a blog about my interests
Currently Browsing: Technology

secure360 conference

lanyard I’ve finished the mid-May 2-day secure360 conference here in St. Paul. It was generally quite good even though it was very corporate-focused. Security is security no matter what you’re protecting. But first off I got my lanyard! That’s a Marvel’s Agents of S.H.I.E.L.D. reference for those not familiar.

The best session was the first one I attended – Users: your first line of defense (click for Slideshare) which had many immediately useful tips.  Taking cues from social psychology, Ari Elias-Bachrach focused on methods for influencing people for making effective training.  Some tips include

  • Use positive advice: rather than tell someone “don’t run in the house” instead say “we walk in the house.”  Frame things not as “don’t do” but instead “how to do” the right thing.  And be sure to tell people what they should be doing.  So instead of “don’t use weak passwords” frame it as “you should use strong passwords and here’s how to do that.”
  • Use real images in your presentations, not the usual clip art.  Take this masked man at computer
    Users are never going to encounter a man in a ski mask on a laptop.  Instead use a picture of a real phishing email.
  • Use language appropriate to the audience and not technical security terms.  He mentioned using the general term virus rather than the technically accurate term of malware.  This spawned a good discussion.  The idea being, use a term that is commonly known.  Malware was agreed to be almost common but virus was more strongly common.  I am torn between being accurate vs. understandable in this case.
  • Try making trainings about home or personal computing but all the concepts apply to the office.  For example, hold an optional brownbag about how to protect your kids on the internet or how to protect your computer at home from hacking.  People will come to those and then all the concepts apply equally at work.

Now, on to the social psychology tips.  Some of those included (more…)


Educause 2013 round up

Educause 2013

Well another Educause annual conference has come and gone.  It’s been a few years since I attended the annual conference so it was a joy to return.  There were more sessions that I wanted to attend than I could attend.  Several time slots had multiple presentations that I wanted to see.  With more and more sessions recorded I can catch some of those later.  My priorities this year were student success (retention/advising), analytics and vendors.  We are implementing Hobsons Retain/AgileAdvisor/AgileGrad suite which includes a CRM (retain), case management advising (AgileAdvisor) and a degree planner (AgileGrad).  I was also recently on the team architecting a reboot of our institutional research operation that will be the Office of Planning and Effectiveness so analytics are of particular interest.

Sir Ken Robinson

The conference kicked off with an entertaining and engaging talk by Sir Ken Robinson.  This article captures much of the talk.  The very telling video (below) shows one of his points, how you stifle innovation by asking the wrong questions.

[youtube=https://www.youtube.com/watch?v=9TskeE43Q1M]

(more…)


Educause Security Conference 2012

I am recently back from the Educause Security conference 2012 — my first time going to that conference. I should note that I am the security officer for the campus so this was a great opportunity to connect with folks who have been doing this for a long time.

It was quite a good conference and, based on a few discussions with other attendees, one role of the conference is to leave you unsettled due to how many security threats there are.  I mean, there are a lot.  And hearing from large Universities (that have security departments of 3-5 staff) about how they need to manage multiple data breaches of personally identifiable information (PII) leaves one restless at night.  The challenge with large Universities is how distributed information and systems can be.  At a small College with a single central IT department there is more control over the systems housing institutional data (and clear accountability).

REN-ISAC (Research and Education Networking Information Sharing and Analysis Center) kept coming up and it clearly brings much value to its members.  First thing when I’m back in the office, join REN-ISAC.  One product I was very interested in was Cloudlock — enterprise control over your google docs domain.  You can retain docs after someone leaves, retain documents for legal discovery, audit access rights to comply with FERPA, HIPAA, PCI — just pick your abbreviation.  Of course it costs per user so this could offset any licensing savings you might be recouping with moving to google apps but it provides enterprise management tools that would make me rest easier at night.

(more…)


Looking 5 years out

Candidate searches in an IT environment often ask the question “What will the IT environment be like in 5 years?”  Looking ahead in IT is nearly impossible, even 1 year is a challenge.  I enjoy listening to the end-of-the-year radio shows where the tech commentators listen to their predictions from 12 months prior and comment on them.  Most are quite funny.  Could I have predicted the iPad or ubiquitous mobility 5 years ago?  Let’s see what I was blogging about 5 years ago.

Turn on the WABAC machine and let’s see.  It’s 2006. Pluto was demoted.  iTunes store had sold 1.5 billion songs in 3 years (it was only 3 year sold).  It’s up to 10 billion now.  Daniel Powter was topping the charts with “Bad Day.”  My blog posts were few but I was working on adding functionality to our moodle install as well as going to Educause nationals.  My focus at Educause 2006 was an interplanetary Internet (a very good keynote), learning spaces were still hot, outsourcing resnet, posting more materials online causing an increase in printing volume, web 2.0 and CMS 2.0.

(more…)


Gusday 10 rundown

Carleton was very hospitable and Hawaiian on a cold Minnesota Friday.  It was a good day at Gusday 10.  We had some tweets going on throughout the day as well.  I snapped some pictures too at facebook.

Here’s a rundown of my takeaways:

  • Creating Engaging Online Courses – Luther Seminary
    • they offer 60 courses online or hybrid
    • been doing it for 10 years
    • they are running the Jenzabar LMS which is limited so they build most course sites in HTML with the LMS page as the hub
    • they have 3 people in the Learning Design and Technologies area
    • they think of the learning objectives first, the technology second
    • they build the courses for faculty, the faculty are the content experts not the builders
    • they use a lot of flash movies from flip video cameras – faculty introductions and the like
    • “Multi-Media Learning” by Mayer: 2 channels – audio and video, overload one and the other shuts down, too much visual in powerpoint and the audio part is lost too
    • use camtasia studio for annotated ppt
    • courses use small groups of 5, conference calls with group and instructor, group forums and course forum
    • adobe connect to enhance call experience
    • be specific in online courses, always
    • use mid-course check-ins, critical incidents
    • trying eportfolios this term
    • http://www.luthersem.edu/ldt/
  • Off-Hour On-Call Support – Bethel
    • A Saturday outage got the attention of the administration
    • Bethel has grown 20% in 5 years, new campus in Bloomington
    • issue vs outage
      • issue – (my monitor doesn’t work) not good for on-call, resolved during regular hours
      • outage – (Blackboard is down again) right for on-call reporting
    • using a definition from Georgia State
    • providing 57.5 hours of on-call coverage (until midnight during the week and evenings Fri-Sun
    • have a purpose statement – conduit for communication through a liaison to other staff, level 1 and 2 issues
    • compensation? – 6 person rotation, 1 person / week, 1/10 flex time before next rotation (6 hours)
    • equipment used
      • netbook with mobile internet
      • bomgard.com hardware remote access
      • shared PDA phone
      • phonetag.com – transcription and SMS / email creation of ticket with WAV
      • phone tree on campus to get into off-hours VM
      • started 10/1/9, about 2 calls / week
      • process: someone calls regular number, it’s off-hours so they pick that option, it rolls to phonetag number and the leave a message, an SMS is sent saying someone called, in a few minutes a ticket is created with the message and another SMS is sent with the message text.  The on-call person then decides it is an outage and does some initial triage and calls in the appropriate person if needed.
  • Document Imaging – Carleton
    • using Onbase from Hyland Software for 11 years
    • being used in silos, not consistent use of fields
    • not sharing documents across departments
    • isn’t a replacement for the business application, just a place to store files like virtual filing cabinet
    • the goal is not that it be easy to put documents in, rather it should be easy to find things in it
    • ties to RP through another little app
  • Project Management – Carleton and St Cloud State
    • St Cloud started, they have a position that just does project management
    • project vs operation work (sometimes fuzzy — are annual rollouts a project?)
    • project has beginning and end
    • 5 steps in process
      • initiate – idea
      • plan – scope
      • execute
      • monitor / control – check in w/stakeholders, watch scope creep
      • closing
    • project management – one project
    • program management – managing group of related projects
    • portfolio management – managing collection of all
    • charter is entry point to process
    • routine meetings to prioritize
    • reach decision point – document and sign off
    • communication plan for updates
    • completion document, lessons learned, future projects, document what was done
    • first create a process then find a tool to support it
    • Carleton – just enough project management
      • team of 4 ITS staff, shared, vet projects through group
      • big P projects (large organizational projects, often external driven, by leadership, $$, visible, higher risk)
      • little p projects (smaller team projects, by team leads, little $, little risk)
      • they’re using a wiki to track – opened to key ppl outside of ITS
      • charter is useful for people to organize thoughts about why it was great idea
      • have different states for projects
      • considering dotproject
      • update projects 1/month

I really enjoyed Carleton’s approach to just enough project management — they provided the slides too.  I think it could work for us as it’s enough to organize things but not too much to be onerous to people. The document imaging put a good perspective on the role of document imaging.  The Off-hours session provided a cool system for capturing reporting of incidents and getting them resolved.  Luther Seminary is doing some interesting stuff online and I noticed it is a full-service department — faculty record their video and drop off the flip.


« Previous Entries

Powered by WordPress | Designed by Elegant Themes