Threats and Risks . . . and Vulnerabilities

During an interview last week I was asked to define the difference between a Threat and a Risk using language that a non-technical CEO would understand. I gave a good answer and made it to the next round. And then I got to thinking—in my answer, I also talked about a third factor that should have been called out: Vulnerabilities.

Let’s start with some definitions:

A vulnerability is a weakness in a system that exposes the system to a threat.
A threat is anything that could exploit a vulnerability.
A risk is the likelihood of a negative event and the likely impact.

Risks are found at the intersection between vulnerabilities and threats.

Continue reading
Posted in Cybersecurity | Tagged , , | Leave a comment

Off the Shelf: January 2024

I had the opportunity to watch the ALA awards broadcast at Loganberry Books this year and that filled up my to-be-read stack, even more so than usual.

Simon Sort of Says

I went to Mac’s Backs one Saturday in late 2023 and stumbled upon local author Megan Whalen Turner posing as a bookseller. I mentioned that I try to read all of the Newbery Medal books and many of the Honor books (one of hers, The Thief, is a 1997 Newbery Honor) and so she recommended her friend Erin Bow’s Simon Sort of Says as a possible 2024 contender. Megan did a great job as a bookseller — I bought three more books than I had intended that day. And until 2024, I’d never read a Newbery before it won the award. Started in December and finished before the 15th, I can now check that goal off my list.

Simon Sort of Says is about a kid who is (for horrific reasons) internet-famous, so he and his family hide out in a fictitious National Radio Quiet Zone so he can restart his life (offline) as an ordinary seventh grader. It’s a great book and a worthy Newbery Honor.

Continue reading

Posted in Other Thoughts | Tagged , | Comments Off on Off the Shelf: January 2024

Off the Shelf: December 2023 (resiliency)

Book cover for "Adventures with a Texas Naturalist" containing a road runner and prickly-pear cactus.
Cover – Adventures with a Texas Naturalist

While meaningful to me, I don’t know that my December readings would make sense to many people. In no particular order:

Adventures with a Texas Naturalist

Bedichek is one of Texas’ great persons of letters, in the style of Thoreau. I plan on reading his Karánkaway soon and am attempting to get an affordable copy of The Sense of Smell.

Themes I took away: pay attention to what’s around you and beware of unintended consequences.

Continue reading

Posted in Other Thoughts | Tagged , , | Comments Off on Off the Shelf: December 2023 (resiliency)

Cybersecurity for Small Businesses, Part 1: Make it Harder

This is the first of six posts on Cybersecurity for small businesses. Click here for the Introduction and links to the others.


Make it Harder

Make the attacker’s job harder, starting with passwords.

Strengthen your passwords

The goal here is “easy to remember but hard to guess”, so length becomes more important than complexity. Consider passphrases rather than passwords. Pick a memorable phrase and use it (or some variation on it) or some random words as your password. (There’s even a web comic about this: https://xkcd.com/936/)

Continue reading

Posted in Cybersecurity | Tagged , , | Comments Off on Cybersecurity for Small Businesses, Part 1: Make it Harder

Cybersecurity Presentation for Small Businesses: Introduction

This series of posts started as an outline for a short presentation on Cybersecurity for small businesses that I would eventually give multiple times over a couple of years in the northeast Ohio area. At the time, I was advised to be hard on the listeners, effectively an attempt to scare them into action. I’m no longer certain that was the right approach and future versions of this presentation would rely more on persuasion and story-telling than on fear.

Continue reading

Posted in Cybersecurity | Tagged , , | Comments Off on Cybersecurity Presentation for Small Businesses: Introduction

Compass quote

compasses only tell the directions,
not which one to follow

Maclean, N. (1992). Young men and fire. Univ. of Chicago Press.

Leaders choose which direction to follow. They can make that decision any number of different ways, but the leader makes the choice.

Posted in Other Thoughts | Tagged , | Comments Off on Compass quote

Be the User

An all-too-common error message

A recent online experience with a large department in my state government left me scratching my head and wondering who was watching what.

The relevant page was easy to find and, while I had to click through two more pages to get to the SaaS application, I was able to get through the first four pages without any problems. But the next page presented me with a “something went wrong” notice.

Continue reading

Posted in Management, System Administration | Tagged , , | Comments Off on Be the User

Cybersecurity for Small Businesses

Source: VectorStock

During my cybersecurity consultations with owners and leaders in small businesses, the initial discussions generally center around five topics. The order in which they’re introduced isn’t intended to imply any relative importance but instead represents a conversational flow as we walk through an abbreviated initial risk assessment and get into some of the common first steps in implementing a small business security program.

Continue reading

Posted in Other Thoughts | Tagged , | Comments Off on Cybersecurity for Small Businesses

Off the Shelf: January 2022 (skunkworks)

I’m reading two other books on the “whitespace” in organizations at the moment when I came across this HBR article that I had clipped some time before. In my experience, “whitespace” in an organization is usually defined as the space between blocks in an org chart or the hand-off space in processes—both places to go looking for great operational efficiencies. Maletz and Nohria take a different approach.

The Skunk Works logo as seen on one of Lockheed Martin’s hangars. (From Wikipedia)

Managing in the Whitespace

In their article, Maletz and Nohria define whitespace as “the large but mostly unoccupied territory in every company where rules are vague, authority is fuzzy, budgets are nonexistent, and strategy is unclear” (p. 103).1 It’s a place “where entrepreneurial activity that helps reinvent and renew an organization takes place.” This sounds more like skunkworks to me than anything else, and the management suggestions outlined in this paper match my skunkworks experience in several efforts over the years.

The article outlines three preconditions for moving an effort to the whitespace: great uncertainty over an opportunity, organizational politics and a high chance of internal disruption. The writers then outline four challenges when operating in the whitespace and suggestions on how to overcome, concluding with criteria for deciding which of three paths to follow next.

Continue reading

  1. That could match up with Rummler and Brache, but it’s still a different viewpoint.
Posted in Other Thoughts | Tagged | Comments Off on Off the Shelf: January 2022 (skunkworks)

Off The Shelf: December 2021 (antitrust and Amazon)

I read much but finished little in December. Sometimes that happens—I have a tendency to have too many books going at once.

Header of S. 2992

Amazon’s Antitrust Paradox

In an effort to better my understanding of monopolies and antitrust, I picked up an article1 by Lina Khan, published in 2017, a few years before her bait and switch nomination to the Federal Trade Commission in early 2021. At that time, she was nominated to a seat on the FTC, then confirmed as a Commissioner with bipartisan approval and then was rapidly (and unexpectedly) tapped to lead the agency as Chair. It’s not clear that her approval would have been so strong had it been known from the beginning that she was being put forward as the Chair.

I read it slowly since I was unfamiliar with many of the legal concepts and jargon in her Yale Law Journal note. And I slowed down even further as I found myself unexpectedly agreeing with her arguments. My synopsis is this: we can’t currently levy traditional antitrust policies against Amazon, largely because Amazon is intentionally structured to not trigger the characteristic defining today’s antitrust doctrine: consumer welfare measured by low consumer prices.2

And it’s true: Amazon allows consumers to acquire more stuff, more cheaply, (and more quickly) than probably at any other time in history.

Continue reading

  1. HTML and PDF versions available
  2. If that emphasis on “harm to consumer welfare” as today’s defining characteristic of monopolistic behavior is new to you, don’t be surprised. Reading her Note required me to revisit many of my long-held thoughts on monopolies and anti-trust doctrine.
Posted in Other Thoughts | Tagged | Comments Off on Off The Shelf: December 2021 (antitrust and Amazon)