Leave a comment

The State of Being Secure: A Primer on Security in your Organization

Karel Gonzalezby Karel Gonzalez, Senior Software Engineer

A few weeks ago, I had the opportunity to attend the Lonestar Application Security Conference here in Austin. Security is something I have always been mindful of during my development, but I still felt a sense of futility about it. I ask myself on a fairly regular basis “I’m doing something, but am I doing enough?” Continue reading


Leave a comment

Continued Education: Whose Responsibility Is it – Employer or Employee?

by Phil Smith, Vice President Client Services

PhilThere is a large volume of material circulating on the Internet, providing philosophical approaches to lifelong learning for individuals. The concept of “continuous learning”, as it applies to the workplace, tends to revolve around these two generally accepted definitions:

  1. “Ongoing learning process that seeks to incorporate the lessons learnt (from the results of already implemented changes) into a continuous improvement program” (http://www.businessdictionary.com/definition/continuous-learning-activity.html), and…
  2. “Total quality philosophy in which every process and system in a firm is subject to constant scrutiny to (1) eliminate waste, (2) reduce response time, and (3) simplify process or product design” (http://www.businessdictionary.com/definition/continuous-improvement-program.html).

These links will take you back to the core concept that organizations must base their manufacturing and/or services on processes, and that once established, processes must always be under formal measurement, scrutiny, and improvement. If you are in a knowledge-based industry, such as software engineering and quality, then you have to extend the concept into your training program. Training must be viewed as a process and must always be improving. This applies to your own skill set as well—it’s not just about process capability, but also about people capability.

There is some overlap with workplace continuous learning (employer sponsored improvement) and self-improvement (individual sponsored improvement) in a few articles that I recently stumbled onto where the authors were clearly unhappy with current or past employers’ training programs. I’m not providing links because in many cases it was obvious which employer had caused enough emotion to ignite a blog. However, these articles do raise interesting points, specifically, who is responsible for an employee remaining current with their technical skills:  the employee, or the employer?

I’m referring to widely accepted workplace concepts related to improvement; not just improvement of the product or service, but also improvement of the human capital used to deliver. I’ll state my opinion clearly right here: the employer is responsible. Organizations that rely on people’s knowledge, skills, and efficiencies have a significant responsibility and market incentive to keep their workforce as far ahead of the competition’s workforce as possible.  These organizations have a social and economic responsibility to provide formal plans for training and they need to execute those plans with relevant material. The results and methods the training uses must be measured and improved over time.

I use the term “economic responsibility” because training is actually a pursuit of efficiency and improvement. Without these investments, companies lose ground to competition and ownership value erodes. Additionally, leaving training solely in the hands of employees will result in poor alignment with company objectives and unpredictable results.

I use the term “social responsibility” because the software industry typically keeps people so busy working billable hours that we don’t make time for training programs. We create them; we just don’t execute them. Cost pressure from offshore providers has left US-based resources in a predicament, because training costs are no longer easily hidden inside billing rates. Therefore training programs get sorted to the bottom of the priority list and do not receive attention. In some cases, recent graduates end up more qualified in relevant technologies than long-term industry experts. Technologists who do not take it upon themselves to learn relevant technologies may end up on the wrong side of the cost benefit curve, which certainly feels unfair to the many who work long billable hours to make their company successful.

Other industries such as health and legal, which are knowledge based, require that people be licensed, and that licenses be maintained over time on the basis of formal, ongoing education. We’ve missed this concept in the software industry, which has been convenient in that it allows us to be informal with our staffing decisions and enables us to exchange hours that should be dedicated to training and certification for more billable hours.

On the flip side, you can’t argue with free market economics. Graduating students will always have some advantages that may or may not outweigh their lack of experience, and offshore resources will always have some cost advantage that may or may not outweigh distance and other factors. Employers will always have challenges with cost and commitments, resulting in pressure for more billable hours. In the end, the only person that can be held responsible for a person’s career plan, training, and marketability is the person. Life just works that way.  Making sure you are marketable is basically the same as being a gazelle out on the plains. Fast and capable is essential. With that in mind, if I could personally meet the people whose blogs read like, “it’s not my fault,” I think I’d have difficulty finding sympathy.

So, is the employer responsible for training, or is it the employee? Yes.


1 Comment

Growing Pains — How to Grow From Small to Big

by Brenda Hall, CEO

Brenda_Hall_100_x_120I’ve often been asked, “How hard was it to start your company?” My answer continues to be, “It’s not hard to start a company; it’s hard to grow it!” Simply said, anyone can start a company as long as they desire to. It takes someone willing to take risk, believes they have something someone else is willing to buy, and believes passionately enough in their idea to push other, more ‘stable’ options aside such as working for someone else for a paycheck. Getting started isn’t difficult. There are endless examples of people baking their products at home and selling them through local outlets. Or, perhaps you know someone who has exceptional knowledge in a specific area (think software development) who is keen to develop that perfect app for our phones. A short cruise across the internet can provide the applications to fill out for the Secretary of State for your local state, open a business account at your bank, and without much more ado…you’re in business.

Growth, however, requires tenacity, dedication, gathering smart people around you and hard work day-in and day-out. There will be times when mistakes are made, and standing up to them to preserve your reputation while ensuring your clients don’t pay for them is paramount. You will never grow if you don’t have delighted clients. Here are a few, key lessons I’ve learned that will help any entrepreneur get off on the right foot.

  1. Make sure your company values are visible to all of your employees. Even more, try to hire employees who SHARE your values. Values are important because people need to work with other like-minded people. For example, you want people who not only respect your leadership and believe in the mission of your company, but also people who ACT on those same values especially when challenges enter the picture. Not every effort or client engagement will go smoothly or perfectly. You need to have people who will quickly work to fix errors and repair relationships. You need people you can count on to Do The Right Thing.
  2. Speaking of employees, I’ve learned it’s critical to hire well. Take your time to find the right person. It’s not always about whether you like someone, or assume someone is a good fit because they worked at a major company before landing in a chair in front of you for a job. WAIT…do your due diligence. Make sure you investigate their background thoroughly. Talk to people they worked with. Check them out on LinkedIn. Check them out on Facebook. I learned from a dear man who utilized LinkedIn to garner as much ‘intelligence’ about a potential employee he was planning to hire. Then, he went to Facebook to find out what kind of person he was planning to hire. Good advice.
  3. Surround yourself with people smarter than you. This is extremely important, and there is no room for ego to get in the way. Networking is essential in order to meet the kinds of people you would hire if you could…but necessarily can’t. For example, I’ve met several, extraordinary people through the years who have become trusted friends and mentors. They’ve guided me through tricky decisions, helped me sort through the noise and chatter to achieve specific goals, and continue to support my company’s growth in a way that brings efficiency as well as success.
  4. Listen, listen, listen to your clients. For me, the sales process is very personal. I’ve no professional sales experience, but I learned a long time ago that sales is truly about listening and keeping the lines of communication open and active. Once you make a ‘sale’…don’t forget that sale involved someone trusting you to deliver the goods. Make sure you deliver them. Make sure you follow through with your client to see if they have any questions. The world is ripe with people who feel let down after a sale was made. Don’t let that happen. If you want your company to grow, you’ll need strong referrals, testimonials and REPEAT business because you did well the first time around. You LISTENED to your client, you did what you said you were going to do for them, and you made sure they were delighted throughout the experience. This is a formula that should NEVER change.
  5. Enjoy the journey. This isn’t about how big, how much, how well known your company becomes. This is about making sure you recognize the achievements of your people, the successes they’ve brought with each client effort, and how well they’ve made your life — and kept the breath of life in your company. I don’t believe anyone gets very far on only the leadership of a few people at the top; it takes a team. I once went to the top of the mountain to visit Neuschwanstein Castle in Bavaria, Germany. The road is very steep and the wagons we rode were pulled by a team of strong (and beautiful) draft horses. I thoroughly enjoyed the journey, but I’ll also never forget the hard work those horses had to give to provide me that enjoyment. Enjoy the journey, but don’t forget your team that brings you success.

There is so much more to share, but I believe if you adhere to these 5 guidelines, you’re well on the way to building the solid foundation that gives your company all the growth potential you will need through the years.


Leave a comment

Gain Your Own Fame: Once Upon a Time at Cape Canaveral

by Justin Hall, CIO

Justin-HallThis story begins in the very early days of the space program, when NASA and its vendors IBM, Grumman and others were looking to hire staff to work at Cape Canaveral. The advertisement was simple: they were “looking for many good people.” Interviews and hiring were conducted at a very fast pace, and the competition to get good people was at a then all-time high. I went to work at IBM, which had the mission to build and manage the Instrument Unit (IU), the “brains” for each of the Saturn Vehicles (which we all referred to as “birds”).

Those of us (about 25) who were starting with IBM were being temporarily housed in a very large NASA building several miles from the Saturn rocket Launch Pad. In the corner of several of the conference rooms in this building were racks of schematic diagrams for each of the major systems that IBM would be responsible for: Guidance Computer, Stable Table, RCA 110 computers, Ground Network, Power Systems, AGCS Network etc.) Each person was assigned to the area in which they would be working.

The management team instructed us to remain in the conference rooms except at lunchtime. Those were the only instructions we were given. No one mentioned or even looked at the schematic diagrams lying in plain sight. We could do whatever we wanted, (read magazines, newspapers, play cards, etc.) We were going to be in the room between four to six weeks; by the end of the first day, the schematics remained unnoticed. By the second day, one other employee and I picked them up and learned that they covered all the systems for which IBM would be responsible. We at once began tracing circuits and drawing simplified diagrams. By the end of the fourth week, we knew how all the systems were interconnected and how they worked. The two of us continued working while the other new hires waited for instructions.

At the end of the waiting period, our new team moved to the launch facility to assist in verification procedures for the operation of the ground support equipment. We did not yet have a bird on the pad. About the time we finished verification on the ground support equipment, the various pieces of the Launch Vehicle “bird” arrived. The first and second stages of the vehicle were stacked, mated and connected, and then the Instrument Unit mounted on top of the second stage. Now it was time to ‘power up’. Both my friend and I were assigned to networks, and we weren’t happy because we drew Block House assignments instead of getting in the AGCS area (computer room under the Launch Vehicle) where all the cool equipment was housed.

Two days later, IBM had all stations manned for the initial power up of the IU. Picture twelve IBM systems engineers sitting at their consoles, a NASA Test Supervisor and an IBM Manager ready to get started. The NASA Test Supervisor said to the IBM Manager, “Power up the IU,” and guess what happened? The IBM Manager did not have a power up procedure. Imagine the pregnant pause and embarrassment! I then noticed a brown inter-communications envelope lying on the console next to me. On the back I wrote the twelve steps my new colleague and I had formulated in procedure format and quietly handed it to the IBM Manager. He read off the steps and the IU and all systems successfully powered up. The test was officially recorded as being successful.

If you want to “gain your fame,” look around and see what needs doing and offer to do it. If your skills don’t match what the task requires, consider getting those skills. There are people out there who wait to be told what to do, and there are people out there who do what they think is necessary to get the job done. Here at Bridge360 we strive to fill our teams with the latter, because that’s what we think is best for our clients. We look for people who take the initiative, like to solve puzzles, come up with ideas and become immersed in our clients’ business… always looking for better ways to do things.


Leave a comment

My View on the 15th International Conference on Human-Computer Interaction

by Jerry Cavin, Senior Software Engineer

Every year, HCI International brings together thousands of people from all over the globe who are interested in the seemingly endless approaches to interaction between computers and people. This past July, that conference came to Las Vegas, and I was fortunate enough to be invited as a presenter for the poster paper I submitted titled “A HCI/AI Tool for Astronomy.”

HCI-2013-logoMore on my presentation in a moment, but first let me tell you about some of the other amazing things on display at the conference. The conference is divided into three parts: Vendor Exhibits, Poster Paper Sessions, and the parallel Paper Sessions.

Vendor Exhibits

The vendor exhibition was held in The Mirage Hotel Event Center and featured companies of virtually all sizes demonstrating countless products used in human-computer interface experiments. Some of the ones that caught my eye the most included Brain Products and Mindo, who were both displaying portable and wireless EEG monitoring devices. Others, like Smart Eye and EyeTracking Inc. were demonstrating their eye-tracking devices.

These were just some of the companies showing products for monitoring brain activity during interaction studies. But there were also a pair of publishers present that attracted my attention.

One of the publishers present was Springer Publishing, one of the world’s leading publishers of scientific, technical and medical content. They’re also the publisher of my astronomy book, “The Amateur Astronomer’s Guide to the Deep-Sky Catalogs.” At the Springer booth, I enjoyed visiting with their Editorial Director, Beverly Ford. She knew many of the people who were key sources for my book.

I also spent some time with CRC Press, which specializes in producing technical books for engineering, science and mathematics. Here I met with Cindy Renee Carelli, the Senior Editor of Industrial Engineering and Human Factors and Ergonomics. For anyone interested, Cindy is currently seeking writers for a wide variety of Computer Science fields.

Like many conferences, there was also access to past information from preceding events. But, because this is HCI, it was made available in a very interactive fashion. Highly interactive computer systems allowed intricate hand gestures to move backwards and forwards along a timeline to explore past HCI Conferences. Then, you could spend time reviewing pictures and events from each conference before returning to the timeline.

Poster Paper Sessions

Jerry Cavin is also an Adjunct Professor of Computer Science and Astronomy at Park University.

Jerry Cavin is also an Adjunct Professor of Computer Science and Astronomy at Park University.

The Poster presentations occurred over three days toward the end of the conference. There were over 300 poster presentations covering a vast array of topics. I was very proud to present my poster, “A HCI/AI Tool for Astronomy” alongside my son, Zac, who is very knowledgeable in Astronomy and has accompanied me on many visits to observatories across the country observing the night sky with professional astronomers. Zac presented and described the pictures and graphs illustrating the patterns of binary stars, exoplanets and variable stars, while I described how the Expert System based application could analyze the data and identify the patterns.

The conference required that the Poster Paper authors be available for an hour each day to present their topics, however, we found it very easy to spend up to three hours talking with people that stopped by our poster paper. We spoke with people from many different countries, including Denmark, Sweden, Taiwan, Sri Lanka, Spain, and Germany. We also spoke with biotech researchers from The University of Virginia, and engineers from Sandia Labs.

One gentlemen showed particular interest in how well Expert System-based applications would perform large data set analysis. He indicated that he was working on a project for the London Stock Exchange to design an application capable of providing real-time fraud detection. We discussed several different solutions to his problem of real-time pattern detection, and he returned to our area several times to discuss other challenges of working with “big data.”

The subject of manipulating “big data” came up several times in other conversations, as well. It’s certainly an indication that the manipulation of “big data” is becoming more commonplace in many different industries.

The Parallel Paper Sessions

The Parallel Paper Sessions were held every day of the conference in several small conference rooms outside the Event Center. During these sessions, the authors were given 10-15 minutes to present their whitepapers. One of the sessions I found particularly intriguing was, “Reconsidering the Notion of User Experience.” The session presented several papers describing how to capture subjective and objective measurements of a user interacting with an application to better document the user experience.

Other sessions I attended discussed the tradeoffs between emotions and effectiveness, expectations and efficiency of a user interface design. The objective for the session I attended focused on increasing user satisfaction, allowing the designer to create a longer product life cycle.

Finally, some ‘me’ time

When finally afforded some time to escape the conference center halls of The Mirage, I did some window shopping across the street at The Venetian Hotel. Inside The Venetian is a large shopping mall reminiscent of a small Italian village, and includes the store, Bauman Rare Books. Ahh, heaven! The store’s proprietor, Mary Olsson, shared with me a 1927 copy of E. E. Barnard’s “A Photographic Atlas of Selected Regions of the Milky Way.” The book is exceptional in that it contains 51 of Barnard’s original linen-backed silver photographic prints. There are only 700 copies of this book known to exist, and I was thrilled to turn the pages of this one. But, at $13,500, it was also a book that needed to stay in the store on this day.

I also was allowed to examine a 1929 printing of “A Relation Between Distance and Radial Velocity Among Extra-Galactic Nebulae.” This is the first book in which Edwin Hubble proposed that velocities between galaxies were proportional to their distance from Earth — a principle known today as Hubble’s Law, which describes the expanding universe. Although priced a bit lower at $7,500, it too remained with the store.


3 Comments

3 Visible Pillars – Cost, Quality, Schedule

by Phil Smith, Vice President of Operations and Services

Phil Smith Bridge360Searching the Internet for “information technology project failure rates” will provide a wealth of data and information. Data is readily available in depressingly large volumes from studies that indicate that investing in IT projects is high-risk and unwise. There is useful text accompanying the statistics that explains root cause and even classes of failures. I like these sites because the content is well organized and they include recommendations for how to avoid failure.

The sites are:  Why Projects Fail, McKinsey Report Highlights Failure of Large Projects, and Gartner Survey Shows Why Projects Fail.

The Project Management Institute (PMI) was launched in 1984. The PMI material, certifications, frameworks (and everything else offered) are invaluable to any organization that runs an IT project. I applaud the PMI for giving the world of project management context and rigor to not only talk about improvement, but also a way to build methodologies to achieve the improvements.

Yet the statistics available from current studies, over 25 years after the PMI started helping us, are disastrous. According to the Calleam site listed above, a McKinsey & Company survey from 2012 showed that 17% of large scale IT projects fail so badly they threaten the existence of the company.

Again, there is no lack of material or training, even beyond what the PMI makes available, to help our IT industry improve. I often think of the maturity of the IT industry in comparison to the maturity of other industries like medicine, manufacturing, engineering, and construction. History indicates that assuming that customers will continue to invest due to lack of an alternative has turned industries and companies inside out once a suitable alternative becomes available. It is in our best interest to be in control of the revolution.

I know I’ve stepped into a complex dialog here, specifically with the subject of how to get the entire industry to move toward one common set of methods, practices, and cost structures. I argue the absence of common structure creates a gap that is filled by the client’s choice to bring unique and unrealistic expectations for cost, timing, and quality. Most consumers of IT services are well educated and know that writing a line of code only costs as much as the pay rate multiplied by the actual effort, which is not much.  Yes, that is the wrong way to measure cost but it is the way that most consumers elect to measure it in a negotiation, because we as an industry lack structure.  To compare, my recent trip to the doctor cost my insurers over $200, and I only saw the doctor for about 5 minutes.  I’m sure that along with the 5 minutes I was also paying for a lot of staff, infrastructure, insurance, training, equipment, and capability that all came together to make the 5 minutes possible.  And the doctor does not invoice the insurance company for the 5 minutes he spent, instead he associates it to a billable service with a preset fee.  That approach allows him to be there for me when I need him.

In our IT world, individual projects are bound by unrealistic expectations from clients. Referring back to all the sound advice and training available from the above referenced sites, and from PMI, we know that project plans, which incorporate the boundaries of cost, quality, and schedule, must consider everything that is required to deliver an entire solution, not just the individual point in time that an engineer is writing a specific line of code. For example, that line of code, in order to be correct, must be written with an appropriate technology, within an architected solution that is secure, accessible, reliable, tested, and maintainable. Those adjectives are not free.  They are in place because of hard work, training, and process.

The pillars of cost, quality, and schedule are non-negotiable once established. If a project fails, it failed because one or more of these three pillars cracked, or crumbled. Establishing them correctly up front will significantly reduce the opportunity for them to bear pressure during a project. Establishing them correctly requires that we manage expectations that include the teachings from PMI and from the lessons learned in the industry.

In summary, we need to plan for things like validation of requirements with stakeholders. We need to plan for things like training, performance testing, failover, risk management, system documentation, traceability… I could go on. My larger picture argument is that I hope that someday we’ll take this approach as an industry rather than as individual service providers.  We should be differentiated by our ability to deliver rather than win business based on our ability to negotiate ourselves into low cost and inadequate delivery.

Set the pillars in place, build the plan based on the pillars, and deliver to the plan.

Please, share your thoughts and opinions on this topic and let’s see where the dialogue takes us.


4 Comments

What We Can Learn From London Taxi Drivers

by Brenda Hall, CEO

Brenda_Hall_100_x_120They say the US and the UK are very much alike, and only separated by a common language. Although this is intended to be humorous (which I think it is), there’s a little more to it. Anyone who has taken a taxi in New York City, and then somehow managed to experience a taxi ride in London can attest — there’s just no comparison.

Did you know London taxi drivers usually spend anywhere from 2-4 years learning and being tested (written and oral) to achieve the position of a London taxi driver? I didn’t until I started to write this blog. My point is that London taxi drivers take their role and position very seriously. Their taxi’s are uber clean, the driver knows exactly where he needs to go without calling back to his garage for directions, and they don’t use navigation systems. That’s right — they must memorize over 2500 London streets to pass their exams. They see themselves as professionals, and mini-business owners. They care about the fare they carry, their luggage and even though most of them are not ‘touristy chatty’, all of them want to ensure visitors and non-visitors alike move around London under their watchful and careful driving.

If you take a taxi in New York City… not so much. You will usually get a driver that speaks English… though likely with a strong foreign accent, but that’s okay. They will get you where you want to go and often by using technology (navigation systems), or calling back to their garage for additional help. The taxi will likely be well worn; many without shocks because potholes really do a lot of damage to them… so they just don’t replace them. Most taxi’s are quite dirty as well. It’s sad, but that’s my experience for the most part, and I am in NYC quite a lot.

But the real difference, and the point I’m making here, is work ethic. London taxi drivers will do more than simply take you from point A to point B. Returning to the US recently, one actually dropped me at Heathrow and told me to wait in the car while he made sure Virgin Atlantic was open at that early time of morning. Then, he helped me with my luggage; and not just out of the trunk and onto the curb, but in through the terminal door, and pointed me in the right direction to the counter. I don’t see any NYC taxi driver doing that! The message? You’ll enjoy your London experience even more with the help, support and guidance of taxi drivers who really care about your experience traveling in their taxi!

It’s all about customer service! Pure and Simple! And, you know what? I gave the London taxi drivers better tips, too.