Is mobile privacy a bigger concern than a phone’s brand?

A new Harris Interactive study provides a valuable barometer on current consumer perceptions and mobile privacy trends by examining issues, such as data collection, geo-location tracking, mobile advertising and privacy management responsibility.

Among the top findings: many smartphone users are more concerned about mobile privacy than a phone’s brand, screen size, camera resolution or weight; more than three-quarters of smartphone users won’t download an app they don’t trust; and although the majority of those surveyed don’t like the concept of tracking, nearly half (46%) of smartphone users are still unaware it even happens.

via Is mobile privacy a bigger concern than a phone’s brand?.

Northeast Blackout of 2003 Memories

Ah, the ’03 Blackout. Those were the days.

We knew there was a problem. The few server checks, environmental monitors, and UPS alerts properly employed by my employer then pointed to a problem. The early hours knew no scope but there was fear.

I was already home with my grade school children when the power went out.

You can read my personal recollections at

I had a land line Ameritech (or SBC, now AT&T) phone, a Sprint cell phone, and a work-provided Ameritech/SBC/AT&T T1 line into my house. Between the three I was able to stay on-line through most of the blackout as long as I could find power. At one point when there was an issue (in Europe, I think) I ran an extension cord from my running Pontiac Vibe to a power strip powering my laptop, CSU/DSU, and router. This was short-sighted as I lacked extra gas but worked out.

I remember driving to the colocation facility. The alarms enthusiastically triggered on Friday. The Colocation (colo) facility near me was up but some servers were in an odd state of up and completely down for some services at the same time. I packed the kids into the car and drove out.

The facility was doing all the things they needed to do: they were overseeing topping off the deisel tanks (great service contract) and supervising checking the UPS batteries (great service contract) and making sure there was air flow and ordering some extra UPS units just in case (again, great service contracts) and performing security walk-throughs. My immediate problem was that we were tripping one of our circuits over and over again. Some dual power supply devices terminated into the same circuit and other underutilized circuits were full from an outlet perspective.

The kids and I ran up to the local Best Buy and picked up some power strips and fans. My employer was lucky that I had enough cash as Best Buy couldn’t process credit or debit card transactions. When we got back to the colo, the facilities folks conveniently weren’t around while I re-ran 120 vac power on to the consumer grade power strips. I set up the fans to provide additional air flow. My new co-worker at the time … I can’t remember if he helped out or not. I seem to recall he found himself stuck but I could be combining different events in my head.

As my kids and I headed home on 8 Mile Road we saw people outside talking. We returned to the colo for the next two days until the power came back on. We kept seeing people outside, talking, having a good time.

Oh, and my former employer’s servers stayed up and functioned within normal parameters through the entire outage once the power distribution error was fixed.

These are the times that try a company’s providers. Having a provider with a deisel truck topping off the tanks in the early hours of a massive blackout is a good sign.


p.s. My colleagues at the time might recall some of the details better than I do. I reserve the right to amend and extend my comments.


I was speaking with a friend, InfoSec peer, and former colleague/direct report today. He mentioned that he found my blog while looking for multi-head displays with Ubuntu info.

That made my day.

Thanks, Tom!


For those who don’t know, in mid-June I landed a new job. I’ll write later about my thoughts on the job hunt. There are several lessons learned and things I wish I could do over.

Thank you, friends and family and colleagues, for your help and support.

I’m excited by this new opportunity, the work, the team I’m working with, and what the future will bring.

I’m not sure how much I can write about the work, but I can write about the job. Here’s the tl;dr:

5 Ws

Who (with): Hewlett-Packard, Enterprise Security Services, Americas Security Consulting

What (as): Senior Security Architect

Where: Teleworker/Work-from-Home/the Americas

Why: Ultimately it came down to two factors: platform and place. It was not an easy choice; the other offers were strong.

How: Perseverance; a great outplacement consultant in Dean Morrow at; made luck; networking; a lot of conversations with a lot of people I trust; family and friends; a lot of conversations with a lot of people I didn’t know.

Q & A

What do you mean by “platform”?

I like choosing the right tool for the job. I like platform agnosticism. I like security polycultures. I like defense-in-depth. I like HP’s security tools like ArcSight and TippingPoint, but I know they’re not universally applicable.

My interviews and conversations highlighted the platform agnostic aspect. The folks on my team come from a varied and diverse background, and leverages all of that experience.

 How are you adjusting to Teleworking?

The adjustment has been easy. Easy, except for moving my treadmill out of the basement to my new home office upstairs. I might need specially built robots to bring the hulking mass upstairs. I used a walking desk/treadputer before and want to again.

What do you miss?

I miss my old team and the great folks that worked with me. But I’m excited by the team I’m working with. They’re every bit as smart and capable, and I’m glad to work with them.

[HowTo] Job Hunt: Prepairing for the Pink

A Guide to What to do Before You (Are Asked to) Leave Your Job

My recent life change triggered a self review with deep introspection. I categorize my thoughts into two buckets: strategic planning and personality. I’m putting together this post to discuss the strategic planning I should have done while employed. This plan also prepares you for when you quit, get relocated, the business goes bankrupt, you earn promotion, or when the building burns down.

If you’re fired/reorganized out/downsized/laid off, the worst time for you to collect your stuff is in the narrow window HR and security grants after “the conversation”. Emotions will cloud your mind. Restrictions may prevent you getting at what you want. The realization that you need something three weeks later might be beyond possible.

Formal HR Documentation

I have copies of my performance reviews. I just can’t find them. Regardless of the weight you place on scripted annual surveys these are good things to keep around. Also save any letters or emails complimenting you on your work. I recommend printing emails to PDF and then uploading them to Evernote or Dropbox. Scan the paper documents into PDFs, too. You could even go so far as to keep them with things you keep for a long time like tax returns.

This is useful information, especially with interview questions like, “Tell me about a time where you overcame an obstacle” or “What are your weaknesses?”. You can use the information from your past reviews to craft an answer. Also they may help remind you about something significant you did that slipped your mind.

Education, Training, and Certification Records

If you’re like me you have to keep track of your training and education for your various technical certifications. If I hadn’t have used TripIt to help me manage my travel I would have had a heck of a time legitimizing some of my training in 2012. Set your various certification dates in your personal calendar: annual fees, anniversary, re-certification reminders before expiration. Make sure your profile for the certification authorities is your personal email, postal address, and phone number.

If you changed colleges and universities you will want to know when you attended which school. I’ve filled out several on-line forms that required a full academic listing.

Professional Accomplishments

Job hunting best practices includes being specific when talking about achievements. As a manager with a large budget I know I came it at or below budget for two separate departments for four years. I didn’t document the amounts or percentages. I cut a lot of costs. Only the most recent cost cutting projects are in my head.

My take away is that anything that is objectively measurable you should document. Everyone’s list will be different based on their position.

I struggle with doing periodic reviews in the GTD vein: weekly, monthly, quarterly, annual. These would be the ideal place to capture the information. A less cumbersome method involves creating a list that you add new accomplishments to the end.


Over the years my contact list became difficult to manage. Old information never seemed to die. New people were slow to add. My corporate email would corrupt, forcing a virgin instance from that point forward. Social networks like LinkedIn seem a tempting tool to fill in the gap but I’m finding only about 60% of my LinkedIn contacts have updated their profile lately. Managing international contacts in either solution can try one’s patience.

The contacts you will take for granted are the ones that you held in muscle memory. Make sure you keep your peers’ contact information updated. Hanging on to a copy of the latest org chart would be wise.

I don’t have a good solution for this, but people do seem to update their professional email signatures. I would probably highlight signature blocks of new people and clip them to Evernote. I would scan and save business cards to PDF and save in Evernote, too. Then weekly as part of the review I would add them into my main address book. In my case I would use Google Contacts, but YMMV. I would also connect with the new contacts on LinkedIn as part of my weekly review


A desk, a cubicle, an office can tend to collect things. Mine included magnetic poetry, juggling balls, family photos, food, and a bunch of other nicknacks.

If you want to keep a lot of things at your desk, keep bags and boxes around for packing up. This is a good idea anytime. I think my desk moved ten times in twelve years plus two more were added when I moved into management.

When it comes to photos, my iPad has much newer offerings. I can put it into slideshow mode on my desk. The other trinkets are nice to have but I could juggle office supplies.

Every so often, maybe at the quarterly review, see if you can fit your personal effects into one trips worth of boxes and/or bags. Try to keep them down to that. Don’t leave anything at the office you can’t live without.

Resume & LinkedIn

I let my resume languish. I was casually looking for a new job before I was let go, but my resume wasn’t up to date. I had old information that no one, even me, really cared about.

Taking all of the above into account I would make updating my resume part of my quarterly review. I would ask for family and friends to review it for me annually. This would hold true for my LinkedIn profile as well.

Electronic Devices

I keep a separate cell phone and laptop from my work gear. Stemming more from paranoia and convenience than anything, I even carried two phone and two laptops when I traveled for work. I traveled two out of every three weeks, so I was committed.

Finding a job in the modern era without these tools is tricky. You can use a personal tablet with WiFi/3G/4G and something like Skype or Google Voice to replace both a phone and a laptop, but I would still keep a personal phone. Prepaid phones are great options. The other thing to consider if your employer allows is to own your own phone and expense your business calls.

Email and Instant Messaging and Social Accounts

I know people who use their work email for EVERYTHING. I know people who use their corporate Instant Messenger (IM) for EVERYTHING. The same may hold true for social networking accounts like Twitter.

There are so many great free or inexpensive email options. Get your own, as well as the other accounts.

User Accounts and Bookmarks

User accounts are an interesting problem. Depending on your role you may have accounts that are critical to the business. If the company doesn’t have some kind of user account & password management system in place, your browser’s password cache might be it. There are problems with that.

1. Browser password storage is insecure
2. Browser password storage isn’t audit-able
3. isn’t sharable
4. isn’t backed up
5. might not be accessible by someone else depending on your setup

If your company has a central password management/escrow system, put your business accounts in there. If not, when the separation comes do the right thing and hand over your business credentials.

I recommend setting up LastPass. It’s free for the desktop, but I recommend paying for premium.

Final Thoughts

Invest in good text expanding software. I’m using TextExpander on the Mac and AutoHotKey in Windows. It amazes me how poor the on-line job application systems are. There are a few that will use your LinkedIn or Google profile, but many companies will ask you to essentially retype your resume into their form.

Occasionally look at job postings for your current role and the job you want to have. Use that as a guide to what skills and abilities you should work on acquiring.

I’ll update this with more information and ideas as they come to me. Please feel free to share your suggestions and stories in the comments.