http://www.networkworld.com/news/2012/021412-security-myths-256109.html?page=1

While most of the "myths" are very obvious to anyone who has worked in computer support for very long, one of them I found quite interesting. The third "myth" referenced in the article is, "Regular expiration (typically every 90 days) strengthens password systems." First, while I completely disagree that this is a myth taken within the context of a complete security system including proper user training, it appears that the article itself debunks the debunking of this "myth". Note the following from myth number 6, "He adds that while 30-day expiration might be good advice for some high-risk environments, it often is not the best policy because such a short period of time tends to induce users to develop predictable patterns or otherwise decrease the effectiveness of their passwords. A length of between 90 to 120 days is more realistic, he says."

Now here's the reality of it from my perspective. If you never change passwords, an internal employee can brute passwords for months and even years until he gains access to sensitive accounts. If you change passwords every 90+ days while having strong passwords that are easy to remember, you accomplish the best security. Strong passwords that are easy to remember can take weeks or months to back with brute force. For example, the password S0L34r43ms3r is VERY easy to remember, well it's easy for me to remember, but you have no idea why. Brute forcing this password would take months with most systems. Therefore, I have a strong password. If I change it every 90-120 days, I will have a good balance of security and usability.

Does every employee need to change his or her password every 90-120 days? No, certainly not. Some employees have access to absolutely no sensitive information. We can allow them to change their passwords either every 6-12 months or never, depending on our security policies. The point is that different levels of access demand different levels of security.

While I felt the article was very good and it did reference some research to defend the "myth" suggested in relation ot password resets, the reality is that the article and the research (which I've read) does not properly consider a full security system based on effective policies and training. Granted, few organizations implement such a system, but, hey, we're only talking theory in this context anyway, right? It sure would be nice if security could move from theory to practical implementation in every organization, but it hasn't. The reason? By and large, because most organizations (most are small companies) never experience a security incident beyond viruses, worms and DoS attacks. That's just life.

Maybe this author should look at government employees working in security who are absolutely required to have certain security certifications if they want to continue in their roles. There is no question, regardless of anyone's opinion, of whether these employees are benefited (in their job opportunities) by having certifications like the CISSP, CWSP, Security+ and CASP.

Now the author is right about one thing: very rarely do professionals gain employment exclusively on a certification. However, this does not diminish the value of the certification. Yes, experience is important; however, give me a technologist with ten years of experience with no certifications and another with the exact same experience and multiple certifications, I'm going with the certified candidate every time. Why? Because the possession of the certification tells me something about the individual. It tells me she or he is not an arrogant know-it-all who feels that her or his methods are always right. This makes me feel more comfortable as an employer. I can trust that they will not "do their own thing" regardless of the damage it may do to my organization or my client's organizations.

I'm very appreciative of the article's author for pointing out that experience is essential. He is right about that for sure, but certifications tell us the individual is willing to learn and prove his knowledge. When someone tells me that certifications don't prove anything, here is my simple response, "Not getting certified definitely proves nothing." Think about it. The truth can't be more simple: getting certified proves you have the knowledge to pass that exam; not getting certified proves that you are not certified. Certainly, gaining certifications relevant to the area in which you wish to work cannot do you any harm.

Second, the use of icons has been with is since the Xerox and Apple computers first introduced them and they are still the primary way that we launch files and applications. This is true for desktop and laptop computers as well as most handheld devices.

From Windows 3.1, we still have the concept of the Control Panel in Windows 7. The Windows 3.1 Control Panel had a whopping 11 applets in it right after installing Windows. Needless to say, Windows 7 has many more applets in its Control Panel, but the Control Panel remains just the same.

To see an interesting video demonstrating the history of the Windows operating system through sequential upgrades from one to the next, search for Chain of Fools: Upgrading Through Every Version of Windows at YouTube.com.

To access the Windows 7 Reliability Monitor the fast way:

1. Simply click Start, type Reliability and click the View reliability history link that is displayed with the blue flag.
2. Once in the interface, you can scroll through the history viewing errors, warnings and information entries by clicking on them.

The information displayed in the Reliability Monitor will include device driver installations, software installations, system crashes, application crashes, failed installations and more. You can export the data to an XML file, which could then be analyzed by other reporting applications, for example, Crystal Reports supports XML data sources.

Interestingly, Microsoft removed the feature to view remote computers' reliability data through the GUI interface of the Windows 7 Reliability Monitor. With the new tools, to view the reliability data on remote computers, you must use PowerShell , which, quite frankly, sucks in comparison to the graphical view in my opinion. However, there is a nice article at the TechNet Magazine website that gives you the basics of PowerShell and reliability data here: http://technet.microsoft.com/en-us/magazine/dd535685.aspx.

• Project Manager
• Project Task Leaders
• Project Stakeholders
• Relationship Liaisons

The first job is obvious: the Project Manager. This individual should be responsible for the core project management responsibilities including:

• Budgeting
• Scheduling
• Team Leadership
• Conflict
• Risk
• Procurement
• Quality
• Communications

These are the traditional responsibilities of a Project Manager in any industry. If an individual has the more specific IT project management job, they may also be responsible for technology update management throughout the project lifecycle; however, this is often a post project task.

The second project management job would be that of a Project Task Leader. You might think of this individual as a mini-project manager within the scope of a single project task. These tasks will usually be larger tasks, or task groupings. The Task Leader is responsible for the technical details of how the task will be completed and, if working alone, the actual completion of the task. When working with others, the Task Leader is also responsible for coordinating the work among the task workers.

You might feel awkward thinking of a Project Stakeholder as having an IT project management job, but they do play a key role in the project. The Project Stakeholder(s) must take responsibility for openly communicating with the Project Manager on any issues that will impact the quality, budget, schedule or scope of the project. While the Project Manager should have exceptional communication skills, the Project Stakeholder must also take responsibility to communicate openly and honestly.

The final of the four IT project management jobs I'll specify is that of Relationship Liaison. The Relationship Liaison role is often played by the Project Manager as part of communications management. However, when you are working on mission critical projects and have many departments to serve, it is often more efficient to assign a Relationship Liaison to each department and have these individuals communicate back with the Project Manager.

In this scenario, you would not expect that the Project Manager never speaks with the department heads and users, but the majority of communications will take place through the channels of the Relationship Liaisons. This reduces time consumption for the Project Manager and, in many cases, will actually provide a greater feeling of involvement for the various departments.

When do you consider these and other project management jobs? I would suggest considering the various roles at the beginning and throughout the project. In others words, you'll start your project with assigned roles and responsibilities, however, things can change and you may have to create a new role (like a Relationship Liaison) in the middle of your project. This is the simple reality of the project management world.

Thomas Edison had just completed a successful test of his Marvelous Talking Machine (the phonograph) when he said these words:

I was always afraid of things that worked first time.
- Thomas Edison

This quote is an excellent starting point for our discussion. I want to talk about motivation. In this article I will reveal three ways to keep your motivation high and become a success in any area you desire.

Thomas Edison is the perfect example of motivation. After hundreds of attempts he finally found success when creating his version of the incandescent light bulb. Here is another quote from Mr. Edison:

I speak without exaggeration when I say I have constructed 3000 different theories in connection with the electric light, yet in only two cases did my experiments prove the truth of my theory.
- Thomas Edison

With this kind of motivation, I think we can certainly learn something from the man. Here are three motivational methods that I have observed in the life of Thomas Edison:

• Maintaining A Dream
• Learning From Failure
• Managing Time

Let's investigate each of these individually.

Maintaining A Dream

I have more respect for the fellow with a single idea who gets there than for the fellow with a thousand ideas who does nothing.
- Thomas Edison

Well said, Mr. Edison.

There is more to maintaining a dream than professing it. Everyone knows that maintenance of anything requires work. We must learn to work our dreams.

There was a time in my career when I dreamed of success in sales as a seminar speaker. I was working for a company that required the sales of resources at the seminars I delivered. I dreamed of what it would be like to sell more than my peers were selling. I dreamed about the feeling of that success. Then I discovered dream maintenance.

I began reading books about selling. I must have devoured five or six books in a two week period. Next I began to think through my goals. How many of this would I have to sell? How much of that? Finally I planned my words carefully. I considered objections that might arise and formulated responses.

Do you know what the result was? Simple. I became the number one sales person on the staff. This is maintaining a dream.

As the single idea drove Thomas Edison to the creation of the incandescent light bulb after hundreds of failures, so let your ideas push you beyond your imaginable limits.

Learning From Failure

If I find 10,000 ways something won't work, I haven't failed. I am not discouraged, because every wrong attempt discarded is another step forward. Just because something doesn't do what you planned it to do doesn't mean it's useless.
- Thomas Edison

I like the perspective of Mr. Edison. He never failed, he only learned. I say that we should learn from failure, he said he doesn't ever fail, that he only takes another step toward success. Either way you look at it, you have to keep pursuing your dream.

I watched my son as he attempted to place a simple crayon into a crayon box recently. This crayon box had small circular holes to place the crayons in. He tried placing the crayon in on its side two or three times with no success, but he did not give up. He then tried placing the crayon in with the sharpened end down and noticed that it looked different from the rest of the crayons in the box. So he pulled the crayon out and flipped it over. Success!

You see, he learned from his failure. He continued until he found success. Persistence is a powerful tool you and I must learn.

An incident in Thomas Edison's youth demonstrates the willingness to learn from failure rather than to quit. When Thomas Edison was twelve years old he took a job as a train boy. He sold newspapers and candy to passengers. He saved all his money and purchased chemicals and tools for his lab.

Eventually the railroad company allowed him to create a lab in a baggage car so he could perform his tests during layovers. One day, the train lurched, and Edison's chemicals dispersed throughout the baggage car. A fire resulted, and Edison was kicked off the train.

Thomas Edison did not quit his experiments. He simply quit experimenting in moving train cars.

Managing Time

The thing I lose patience with the most is the clock. Its hands move too fast. Time is really the only capital that any human being has, and the one thing that he can't afford to lose.
- Thomas Edison

When you feel that your day has been wasted, it is a real motivational sap. It just sucks the positive motivational attitude right out of you.

What are you to do? How can you solve this dilemma?

The easiest way is to reclaim wasted time.

Let me say something clearly here. Personal time is not wasted time. Time with your family is not wasted time. Time alone for personal refreshment is not wasted time. Wasted time is time you spend doing things that will not help you reach any goal that you have. Or, as I mentioned before, any dream that you are pursuing.

Reclaim this time in one easy step. Do you want to know what that step is?

There is no $99.97 package that you need to buy. No two-day seminar to sign-up for (though neither of these would hurt). You simply need to plan your day.

It is estimated that one hour of planning can save three or four hours of work. This is a simple way to reclaim your time.

Summary
In closing, let me quote Mr. Edison a few more times. Listen to how he summarized his thoughts on success:

The three things that are essential to achievement are hard work, stick-to-it-iv-ness, and common sense…

Opportunity is missed by most people because it is dressed in overalls and looks like work…

There seems to be no limit to which some men will go to avoid the labor of thinking. Thinking is hard work…

Genius is one per cent inspiration and ninety-nine per cent perspiration…

A genius is a talented person who does his homework. I never did anything worth doing by accident…
- Thomas Edison

Most people do not ask the right kind of questions when it comes to information gathering. If your questions can be answered with "yes" or "no", you are probably not getting as much information as you could if you would ask open questions. Open questions cannot be answered with "yes" or "no".

Yes and No Question Openers
If you start your questions with these words, you are very likely asking a yes or no question:

• Do – Do you think the server is the problem?
• Did – Did you reinstall the ODBC drivers?
• Are – Are you planning to install that new driver?
• Will – Will you be at the security training class?
• Were – Were you the one who updated the anti-virus definitions?
• Should – Should we consider an upgrade?

Open Question Openers
If you start your questions with these words, you are probably asking open questions:

• What – What do you think the problem is?
• Where – Where did you put the ODBC drivers?
• When – When will you be installing that new driver?
• Why – Why do you think we should attend the security training class?
• How – How should we do the upgrade?

Do you see the difference? (yes/no)

How do you think you can apply this knowledge? (with users, managers, consultants and vendors)

As you can see in these last two examples, yes and no questions can work as leaders to open questions. There is certainly a place for yes and no questions, but they are not the most powerful information gathering questions.

Examples of Open Question Rephrases
Here are a few examples of commonly asked yes or no questions rephrased as open questions:

• Did you do anything to the computer before it stopped working? (yes/no)
• What happened to the computer before it stopped working? (open)

• Are there any problems I should know about before buying this software? (yes/no)
• What are the biggest problems you've had with this software? (open)

• Have you worked with other companies in the same industry as ours? (yes/no)
• What other companies have you worked with in this industry? (open)

• Did you try rebooting? (yes/no)
• What have you tried so far? (open)

• Do you see the picture I'm painting in this article? (yes/no)
• What is the picture this article is painting in your mind? (open)

Summary
In summary, let me remind you of the important facts. There are times when we want to use yes and no questions; however, you'll gather more valuable information by asking open questions. Learn to rephrase your questions as open questions and you'll become a much better technical communicator.

The three levels of communications are:

• Level 1 – Intellectual
• Level 2 – Emotional
• Level 3 – Intellectual/Emotional

Level 1 Communications
Intellectual communications are very common in technical roles such as accounting, technology and engineering. It is a very important communication technique as it focuses on the practical side of any situation. When communicating intellectually you are communicating facts, figures, statistics, and processes.

Level 2 Communications
The emotional side of situations is also important to consider. There are many situations where the primary focus should be on the emotions involved such as some conflict resolution scenarios. Many times, the other party simply needs an empathetic ear. When you communicate emotionally you are communicating feelings, desires and sympathies.

Level 3 Communications
In most life situations, you will be most effective if you communicate both intellectually and emotionally. This is the core of what I call Level 3 Communications. At this level, you are communicating facts, figures and other intellectual information, but you are also considering the interest and concerns of the receiving party.

Level 3 Communications also allow you to listen effectively as you are focusing on the emotions of the other party and not just the words they are saying. It is important to remember that, in general communications, more than seventy percent of the meaning comes from the tone and body language of the communicator. Tone is often a reflection of emotion, as is body language. If you can learn to read facial expressions, tone of voice, and other subtle hints, you will be able to communicate with your work partners more effectively.

Summary
In the end, you will find the greatest effectiveness by combining intellectual and emotional communications into what I can Level 3 Communications. While I cover this in much greater detail in my Communicating IT book, seminars and audio program, this should get your thinking started in the right direction.

I find it interesting that discussions take place based on the question: Does IT provide a competitive advantage or is it a commodity? It is my conviction that the only reason these discussions can take place is that we (the IT professionals) have failed to communicate the value we provide. If we really understood the importance of communicating our value benefits, and placed the appropriate emphasis on it in our technical schools, we would not be having these conversations.

Consider this: If you are continually innovating (improving the speed of communications, reducing transaction times, providing better information, etc.), you must have a competitive advantage for some window of time. That window of time, which I refer to as the CAW (competitive advantage window), is the time between when you implement an innovation and when your competitor implements the same or similar innovation. This is the reality of competitive advantage in any industry – not just IT.

One key area where we can provide true competitive advantage is in the area of speed. Let me illustrate this value and how it can provide a competitive advantage.

Imagine there are two widget stores in your city. We'll call them Widget World and Widget-Mart. Widget World believes that IT is a commodity and, therefore, does not seek competitive advantage in this area. In contrast, Widget-Mart has a CIO with a strong belief in the competitive advantage of speed provided by IT. This CIO, Sarah, communicates the speed advantages provided by their current order processing system and, through extensive analysis, discovers optimization points which will allow them to reduce each order processing cycle by twenty seconds.

At a management meeting, Sarah presents here improvements as follows:

As you know, we currently have a wait time of four minutes in our checkout lines, which is the same as our competitor Widget World. On average, there are four people waiting in any given line. The reason for the four minute wait, is the simple fact that it takes about sixty seconds to process the sales for the average customer.

Through our analysis, we've discovered a way to reduce the transaction time by twenty seconds. This means a reduction in wait time from four minutes to only two minutes and forty seconds. We predict that line size will drop to three, if we choose to run the same number of registers. We can also run thirty percent fewer registers and still maintain a wait line four deep. This would allow funds to be diverted to other areas.

Here's how we can accomplish this…

Do you see how Sarah is communicating the value of speed? Do you see how this provides a competitive advantage? When I present this type of scenario to my training classes, without fail someone suggests that it is only a short-lived competitive advantage. I would agree with that speedily and then add another important thought: What long-lived competitive advantages are being created today?

Due, in part, to the rapid speed of communications (another example of a past IT advantage) most innovations are adopted quickly by the competitor. The key is to keep on being first in as many areas as possible.

Think of it like this. If you had been visiting both of the widget stores, in our example, and then noticed the shorter lines at Widget-Mart, wouldn't you lean toward that store more often than not? Wouldn't you internally decide to make your purchases at Widget-Mart (assuming all else equal) instead of Widget World, if at all possible? Sure you would. We've seen this play out in the retail marketplace again and again.

In the end, I think the key question is not whether IT provides a competitive advantage, but, rather, how long does a competitive advantage remain so? We are in an age of continual innovation and change and we must learn to cope with that.

I would suggest, then, the importance of communication of value and discovery of the same. This has not changed and is not likely to change in the near future.

When you create a list in SharePoint, you are actually creating a set of database table in the back end SQL Server. Because SharePoint allows you to create your own custom lists, the back end database tables are not as simple as traditional tables one might create in a database-driven application, but they are tables nonetheless.

In order to support the list, SharePoint will store two important sets of information. The first is the description of the SharePoint lists and the second is the data stored in the lists. The description of the lists will contain the columns included and the requirements of those columns as well as the lists properties, such as the name and description. The data stored in the SharePoint lists will be in a different table. This table contains all of the column values for all of your lists with list IDs used to map them to the appropriate visible list in the SharePoint interface.

You can verify all of this by directly querying the back end SQL Server database. I don't recommend that you play around in this back end database very much as your actions could quickly lead to disaster (accidentally deleting or improperly modifying data), but you can see the structure SharePoint uses to store the list.

The next time you need a simple tracking table, consider using a SharePoint list. The SharePoint lists will have automatically generated forms. The data will be backed up automatically with your, hopefully, already scheduled SharePoint backups. And the interface will be familiar to your users.

Custom lists provide yet another way that SharePoint shows its power. I'll provide a demonstration video soon showing you just how to create such a custom list. Until then, happy computing!