The Digital Economy Class

Economy Class...With A Little Quality
Economy Class…With Quality Touches

One of the most important things that you do as a consultant is the marketing of your expertise. You have to build a brand that screams, “I AM AN EXPERT”. At the same time, you need a brand that also proclaims, “I am savvy, suave, and not at all desperate for business opportunities.” I usually favor one of these two messages. I need to embrace both of them. In the past few weeks, I have taken a number steps that will amplify both messages. By assembling both spare and specialty parts in innovative ways, I hope to conduct my business in the “digital economy class”.

What do I mean when I say, “digital economy class”? It is exactly what it sounds like. When the first airlines offered transportation services, air flight was novel – and it was expensive. So the airlines offered “first class” accommodations: large (and comfortable) seats, ample storage, and fine dining. But as airlines re-focused upon mass transit goals (exploiting economies-of-scale to reach a larger markets), seats became smaller – and food became paltry – and sometimes non-existent. Today, you can get inexpensive transportation in a no-frills kind of way.

Digital Parallels

The same thing has happened in the digital economy. consulting services have seen the same transformation as airlines. In the eighties and nineties, huge accounting firms provided “first class” services – at a steep prices. And shareholders saw this by the IT department’s impressive share of corporate margins. Yes, you can still find big consultancies. But today’s service landscape now includes budget (commodity) services offered by offshore consultancies. And you can find specialty firms that offer the “first class” experience – but their services are limited to a specific technological niche. For example, there are countless consulting groups that specialize in security or networking or web site / content development. And there are just as many consulting firms that specialize in specific industries.

The final result is the same. As airlines reached out to a larger market, they needed to achieve economies-of-scale in order to maintain shareholder profits. In the same way, digital consulting firms must address digital efficiencies. But in the digital market, there is a very limited cost of entry. You don’t have to spend millions of dollars (or hours) to get into the business and compete. You just need to define your scope and focus on building a team that will deliver premier services to your targeted market.

Proper Scoping Is Essential

I have grand plans for my company. My eyesight may be poor – but my vision is unrestricted. Consequently, I wanted a team that could focus upon anything and everything. I may realize that dream – at some point. But for now, I have to narrow my scope to something more achievable. But where should I focus?

  • I can do application and web site development. So can millions of other people. And my poor eyesight does limit my ability to deliver stunning visuals. Why? Simple. I can’t appreciate visual distinctiveness as well as others.
  • I can sling code. But the nineties taught me that other people would willingly sling code for far less compensation. Yes, I can learn any programming language. I’d even put my adaptability ahead of most folks. But like a renaissance man, my breadth of knowledge and my aptitude at learning new things does not always serve me well. When someone is looking for a house painter, they don’t need the cool flourishes that I can develop just for them. Some people just want paint on a slab.
  • I can architect complex systems. Yes, hundreds of other people can do the same thing. But there are fewer competitors in this space. And if I can further narrow my scope to specific domains, I can stand out even further.
Our Current Scope

So what is our current scope / focus? For today, we are focusing upon strategic services – in the small and medium-sized business market. We can’t compete with the mega-consultancies or the offshore budget services. But we know what we are doing when it comes to key services:

  1. Security architectures
  2. Infrastructure architecture and design services
  3. Business architectures
  4. IT Governance
  5. ITSM / ITL Operations Excellence
  6. IT Collaboration
Building A “Digital Economy Class”

Can we build the digital equivalent of “economy class” services? Sure. But so can others. The toughest part of this is setting the right scope so that we can maintain “first class” attributes in a commodity-oriented market segment. And the way that we deliver this is through our team. Our team wants to offer “white glove” service at an affordable price. We won’t skimp on quality. And our team will innovate wherever possible. We don’t want to deliver the most expensive service. But our team does want to deliver the most affordable “first class” experience. We will get you where you want to go. That is our first priority. But we will make sure that you have enough leg room so that we don’t cut off the circulation to your toes.

But how can you do all of this?

You have to save money some place. So we believe in helping you to reclaim the value from past investments. We want to help you to ‘recycle’ (and redeploy) your technology assets. You’ve already spent thousands (or millions) of dollars for point solutions. And you have a lot of technological assets that can be more fully utilized and/or repurposed.

For some companies, the journey is simple. You can extend the number of years that you keep assets (assuming that you have purchased them). So whenever you buy new infrastructure for a new project, you can cascade established (and lower priority) applications to your more mature infrastructure platforms. There are risks to accept when you do this. But with every new generation of IT technology, those risks are diminishing.

You can also increase systems utilization for existing systems – especially hosting platforms. Because technology efficiency has increased, you can now run your systems at higher utilization levels than you did in the past. So some companies can leverage what economists call economies-of-scale.

Finally, you can re-purpose existing assets that are not currently used. You may not have any such assets. But we have found that many companies have not focused upon their asset inventory and asset disposal processes. Indeed, most companies have surplus (older) assets that can be used for lower priority tasks. Of course, this assumes that you have both a 1-n priority list of your application/system assets and a 1-n list of your technology assets. If you have done just such a asset prioritization, then we can help you to create service tiers and allocate systems to appropriate platforms. If you haven’t categorized your assets into 1-n lists, then we can also help you to do that.

A Simple Example

We have the same technology needs that every other company has. But as a small and nimble company, we have to wring every bit of value out of every asset. So when I started to do the speaking (i.e., Meetup) circuit in the Chicagolands, I needed to have additional capabilities. Specifically, I needed a good presentation platform. That meant having a good laptop, a good traveling network infrastructure, and a good projector.

In most small and medium-sized businesses, I only have to bring my laptop. The network and the projector are usually provided by the host. And this is the same for large venues; there is almost always network infrastructure and a projector. But this is not the case for one of my upcoming presentations.

The venue for this presentation will be a room in a local pub. My host is graciously providing a projector. And the venue may or may not have wireless networking. But since my presentation is about security and privacy, I really didn’t want to run my presentation across an ill-secured public hotspot. So I decided that I wanted to bring my own network to the venue.

This could have been done in one of several ways.
  • Purchase a new router with an embedded mobile network interface: While working for major corporations, I would have just requisitioned what I needed. But I no longer have an infrastructure budget of my own. So every purchase must be connected to a real revenue opportunity. And many of my presentations are now for lead generation. So this option was a non-starter.
  • Re-purpose an old wireless router (that is in our office inventory: Since the router is big, it might have been quite impressive. It’s not a rack-mounted device. But it is bulky. And it doesn’t have builtin mobile network access.
  • Purchase a mobile hotspot. And I may do that at some point. But since this is a meetup function, it made no sense to acquire new corporate or personal funds for a network device, an access contract, or a pre-paid SIM.
  • Build our own mobile hotspot: I consulted our asset inventory and found an unused mobile phone. It was an old Nexus 6p that I had used while working for a carrier. It is an existing asset. And we do have unlimited data plans. So it would be possible to temporarily move an existing SIM to this device. Since this solution meant zero incremental capital or expense investments, I decided to pursue this option. After all, I could always purchase a solution after I tried this option.
The Pixel Experience

I had two phones that I could use. One is my Samsung Galaxy S8+. The other is a Nexus 6p (from Huawei). I needed one phone to be the hotspot and the other phone would then be the device that I would display on the projector. It would have been nice to do both on the same phone. Unfortunately, the builtin hotspot capability turns off the builtin screen casting. Could I have paid for a presentation app that would have done this? I probably could have. But I wanted a stock experience as much as possible. Since all of my mobile phone privacy apps are all on my “daily driver” (the Samsung S8+), I decided to use the Nexus 6p as the hotspot platform.

I took a few hours and I rebuilt the Nexus 6p. Specifically, I decided to upgrade the phone to a build that would support Android Pie (i.e., Android 9.x). I did this to ensure that I would get the latest hotspot software from the Android team. Then I swapped SIM cards so that I could use my T-Mobile unlimited data on my “presentation” hotspot. Apart from a few hiccups that I encountered while unlocking the bootloader, the process was remarkably simple. When I was done, I had a shiny new Nexus 6p running the Pixel Experience ROM (featuring Android Pie).

Bottom Line

When you need “economy class” services, you can still find distinctiveness. A good company provides economic value to its customers while not sacrificing the personal touches. We did this for ourselves when we leveraged existing gear in innovative ways. You can do this for yourself by selecting technology experts who share your desire to provide high quality to your customers while leveraging the best value at hand.

Home Automation “Quest for Fire”

Home-Automation-Diagram
Home Automation

This weekend, we took another step in our home automation quest. We have used smart switches (for lamps), smart thermostats, smart music, smart cars, and even smart timers. But until Saturday, we did not have any smart lights, per se. On Saturday, we bought some Philips Hue lights (and the associated hub). That means that we now have Ethernet (i.e., wired) devices, Wifi devices, and now Zigbee devices.

Is this a big deal? The answer to that is somewhat nuanced. We’ve had smart home puzzle pieces for a while. And we almost bought a Z-Wave infrastructure to put smart switches in place. But the age of our house makes this impractical. [We don’t have neutral wires on any switches in the house. And the price to refurbish these switches would be prohibitive.]  So our home automation quest stalled. But on Saturday, I could take it no more. When we went out on errands, we stopped and picked up five (5) Hue lights.

Just Add Lights

The installation and setup was simple. It took almost no time to get everything installed and paired. And within a little more than an hour, we had functioning lights in the second floor hallway and in our master bedroom.  Over the next year, we can start to populate the various ceiling fans in the house. I figure that we can do this whenever we need to replace the incandescent bulbs that are currently installed. Given our current pace of replacement, I’m figuring that it will take a year or so to retrofit the house.

After getting everything installed, I started to make an inventory of our various smart home investments. As of today, we have the following pieces:

Current “On-Premises” Infrastructure

Today, we have so many physical (and logical) pieces in our home automation puzzle:

  • Network: Cisco network switch, Cisco VPN appliance, Netgear router, NordVPN proxy, Raspberry Pi ad blocking, Raspberry Pi DNS
  • Print: Hewlett-Packard printer
  • Entertainment: Plex media server (on PC desktop), Roku media player, Samsung TV, Silicon Dust HDHomeRun player
  • Storage: Synology storage, WD MyCloud storage
  • IoT: Amazon Echo Dot speakers, Huawei sensor/camera (on surplus phone), Kia Soul, Personal location / presence (on personal phones), Philips Hue lights, Raspberry Pi home automation appliance, TP-Link Kasa switches, WeightGURUS scale

Current “Off-Premises” Services

While we have lots of smart pieces in the house, we also have more than a few external cloud services providers. In most of these cases, these services allow us to extend “access” beyond the confines of our network. Our current list of services includes:

  • Lobostrategies Business: Bluehost, GoDaddy
  • Olsen Personal: Amazon Alexa, Dropbox, Google Drive, Google GMail, Home Assistant cloud, IFTTT cloud, Plex cloud, Pushbullet cloud, TP-Link Kasa cloud, WD MyCloud

So after adding yet another home automation “category” to the premises, we learned an important lesson: external access requires a measure of trust – and diligence. If you aren’t willing to secure your devices, then you must accept the consequences of an electronic intrusion.

Security Theater at Black Hat 2018

implantible-devices-security-theater
Wireless Security Theater

Security is a serious business. And revealing unknown flaws can make or break people – and companies. This is especially true in the healthcare industry. As more health issues are being solved through the use of  implantable technologies, security issues will become even more important. But when do “announcements” of implant vulnerabilities go from reasonable disclosure to security theater?

When my wife sent me a link to a CNBC article entitled “Security researchers say they can hack Medtronic pacemakers”, I took notice. As posted previously, I have been a cyborg since July 2002. And in 2010, I received a replacement implant. At the time, I wondered whether (of if) these devices might be hacked. After all these devices could be programmed over-the-air (OTA). Fortunately, their wireless range was (and still is) extremely limited. Indeed, it is fair to say that these devices have only “near-field communications” capability. So unless someone could get close to a patient, the possibility of a wireless attack is quite limited.

But as technology has advanced, so too have the threats of exploitation. Given recent technology advances, there was a fair chance that my device could be hacked in the same way that NFC chips in a mobile phone can be hacked. In fact, when I cross-referenced the CNBC article with other articles, I saw a picture of the very same programmer that my cardiologist uses for me. It was the vert same picture (from Medtronics) that I had posted on my personal blog over eight years ago. So as I opened the link from my wife, my heart was probably beating just a little more quickly. But I was relieved to see that CNBC was guilty of succumbing to the security theater that is Black Hat Vegas.

In this case, the Black Hat demonstrators had hacked a “programmer” (i.e., a really fancy laptop that loads firmware to the implantable device). The demonstrators rightfully noted that if a ‘bad actor’ wanted to injure a specific person, they could hack the “programmer” that is in the doctor’s office or at the hospital. And when the electro-physiology tech (EPT) did a “device check”, the implanted device (and the patient) could be harmed.

This is not a new risk. The programmer (i.e., laptop) could have been hacked from the very start. After all, the programmer is just a laptop with medical programs running on it. It is altogether nothing fancy.

The real risk is that more and more device-assisted health treatments will emerge. And along with their benefits, these devices will come with some risks. That is true for all new technologies – whether medical or not. There is a risk of bad design, or software bugs, or poor installation, or inattention to periodic updates. And there is a risk that this technology might be exploited. Of course, the fact that a pacemaker might be subject to failure during an EMP does not mean that the device should never be used.

It’s just a risk.

Fortunately, this is no different than the countless number of risks that we take every day. We trust car designers, driving instructors, other drivers, and even the weather forecasters whenever we drive our cars. And the threat that our cars are run by computers – and can necessarily be hacked – doesn’t prevent everyone from driving. 

Let’s leave the security theater in Vegas. And let’s leave the paranoia to professionals – like Alex Jones.