Cluster Transfer Rapid KT Through Maps

Remembering 1 Thing over Many (Communication | Memory | Context)

“Never force anything, you’ll break it.” – Dad Cohen
  • What do we need to know and why? Memory
  • The right information at the right time. Value
  • Clusters in Context. (Maps and Links) Relationships 

MEMORY

STRATEGIES FOR REMEMBERING (http://www.psychologytoday.com/blog/happiness-in-world/200911/how-remember-things)

  1. Become interested in what you’re learning. We’re all better remembering what interests us. Few people, for example, have a difficult time remembering the names of people they find attractive. If you’re not intrinsically interested in what you’re learning or trying to remember, you must find a way to become so. I have to admit I wasn’t so good at this in medical school. The Krebs cycle (I provided the link only to prove how immensely boring it is) just didn’t excite me or relate to anything I found even remotely exciting (though I made myself learn it anyway).
  2. Find a way to leverage your visual memory. You’ll be astounded by how much more this will enable you to remember. For example, imagine you’re at a party and are introduced to five people in quick succession. How can you quickly memorize their names? Pick out a single defining visual characteristic of each person and connect it to a visual representation of their name, preferably through an action of some kind. For example, you can remember Mike who has large ears by creating a mental picture of a microphone (a “mike”) clearing those big ears of wax (gross, I know—sorry—but all the more effective because of it). It requires mental effort to do this, but if you practice you’ll be surprised how quickly you can come up with creative ways to create these images. Here’s another example: how often do you forget where you left your keys, your sunglasses, or your wallet? The next time you put something down somewhere, pause a moment to notice where you’ve placed it, and then in your mind blow it up. If you visualize the explosion in enough detail, you won’t forget where you put it. Remember: memory is predominantly visual (unfortunately, I can’t think of a good image to help you remember this fact right at this moment).
  3. Create a mental memory tree. If you’re trying to memorize a large number of facts, find a way to relate them in your mind visually with a memory tree. Construct big branches first, then leaves. Branches and leaves should carry labels that are personally meaningful to you in some way, and the organization of the facts (“leaves”) should be logical. It’s been well recognized since the 1950’s we remember “bits” of information better if we chunk them. For example, it’s easier to remember 467890 as “467” and “890” than as six individual digits.
  4. Associate what you’re trying to learn with what you already know. It seems the more mental connections we have to a piece of information, the more successful we’ll be in remembering it. This is why using mnemonics actually improves recall.
  5. Write out items to be memorized over and over and over. Among other things, this is how I learned the names of bacteria, what infections they cause, and what antibiotics treat them. Writing out facts in lists improves recall if you make yourself learn the lists actively instead of passively. In other words, don’t just copy the list of facts you’re trying to learn but actively recall each item you wish to learn and then write it down again and again and again. In doing this, you are, in effect, teaching yourself what you’re trying to learn (and as all teachers know, the best way to ensure you know something is to have to teach it). This method has the added benefit of immediately showing you exactly which facts haven’t made it into your long-term memory so you can focus more attention on learning them rather than wasting time reinforcing facts you already know.
  6. When reading for retention, summarize each paragraph in the margin. This requires you to think about what you’re reading, recycle it, and teach it to yourself again. Even take the concepts you’re learning and reason forward with them; apply them to imagined novel situations, which creates more neural connections to reinforce the memory.
  7. Do most of your studying in the afternoon. Though you may identify yourself as a “morning person” or “evening person” at least one study suggests your ability to memorize isn’t influenced as much by what time of day you perceive yourself to be most alert but by the time of day you actually study—afternoon appearing to be the best.
  8. Get adequate sleep to consolidate and retain memories. Not just at night after you’ve studied but the day before you study as well. Far better to do this than stay up cramming all night for an exam.

Mental Tree MindMaps and Remember Once.. And Knowledge Journey

There are differences in transferring long-term and short-term knowledge.   Today people are more likely to know less because of technology.   This means that the requirements to retain information and manage it have changed over time. What a knowledge receiver needs to know is the location of the information and the context of that information as applied once they discover or reference it.  Once they identify what they are looking for they also need the ability to understand and codify the information for it to be useful.

Method of Loci

 The method of loci is a method of memorizing information by placing each item to be remembered at a point along an imaginary journey. The information can then be recalled in a specific order by retracing the same route through the imaginary journey. Loci is the plural for of the Latin word,locus, meaning place or location. The method of loci is also called the Journey Method by Dominic O’Brien, and the imaginary journeys are often referred to as Memory Palaces or Memory Journeys. See also Mind Palace, the term used in the TV show, Sherlock. (http://mnemotechnics.org/wiki/Method_of_Loci)

Rapid KT..  A Mind Map is a ROAD MAP of associations..

The map is a visual representation of the interlinkages of nodes (objects or concepts) and their relationships.   To transfer knowledge rapidly (the secret sauce) is for a—> mentor or SME (Subject Matter Expert) to take the knowledge receiver on a trip through the map.

Example:

It all started..(element of time and location) (HERE at this place) and this turned into the (X), where X = an outcome and (X) is related to (A,B,C) —> It is objects and concepts in story on a map that can account for time and events.   As a result of an event on (this date or timeframe) the object or concept of (x) turned to (X1).  All of this contained in an explicit map.

 

The key is that you don’t have to remember to “Bake” or “Bake In Oven” individually,  you need to remember the map as a whole.   (Even though this map is simple)  The person that is transferring knowledge creates the map or walks the map with the person receiving knowledge.   The story comes with the map.. the story is that TACIT information …  “When I first started here and I was learning how to bake a cake, I didn’t know to pre-heat the oven to 350 degrees for 30 minutes.”  The knowledge receiver can adopt the concept / mind / knowledge map and put their own notes or stories.  It is their investment, it is personal to them.    There are things the receiver may already know and not need.   The image or map is the cluster of relative and relevant knowledge.  In the process of KT, it can be tied to one event.  There are elements of Personal knowledge, Team knowledge and Enterprise knowledge here.    The lower the fidelity of information the higher the knowledge resides.  The map shown above can be linked to in an enterprise repository to team or personal maps.   During the process of knowledge transfer all of the maps and information associated is identified as one clustered object.   The knowledge receiver learns about the process, methods, tools and any links to people who may have existed in the past and exist today.

When I was a young man working on a car with my father, he said “Righty tighty, lefty loosy” and in the same instance “Never force anything, you’ll break it.”   He only told me one time and I have remembered and applied this my whole life.  These two concepts were shared in one event, the relationship of the information is tied to my father, a Dodge Scamp Silver, any given Sunday and working on cars at the top of an open air garage in Coop City.     That is how we remember things..   When looking to transfer knowledge, we have to address the environment, condition, time, sentiment and ability to cluster information and create relationships with the data for purposeful recall.

How do I create a “clustered package” for KT?

Please be clear that I am not inventing something new.   This is a simple outline for steps you would take on a high level.

  1. Identify who, what when, where and why.
  2. How- This will be the process and the methods.
  3. What is important to know today? How much of this information is still relevant?  Can I throw some of this away or do it better?
  4. What is the business case for this information and what historical measures have been used?
  5. What are the stories that are tied to the information?
  6. What can we automate (where it makes sense)?
  7. What changes should be made moving forward?
  8. What is the risk? (From the SME’s perspective)
  9. What is value? (From the SME’s perspective)
  10. How is any of this tied to assessment criteria? (if not, why not?)

These are some of the steps and questions that we may ask.  We must understand (WHY) and we must seek to keep all of the information and content tied through the understanding of relationships.   My good friend and mentor Ron Batdorf will say that this is all tied to Enterprise Architecture.   It is an explicit expression of a moment in time relative to what is important (NOW).  Effectively a best effort to get the right information at the right time.

 

bakemap1

Advanced Map of Context

Alzheimer’s Map <—PDF larger viewAlzheimers_Map-440x264

 

What do you think?

Memory Forum –>http://mnemotechnics.org/

 

 

Practical Knowledge Management in a Strategic World

covercomm

In preparing for battle, I have always found that plans are useless but planning is indispensable.”-Dwight D. Eisenhower

Planning for Knowledge Management

Why do organizations need a structured KM initiative or program?

Most organizations at a very high level seek to do three general activities:

  • Reduce Risk
  • Identify and Execute on Opportunity for Cost Savings
  • Identify and Execute on Revenue Generation Opportunities.

While designing strategic business plans most organizations do not plan for KM activities.    Further, most KM activities are not tied to business strategies.    In 2001, Ronald Maier and Ulrich Remus published an IEEE paper on this subject.   They made a case for a “process-oriented KM Strategy.” This provides an integrated view of resources and market based orientation.

ProcessOriented

 

As a KM practitioner, this view makes a lot of sense, but it is still very strategic.   The key to a successful KM practice is centered in two areas that aren’t often identified as part of the strategy.   These are:

  • Organization Awareness
  • Organization Conflict Management

To plan for Knowledge Management in an organization, the planners must understand the landscape.   Planning to delight clients and customers with goods and services is not enough.    Even if you are planning for an industry of consumers that have few choices, understanding the landscape of the business is key to profitability in margins.     Knowledge Management is essentially about getting the right information at the right time to the right people.   This sounds a lot like logistics.

What is Awareness?

a·ware·ness
əˈwe(ə)rnis
noun knowledge or perception of a situation or fact. “we need to raise public awareness of the issue”

More often than not we are unaware of what is going on in an organization.   When we go to the doctor to get a check up, we are seeking to raise awareness of our health.  Often times we don’t know and we can’t know without some diagnostics what is going on in our organization.  We need a “check up” to find out what is going on.   This check up needs to be performed with a frequency that makes sense and one that it minimally disruptive.

 

 

 

 

process-tree

 


 What activities can we perform to raise awareness?

One of the first practical activities is to start with a communication campaign.   (Internal Communications) <-see the post from  for more details below are Shel’s words.

1. Mobile

Employees are using their personal devices for work simply because they’re better than the devices distributed by the company (if, that is, they were among the employees who actually got company phones) and they’re able to use those meatier features to fuel their own improved efficiency.

Regardless of the motivation, however, there are opportunities to reach employees who were relegated to the have-not class when companies abandoned print for the cheaper (but not necessarily more strategic) intranet.

2. Video

According to one study, 72% of internal communications teams are planning to increase the use of video as a means of communicating with employees. That dovetails nicely with the mobile trend, since YouTube recently revealed that mobile devices account for 40% of the videos consumed on its site.

More and more companies are adopting a YouTube-like approach to video, introducing video libraries that let employees search for videos, comment on them, tag them, embed them and (importantly) upload their own as a means of sharing information and knowledge.

3. Communicating for engagement

Employee engagement has always been the province of Human Resources, but research from the PR Academy supports the notion that good communications contributes to higher levels of engagement.

The focus on engagement is being accelerated by articles in communication publications and sessions at conferences from communicators who have been able to connect the dots. The mandate is clear as alarmingly low engagement levels lead executives to wonder why their communications departments aren’t doing more to correct the problem. Gallup, which more or less invented the whole concept of engagement, found that only 13% of employees worldwide are engaged at work.

There are ample opportunities for communications to bolster engagement. One is to improve the channels through which employees’ collective and individual voices are heard. Another is to recast communications based on the stakeholder groups with which employees self-identify: work groups, project groups and the employee-supervisor relationship. A lot of executives believe employees don’t care about the issues that keep them up at night, but employees do care—deeply—when those issues are articulated in the context of these stakeholder groups.

4. Social software adoption

While social software has been deployed in many organizations, employees generally haven’t adopted it. Adoption is critically important, since businesses that don’t migrate to social software as a conduit for day-to-day business will be mangled by their savvier competitors. The McKinsey Global Institute estimates productivity improves by 20-25% in organizations with connected employees, and the potential for revenue amounts to $1.3 trillion per year.

Yet, according to Prescient Digital Media’s 2013 social intranet study, only 13% of employees participate in the social intranet on a daily basis while 31% rarely or never do.

Given the focus on engagement and some other key internal communications trends, communicators will take a more active role in promoting the adoption of internal social media, which will require a strategic pivot away from the vice-like grip email has on most employees’ communication practices.

5. Activity streams

Nothing succeeds like success. When organizations focus on adoption of social software, the tool that attracts most employees is the activity stream (the equivalent of Facebook’s news feed on your intranet). With employees able to see instantly what their work team peers, project peers, bosses and other employees are doing, they feel more connected and, as a result, get more engaged.

Within organizations that have adopted the activity stream as the dominant homepage feature, communicators are giving up their magazine-style approach to sharing news and simply injecting their articles and other content into the stream. At least three organizations I know have seen this approach result in three or four times the views of their content. That’s right: Getting employees to “follow” or “like” the communications profile leads to more consumption of communications content than the traditional approach of listing headlines on the homepage.

7. Social visual communication

Images are dominating shared content, and with good reason. Engagement levels and interaction with images are significantly higher than narrative text as content consumption shifts from fixed desktops and laptops to mobile smartphones and tablets. While I’m hesitant to call this an internal communications trend—I haven’t seen it manifest yet inside any organization—it is inevitable. Smart communicators will get ahead of the trend and innovate ways to use images to tell stories and deliver messages, along with the channels for delivering them. I wrote a post recently suggesting six ways communicators can use images for internal communications.

8. Digital signage

These devices are activated by touch or motion, incorporate video, and can be tailored to deliver relevant information to employees based on their location, even floor-by-floor. Here’s just one case study from a freight company.

9. Gamification

Gamification, stated simply, makes it fun to do things that usually are mundane and tedious by applying one or more of the elements of game-play. These typically include badging, leveling, leader boards, and completion bars.

Communicators who acquaint themselves with the principles of gamification will be able to apply it to communication challenges.

10. Print

The simple fact is that employees don’t use the intranet the same way they used the company publication. While the periodical all-employee publication isn’t making a comeback, niche uses of print that are based on achieving measurable objectives are making a comeback in many companies. Hospitals, for example, are returning to print to get messages to nurses and other staff who don’t have access to the intranet. Yes, it’s costly. Yes, it has long production lead times. But it also works.

11. Employee influence measurement

As employee-to-employee communication moves into the jurisdiction of internal communications departments, identifying and tapping into those employees with high levels of influence will grow more important. The folks at Microsoft recognize this; it’s why they’ve done a deal with Klout to have an influence score appear on their Yammer profiles based on their internal Yammer activity. I have little doubt that Chatter and other internal networking tools will follow suit, but in the absence of such automated scoring, communicators will find other ways to figure out which employees to tap for advocacy and ambassadorship roles.

 ___

Communicate, Communicate, Communicate.. – Cohen

As your organization gains momentum in communication, feedback and open exchange the ideas around social constructionism – (Social constructionism, or the social construction of reality, is a theory of knowledge in sociology and communication theory that examines the development of jointly constructed understandings of the world.Wikipedia start to emerge.     What this means on a basic level is that WE are smarter than ME.   Strategic communication through a matrix approach facilitated and orchestrated (INFORMS) the organization.   This information … converts in context to KNOWLEDGE and feeds strategy.    Communication is a basic and practical way to turn a KM strategy into an effective KM practice. 

What about organizational conflict management?

Yes.. it is again tied to communication.

 

3440210204002

Keeping it Practical

1) Position our organization for learning.   We do this by learning about ourselves, our people, our process, our methods, and tools.  What are the best things we never knew we had, including our who, what, when where and why?

2) What level of awareness do we need in our organization to be successful?  What does awareness mean to us?

3) What are our current activities and how do they tie to our current business, mission, vision, scope and objectives?   What questions do we need to come up with to understand OUR landscape.   

4) Does our current Knowledge Management practice align with our business objectives?   Do we work in siloes?  Is that ok for our kind of business?   What information needs to transfer between individual performers and groups? How do we deal with personal, team, and enterprise knowledge?

5) What areas do we need to practice an approach to organizational conflict management?  What are the costs associated with conflict management?  What are the benefits and innovation potential for conflict management?   Inter and intra-department transformational and adjacent innovation?

6) What are we doing well today?  What do we need to reenforce and what do we need to resolve?

Most of the tools are already in our organization.   The key is active communication, facilitation and attention to people our most valuable and precious resource.

 

Leadership has the tools, the process and the methods of communication in hand today.  With a well thought out strategy, leadership can start communication early and often. They can create opportunity for employees to engage and provide feedback.   This communication will inform the strategy for business which includes KM.   The well informed organization lowers risk, increases opportunities for cost savings where it makes sense and increases the opportunities for revenue generation.

Communications

For Your Company – How much do you depend on Google? ~KM

Jake used to get his searches for free....
Jake used to get his searches for free….

The Value of Internet Searches

This is something to think about in relation to how organizations use external search tools.  This doesn’t apply to Google alone and I am not stating that Google will in fact charge us for search.  I am asking what would happen if they did.  I am also wondering out loud what the impact would be if they charged a subscription?   We live in interesting times, where water costs more than soda even though the water we get out of our tap may be better quality.   Communication apps are selling for BILLIONS of dollars while communication companies can’t make a buck.    More money is invested in technology companies on tech that entertains us over tech that would save us and heal us.   It is very possible that our personal and professional relationship with companies like Yahoo, Google, Microsoft and others could change and that our reliance on these companies could give them the leverage to charge for searches.   Why not?  Just a thought..   Better yet.. What would that do to the knowledge base of your business?

 

Innovative Company A with Super Awesome Brilliant Employees

Fred: Hey George!  How do you flig flam the whatsamazzoozit? 

George: Ehh.. I dunno..  Let me google that…

Fin

What just happened here happens ALL THE TIME in companies and organizations all over the world.   What would happen if Google AND other search companies decided to realize their magical hold on us?

  • Are you prepared to function holistically without an external search capability?
  • What is the value of Google and/or Bing, Yahoo, Dogpile, Refdesk etc?
  • What does this capability or this knowledge base represent in terms of support to your organization?
  • How would your staff manage less Google?
  • Would you pay for a subscription license to search the internet?

More over

  • How does external search create NEW capability and NEW opportunities for your organization?
  • Should these search companies get a piece of new business because they helped you get it?
  • What if they decide that this is something they want to do?

Even if you have a closed organization and you have great concerns for sharing corporate intelligence this does not impact the requirement or the desire of staff to consume data from the outside.

When **cough** I mean if this happens.. what will you do?

 

 

Sometimes Simple is Effective!

Simplify Complexity in KM

Image

Google gives us 10 results in less than .50 seconds, give or take a little.   You may be interested to know that Google isn’t alone, just search the major engines and count the results.   Without getting into the science of why this is the default response and display, lets just be aware that this is what happens.

So, what is this =1 business?

If you ask a room full of people where they get information when they need to know something, they say “Google.”   There is no debate about it.  Even if they search Yahoo or Bing or even their enterprise, they may say they “Google it.”  What they are doing is searching, searching for the one thing they need at that moment in time.

That is what this is about.  Results = 1, the one thing you need, that one piece of information you need WHEN you need it.  Now, people commonly understand that this is true but it seems that we forget.   We aren’t a knowledge based generation for what we know, we are a knowledge based generation of what we can find and how quickly.

This requires that we write, publish and share.   This also requires that we have the ability to gain access to contextually aligned INFORMATION that we can TRANSFORM into knowledge for our use at any one point in time.

There are many uses for crayons, some of them are simple and others are complex.   If you needed to find out what you could do with crayons, you would compose a search.

Screen Shot 2013-10-27 at 8.57.14 AMOn the wonderful things that you can do!  What did you know?  You could get lost in here.  Most of us need to know the one thing we need.

Did you know that crayons could help you survive if you are out of power and need light?

http://survivial-training.wonderhowto.com/how-to/make-emergency-candle-from-crayon-157507/

Crayons have made careers and have inspired thoughts!  Crayons have helped children communicate and have been a fundamental part of education for many years.

http://www.crayonslife.com/

In the end with all the complexity 

There is simply a crayon.  Maybe just one. 

Maybe the one that simply matters to YOU!

SamBoni

The OUTCOME is our need to convert information to knowledge that is relevant and important to US for US.   As the one!

That is why

trustand Good Communication are ALWAYS required!

For KM to be effective it has to go from Personal Knowledge to Information and BACK to Personal Knowledge! 

Personal Knowledge Management - MindMeister Mind Map.pngandonlinelogomaker-102613-2009

 

The RIGHT Data Could Be More Valuable

The power of purpose

Good data does not mean good analytics.  Larry Lorenzoni – “Birthdays are good for you. Statistics show that the people who have the most live the longest.”    Without purpose data is useless.

Google CEO Eric Schmidt.  Every two days now we create as much information as we did from the dawn of civilization up until 2003, according to Schmidt. That’s something like five exabytes of data.

Let me repeat that: we create as much information in two days now as we did from the dawn of man through 2003.

“The real issue is user-generated content,” Schmidt said. He noted that pictures, instant messages, and tweets all add to this.

An IBM report on big data states, “Every day, we create 2.5 quintillion bytes of data, so much that 90% of the data in the world today has been created in the last two years alone.”

What about RIGHT DATA for the RIGHT purpose?   The hype on “BIG DATA” and concepts

Hype-Cycle-of-Big-Data

We also have a lot of discussion this year about “Smart Data”  http://www.fastcocreate.com/1682757/turning-big-data-into-smart-data-5-lessons-for-marketers-from-the-obama-campaign

Joe Rospars, co-founder and CEO of Blue State Digital, the agency behind both of Obama’s campaigns, says harnessing the power of big data is not about simply analyzing antiseptic information, it’s about using whatever information is at your disposal to understand the people behind it all. “Big data is about having an understanding of what your relationship is with the people who are most important to you and an awareness of the potential in that relationship,” says Rospars.

Open Knowledge Foundation says-

What do we mean by “small data”? Let’s define it crudely as:

“Small data is the amount of data you can conveniently store and process on a single machine, and in particular, a high-end laptop or server”

– See more at: http://blog.okfn.org/2013/04/26/what-do-we-mean-by-small-data/#sthash.dVM0dqPF.dpuf

cornell

Small data are derived from our individual digital traces. We generate these data because most of us mediate or at least accompany our lives with mobile technologies. As a result, we all leave a “trail of breadcrumbs” behind us with our digital service providers, which together create our digital traces. The social networks, search engines, mobile operators, online games, and e-commerce sites that we access every day use these digital traces that we leave behind extensively. They aggregate and analyze our digital traces to target marketing and tailor service offerings and advertisements and to improve system performance…

…but none of these services currently consider the value of providing these personal traces back to the person who generated them. Consequently, they do not yet have a ready made vehicle to repackage their data about me, in a useful format for me, and make it available to me!  http://smalldata.tech.cornell.edu

equalimages

Mining for gold in the ocean — http://oceanservice.noaa.gov/facts/gold.html

Ocean waters do hold gold – nearly 20 million tons of it. However, if you were hoping make your fortune mining the sea, consider this: Gold in the ocean is so dilute that its concentration is on the order of parts per trillion. Each liter of seawater contains, on average, about 13 billionths of a gram of gold.

There is also (undissolved) gold in/on the seafloor. The ocean, however, is deep, meaning that gold deposits are a mile or two under water. And once you reach the ocean floor, you’ll find that gold deposits are also encased in rock that must be mined through. Not easy.

Currently, there really isn’t a cost-effective way to mine or extract gold from the ocean to make a profit. But, if we could extract all of that gold, there’s enough of it that each person on Earth could have nine pounds of the precious metal. Eureka!

If we invest the time and the money we could all have our nine pounds of gold. Better yet, we could come up with a technology to mine the gold from the ocean from the business perspective. It is possible that technologically we could mine the ocean for gold. Why don’t we do it?

I have to start asking the same questions about data. Why are we looking to focus on big data and ignoring or leaning away from the discussions on “the right” data? I think small data is akin to strategically looking for gold already in a cluster. It is easier to access (even though it still may be difficult). In the short term it is more valuable and generally the cycles in labor put against gaining this precious metal pay dividends immediately. Same could be said for small data. We have access to small data, we can easily identify what this data is contextually related to and this data has more immediate value.

GOING BEYOND BIG/SMART/SMALL

The focus on data for purpose is starting to get lost on organizations that don’t pay attention to personal knowledge management or enterprise knowledge management.

Seeking data + 

Personal and Enterprise Knowledge is the key to Knowledge Transfer which enables Organization Resiliency, Sustainability and Growth.

In a recent meeting with a high level executive,  I discussed collaboration, knowledge management, knowledge transfer and the power of facilitation.   After an intense exchange of ideas the exec asked “what is the deliverable”?  That my friends is the problem here.    Big data, small data, smart data, some data, something has to be delivered in an explicit package to be of value.    The problem with that is not everything is tangible and not everything can convert to explicit data.

You go on a trip to a beautiful island resort and you have a wonderful time.   The clear blue waters were warm and inviting, at night you sank into a comfortable chair and watched the stars dance for hours.  The trip not only rejuvenated you but it also forever changed your perspective of the world and life as you know it.    At the end of the trip, there was a survey;  you were asked to rate different areas of your trip from 1-5.     At no time did a person interview you and there wasn’t a diary or historical writing of your experience, just the numeric reference for feedback.     It is possible that through the lens of numbers the resort could gain valuable insight on what they are doing right and wrong or where they could adjust BUT I suspect that the story of your experience would be of much greater value.  That story would be told from person to person and not through analytics.   It is not a “deliverable” that is accounted for.   This is what we miss all the time.     Everyone knows about it, everyone seems to “get it” and tell me that they understand the value in the stories or the value in the human element.   If that is the case and people “get it” how come so many organizations ignore it?   Why are we ignoring the emotional and more tacit considerations?

I can understand why big data is a big deal.   What about the best thing you never knew YOU had?

What about the information that you knew you had but now have lost track of?

Data has no value if it is “just data”, you could have ownership of all the gold in the ocean and never make one bar.

Maybe we overlooked the value of the ocean within itself and should never have been concerned with the gold.   The reality is that we continue to devalue people, relationships and context or work and we seek tools, technologies and STUFF.    There is nothing wrong with the usage of tools but the idea that everything is tangible, explicit and readily available is bologna.

“It boiled down to courage and tenacity”: My “Inbox Interview” with Howard Cohen, Community Manager at DISA Forge.mil and Technologist by Chris Maher

I was interviewed a few weeks back by Chris Maher on Linkedin.  The topic was concerning “Trusted Computing”  and ramblings on security.

CM: Howard, as you know, I quoted you at the 2011 NSA Trusted Computing Conference & Exposition: “Well.. I believe in Americans. I believe that when we see various challenges that we individually step up and out to deal with them. We have put your faith and trust in leadership and leadership has been pounded with more work than they can handle (yes, I am being nice). That being said, it is up to us individually to lead where we are. We must individually work to change our own behavior and look to influence others by leading from where we are. If I am a Janitor, then I look for ways to be efficient in cleaning and thrifty in spending for supplies, or find ways to reuse supplies. If you are an Executive Assistant, find ways to make a difference in the office. If you are a Technical Strategist, teach everyone everything you know about Service Orientation and Trusted Computing and technical reuse models. It doesn’t matter who you are, it matters what you do. Our jobs do not define us holistically. In recent days I have seen civilian leaders (you know who you are) step up to the plate and take risks in order to share their ideas on how to create a more effective and efficient acquisition solutions. It isn’t only up to them. We will find more success together by working to change these behaviors and tackling the challenges we can see one person and one problem at a time…” (SOURCE):https://cohenovate.wordpress.com/category/howard-cohen/

It’s a great quote for a variety of reasons. That said, I want to focus on your awareness of and experiences with Trusted Computing. How you were first introduced to Trusted Computing?

Chris,  Thank you very for clearly understanding and articulating the message of “leading from where we are.”  I have been working for the Department of Defense for close to a decade now, before that I worked at a school division and the commercial industry.  I have worked for Joint Forces Command, Joint Staff and now DISA.   I started hearing about Trusted Computing while working at the school division, if anyone is going to break your system it will be the kids.  I learned a great deal about system hardening as I entered the world of military architectures at J8.   I started at US Joint Forces Command by using security technical implementation guides (STIGs) as we call them.   Prior to that I was using non-military oriented technologies like hard drive sheriff, deep freeze, bootable cd os (barts PE), stuff like that. 
And, in your estimation, why does Trusted Computing matter? Why is it important?
In enterprise computing you want to be able to leverage standards. We need the ability to look at metrics and we need to understand what “expected behavior” is.  In other words, we need to be able to know when something is not working right.   So you need standards so that experts can be on the same page and understand what they are looking for as “normal” as opposed to seeing something that “interesting” , if everyone is doing their own thing at the enterprise it makes it very complicated to know what the heck is going on.   You have “shadow IT” that will compromise the integrity of the network simply because it exists.   When working in an enterprise users and operators need to trust that mechanisms are in place to protect them.  I can go on about this but the bottom line is that to know if something is wrong you need to establish that something is right.  I believe that is why Trusted Computing is important. 

CM: As you may know, Richard Stallman once rebranded Trusted Computing (TC) as “Treacherous Computing” which made a neutral set of technologies out to be a threat to open computing and/or our civil liberties. Stallman conflated Microsoft’s Palladium effort with the word of then TCPA. Ever since, TC has been dogged by the adjective “controversial.” For me, TC (including self-encrypting drives) actually protects my civil liberties by arming me, the digital citizen, with technologies that can defend my information from any intruder… including an intrusive government. But that’s just my opinion. How do you assess the intersection of Trusted Computing and civil liberties.

As long as there are people involved in computing, there are going to be hackers.   As long as we are at war with others, there will be people who will look to harm us in the real world or through technology.  Sure you are sharing the standards but I would say process and method are two different things.  In other words, you may have common technological frameworks and standards but how enterprise strategists think about and employ these technologies are different.   For example, I know of an organization that uses two layers of username and password and additionally requires a common access card, all of which are standardized.   The practice is abnormal but if a technologist was brought in to help solve a problem once he or she understood the architecture and because they are using standardized technologies and platforms they can help solve the problem.   I equate it to having a human in the loop.  People are your greatest protection mechanism as well as your greatest threat.   In terms of civil liberties, I think we have some problems with the law more than technology.  We don’t have a right to privacy, it isn’t guaranteed by the constitution and that means corporations and people are free to snoop around our business.  When that gets into information gathering and data aggregation it poses a much bigger problem than just technical mechanisms to protect our data.  It is more about what information did your city just put out about you and your home value, stuff like that.  So, in other words I am not sure that Trusted Computing makes a difference here unless we are just talking about me protecting my local hard drive.

CM: Much noise is made by IT professionals about the difficulties of using TC, specifically going into the BIOS and having to turn on TPMs. And it must be said that there has not been the development of many applications that leverage TPMs. In your experience, is Trusted Computing too hard to implement?
I have seen full disk encryption at the corporate level and while working with the government.  I have not seen BIOS based modules employed and I don’t have personal experience with BIOS based secure computing.  As I mentioned earlier, while working at the school division we used a device call hdd sheriff and some technology out of Israel to perform persistent drive management and encryption.   This was over 10 years ago too but the concepts have been around for a long time.   There aren’t a lot of commercial options that I have seen at the application level that use TPM’s but I think there is value there depending upon the requirement.   This is all about balance.  Risk is the key.  How much is this going to cost you?  What are the implications?   If I am working in the financial sector, I want as much technology as I can to protect my information.  The same could be said for the medical industry, I haven’t figured that one out yet but I am sure there is a good reason.  

CM: It’s been my contention that government MUST take the lead in adopting and recommending Trusted Computing. In this regard, I’ve been heartened by the NSA’s (more or less) full-throated endorsement of TC and by the CESG’s recommendation in favor its use. Further, as you may know, NIST 800-155 (in draft form) has recommended (or will recommend) the use of a hardware root of trust as a foundation for BIOS Integrity metrics. Still, it seems like .gov and .mil domains have been quite slow to fully adopt these open standards and technologies. In your view, what’s the state of play re: TC adoption within our government?
This is about cost of implementation and ability to implement.  In other words, as long as there are programs that are “Programs of Record” with Title 10 authority, essentially meaning that they can control their own technical destiny there won’t be adoption unless it becomes part of the culture.  For example, while working for Joint Forces Command I stood up one of if not the first accredited virtual infrastructure.   Most people were getting rejected at the time because hardening didn’t exist aside from the vendor best practices.   Information Assurance folks were afraid to take the risk, although it could mean millions in savings.   It boiled down to courage and tenacity.   The government leadership I worked with and for championed the idea and helped me bring people together by supporting our teams ideas.   It took many briefs and I think I have stock in some chocolate company now as well to get people to believe that there was value in virtualizing the infrastructure.   I know that sounds funny now because so many have adopted virtual technologies.   Here is the kicker though, today even though virtualization has proven to be of great value there are many government programs that haven’t virtualized and / or won’t go because of requirements and title 10 authorities.  CM: A great deal of academic and industry research has focused on the value of TC when it comes to authenticating users in a cloud-computing context…as well as using TC to protect user’s data in the cloud from the “insider threat.” Speaking specifically about the cloud-computing context, how important do you think TC technologies (TPMs) and protocols are as enablers?

As I started working on enterprise computing concepts and strategies, I started to see a trend.  Thomas Erl talks about this in his service oriented architecture books but it has to do with understanding dependency.  Cloud computing may increase risk.  Notice I say “may” instead of will, the reason is that every enterprise situation and IT ecosystem is different, remember earlier when I was referring to process and method being two different things.   Regardless of the situation organizations will have dependencies, for example you need communication services to connect to the Internet.  As you increase services and connectivity requirements it is likely that you introduce more dependency.
The cloud really refers to “off premise” services. These services are interconnected enterprise services that go beyond an organizations local physical infrastructure.   This is very important to realize because it means that hardware and IT resources are still potentially under trusted controls of an organization which of course then leads to leveraging organizational standards etc.   

The difference is that when you have a dependency on a “cloud provider” that is outside of your organization you build dependencies in which you may lose control over the IT resources.  As you give up autonomy or operational governance, you become more reliant on legal remedies.  In other words, SLA’s or Service Level Agreements become critical to the organization.   This relates to Trusted Computing in a lot of ways, for example a service provider may need to employ certain (TPM’s) prior to an agreement of use.  This increases the cost to service providers and also may limit choices as to what service providers’ organizations can use.  An example is that Amazon offers Federal services with enhanced security.  I am not advocating for any service provider, I am simply saying that as cloud services increase, the costs of these services will increase and the demands of security and stability increase.   In the grand scheme of things it wasn’t that long ago that most folks were on dial-up, it was $9.95 to $19.95, today most people pay $40.00 for Internet services not including the extra services they pay for while on the Internet.  As these costs increase, it pushes the price of everything up, simple economics.  Trusted Computing in the cloud is costly, but organizations when moving to the cloud will need to absorb these costs.  

My key point is that we can’t rely on technology alone.  Technology as it is today can be overcome by the human brain.  That being said, we still must put barriers in place to slow down attackers enough so that we can identify in some manner that our information is being attacked.   It is the difference between having a lock on the door and adding a security system.   Some people would say that adding a security system adds no value or is a waste of time.  I think as we continue to build technological solutions to thwart attackers or secure the enterprise, we strongly need to consider how we can keep “a human in the loop” and have people involved in watching the various stores.   As we move forward with these kinds of discussions we truly need to consider people, process, methods and finally tools which in my mind is where a lot of the Trusted Computing area currently addresses.