chimp) to control electronic devices. One of the studies showed the "brain waves" for a person rotating their arm (like a bird flapping motion), the odd thing was that the brain wave was only present during the initial upward part of each rotation, it went flat until the next time around. To the scientists studying this, that was the full signal for total muscle control over that movement. Pretty neat stuff.

Except a week prior I had watched a documentary on a scientist studying lampreys, or rather their spinal cord. Seems that a lamprey that is cut into two will have each section continue the swimming motion separately, as if the brain was telling the "tail half" to continue to swim and how to do that. What the scientist had figured out was that the spinal cord acts much like a "mini brain", controlling muscle movements independent of, and yet dependent on, the lamprey's brain. The spinal cord for a lamprey is "muscle memory". Same as in a human, and every other creature out there with a central nervous system.

Connecting the dots, which is something I always have been good at (even if I never could color in the lines); the brain waves the neurologists saw with rotating the arm really were not controlling the muscles. Instead it was a signal, a code of sorts that traveled to other parts of the brain and the spinal cord saying "rotate the right arm clockwise". The spinal cord then took over and told each muscle what to do with separate signals, sending a return signal back to the conscious brain saying "ok, done". While that was going on, and mind you it really is only a fraction of a second to rotate your arm, your conscious brain was free to do other things.

Did the light bulb go on there? Take that out to the next level. How does a creature see? What is vision? The eye is a sensor; it turns light into some sort of signal. Your brain does not process it all; or rather the conscious part of your brain can not be bothered with it. It only sees a tiny fraction of all the data. There is a part of your brain that takes optic information from your eye and does all sorts of data manipulation with it, pulling and pushing data all over the brain between memories, to subconscious eye movements, to focusing the lenses; all before any data is sent to the conscious mind to be processed. It even goes so far as to determine what, if anything, is important in the images it is collecting that the conscious brain should be aware of. It might even cause an override of muscle control without giving the conscious brain the chance to say "wait". This is why we duck when something is thrown at our head.

Audio, tactile, scent; the list goes on for sensor inputs with each having its own independent processing unit inside each brain. Muscle control, involuntary responses, muscle memory, autonomic functions (heart beating, breathing), gland control, temperature regulation, and on, and on, and on. The brain is not just medulla, cerebellum and cerebrum anymore, it never was just that. There are more individual parts to a spider's brain than sentences in this entry, and each one is autonomous, each acts on its own, but all act in concert with one another.

There might not be a single processor as powerful as the brain of a spider, but there is not a single portion of a spider's brain that is as powerful as a processor from ten years past. That is my theory. If we all start connecting the dots a little more, instead of just making larger dots, that theory will soon become robotic AI fact.

Sidebar

I've been feeling a bit under the weather the past few days, some sort of viral infection or another took hold of my body and decided to restrict me to maintaining a horizontal position. Fatigue, muscle aches, fever; the general "works" for this kind of thing. My story is Ebola and I am sticking with it.

I had a few entries working around in the back of my mind, but have had to put them on hold while I shake this thing. Not one to give in fully, I decided to add a few website links as a sidebar item that point to places I visit frequently or just plain admire. So here is the run down on what is there now, with likely a few other places soon to come.

Society Of Robots - a repository of all things robotics. Step by step tutorials, articles on everything from batteries to programming techniques, forums for people to toss around ideas, and general overall help and guidance for the robot builder. This is a great site whether you are just getting into robotics or are a long standing member of the community.

The PC Weenies - web comic and blog written by the very talented Krishna Sadasivam. The comic is primarily I.T. based in humor and style, but is at just the right tech level as to be a great read for those not in the I.T. field. I even had the privilege of a guest star appearance in one of his strips which can be seen here. The irony in the comic would of course be my hatred of mobile phones.

Wil Wheaton dot NET - the personal weblog of Wil Wheaton, author of Just A Geek and Dancing Barefoot. Yes, he is also the child actor from Stand by Me and Star Trek: The Next Generation. I really should have the link pointing to WWdN: In Exile, as his primary site has been broken for quite some time, but I have hope for its return in the near future. Wil is a fantastic writer with a style that keeps me coming back for more. A must read.

I.T. Specialists

I suppose I really should begin with an apology for implying that Specialists are "playing dumb," or even being dumb. It wasn't really my intention to make that broad stroke implication, but now that I seem to have made it (at least in rereading my own wording) I can't bring myself to correct that statement. I have had far too many experiences in having to go behind a so called specialist to clean up their messes, whether it is in an SQL implementation, PeopleSoft, Lotus Notes, or any number of other industry sub-fields.

That is not to say that all IT Specialists, or Experts, are bad; I have managed to gain a lot of knowledge from many, and even had a few just blow my socks off with their skill set. All and all it seems as if there is a 25/25/50 ratio when faced with a professional so-labeled. About 25% are those who really know what they are doing and make their specific field look like child's play, the next 25% are capable and handle their own for that application, and the last 50% seem to get by because everyone else is afraid of the voodoo magic associated with that specific application (PeopleSoft is a big one here).

Specialization came about mostly as a division of labor sort of thing, but in the IT field (as well as others) it is now grown into an Information Security issue encompassing the mighty order of Segregation of Duties. Aside from complete SoD being a realistic impossibility, the main problem is that the "bottom" 50% of specialists (and even the next higher 25%) might know enough about their own application to keep it running for the most part, but they don't know enough about the system as a whole to be truly effective.

The reason I consider this a problem is that you wind up with a lot of finger pointing between departments for issues that should be relatively simple. Buggy servers taking a week to be repaired because each sub-department has a different view of what is wrong, or even worse, tries to fix the problem as if the problem really did exist in their area, thus adding more instabilities. I've heard enough IT Directors and Managers complain about this to know it is not just a personal pet peeve of mine.

Now here's the solution, and believe it or not it deals with taking Segregation of Duties even further, and will make your infosec even more secure as a result. "What? That's insane!" you say. I know, if SoD leads to specialization and specialization leads to people too narrowly focused to "be all they can be," so to speak, then how can more SoD fix it. Well, we learn from the other high priority information security area... Finance/Accounting.

Responsible CFOs and Finance Directors all divide up job duties and responsibilities among their workforce, but the very best add the twist of job rotation. A.K.A. cross training. The primary reasons being that people get too relaxed once they handle the same thing for too long and tend to make mistakes (ask any Aviation Structural Mechanic, Safety Equipment (AME) in the Navy about that), more importantly they get to know the accounts (people, not numbers) too well and are more inclined to bend or break rules as a result. So they get rotated on a semiannual basis, or there about. It helps make each person a more valuable employee (cross trained), increases accountability (new eyes catching old things) and enhances SoD (and thus infosec).

If Information Technologies applied the same practice (and some companies might already), periodically rotating a single specialist out of their department and into another for a set length of time, the benefits would be enormous, and not just to the company. Project teams become more versatile, the employee would be increasing their skill set (which contrary to some people's belief, actually promotes employee retention) and the employee would become even more capable in handling the specialist role they already fill. For a company with even small departments of specialists, not rotating people on a regular basis really is being dumb.

Certifiable

If you have worked in a company larger than 100 people you most likely have run across someone with an "I Love Me" wall, and if you have seen one, you know what I am talking about. I am not referring to the recent college graduate who reverently hangs their diploma on the wall out of their well gotten sense of pride, but more of the person who has it hanging there five years later. That same person who manages to find a need to frame every little accomplishment, every certification, every news clipping, every award, every picture with someone who might even vaguely qualify as a celebrity.

I'm not a psychologist (I've only been analyzed by one on TV), but there seems to be only a few types of people with the need to create such a shrine to self. As mentioned, recent graduates will sometimes do this as a sense of pride, it might be their first license or a college diploma, but it generally does not last very long. The second are a type that have historically been handed everything, although they will always claim having earned it all, and will post their placard as a way of saying, "I'm better than you because I have this." The third is someone who springs up in middle management far too often, those who use their well framed walls as a shield, a way of deferring questions over their own incompetence by the sheer volume of credentials adorning their office walls (killed a couple potential interviews with that one, didn't I?).

You have likely had the opportunity to meet all three types of office space decorators if you have been in the workforce for a while. You might even have been, or still are, one of those people. Eventually, if you are very very good and eat all your spinach, you might run across the fourth type. These are the people who are generally low-key, do good work, don't make much of a fuss and almost never need an attaboy, but they are arrogant, and always happy to take those needing it down a couple notches. I know this type well, I am definitely one.

Perhaps it was my prankishness, perhaps it was just being fed up with dealing with the second and third types listed above, or perhaps it was just because I could; but one day I had enough and decided to create the true "I Love Me" wall. For most people they saw it as a bit of an over eccentric sense of accomplishment, the second and third types congratulated me on having such a masterful wall, but a few people "got it." Mostly, they were IT people who have been around for a while and recognized the joke in having Packard Bell certificates hanging up on my wall (the four at the far left). Oh, I rotated certificates in and out of the wall from time to time, even had to expand it once, but there was always at least one Packard Bell certification hanging amongst the rest. What does this have to do with "tech" you might ask? Well I assure you there is a segue here, someplace.

A few years back I had written an article for the online publication Workitecht by Dennis Faust. While Workitecht is no more, I feel the article still holds up a few years later and thought I might share it with anyone looking for a light read. And what better way to announce an article about certifications in the IT profession than to show off my very own "I Love Me" wall full of certificates. So I give you Certification Killed the IT Professional, uncensored and with full grammatical errors. Enjoy.

In a Nutshell (finishing touches)

Eventually I will put together a biography static page containing a reader's digest version of the wonder that is Andrew Maxim. I will also likely include a copy of my professional resume, just to tout myself a little further. Arrogance really is a wonderful thing. In the mean time I thought I should throw out a little further information on the "where I am at" and "where I am going" aspects.

In January of 2005, after much procrastination, I finally decided to pursue a Bachelor of Science degree. Given the levels of experience I had already gained in the workforce I was, as previously mentioned, over qualified for many positions, but lacking a four year degree was under qualified for the remainder. I was never very good at pickle as a child, and figured it was time to rectify the issue. After my typical research frenzy, I enrolled into the Computer Science program at Excelsior College in March of 2005.

Pursuit of my degree can be described as sporadic, with long periods of inactivity followed by completion of far too many credits in the following few months. Mostly this is just me taking advantage of what free time I have, but I also enjoy a break between educational overload sessions. After two years of this I was nearing completion of my degree, three classes remaining.

Unfortunately, (didn't I already mention there was always an unfortunately?) Excelsior College was removing their Computer Science program and rolling it into a different degree. Those who were in the Bachelor CS program were given until November to have all credits submitted for a December graduation or we would be rolled into the Computer Technology major, with differing requirements. Given the course availability this was an impossibility for me (as I am sure others) to complete, as the courses I required ended in December, after the cut off.

I took this as an opportunity to change majors to something more suiting to my career and instead switched to the Management Information Systems degree program. A few additional business classes are required, but I believe the extra work will be rewarded in the long run. I hold a 3.75 GPA, with a 4.0 in my major, and currently am sitting at 131 credit hours completed while I wait for additional transcripts to arrive. I then have two classes to complete and expect to be part of the June 2008 graduation. Not quite the three years I was hoping for, but it is under the four years one normally takes.

Aside from working and college, my professional life also consists of maintaining current certifications, as well as certifying in new technologies. Most of the time spent in this category belongs to my beloved ISACA Certified Information Security Manager (CISM), which, unlike my Cisco certifications, I intend to maintain. And that is Andrew Maxim, the technology professional, in a nutshell.

In a Nutshell (part two)

I found that "something else" for myself in two parts. The first being Information Security. While a few might say that infosec is the reasoning behind the specializations that I dislike, segregation of responsibilities for security reasons really came much later (relative to I.T.), but I will save all that for another entry. What infosec did offer was the continued reason to learn and understand all of the systems within an organization. How each application behaves and relates to one another is just as important for security as the application itself, and for the record, it is just as important for the I.T. personnel who is an Expert in said application.

The second part of my solution was to step slightly away from the hands-on aspect of technology (at least in the work force) and push a little paper. Supervision and management became my primary new focus within the Information Technologies world. Although becoming a manager allowed a continued broad focus on technology and learning, it was not enough within many larger organizations as managers were department heads over specialized groups. Back to that again.

There was only one avenue to travel and that was Information Systems Director (similar titles included). Many groups, many specialties, many projects, many small pictures; one hat and a big picture view. My hands might not get so dirty, but they are definitely not manicured. With every project and every task I was able to explore the new systems and applications, and then have the luxury of taking a step back and seeing how it all relates. I was home.

As a good supervisor, I firmly believe I should understand everything my employees do, should be available to assist or provide information, and should never be willing to ask an employee to handle something that I, myself, can not handle. At least that is the stance I take and it is one that has allowed me to stay in touch with the technology I hold so dearly.

For my future, I can only see myself staying in the Information Technologies and Securities field. My soul burns for robotics, but I can never see myself inventing, designing or building someone else's vision or idea. It was the same, to a lesser extent, with programming and development for me. So I will continue to learn and grow in the I.S. industry, and devote my personal time and resources to fulfilling the whisper I heard when I was still so very young. And I will smile.