The Doctor will See You Now – Context = Business Quick Fix

Chances are if you go to the doctor you will have a short conversation, a quick check up and some blood work.   When your results come back your doctor will call you in to discuss your findings.   If your doctor practices medicine as a modern practitioner and there are any problems found they will look to find a prescription for you to take.

Now take your medicine.

The same thing has happened in business.   Companies look at business indicators, take into consideration the technical factors and come up with technical and process oriented solutions to change the business in order to increase overall business effectiveness.

The result in both cases is that we treat symptoms and not the root problem.    The problem is that it is very costly and time-consuming to treat the problem.  Treating a symptom is fast and effective.   It is a quick fix solution that may delay or push back the need to address the root problem.    The problem is still there and both your doctor and business leader are just potentially exacerbating the situation by masking the problem.

“Take two business leadership books and call me at the end of the quarter.”

Why don’t we change our behavior?

I have been wrestling with this question for a long time.  I have read a lot of books and articles on this subject and my team and I have come up with ideas and tested them in the workplace.   It boils down to the same thing over and over.   It is about consideration for people relative to a quick dollar.

Let us say in the scenario first presented with the doctor that when you went in to the office, you spend more time and money up front with the doctor.   The doctor gives you a much longer diagnostic, they ask about your life and your family not in passing but in detail.  They talk to you about your food intake and your stress levels, they look at your schedule for work and home and they do some research on your life.   They would in this case look to learn more tacit information.   It costs too much money.  It will cost too much time.  It would be expensive for you and the doctor in many ways that doesn’t require a breakdown because this is something you already understand.

It is the same with business.  If the business has to invest a lot of time and resources even with a long-term vision, it won’t spend money on people.

That’s it!  People are the most important aspect of any business or practice but the way our world works today we look to think about short-term people strategies and short quick fixes.   This short-term thinking has been very expensive itself as it creates a whole slew of new problems and new technologies.

In every aspect of our lives we now look for short-term and quick solutions.   Think about it.   From 30 minute meals to 60 day exercise routines that will bring you quick results.   Take the pill and you will be better.  Buy a technical solution and it will fix your business.

If we are going to start seriously addressing the problems at work and at home, the first problem we need to really deal with is asking ourselves about what we are willing to invest.   We will have to ask ourselves how important the problem really is to us and how much time we want to even think about it.

If you want a quick fix and have a desire to pretend that everything is ok, take a pill and be on your way.  If you want to really deal with the issues at hand, there will be pain and sacrifice, there will be an investment on your part, and there will be tough choices.   The funny part about this second option is that other problems could come up and all your work could in fact be for nothing.   This is just reality.  Even with that being the case, what is the effort worth to you in the long run?

Start asking these questions and you may find out that it is worth more than you know.

Meet in the middle

 

When I was a child my mother put this picture on the refrigerator, it is simple and telling.   I put this picture up at work as a constant reminder of the benefits and challenges of working with others.

Regardless of who is at fault or the challenges we face it is my hope that our politicians and leadership realize this simple message.   We can all benefit from being less stubborn and through the realization of working together move forward and live well.

 

Thanks mom ..

LOST -Line of Sight Tasking and Result

ImageThe last thing you did may have been the first thought in someone’s head and the last thing on your big list of things to do.

“If you thought you were busy now, just wait.”

What the management books or leadership books have a hard time conveying is something beyond a process.  The tacit knowledge that makes successful people actually successful is where a lot of the magic lives.   Reading most of these books gives the reader some good ideas on the process but not always the methods employed to create that success.   Enough on this..  back to the point.

LOST – Line of sight tasking causes stress, anxiety and can make some feel overwhelmed.   Managers can forget what tasks they put out and the result is a loss of tasking and accountability.   Recently, I have thought of this as in relation to a math or science problem.   If a manager tasks 15 people by line of sight, he or she can achieve their ultimate goal.   The manager can still have a mission, vision, goal and objective, critical success factors and an end state in mind.   This manager can be successful but there is a cost.   Lets look at this from the perspective of a math problem.

The problem to solve is: (3+4i)+(8-11i)

The answer is: 11-7i

as opposed to 

The problem to solve is (3+4i)+(8-11i) and.. Remember, with complex variables, keep like terms involving i together….

Multiply i and 4

Multiply i and 1

The i just gets copied along.

The answer is i

i

4*i evaluates to 4i

3+4*i evaluates to 3+4i

Multiply i and 11

Multiply i and 1

The i just gets copied along.

The answer is i

i

11*i evaluates to 11i

8-11*i evaluates to 8-11i

To add the polynomials 3+4i and 8-11i we try to add or combine terms in one polynomialwith any like terms in the other polynomial.

3 + 8 = 11

4i + -11i = -7i

The answer is 11-7i

(3+4*i)+(8-11*i) evaluates to 11-7i


The final answer (almost!) is

11-7i

Now, let’s simplify the i‘s to get our final answer:
The i in -7i cannot be simplified, so just leave it as is.


The final answer is

11-7i

It is pretty ironic that I am using this as an example since I consider myself Dyscalculia.   Getting to the answer or knowing the answer or getting the result is only PART OF THE PROBLEM.   We have to be able to understand how we got to the answer and further what steps = tasks we took to get there.

What if I were to say to solve this problem (3+4i)+(8-11i) but the “order of operations” is by line of sight management.  “I need you to start with 3+8.”  Could you get to the right answer?  Sure, I bet you could.. might take longer.  How do you know you have the right answer?  How could someone help validate your logic?  How could people duplicate your efforts?

If we take a logical and thought out iterative approach to project and task management there is time to check our work.   Line of sight tasking creates memory loss.  No one really knows what happened last or what is coming next.

The thing about feeling overwhelmed in project management and feeling stressed is to get a hold of the big picture. The problem is that anxiety and stress related to line of sight tasking doesn’t really come from the person that is creating the tasks. It comes from the people that are on the receiving end. Somehow people that are creating the tasks are of the mindset that if you believe it, you can achieve it.

Consider this when you are working on your next project.

Harder than ever to work together.

We are so connected.   We are so connected to each other that we are disconnected from each other.  We have social networks, texting, phones, blogs, emails, television, internet channels and still we are disconnected.   Now we are looking to find ways to connect more.  The reason is that normal person  to person communication is breaking down.   We have a spillage of indifference in communication that is coming from this inhuman and impersonal nature of internet chatter.   The talking heads on television say things to each other today in common discourse that would have never been tolerated.   We have bullying at an all time high because people say anything on their minds.   The filters are coming off or wearing down.

We are becoming less trusting of each other and really for a good reason, bad behavior is tolerated.   The knowledge workers are tethered to the great internet, might as well be jacked in like Neo.  We seem to know everything all the time, or at least think we do.  In the past 10 years of my career, I have seen more people say “I know” grow beyond anything I could have or would have ever imagined.   We all “know it all” instead the truth is more like we know nothing of everything and something about nothing.   We actively choose to forget the things that matter or look to our past for lessons of our future.   I don’t like the way things are playing out and I don’t like this world that we are sculpting.   Our ethics and morals are going down the toilet but we build ethic and moral centers.  It is like we all say that those things that you are supposed to do are for others not for us.   Our jobs are getting harder because we don’t really talk to each other anymore and we are too smart to listen.

I wonder where we will be in another 10 years.  I love technology and tools, my life has technology integrated but I am really wondering if we are better off with less.

When (BYOD) Bring your own device becomes the norm, will we all be sitting in the same room texting each other?  I hope not..

In support of our Warfighter Creed

Perception

 “Reality is merely an illusion, albeit a very persistent one.” – Albert Einstein

Google “Contractors Creed” and this is what you get from http://www.militaryphotos.net/forums/showthread.php?57037-Contractors-Creed

THE CONTRACTORS CREED
I am a contractor. I look out for myself, the operators to my left and right, and no one else.

I will always take advantage of the fact that I can finally tell Commissioned Officers to pack sand, and will do so at every possible occasion.

I am my country’s scapegoat, the “plausible deniability” warrior, and I love it.

Less than 700 dollars a day is Unacceptable.

I am trained to eat things that would make a Billy goat puke, but will refuse anything less than 60 dollars Per Diem because I am greedy.

I care not for ribbons, nor awards for valor. I do this job for the opportunity to kill the enemies of my country, and to finally get that boat I’ve always wanted.

I will be in better shape than 99% of the active duty personnel, although this is not hard.

I will equip myself with the latest high-speed gear, and will trick out my M4 until it weighs more than 24 lbs, not because it works better, but because it looks cool in photographs.

I will carry more weapons, ammunition, and implements of death on my person, than an infantry fire team, and when engaged I will lay waste to everything around me.

In any combat zone, I will always locate the swimming pool, beer, and women, because I can.

I will deploy on my terms, and if it ever gets too stupid, I will simply find another company that pays me more.

How complicated…  or Maybe not

While this particular writing is referring to contractors that are serving (yes I said that) in the field alongside our finest.   It is a common theme heard in any situation where defense contractors are present.

According the NY Times “There were 113,491 employees of defense contractors in Afghanistan as of January 2012, compared with about 90,000 American soldiers, according to Defense Department statistics. Of those, 25,287, or about 22 percent of the employees, were American citizens, with 47 percent Afghans and 31 percent from other countries.” (http://www.nytimes.com/2012/02/12/world/asia/afghan-war-risks-are-shifting-to-contractors.html)

If that is true, which I believe it was at the time and still is, than contractors are part of our fighting forces and moreover they are part of our planning forces.   What this means is that

  • Contractors are people.
  • Contractors have a stake in war fighting personal and professional.
  • Contractors and Government Civilians are similar in a lot of ways.
  • Contractors and military service members can operate under the same conditions.

Captain Obvious

Good ethics and values are not bound by our uniform or contract.  In other words, whether I took an oath and wrote it down as a human to human kind of activity or I took an oath on my own the result is the same.   In contracting documentation and presentations given to government workers there is a note on the fact that a government worker took an oath.  Here is  an example ethics handout it is public via google.

(http://www.doi.gov/ethics/docs/Dangerous%20Liaisons,%20Dealing%20With%20Contractors%20Handout.pdf)

More on this www.acq.osd.mil/dpap/ccap/…/gov.ctr.relationshipaf.doc (Air Force document).

What the documents say is “do the right things” and they tell you what those things are by law.   Interestingly enough,  I have worked for years with contractors and leadership has told us over and over what the right things are.   The point is that WE should be ethical in OUR behavior REGARDLESS of whether we are government or contractor.  More often than not in my experience a lot of contractors are more inclined to do the right things because they really have more to lose.

Let’s think about this for minute..

  • Contractor does something wrong the result is termination of the contract.
  • Government worker does something wrong the result is an inquiry, after years the government worker is either terminated or promoted.

Isn’t this true?  Or do I just have a great imagination?

Point – If you are bored by now

We need a creed on behalf of our war fighter.  We need to be ethical and have integrity because.. JUST BECAUSE folks….  Politics are for politicians and there are a lot of them.  One thing I have learned over the years is that politicians don’t stop bullets from the boardroom.  I don’t really care what they are doing frankly, I care about what I am doing.  Am I doing what is right for my friends in the field?  Whether they are paid for by the government through one color of money or another doesn’t matter, the result is the same.  We are fighting for freedom; our freedom and democracy; our democracy. I am **ANGRY** because I am an American and I love this country and want it to exist and I want my kids to have choices in their lives.

I am tired.. of hearing excuses from individuals that they can’t do the things they need to do because of someone else.  I have mentioned in posts before that I know people that don’t give up but they are few.  So, here it is.. the short of it…

In Support of our Warfighter Creed 

I support our Warfighter. I think about my country and my family and the extension of those around me, I consider operators regardless of uniform and title.  

I will work to have faith in those around me and build trust with those whom I don’t know well in order to protect and preserve our existence as we know it.

I will lead from where I am and seek to be better every day knowing that if I excel those around me excel. 

I will look to practice being selfless and empathetic of others. 

I will be strong and take a stand when I have to. 

I will share information to benefit everyone that shares my cause.

I will reuse and recycle process, methods and tools anywhere and anytime I can.  

I have a code and recognize that others do as well, I will respect them as I expect them to respect me. 

I will collaborate, cooperate and communicate every opportunity I have as I understand together we are stronger. 

I will work to sharpen my body and my mind to be strong and ready. 

I will be concerning with my actions and take responsibility for me. 

I will be honest.

I will be loyal. 

I will deliver results and prove them when possible through measured success. 

I will not always know the mass effects of my work but I will recognize that results are independent of intent and results will vary while intent is consistent.  

I am accountable for my actions and I hold myself responsible and expect others to do the same. 

I know and understand right from wrong and if I am challenged to understanding the difference or I feel as if I am uncertain, I will ask a trusted agent to help provide clarity. 

End 

More ?

Some people can easily tie this to religion.. it can’t be about religion because we will differ.  This has to be for the purpose of our shared values.  Religion is divisive, that being said… if your faith is aligned with these concepts.. this shouldn’t be a problem for you.

I don’t expect people to take this idea and run with it or change their behavior overnight but I do want people to think about and recognize that our failings are our enemies strength.

The reason why American’s are so good is because we have shared values sewn together as a diverse tapestry with drastically dynamic and different roots.  In other words, we are all very different but when we come together these differences melt into something very powerful, common and known.  Ask anyone who grew up in a place like Coop City in the Bronx, we were all different but we were so tied together that we have been bound in friendship for almost 40 years.

Take a stand and share this creed..  letting people know that you care is a step towards building trust. 

Dispatches from the Front: 19 August 2012

Today ends Ramadan.  Previously, I experienced this month long Islamic holiday during the two years deployed in Saudi Arabia.  Back then, it was more of an annoyance than an igniter to increase our threat readiness level.   Not only do we have the Taliban to worry about, recently, there is an increase of Green (Afghan soldiers and police who were coalition trained and trusted “good guys”) on Blue (us, the coalition forces) killings.  In order to understand why such a change, I researched the significance of this religious event.  Before now, everything I needed to know about the Islamic faith, I learned on Sept 11, 2001.

The following four points have been synopsized from Wikipedia.  Ramadan:

A.            It is the ninth month of the Islamic calendar.

B.            Muslims worldwide observe this as a month of fasting.

C.            This annual observance is regarded as one of the Five Pillars of

Islam.  (If you want to review your knowledge on the Five Pillars, see the attachment page of this Dispatch.)

D. The month lasts 29-30 days based on the visual sightings of the crescent moon.  (more on the moon below)

That is enough from Wikipedia.   Now I understand.  The bastards are miserable because they realize they have not done enough for Allah.  They are hungry, thirsty and go without sex from sun up to sun down for a month.   So who do they take out their frustration besides their women who are indentured to a life of servitude?  Us!  Killing an Infidel has got to offset their warped human psyche as dehydration takes its toll in this excessive heat combined with the pains of hunger which only serves to piss them off.   I now see why this religious holiday causes strange things to happen to the people celebrating it.

Note:  I am not including all Muslims as bastards, just the ones who what to kill us; or enslave us by levying a heavy yearly tax of an amount they decide for payment for not accepting their faith.  I for one

will go to my death before I accept Islam.   Statistically, there has got to be a few of the 1.62 billion adherents that make up over 23% of the world population, who actually peacefully practice their militant religion of peace.  Let none misunderstand, Islam can be practiced as peacefully as Christianity and many do but that is not the way I have seen it.  Our Reformation worked, theirs failed.  Even the peaceful ones want all to convert to Islam.

That is enough of one man’s religious philosophy. Back to the subject of Ramadan and why crazy things are happening here.

In my opinion, dehydration coupled with heightened sensitivities, specifically cultural and religious, create conditions for bad decisions.  I’ve been here almost 3 months and I have not seen one drop of rain to reduce the 100+ degree daily temperatures.  Excessive draught as well as misery makes for an extremely combustible environment that takes only a whisper of a spark to ignite.  Those who do not share in a collective misery of a group, the Infidels, whether right or wrong, quickly become the center of the “group’s” frustration.

To counter this madness, we who are on the “inside” of the wire looking “out” and especially our Marines, Soldiers, Airmen, Coast Guardsmen and our Coalition Partners who routinely venture and remain in harm’s way; we must remain vigilant and apply special sensory awareness as we protect each other in the accomplishment of our mission.  Our enemy will continue to influence, impersonate, and intimidate the Afghan National Security Force (ANSF) in an effort to create an environment with the intent to discredit the US/Combined Force mission; to turn the security of this Nation over to the Afghan peoples who seek a better future for themselves and their children.

All enemies are opportunistic.  The Taliban are no more or no less than those of our past.  I personally think they continue to miss great strides in subversion and terror due to limited scale of though and ability to execute.  However, he has brutality and technology on his side.  The brutality the world has had to witness for centuries.

Cutting off one villager’s head in front of his family speaks volumes and cancels out the good work or deeds accomplished by the coalition forces.  Why,  because in many districts throughout this miserable land where a trained military or police force does not exist or able to respond;  the coalition forces left behind only  new schools, stocked medical facilities, irrigation ditches, roads, improved farming practices, etc., all which provide hope but not protection.   For centuries, the unprotected are forced to watch their hopes quickly be washed away by the blood of their loved ones.  With the wealth produced from the opium trade that funds our enemy, they are provided unlimited access to “everyman’s” technology.  Although they have the funds and means to purchase multimillion dollar military widgets in small quantities, they are not needed to be successful.  Access to social networks, satellite phones, and basic explosion initiation devices are what they buy and what worries me.  I promise you, the Taliban will use every available means to discredit our efforts, while he attempts to remain relevant in the minds of the very people they desire to control.

Remember, we the coalition partners have to be right 100% of the time.

The Taliban has to be right just once.

So to me, I learned that Ramadan just sucks.  I have the increase in causality reports to prove it.  The Church on March 18, 1314 burned Jacques de Molay wrongly.  It is wise there are no Knights of Templar recruiting stations on Bagram.

My mother taught me to always at least try to look for something nice in things I do not like or approve.  The timing of Ramadan with the alignment of the crescent moon and Venus is spectacular.  One early morning prior to the end of Ramadan, against the foothills of the Himalayas, the crescent moon and Venus were perfectly captured as on the

National flag of Turkey.

Semper Fidelis,

Ken

CJTF-1, 1D, CJ Assessments

Task Force Defender

Bagram Air Field, Afghanistan

APO AE 09354

Attachment:  The Five Pillars of Islam:

  1. The Shahayda (Islamic creed).

The shahada means “to know and believe without suspicion, as if witnessed, testification”; it is the name of the Islamic creed.  The shahada is the Muslim declaration of belief in the oneness of God and acceptance of Muhammad as God’s prophet.  The declaration in its shortest form reads:

There is no god but God, Muhammad is the messenger of God.

  1. Daily prayers (salah),

Salah is a ritual worship, having prescribed conditions, a prescribed procedure, and prescribed times. To perform valid Salah, Muslims must be in a state of ritual purity, which is mainly achieved by ritual washing or cleaning of the body, according to prescribed procedures.

For some of the Islamic sects, obligatory salah is prescribed at five periods of the day. These are measured according to the movement of the sun.

(1)    near dawn

(2)     After midday has passed and the sun starts to tilt downwards

(3)     Noon – in the afternoon

(4)    Just after sunset

(5)    Around nightfall

  1. Almsgiving

It is the giving of a fixed portion of one’s wealth to charity, generally to the poor and needy.

  1. Fasting during Ramadan

Ritual fasting is an obligatory act during the month of Ramadan.  Muslims must abstain from food and drink from dawn to dusk during this month, and are to be especially mindful of other sins. Fasting is necessary for every Muslim that has reached puberty (unless he/she suffers from a medical condition which prevents him/her from doing so.)

The fast is meant to allow Muslims to seek nearness to Allah, to express their gratitude to and dependence on him, atone for their past sins, and to remind them of the needy.During Ramadan, Muslims are also expected to put more effort into following the teachings of Islam by refraining from violence, anger, envy, greed, lust, profane language, gossip and to try to get along with fellow Muslims better. In addition, all obscene and irreligious sights and sounds are to be avoided.

Fasting during Ramadan is obligatory, but is forbidden for several groups for whom it would be very dangerous and excessively problematic. These include pre-pubescent children, those with a medical condition such as diabetes, elderly people, and pregnant or breastfeeding women. Observing fasts is not permitted for menstruating women. Other individuals for whom it is considered acceptable not to fast are those who are ill or traveling. Missing fasts usually must be made up for soon afterward, although the exact requirements vary according to circumstance

  1. The pilgrimage to Mecca at least once in a lifetime.

Again, this information was synopsized from Wikipedia.  I highlighted and underlined “fellow Muslims”.  The rest of the world is damned in their eyes.

Ken

“It boiled down to courage and tenacity”: My “Inbox Interview” with Howard Cohen, Community Manager at DISA Forge.mil and Technologist by Chris Maher

I was interviewed a few weeks back by Chris Maher on Linkedin.  The topic was concerning “Trusted Computing”  and ramblings on security.

CM: Howard, as you know, I quoted you at the 2011 NSA Trusted Computing Conference & Exposition: “Well.. I believe in Americans. I believe that when we see various challenges that we individually step up and out to deal with them. We have put your faith and trust in leadership and leadership has been pounded with more work than they can handle (yes, I am being nice). That being said, it is up to us individually to lead where we are. We must individually work to change our own behavior and look to influence others by leading from where we are. If I am a Janitor, then I look for ways to be efficient in cleaning and thrifty in spending for supplies, or find ways to reuse supplies. If you are an Executive Assistant, find ways to make a difference in the office. If you are a Technical Strategist, teach everyone everything you know about Service Orientation and Trusted Computing and technical reuse models. It doesn’t matter who you are, it matters what you do. Our jobs do not define us holistically. In recent days I have seen civilian leaders (you know who you are) step up to the plate and take risks in order to share their ideas on how to create a more effective and efficient acquisition solutions. It isn’t only up to them. We will find more success together by working to change these behaviors and tackling the challenges we can see one person and one problem at a time…” (SOURCE):https://cohenovate.wordpress.com/category/howard-cohen/

It’s a great quote for a variety of reasons. That said, I want to focus on your awareness of and experiences with Trusted Computing. How you were first introduced to Trusted Computing?

Chris,  Thank you very for clearly understanding and articulating the message of “leading from where we are.”  I have been working for the Department of Defense for close to a decade now, before that I worked at a school division and the commercial industry.  I have worked for Joint Forces Command, Joint Staff and now DISA.   I started hearing about Trusted Computing while working at the school division, if anyone is going to break your system it will be the kids.  I learned a great deal about system hardening as I entered the world of military architectures at J8.   I started at US Joint Forces Command by using security technical implementation guides (STIGs) as we call them.   Prior to that I was using non-military oriented technologies like hard drive sheriff, deep freeze, bootable cd os (barts PE), stuff like that. 
And, in your estimation, why does Trusted Computing matter? Why is it important?
In enterprise computing you want to be able to leverage standards. We need the ability to look at metrics and we need to understand what “expected behavior” is.  In other words, we need to be able to know when something is not working right.   So you need standards so that experts can be on the same page and understand what they are looking for as “normal” as opposed to seeing something that “interesting” , if everyone is doing their own thing at the enterprise it makes it very complicated to know what the heck is going on.   You have “shadow IT” that will compromise the integrity of the network simply because it exists.   When working in an enterprise users and operators need to trust that mechanisms are in place to protect them.  I can go on about this but the bottom line is that to know if something is wrong you need to establish that something is right.  I believe that is why Trusted Computing is important. 

CM: As you may know, Richard Stallman once rebranded Trusted Computing (TC) as “Treacherous Computing” which made a neutral set of technologies out to be a threat to open computing and/or our civil liberties. Stallman conflated Microsoft’s Palladium effort with the word of then TCPA. Ever since, TC has been dogged by the adjective “controversial.” For me, TC (including self-encrypting drives) actually protects my civil liberties by arming me, the digital citizen, with technologies that can defend my information from any intruder… including an intrusive government. But that’s just my opinion. How do you assess the intersection of Trusted Computing and civil liberties.

As long as there are people involved in computing, there are going to be hackers.   As long as we are at war with others, there will be people who will look to harm us in the real world or through technology.  Sure you are sharing the standards but I would say process and method are two different things.  In other words, you may have common technological frameworks and standards but how enterprise strategists think about and employ these technologies are different.   For example, I know of an organization that uses two layers of username and password and additionally requires a common access card, all of which are standardized.   The practice is abnormal but if a technologist was brought in to help solve a problem once he or she understood the architecture and because they are using standardized technologies and platforms they can help solve the problem.   I equate it to having a human in the loop.  People are your greatest protection mechanism as well as your greatest threat.   In terms of civil liberties, I think we have some problems with the law more than technology.  We don’t have a right to privacy, it isn’t guaranteed by the constitution and that means corporations and people are free to snoop around our business.  When that gets into information gathering and data aggregation it poses a much bigger problem than just technical mechanisms to protect our data.  It is more about what information did your city just put out about you and your home value, stuff like that.  So, in other words I am not sure that Trusted Computing makes a difference here unless we are just talking about me protecting my local hard drive.

CM: Much noise is made by IT professionals about the difficulties of using TC, specifically going into the BIOS and having to turn on TPMs. And it must be said that there has not been the development of many applications that leverage TPMs. In your experience, is Trusted Computing too hard to implement?
I have seen full disk encryption at the corporate level and while working with the government.  I have not seen BIOS based modules employed and I don’t have personal experience with BIOS based secure computing.  As I mentioned earlier, while working at the school division we used a device call hdd sheriff and some technology out of Israel to perform persistent drive management and encryption.   This was over 10 years ago too but the concepts have been around for a long time.   There aren’t a lot of commercial options that I have seen at the application level that use TPM’s but I think there is value there depending upon the requirement.   This is all about balance.  Risk is the key.  How much is this going to cost you?  What are the implications?   If I am working in the financial sector, I want as much technology as I can to protect my information.  The same could be said for the medical industry, I haven’t figured that one out yet but I am sure there is a good reason.  

CM: It’s been my contention that government MUST take the lead in adopting and recommending Trusted Computing. In this regard, I’ve been heartened by the NSA’s (more or less) full-throated endorsement of TC and by the CESG’s recommendation in favor its use. Further, as you may know, NIST 800-155 (in draft form) has recommended (or will recommend) the use of a hardware root of trust as a foundation for BIOS Integrity metrics. Still, it seems like .gov and .mil domains have been quite slow to fully adopt these open standards and technologies. In your view, what’s the state of play re: TC adoption within our government?
This is about cost of implementation and ability to implement.  In other words, as long as there are programs that are “Programs of Record” with Title 10 authority, essentially meaning that they can control their own technical destiny there won’t be adoption unless it becomes part of the culture.  For example, while working for Joint Forces Command I stood up one of if not the first accredited virtual infrastructure.   Most people were getting rejected at the time because hardening didn’t exist aside from the vendor best practices.   Information Assurance folks were afraid to take the risk, although it could mean millions in savings.   It boiled down to courage and tenacity.   The government leadership I worked with and for championed the idea and helped me bring people together by supporting our teams ideas.   It took many briefs and I think I have stock in some chocolate company now as well to get people to believe that there was value in virtualizing the infrastructure.   I know that sounds funny now because so many have adopted virtual technologies.   Here is the kicker though, today even though virtualization has proven to be of great value there are many government programs that haven’t virtualized and / or won’t go because of requirements and title 10 authorities.  CM: A great deal of academic and industry research has focused on the value of TC when it comes to authenticating users in a cloud-computing context…as well as using TC to protect user’s data in the cloud from the “insider threat.” Speaking specifically about the cloud-computing context, how important do you think TC technologies (TPMs) and protocols are as enablers?

As I started working on enterprise computing concepts and strategies, I started to see a trend.  Thomas Erl talks about this in his service oriented architecture books but it has to do with understanding dependency.  Cloud computing may increase risk.  Notice I say “may” instead of will, the reason is that every enterprise situation and IT ecosystem is different, remember earlier when I was referring to process and method being two different things.   Regardless of the situation organizations will have dependencies, for example you need communication services to connect to the Internet.  As you increase services and connectivity requirements it is likely that you introduce more dependency.
The cloud really refers to “off premise” services. These services are interconnected enterprise services that go beyond an organizations local physical infrastructure.   This is very important to realize because it means that hardware and IT resources are still potentially under trusted controls of an organization which of course then leads to leveraging organizational standards etc.   

The difference is that when you have a dependency on a “cloud provider” that is outside of your organization you build dependencies in which you may lose control over the IT resources.  As you give up autonomy or operational governance, you become more reliant on legal remedies.  In other words, SLA’s or Service Level Agreements become critical to the organization.   This relates to Trusted Computing in a lot of ways, for example a service provider may need to employ certain (TPM’s) prior to an agreement of use.  This increases the cost to service providers and also may limit choices as to what service providers’ organizations can use.  An example is that Amazon offers Federal services with enhanced security.  I am not advocating for any service provider, I am simply saying that as cloud services increase, the costs of these services will increase and the demands of security and stability increase.   In the grand scheme of things it wasn’t that long ago that most folks were on dial-up, it was $9.95 to $19.95, today most people pay $40.00 for Internet services not including the extra services they pay for while on the Internet.  As these costs increase, it pushes the price of everything up, simple economics.  Trusted Computing in the cloud is costly, but organizations when moving to the cloud will need to absorb these costs.  

My key point is that we can’t rely on technology alone.  Technology as it is today can be overcome by the human brain.  That being said, we still must put barriers in place to slow down attackers enough so that we can identify in some manner that our information is being attacked.   It is the difference between having a lock on the door and adding a security system.   Some people would say that adding a security system adds no value or is a waste of time.  I think as we continue to build technological solutions to thwart attackers or secure the enterprise, we strongly need to consider how we can keep “a human in the loop” and have people involved in watching the various stores.   As we move forward with these kinds of discussions we truly need to consider people, process, methods and finally tools which in my mind is where a lot of the Trusted Computing area currently addresses.