Weekly Braindump #44

Audit and Zombie Brain.

I’ve been working on…

School holidays are over so it’s back to a 5 day week (booooo!). End of school holidays also means the trains are decidedly less rammed on the way home (yaaaay!).

Monday & Tuesday we had an internal IT audit on cyber security. I don’t know many people who relish the prospect of audit. But audit can be really helpful and educational if you’ve got an auditor who’s moving with the times and providing practical usable guidance.

Occasionally you get an auditor who’s stuck in the bad old world of corporate 90’s IT and will insist that you implement huge sweeping restrictions regardless of weighing the risks they’re mitigating or the ways in which it would stop people from working effectively. I remember one gentlemen insisting that we prevent staff from watching Netflix on their laptops and smartphones in their own home. Why?? What is the precise risk we’re guarding against here?

The Emperor of Old Skool IT Says You Shall Not Use Modern Web Services That In Fact Pose Minimal Credible Risk

Security is massively important of course.. increasingly so in a world that is rapidly digitising every aspect of itself. But we have a duty to implement security intelligently so that it doesn’t bludgeon the user to death and stop them from doing what they need to do (applicable inside and outside the org). A high security system has massively failed if nobody is bothered to jump through a million hoops to use it. As an IT department you’re also adding ZERO VALUE to the organisation if nobody can do anything. The days of treating the user like an annoying inconvenience that’s getting in the way of a rock solid system are far far behind us. If you’re wondering why you can’t stamp out all that shadow IT, it’s partly this.

Anyway, I provided various bit and bobs to demonstrate how we go about securing our technology. In ferreting out information I noticed that whilst I do try and document changes as I go, some specifics were stored in not-totally-obvious places or still in my head. As a firm believer in designing your own obsolescence, I need to get all this information out somewhere accessible for the benefit of others. This is perhaps third or fourth time this year I’ve found a really good reason to have an internal technical wiki. Note to self: MUST REALLY FOLLOW UP ON THIS!!!

Wednesday is a bit blurry. Child number 2 decided to wake up several times during the course of the night which meant I re-entered zombie mode for the first time in a long time. My notes imply I did lots of little adminny things — which makes complete sense as the mushy consistency of my brain wouldn’t allow for anything much more taxing.

Thursday morning we had our staff meeting. The reliably delightful & informative Chris Bolton came along to explain the methodology for a recently circulated staff survey. The results of which will be made open to all staff to view and even play with the data if they so wish (yay transparency!). Chris made an excellent point that anything only ever changes through sustained conversation. So hopefully this will spark some interesting debate about what’s good and what could be better.

On Thursday I also arranged a future mentoring session with one of our directors. I’ve been thinking a lot lately about what my purpose is and how my role is aligned with that. I know that over the past 2 to 3 years I’ve developed a different sets of skills, in many ways veering away from technical specialisation and heading towards being more of a generalist. As yet I’m unsure how those skills are best utilised. Hopefully this chat will help unpick some of those questions or at least point me in some other directions.

Friday was a bit of a mish mash of different tasks. I had a brief catch up with my line manager about our digital transformation efforts. Some of the spectacularly low hanging fruit we were hoping to include in the next sprint is being delayed by the inability of the vendor to implement some fairly modest changes in anything less than 3 months.

For me, this (again!!) underlines the fact if we really want to rapidly iterate on digital services and deliver upon user needs we’re going to need to a) work with vendors who can work with us in this manner or b) utilise platforms that enable us to do the work ourselves and cut out the middleman.

I know there are vast swathes of things I’m missing from this week, but my brain has stopped co-operating. So I’m going to leave it there. Have a great weekend. See you in 7ish days. 🙂

I’ve been reading…

I’ve been listening to…

Leave a Reply

Your email address will not be published. Required fields are marked *