There was a tweet a couple months ago that helped me pull together a few different things I’ve been thinking about when it comes to recent software projects in the news. It said:
[Read More]
The Service Recovery Paradox and Invisible Technology
I recently finished Marianne Bellotti’s book Kill it with Fire: Manage Aging Computer Systems (and Future Proof Modern Ones). It covers the unglamorous topic of what to do when you find yourself managing a system that is a bit long in the tooth and hasn’t been properly maintained for years or even decades. The lessons discussed apply most directly to organizations that both run and create their own software, but there are important lessons for those of us who simply deal with patchworks of commercial software - especially for those of us in higher education, where nearly every student information...
[Read More]
Azure Vs Amazon - The Manager View
I was looking in my drafts folder and found this post that I wrote almost two years ago. Everything still looks correct to me. The appeal of hosting applications yourself continues to decline, and vendors continue to embrace the SaaS model. Microsoft continues to be the enterprise glue holding things together and more and more of the Microsoft software we use is in Azure or is Azure-adjacent (like Defender and Intune).
[Read More]
Where to Focus IT Security at a College
Last year I talked about implementing multifactor authentication in higher ed. Today, I want to take a minute to zoom out and look at the bigger security picture for colleges. When considering security improvements, we are sometimes faced with a list of dozens or hundreds of ideas or recommendations for improving security posture. No one has the time, money, or will to implement all of them, so where should you focus? Where are the real security risks for colleges? What kinds of controls should we implement to mitigate these risks?
[Read More]
Making Sense of IT Budgeting
So what do you do when you find yourself suddenly responsible for an IT budget and IT spending? If you’re lucky there are people around you who can take on some of the responsibility and orient you. But there might not be. Sometimes it’s up to you to figure out how to keep the bills paid and technology running without much guidance. This is what I’ve learned over the years from being in this position. Note: not all of this will apply to every organization. My experience is in a public institution with a roughly fixed budget each year (and...
[Read More]
Sending MFA to College
It’s 2022: does your school use MFA to protect accounts? If you are looking to implement MFA at your institution or expand its usage, let’s talk about some strategies and lessons learned from my experience building out MFA from scratch at a college. The first question you might ask is: do I really need to implement MFA? Yes, at least in some form. It is an essential strategy to prevent account compromises from phishing emails, and phishing and social engineering attacks account for 70% to 90% of all malicious breaches. It also serves as a failsafe for accounts with weak...
[Read More]
Reading Deep Work in 2022
I’ve had Deep Work on my long list of books to read, ever since I heard Cal Newport discuss his book on the Ezra Klein show a few years ago. At the time, it struck me as an interesting and clear approach to productivity and was worth engaging with, because I was interested in my own productivity.
[Read More]