IT Authority Policy – Version 1.0

I am currently in the process of updating one of my website’s resources: sample IT policies and procedures.

Policies and procedures set the foundation for good IT governance. My website maintains sample policies and procedures that set the foundation for effective management; they are relatively simple and are designed for use with small to mid-range organizations. You are free to use, copy, and modify this material to fit your needs.

The IT Authority Policy

The IT Authority Policy identifies the executive responsible for implementing the suite of IT policies and procedures. This is the party responsible for implementation and accountable for implementation. This document serves as authorization from the chief executive or board of directors, delegating authority for managing the IT problem, and becomes the basis from which all other IT Policies are drafted and implemented.  This is a reasonable Authority Policy that can be modified to suit your needs; it is intended for use with a small to mid-range business.

IT-001 IT Authority Policy | Dec 2009

Acceptable Use Policy – Version 1.02

I am currently in the process of updating one of my website’s resources: sample IT policies and procedures.

Policies and procedures set the foundation for good IT governance. My website maintains sample policies and procedures that set the foundation for effective management; they are relatively simple and are designed for use with small to mid-range organizations. You are free to use, copy, and modify this material to fit your needs.

The Acceptable Use Policy (AUP)

The AUP serves as a fair-use notice to employees and contractors; violations of fair-use may result in disciplinary consequences. It is the second in the IT Policy Series that defines what behavior is permissible from your employees. The Acceptable Use Policy should be incorporated into your new hire packet for employees. Existing employees should be presented with the AUP. A signature on this document confirming acknowledgement by all employees is preferable. You should retain the executed copy of this policy in the employee’s file indefinitely. This is a reasonable AUP that can be modified to suit your needs; it is intended for use with a small to mid-range business.

IT-002 Acceptable Use Policy | Dec 2009

A Review of S.773: The CyberSecurity Act of 2009

I wanted to take a few minutes to talk about a very cool piece of legislation circulating through the Federal Government right now. It has a high chance of passing but not likely in 2009.

S.773 (The CyberSecurity Act of 2009) is a document that recognizes the importance of creating a common criteria for assessing information technology risks for the government, public, and private sectors. It reasons that if we’re to have an economy based on information and electronic commerce, then reasonable, standard, and specific precautions must be taken by all in order to strengthen our national defense, national competitiveness, and national security posture. In short, the Act creates a common expectation of IT security for all manner of businesses.

I can’t tell you how important this is. Today, there are a hodge-podge of industry-based and government (municipal, state, and federal) mandates that demand how certain kinds of information are maintained, and to what degree of governance is levered over them. There hasn’t been a single consistent message from the government on what constitutes “secure” when it comes to technology implementations. With this Act, we would have a tool that actually creates a universal guideline of expectation for managing the security of IT resources across industry boundaries, and, regardless of the size of the company. In this way, consumers and regulators can ensure that your personal private information is just as safe as a Quickiemart point-of-sale (POS) station as it is at a Wal-Mart’s POS. We in the industry – as well as consumers – have needed this for a very long time.

Beyond just recognizing the importance of standardization, audit, and corrective action – installing a mechanism for assessing reporting on the state of national preparedness with cybersecurity – funds are allocated to do some rather amazing things for industry, students, and consultants alike. Here’s a run-down:

1. Regional Cybersecurity Centers.

The government would allocate funds to create boards of industry, academic, government, and ethics practitioners to help guide government decision-making, which then feeds into a central federal committee reporting to Congress and the President under a CyberSecurity Advisory Panel. These practices then create a manner of reviewing trends, threats, changes in consumer expectations, and so on. Plus, the Regional Centers would be responsible for distributing millions in loans to small businesses with under 100-employees to invest in safeguards/countermeasures to meet NIST compliance expectations.

2. A Real-time Cybersecurity Dashboard.

Within our industry, there are a multitude of tools and resources we use to gage the current threat level to cyber resources. Nearly all of them (with exception of US-CERT) are private industry-based and have their own built-in biased. Now, the Act would create a common set of metrics to gage the threat level and recommend a coordinate response to risk. This has been sorely needed ever since we’ve started connecting our computers to the Internet.

3. NIST-Level Standards, Metrics, and Controls.

Currently, when I make recommendations on implementing standards for security, I use a variety of public-domain documents that are considered “best practices”. The NIST (National Institute for Science and Technology) set forth guidelines for securing IT assets at the Federal level. Under the Act, the NIST’s guidelines would be published as a universal standard for American businesses, creating a single yardstick to measure security compliance. This would greatly simplify the task of implementing security controls throughout small to mid-range businesses who’re often baffled by the dizzying array of standards, options, compliance requirements, and technologies.

4. R&D Dollars.

Money would flow into creating stronger and more resilient networking technologies and software.

5. Professional Certification Program.

In order to help the implementation of the NIST standards and to verify the distribution of Federal dollars to businesses, the Act would create a licensing process similar to what we see in private industry. Industry professionals and practitioners could certify to evaluate, assess, and implement the NIST standards for stakeholders. This would give a clear signal to small and medium sized businesses who usually don’t have access to these kinds of professionals an indicator that these folks know their business and can really talk security. For consultants – people like me – this is a tremendous opportunity (as you might imagine).

6. Federal Cyber Scholarship-for-Service Programs.

What’s very cool is that 1,000 students per year could receive full tuition-paid and stipend-included scholarships (both graduate and undergraduate) to university to promote cybersecurity practices. Further, the Act compels the Federal Government to give preferential treatment for hiring these professionals once they graduate to fill Federal vacancies.

7. New Presidential Authority.

Under this Act – and perhaps the most controversial - is a provision that allows the POTUS to declare a cybersecurity state of emergency and shut down/disconnect portions of the Internet. I think what’s critical in reading the Act is that the POTUS has authority to do this with Federal Assets only, and, to critical national infrastructure (like power grids); the POTUS doesn’t have authority to shut off the Internet entirely, like we see in China, Iran, or North Korea. This isn’t all-together whacky: the POTUS should have means of recognizing and shifting national security posture just like a Chief Security Officer (CSO)/Chief Information Officer (CIO) would inside of a traditional business. I think some care should be given in defining “critical infrastructure”, but this is still relevant and prudent capability offered to the POTUS that he doesn’t have today.

8. A Stronger DNS System.

Finally, one of the weaknesses in the design of the Internet is the way we resolve names and find IP addresses. This is called a DNS system and it’s highly prone to attack and failure. If we can’t resolve names, we can’t go anywhere on the Internet. Within the Act, dollars would be allocated to create a stronger and more capable DNS solution.

Anyway, this is an amazing piece of legislation that anybody in the security industry (student, academic, or business owner) should be watching! It has the potential to reshape the way we think about security into a cohesive set of business practices that could be universally applied and evaluated. It could literally shape the next decade of strategic spending for small to mid-range businesses.

R

How to Sync your Twitter, Facebook, and Linked-In Status Updates

Strangely enough, I’ve been asked this question by multiple people recently. So, here’s the skinny – it’s a lot easier than you think:

1. Account Setup.

Set up accounts in each of these social networks. You should have your own account for Facebook, Twitter, and Linked-In. Make sure you have the usernames and passwords for them all.

2. Install the Facebook App.

In Facebook, add the Application TweetSync to your profile (http://apps.facebook.com/tweetsync/). Follow the instructions. Add your Twitter account information per the setup, and give permission to TweetSync to write to your profile.

3. Configure Linked-In Settings.

In Linked-In, under your Home, you’ll see where you can add a status update. Right under that is a Twitter icon. Click that and edit settings.

And there you have it.

When you post to Twitter, Linked-in and Facebook will receive the update and re-post it, usually within 1-2 minutes. When you post to Linked-In, it’ll post there and then get cycled out to Twitter, which then hits Facebook. When you post to Facebook though, only Facebookers see the update – myself, I like it like that! Twitter becomes my broadcast channel; more private communications can take place in Facebook.

Give it a try! And hey: it really doesn’t matter if you’re using a 3rd party client-side application either because all of this is taking place in the background. So it doesn’t matter, say, if you like using TweekDeck or Twhirl or your cell phone. It all takes place in the background. Easy-peasy.

R

So What’s in a Small Business Vulnerability Assessment?

Hey, so here’s my list for Christmas: ten great ideas to safeguard your small business’ IT assets.  This is something every small to mid-range business owner should be thinking about when they close their offices for the holidays.

1. Appliance and Equipment Investigation/Upgrades

Equipment used to connect the small business to the Internet is the most vulnerable to attack. This equipment contains software that should be routinely reviewed for updates, and their logs investigated for signs of attack or penetration. Further, other devices behind the company’s firewall – like multifunction copiers – also require systems management, and a review of how it’s interacting with other network services. Not only does this process contribute to uninterrupted capability, but the review also is a reasonable safeguard.

2. Asset and Update Management

All electronic devices should be identified, cataloged, and their serial numbers recorded. First, this is beneficial from an insurance policy standpoint since technology assets should be part of your loss recovery position. Second, asset reviews should be conducted on a bi-annual basis that looks at retiring assets and planning new technology purchases. This helps management be informed about what capabilities are necessary per job function, and takes the assumption out of making these decisions. Plus, asset updates should be automated or pushed to client computers from an administrative supervisor to further safeguard them from emerging threats.

3. Disaster Recovery and Business Continuity

What are the states of data backup and your plan for restoring data in the event of a crisis? How will services be brought back online; which services demand priority over others; how will key stakeholders be contacted in the event of an emergency; what does an emergency recovery position for the company look like? Data restoration and service recovery doesn’t happen on a whim, prayer, or a flip of the switch: it’s a process. What does your business continuity process look like?

4. Network Filtration and Configuration

My dad used to tell me that a great defense is a good offense. He was talking about football but it also applies to some networking concepts. If we proactively configure network services into a state to help prevent malware/phishing attacks, and minimize something we call the “attack surface” of a business (essentially, the number of active services available on a network), then we’re able to create an effective deterrent safeguard. If a small business takes reasonable precautions with their network infrastructure that minimizes their vulnerabilities, then the “next guy” who has done nothing looks more appealing, and that serves as an effective deterrant to attack.

5. Malware Defense

Maybe the biggest vulnerability that most people are conscious of has to do with viruses, spam, and spyware; you’ll notice I’ve got this at number five. Why? Because if we’ve got the first four vulnerabilities down, then we have a reasonably protected environment with updated appliances, software, and hardware, and have created a space where this crap is minimized. Even if a compromise occurs, we have reasonable assurance that it’s rare and the risk is contained with appropriate backups and methods. Controlling malware isn’t perfect but we can take proactive measures to reduce, contain, and manage the risk.

6. Capabilities Review

What do you want to do with your network services? What did you think you could do, but – suddenly – can’t? How do those capabilities relate to business competencies? How does the absence of those capabilities make your business vulnerable? You see, a vulnerability assessment that excludes how technology devices relate to the capability of a business to execute its business plan is deficient, and, misses the point. A great question any technician should ask you is this: how does the absence of tech make you more vulnerable? Thus, we know what kind of safeguards to recommend to prevent loss of more critical assets and capabilities.

7. Management Education

Managing a business today is just as much an exercise in managing technology. Management should be aware of the risks and consequences that daily decisions could bring, and what kinds of vulnerabilities making the wrong decision could introduce. If you believe in continuous improvement, then the managerial skillset is a big part of that, and technology is just one of those areas that is constantly evolving and requires at least a yearly update. Hmm – In fact, that sounds like a really good “webinar” idea or something; I think I’ll use that!

8. User Education

Users, of course, should undergo training to help them realize how even the smallest pieces of information divulged in a public space may make the technology assets of their firm more vulnerable. Further, if armed with the right and wrong way of doing things, then that’s better than any software-based safeguard that a technology guy like me could introduce. If we can tap into user behavior and prevent even eighty-percent of mistakes from being committed, I’ll take on that remaining 20-percent with technical tools any day of the week.

9. Administrative Controls

Policies, procedures, work instructions. These are documents that relfect management’s intent, and I’ve talked about them at length in my ramblings here on my blog. These documents – even in some simplified form – provide the framework for management’s decisions concerning technology, and reflects their “due care” approach to ensuring the confidentiality, integrity, and availability of their computer services. If policy is absent, where is management’s voice in reducing microcomputer and network vulnerabilities? In improving computer security? Management’s voice should be heard loud and clear here, and administrative controls are the microphone of their message.

10. Audit

Finally, in any vulnerability assessment, we setup a means of recording our activities and demonstrating what we found. We want to demonstrate in a transparent, auditable way, that we recognized that there were risks, and we investigated just how well our safeguards were at managing those risks. Again, how do you know the safeguards we’ve put in place to reduce vulnerabilities are working? Audits bypass assumption. Then, if there were missteps or problems, we can make those visible to management as to influence corrective action.

Risk management and vulnerability assessment is just one aspect of what a professional information systems groups provide to larger businesses and the enterprise. The small business, too, should be keeping up with these “best practices” but they don’t need to spend an arm and a leg to do it. It’s setting up a reasonable framework for success that will make you able to sleep at night, and bring more data safety and security to your operation.

All the best this holiday -

R

Plan for Data Loss – Think About Online Backups

Planning for data loss is just a natural part of doing modern business. In IT circles, we measure the availability of secondary storage (hard disks) in terms of Mean Time Between Failure (MTBF) rates – essentially, the number of months the manufacturer thinks your hard disk can run without failing. There’s also theft, employee sabotage, or just simple accidents. Then there’s the whole natural disaster problem: floods, earthquakes, hurricanes – Mother Nature is really unforgiving. Thus, device failure, destruction, and data loss is fairly inevitable. And I help my clients plan for it.

When I’m having that conversation, I try to point out all of the good reasons for a small business to think about data loss and disaster recovery. Imagine if your critical files, records, point-of-sale system, database, or imaged document library was rendered unavailable:

• How would you service your customers without automation?
• How would you pay your employees?
• How would you generate your financials, pay your taxes, make sure those AP payments are still made to satisfy your suppliers?
• Worse yet, how would that downtime translate into lost sales?

Unfortunately, small business owners tend to make a lot of assumptions about their readiness for disaster recovery – it’s pretty common. Example:

• Sure you have tapes, but when was the last time they were checked?
• If you record all of your sensitive data on to thumb drives, and you lose your thumb drive, now what? All of your company’s data is on an unencrypted device outside of your control? That’s not a strategy – dude, that’s a liability!
• Um, who knows how to recover the data? What’s the process?
• Where’s the disaster recovery procedure? Who gets contacted? What do you do?
• What happens if the required data isn’t actually actually being backed up? Like, you’re backing up the wrong stuff.
• And, what will happen if the facility burns down and you don’t have a tape drive. What then?

So when I’m having these discussions about disaster recovery, and my client is ready to start managing their risk instead of making assumptions, I like to talk about online backup.

What is Online Backup?

Online backups are performed by a program residing on your company’s servers, laptops, or PC’s. Daily, the encrypts your company’s sensitive data and transmits it over the Internet to a secure location. It happens automatically, without prompting, configuring, or any user intervention. Because there’s no media involved, online backup is cheap – dirt cheap – in comparison to other forms of hardware and media you’d have to purchase like tapes, USB/removable drives, or local NAS (Network Attached Storage) storage devices.

No Tapes, No Hassle.

Most small businesses have a pretty fast Internet connection. Online backups leverage that.  With online backups, administrators and end users aren’t involved with the backup process. Once it’s set up, administration can be monitored and performed remotely—jobs are re-queued and relaunched from the Internet. Think of it: no changing tapes, no cleaning, no rotation of tapes off-site, no remembering to swap out media. Once the backup is set it runs like a reliable service on your network.

..

But is Online Backup Secure?

That’s a question that I always get. It’s a funny one because – more often – data maintained in-house is at more risk because it’s not professionally managed. Just think about how much risk you expose your PC to, or your laptop to, or, if you store your tapes in your car. Say, isn’t your computer the one with spyware and virus problems anyway? Well, with online backup, your data is encrypted before transmission, during transmission, and is stored encrypted on the remote server.  And only you have access to the data, completely preserving confidentiality and integrity. Plus, those servers are professionally managed at no additional cost. Huh – go figure!

.

How to Install Thunderbird 3.0 for Ubuntu 9.10

Just some notes on a rather tedious process.

Here’s an easy way to accomplish what you want.

1. Within Ubuntu, close Thunderbird 2.0.

Note: If you’ve downloaded Shredder (the beta/RC for Thunderbird), uninstall that as well through the Synaptic Package Manager. Backup your Thunderbird profile if you feel comfortable with that.

2. Click an Applications, Ubuntu Software Center.

3. Uninstall Thunderbird 2.0. Don’t fret: your profile should be maintained.

4. Download the latest *.deb package of ubuntuzilla from SourceForge. Watch your version: users requiring 64bit should select the amd64 version; 32bit users the 386 version.

5. Once downloaded, double-click the *.deb package to start the ubuntuzilla installer. Run through the installer.

6. Open a Terminal and provide:

ubuntuzilla.py -a install -p thunderbird

7. Walk through the prompts. Ubuntuzilla will go out and get the latest 3.0 distro. You can also pass it … -p firefox, or, -p seamonkey for other images from Mozilla.

8. Easy-peasy. Thunderbird 3 is installed. Your settings will migrate on first open, and Ubuntuzilla will track Mozilla for updates.

I think if you’re used to Thunderbird and working with Google Calendar Extensions add-in, you’ll be disappointed that there isn’t a latest version for that making your Google Calendar inaccessible. Bummer. The work-around that I’m currently using is a handy add-in that opens the HTML/UI for Google Calendar in Thunderbird 3 as a separate tab. It works pretty well – at least for the time being.

Happy… Thunderbird-ing!

R

So… Do You Trust me?

Maybe you do, maybe you don’t, but that’s the bottom line in the Trust Economy. Trust is the new currency.

When you visit my website, it’s specifically designed to evoke a sense of trust in you.  Look at that handsome face: he wouldn’t hurt a fly and you can trust this guy with your technology decisions. Just look at the books behind him; he must be fairly knowledgeable. What about all of this content – tons of information that help establish me as an expert to you, students, existing and potential clients.

When you visit my website, I have less than six seconds to impart a sense of trust and to get you to take interest, to read on, and to engage me. Six seconds. I’ve got six seconds to earn your Trust. This metric is called a Bounce Rate in web-parlance. If I have people visit then bounce out without reading my content, that’s where I’ve failed to capture their trust or their imagination. If they stick around for greater than two minutes, then I’ve done my job! I’ve got somebody who’ll likely be back, or, join my social network to listen to what I have to say in the future. I just earned their trust!

I’m not alone in this. Take a look around. Consider how businesses and brands building Trust online? How are you building Trust online? The number of people who follow you on Twitter; that’s trust! Your friends on Facebook; trust! Your blog’s subscribers and commenting public… yeah, trust!

Facebook and other forms of social media are all about Trust. When you ask to friend somebody, you’re given an option to decline; you need to trust that person before you let them into your “inner circle” of friends. On Linked-In, there are separate spheres of trust related to the degree of connection. In some cases, we password protect our online content from others. If you have the password, we trust you.

When you’re online at Amazon and you’re looking at a book – you’re likely to read the contributed reviews from some of Amazon’s users. Why? Because you “trust” their opinions, and in some cases, even more than a corporate opinion.

.

.

With social media, we get to decide who gets into our social circle. In some cases, like Facebook, the moment we let you into that circle we immediately share a lot of Personal Private Information (PPI) about ourselves: education, marriage status, kids, incomes… incredibly important demographics to any serious marketer. And who else wants to be your trusted friend and a part of your social circle? Brands! The data that can be mined from Facebook and other sites like it is a gold-mine of consumer preferences and tastes that can shape an eventual marketing message to you. Heck – they’d love for you to become a fan so they can push you email alerts, status updates, and importance announcements that relate to their product. Pssh – And you thought Facebook was around because it was just cool? Nah – Facebook is a sweet, delicious data warehouse of invaluable demographic and psychographic information. Hmm… munch munch – tasty!

If you’re using social media as a means to get closer to your consumers, constituents, or potential clients, donors, or audience, here’s a couple of Trust tests:

1. What are you saying to them that induces Trust? How does your message become more than a sales-pitch but a conversation?

2. What are you providing to them that inspires Trust? How does your content become greater than an ad? How does it educate and inform?

3. What are you doing with the WIIFM Principle (What’s In It For Me)? How are you relating your brand, service, products to the day-to-day concerns of your clients?

4. What are you doing that could damage Trust? How are you ignoring your customers, dismissing them, shutting them down, preventing them from being successful with you?

Conversations, opinions, statements, press releases, content, pictures, alerts, video, in-depth ideas explored in blogs and white papers… these are the things that get closer to the consumer. They are means of developing and promoting Trust. Trust is earned. Brands that earn Trust earn a right to be as close to consumers as possible. It becomes a badge of acceptance, an honor. Those brands become part of the consumer’s community – communities that reach, extend, and shape the behaviors, opinions, wants, desires, and eventually, their actions.

If you’re in charge of a social media campaign, forget your financial ROI’s – forget all of that crap we learned in business school. Instead, consider how to measure Trust: the new currency of the networked economy. Trust me.

R

The Maverick Manifesto: Rethinking Employment

Today, the president is holding a domestic summit on job creation. It’s appropriate, then, to share with you my ideas on the state of job creation in the domestic economy and argue that old expectations concerning employment can no longer be made.

The main metric we use to track unemployment in this country is the unemployment rate. In and of itself, this is a fictitious number: it doesn’t really represent real unemployment and hardship experienced by millions of people because of the factors and criteria that define unemployment. The “Real unemployment rate”, as it’s called, is actually a more honest and more accurate measure of unemployment.

Below, find a graph of unemployment rates in the US from 1949, the highest points reached in the 4^th quarter of 1982 at 10.8%, as acquired today from the US Bureau of Labor Statistics:

Today, unemployment is measured at 10.2% and is expected to climb. The real unemployment rate is 17.5%. In fact, economists do not foresee significant job creation in the economy for the next three years, so it is difficult to see how the US economy’s labor market is going to improve without more direct government stimulus. On the other hand, the American people have already voiced their opinion regarding excessive federal spending and the administration will find it politically difficult to inject more money into the economy and thus create more jobs. It’s also questionable how much the federal government can actually do to provide more confidence to the private sector to induce hiring. Business owners are responding to the problem of fear and uncertainty in the economy by clinging to capital, and it’s difficult to foresee that changing any time in the near future.

Myself, I feel that – once the official unemployment rate surpasses 10.8%, the highest benchmark we have had in that statistic since World War II, and there are all indications that it will next year – we are witnessing a systemic change in the condition of labor and unemployment in this country. We’ve entered into a new age. Not a slow-down, not the result of the Great Recession, but instead, evidence of a systemic, economy-wide shift in the very nature of work. One that defies the way we measure work, wealth, and prosperity in this economy, and a shift that will require all of us to re-evaluate priorities in our lives.

The End of Work

I wrote on this subject in July 2009 and I also wrote recently about network economics. What I’m essentially saying in these pieces are that the regular relationship shared between labor and productivity used to be direct. That is: higher productivity yielded higher employment – you needed more labor to achieve higher productivity, and greater productivity lends itself to even greater revenue and profitability. However, that model has changed, and continues to change. Through the strategic application of technology, we continue to disintermediate (get rid of intermediaries) in our supply chains and distribution cycles, and offer self-service solutions to end consumers. In effect, we have diminished the need for labor while streamlining our business operations to maintain ever-higher volumes of business. Thus, we’re able to do more with less labor, changing this dynamic. Higher productivity can be achieved with less labor, and profitability goals can be met by reducing or eliminating the excessive variable costs associated with labor. Business can then be more profitable while reducing the most expensive overhead on their balance sheet (people) while investing in depreciable assets at fixed (and more predictable) costs.

Don’t believe me? Just count the number of industries going through consolidations and extinction; most of them have to do with traditional media (print, radio, and television). Entire sectors of the economy are being eliminated.

When evaluated in the context of network economics, what this means is that business can invest in automating their business processes, improve profitability, handle increasing volume through favorable economies of scale, and don’t need people. In fact, labor becomes an extensive liability. In the current situation, businesses need to house labor, pay rents and leases for labor, put them in cubes, pay for direct and indirect benefits, provide annual COLA increases, and somehow manage their retirement, health care, and medical planning. This isn’t competitive – especially in comparison to global competitors who don’t have these expenses – and continues to drive costs through the roof for American business, draining their resources and defraying needed investments in R&D and new products/services.

So, this is the first part of my message and this reality has to be embraced: businesses will continuously and deliberately reduce their dependency upon labor to achieve network economic benefits. They must in order to survive and remain viable.

Macroeconomic Consequences

It doesn’t take a rocket scientist, then, to be able to draw some inevitable conclusions. Diminished employment:

1. Means less income and less borrowing potential for credit lenders.

2. Less access to income and credit will put downward pressure on consumer demand.

3. Less consumer demand contracts business borrowing and hiring activity.

4. Businesses continue to automate to reduce expenses and maximize profitability, reducing labor.

5. The cycle perpetuates.

If we take even a broader view, we see exactly what is in store for our country for at least the next three years:

1. The irrational access to credit over the last 20 years created an economy fueled on fiction.

2. The growth experienced since 1990 must contract back to more rational, 1990 levels.

3. There are too many laborers and not enough demand. Labor markets will continue to contract.

4. This will increase transfer payments from the government in the form of welfare and unemployment compensation.

5. Borrowing will need to take place as all levels of government – federal, state, and municipal – must adjust their forecasts for substantially less tax revenue, and contract their spending even to inoperable levels. Some governments will financially collapse; California comes to mind.

6. Interest rates on the federal debt drive up inflation and the dollar becomes substantially weaker. Investors turn away from the United States.

7. Already hit by staggering medical and health care, education, transportation and energy expenses, the American consumer depletes whatever discretionary income they had, and they don’t have access to easy credit or equity value in a home to draw upon. It’s a struggle to survive and simply make subsistence payments.

8. Over 70 million baby boomers are about to retire. When they do, vacancies will arise in the public and private employment sector. However, faced with making a hiring decision, will the employer choose to invest in automation and reduce their labor overhead, or, fill a vacancy? I believe the trend of doing more with less will prevail, and employers will look at this event as an opportunity to retool and reorganize, disintermediating more middle-management, and reducing line-level employment rolls.

9. Baring some technological revolution in energy or war, future domestic economic growth in the US is stagnant if at all, anemic at best, and this scenario is rosy: it’s not even considering the impact of energy costs – particularly the rising costs/demand of oil – in order to create more jobs and push people around in the economy, the eroding value of the dollar, globalization, or, the diminishing quality of the American laborer as compared to math and science scores to be able to stimulate further investment in the United States.

So, in the broader economic context – going beyond just employment as a concern – we see tremendous downward pressure on growth and the ability of the US economy to create new jobs. This sours the competitive position of American firms and introduces ever more fear and uncertainty into business decisions, which – again – perpetuates the problem.

A Macroeconomic Remedy?

Most analysts would suggest that the only way the private sector is going to create new jobs is through additional government stimulus, and, it’s the federal government’s role to introduce spending when the private sector cannot. Unfortunately, there is tremendous political pressure not to do this, although the government may be forced to transform itself into a stronger, more socialist force within our society, to provide basic services and income to a widening economic base of poverty. Bottom line: the macroeconomic situation is dire and bleak, and it cannot improve radically or quickly.

Who is to Blame?

There is nobody to blame but ourselves in the form of naked consumerism and weak political will. It is fashionable to blame the current federal administration for problems concerning unemployment, but I feel that is truly misguided. If we’re beating the past and entering into a new era of employment, then it wouldn’t matter if a democrat or a republican was in power. The same problems would be facing us, and both parties would have access to the same fiscal and policy tools to solve the problem.

So, the second part of my message is that the broader economic context works in defeat of growth and in creating more jobs, and – in fact – works against job creation. This will shrink the middle class in the long term, and reduce the standard of living for all middle and lower-class Americans as wealth shifts from the US economies to more emergent economies abroad.

What Can You Do?

One of the reasons why I’m preparing this blog post is to explain my ideas on the macroeconomic condition, but to also correct a misguided attitude that I see among my friends, clients, and students. There seems to be a state of optimism about the economy, like, “It will get better”, or, “a job is waiting for me when I graduate.” I’m here to say that it won’t, and, there are not. I think it is critical that we immediately dispel the myth that the systemic changes presently underway will lead to similar employment results in the future. I think it’s important to get aggressive – instead of passive, waiting for something to happen – on how you will sustain yourself and reshape your role in this emergent, highly-competitive global economy. I think it’s important that you take ownership of that and start re-imagining work and wealth for yourself. Right now. Immediately.

I would break-down a response to this problem in the following way.

• Re-define Your Ideas on Wealth and Lifestyle.

• Plan for Distanced, Freelance Employment.

• Take Control of Your Own Finances, Health Care, and Retirement.

• Think About Barter, Entrepreneurial Opportunities, and Your Brand.

• Prepare for Continuous Education.

Re-define Your Ideas on Wealth and Lifestyle

The American employee has an unrealistic perspective on wealth relating to concepts of upward mobility and competition. We measure wealth and value through materialism. This will change. It’s important to re-examine what’s important to you. Perhaps it’s time: time to pursue other interests, hobbies, experience life with your children, sports, retire. Perhaps it’s cause: addressing the social problems of our day is more important to you than a fat paycheck. Maybe it’s exercise and health: now might be the perfect time you need to redefine the way that you look, feel, and respond to the world. Perhaps it’s self-publishing, self-actualization, spirituality? And maybe it’s family: you now have the ability to pay attention to what really matters.

What’s important about this exercise is to know what to negotiate for. When you’re looking for employment, the employer may only be able to offer you 20 hours, or, five hours. What else can you bargain for – what else do you want? This is also important for your own goal setting on a daily basis. Instead of waiting around and worrying when that call will come in to hire you – because it’s not – get going on your personal projects. Set yourself up with a discipline that allows you to feel self-approval, confidence, and joy in something other than work. This will take a lot of retooling: we’re programmed from elementary school to feel that employment equals value as a person; you will need to redefine this for yourself now. And it’s important that you do this right away as to give yourself much needed confidence and pride in the years ahead.

Plan for Distanced, Freelance, Temporary Employment

Employers realize that full-time equivalent (FTE) employment is excruciatingly expensive and they have creative options in solving that cost problem. Reductions in indirect and direct compensation, terminations and layoffs, automation, reducing work hours, shuffling shifts, and acquire temporary labor over FTE labor to control their costs. For many employers, this will be heartbreaking: they don’t want to go this route with their employment strategy, but those same employers will face the hard reality – they must in order to remain viable.

This will give you an opportunity to take on more work with other employers as a contract employee. Through working two or three jobs part time per week, you may be able to acquire a living wage. Think about your re-definition of wealth: maybe now would be a great time to throw five hours of time per week at that non-profit; learn a new skill in a service sector; take on a job at UPS; dish-washing; dog walking; cleaning; something.

In technology, we have a number of options available to us: freelance database, web design and application, service and support, and software development work is everywhere. Sign up today at liveperson.com, guru.com, freelance.com – just Google “freelancing” – and get started immediately. If you’re not in technology, visit with your local placement offices like RHI and Kelly Services and learn how your skillsets would be made more attractive to employers. Put the power and reach of agencies like these to find temporary work and place you in it.

What’s important to you will dictate the kinds of alternative, temporary work that will become available – it is unacceptable to wait around for the dream job that will never manifest, or, compete for those scarce positions. Instead, take what you can get, what makes you happy, and build on it.

On a side note, in a perfect world, you’d want to consider freelance work from your own home. Consider what is happening to energy prices and oil: what can you do to perform all of your work without having to go anywhere? Whether or not it’s telecommuting, or, doing call center work from your home. The point is to create your own wealth-generating engine that doesn’t require you to spend any of it on the increasing costs of transportation.

Take Control of Your Own Finances, Health Care, and Retirement

If you don’t have software to manage your personal finances, go to mint.com and start managing them now. It’s absolutely critical that you are aware of your expenses and you seek to reduce and eliminate as much debt from your life as possible. Nobody else is going to do this for you. Control spending through educating yourself on the nature of your lifestyle, and this will force you to re-evaluate it. If you need help managing your finances, there is a universe of free information available to you right now on how to do it – just Google “manage my finances”.

Clearly, the more you understand your personal finances, the better you’ll be at contingency and long term planning. You can then look seriously at financing health care insurances and retirement planning on your own. In the future, as employers move away from hiring FTE’s and government starts taking responsibility for the health care of its citizens, employers will shed these obligations to remain competitive. To get a leg-up, you must start making these decisions on your own. Research what options are available to you in this field and execute the minimum amounts to provide a reasonable safety net. Stay on top of the health care debates currently raging at the federal level, and be prepared to pounce on any subsidized health care you can acquire independent of an employer. You must become an expert of your own future. Today. The era of your future being a cooperative and joint exercise between you and an employer is ending.

Think About Barter, Entrepreneurial Opportunities, and Your Brand

In my line of work, I can do a lot of things for people. I can trade my computer expertise for something else that I might need. Think about what you can do and trade as a skill, and offer a barter relationship to colleagues and associates. You will, over time, establish a reputation and it may even be the first step towards a compensated relationship with a potential employer or client. Through barter, you could make new contacts and build trusting professional relationships that could develop into future opportunities.

Now is the time to think entrepreneurial. I think anyone in business would say that the best time to start one is when your back is to the wall and you have to force yourself to succeed. Creating a company and developing a system of tax shelters is extraordinarily easy in today’s digital economy. Ask around; talk to accountants and experts that may be in your circle of acquaintances. Think about how you can create another tax paying entity in order to shelter you from additional risk, write-off expenses, and fiscal obligation. Further, think about what you’re passionate about, and how that could translate into a revenue-generating engine of success. There is a mountain of resources available to you, right now, on the web, to do all of these things.

Think about your brand. If you’re to look at social networking and social media as a means to promote yourself and advertise your core competencies, you can get started using Twitter, Facebook, LinkedIn, blogs, YouTube, or any digital playground to start building your personal brand. In the future, as each individual is freelancing, you’ll need to be competitively presenting your personal brand in a way that separates you from your direct competitors: other contractors! What can you do, say, write about, promote, explain, or elaborate on that gives you a competitive edge and that distinguishes you as an expert? Each of these ideas – barter, entrepreneurialism, and building a brand – fit into each other. What value do you bring to a freelance gig, or, to full-time employment, that sets you apart from everybody else? And leverage that differentiation to re-invent yourself as a trustworthy partner to businesses and professional acquaintances.

Prepare for Continuous Education

We’re presently leaving the Information Age in favor of the Aggregation Age. This economic transition is no different from the Agricultural Age to the Industrial, or, the Industrial to the Information Age. If you’re unfamiliar with this term, I recommend you Google it.

What is different is this: we’re doing so at a much more rapid rate – a rate much faster than what we can retool for as a society and we’re feeling its consequences. One massive competitive differentiator between you and somebody in Guatemala who can do the same work you can – except at $3/day – will be your background, skills, and training. Absorb all of the training opportunities that you can get access to; train yourself using online resources; think about attending night school and tapping into extraordinarily inexpensive loans from the federal government (while they’re here) to go back to school. We are entering an age of extraordinary scarcity and intense personal competition. Think about your brand, and, think about how you will continuously need to reshape yourself and your skills to meet the dynamic needs of the market.

A Final Thought

Some may read my Maverick Manifesto here and think that I’m a pessimist crackpot. Perhaps; I may, in fact, be misreading my tea leaves. Rationally, though, I cannot stand by and allow those within my sphere of influence to sit idley by, waiting for their circumstances to change, hoping for the best, thinking that better days on the horizon. I’m a realist and – realistically – what’s on the horizon is a standard of living that was much different from our parents’ generation, and a highly competitive environment that will strain the very ideas of capitalism. Change isn’t bad; it’s actually a very exciting time to be alive! What you do now, though, will influence the opportunities that you can acquire for you and your family. What you do now sets in motion your attitude, your perspective, your edge… in an increasingly difficult labor market.

I know this was long. Thanks for reading.

R

Counter-terrorism: Surveillance and Detection Solutions

A new presentation was added to our Documents section today.

Surveillance and Detection Solutions | Dec 2009
A review of technologies used in the detection and prevention of terrorist attacks in urban environments.