The Danger of Thinking Title Makes You A Leader

socrates_fiorina_kodak

Leadership is about enabling the potential in others and getting out of the way so their dreams can enable something bigger. Having people paid to report to you does not mean you are a leader but more likely a manager, which is a very respectable and worthwhile career path but it is not leadership. When people choose to follow you without money or title, that is leadership. As a leader, you are responsible for incubating synergies to get three out of two. Leadership is about influence not title. Title is a mostly meaningless word that constantly changes in today’s amorphous corporate culture.

Real leaders understand the value of academic inquiry (formal or informal), history, change, and that these things together are the precursor to innovation. Former H.P. CEO and Presidential candidate Carly Fiorina said it best this way, “leadership is about changing the order of things”. Changing the order of things is dangerous because it has many unknowns and it ruffles the feathers of those holding power. If you are truly a leader or aspire to be one, get ready to be attacked because you will, because all TRUE leaders are different and DO NOT FIT IN with most people or the status quo.

Carly Fiorina On Leadership Vs. Management – Stanford Univ. 2007.

Although a lot of executives say they are leaders, they can’t handle the criticism that comes with true leadership and they are often afraid of change. They insulate themselves with simple minded yes-sayers, fire people who question them, and all too often are more concerned with the superficial status that comes with being wined and dined by vendors that serve their vertical. Types like these are fools masquerading as leaders but there is plenty of them.

The real life of a leader is lonely and some think you’re crazy. Examples include Billy Corgan (alternative rock music pioneer), The Wright Brothers (building and flying the first airplane) William Kunstler (landmark civil rights attorney), John McAfee (anti-virus pioneer), and Steve Jobs (computer pioneer). These people were all criticized in their early years and pushed many people away from their inner circle. Although this criticism and isolation may have broken some people it did not break them. Most often, real leaders don’t fit in with most people and unless they get fame or money they are ostracized. Yet they inspire movements, better people and processes, and with their vision and advocacy, society, business, and/or technology gets to heights never dreamed possible.

Martin Luther King Jr. did that and paid the ultimate price but inspired a civil rights revolution that redefined America – William Kunstler defended him. Philosopher and teacher Socrates was unjustly condemned to death for questioning the current status quo of Athenian politics and society and for teaching students to do the same thing for a better world. Today his ideologies and approach have proven to be the foundation for much of Western philosophy and education. His name is associated with the Socratic Method, which means question everything. It is the hallmark of how law schools teach students throughout most of the world and it is a methodology that has proven to save the lives of thousands. Yet some corporate leaders do not like to be questioned and this is a problem and their leadership will be short lived. In the data-centric democracy of the United States, business fads come and go, and now is about the new.

Socrates Condemned to Death Speech – 399 B.C.
Lastly, to that person who gloats about their V.P., Director, SVP title, or the like, ask them how many people would follow them passionately without money in times of great challenge while others criticize them. Likely they will be confused, because most leaders are below the surface working to make the world a better place while the above fakers seek status and “yes” clicks. They know nothing about leadership or moral courage. To think that titles are a right-of-passage to leadership is one of the most dangerous fallacies in society to date. It has caused wars to be lost, technologies to be missed, and it is a solvable irony for a society as advanced and gifted as the human race.

I will take the person with the best ideas and passionate followers over someone who gloats about how prior titles prove anything. Titles by themselves and even with experience do not prove much at all, and in the evolving and constantly changing landscape of technology, they for the most part do not matter. If you focus too much on title, the guy or girl with the right idea will run you out of business and you and your whole team with be left with little money and no title. Please think long and hard about this, if you are claiming to be a leader. You don’t want to be like Kodak and fail to see digital cameras are the future, and you don’t want to be the leader who failed to see a data breach. Lastly, you don’t want to be that executive whose peers support you only because they are paid to but really don’t respect you and are not at all inspired from you. This happens a lot and their leadership under good governance will be short lived.

If you want to talk more about these and related concepts, please contact me here.

Three Points on Artificial Intelligence and Cyber-Security for 2017

icit-new-logo-for-website5
Although I have been known for longer posts, I would like to offer only three things to watch out for related to artificial intelligence and cyber-security for 2017, followed by sharing two videos.

1) Cyber attackers have long used machine learning and automation techniques to streamline their operations and may soon use full-blown artificial intelligence to do it. Botnets will become self-healing and will be able to detect when they are being discovered and can re-route in response. The botnet and cyber crime business will grow and become more organized. Showdan, the world’s first search engine for internet connected devices, will be used to target companies and individuals negatively. Yet it can also be used for safety and compliance monitoring, most likely when its feed into another analytical tool.

How to Hack with Showdan (For Educational Purposes Only):

2) It won’t be long until A.I. learns the patterns of mutating viruses and then has the ability to predict and/or stop them in their tracks. This is dependent on the most up to date virus definitions, and corresponding algorithms. How a Zero Day is made is heavily a math problem applied to a certain context and operating system. There should be a math formula to predict the next most likely Zero Day exploit – A.I. could provide this. It’s a matter of calculating all possible code various and code add on variations. It’s a lot more advanced than a Rubix Cube.
975f495fafd8c494591892412ecf87e33) A.I. has the potential to close the gap between the lesser developed world and the developed world. The technology behind A.I. is not limited to big companies like IBM or Microsoft for the long term. We may be surprised with tech start-ups out of the lesser developed world who are very creative. Lack of fiber optic cable connectivity has forced many lesser developed nations to rely heavily on cell tower smartphone based internet communications. This has inspired a mobile app growth wave in parts of Africa as described here; “the use of smartphones and tablets within the country has led to a mobile revolution in Nigeria. Essentially, people now tend to seek mobile solutions more often and thus, enhance the growth of the mobile app development industry” (Top 4 Mobile App development companies in Nigeria, IT News Africa, 2015). A.I. will likely close the gap between these two sectors though not drastically change it. If lesser developed countries can build their own mobile apps and outsource things to A.I.; they could become more independent from the economic constraints of the developed world.

The below video highlights some of the complications around these points. It is from a conference hosted by the ICIT on April 25, 2016, and I did not attend this. In the video, Donna Dodson (Associate Director, Chief Cybersecurity Advisor and Director, NIST), Mark Kneidinger (Director, Federal Network Resiliency, DHS), Malcolm Harkins (ICIT Fellow – Cylance) and Stan Wisseman (ICIT Fellow – HPE) discuss related concepts and share realistic examples of how these technologies are reshaping the cyber-security landscape.

ICIT Forum 2016: Artificial Intelligence Enabling Next-Generation Cybersecurity

If you want to contact me to discuss these concepts click here.

Five Unique Tech Trends in 2016 and Implications for 2017

1) Russian Hacking in U.S. Elections – critical infrastructure implications:
For more than ten years candidates and advocacy groups have used internet marketing hacks to steal their opponent’s websites, redirect internet traffic, or increase negative search results on them by manipulating search engine algorithms. For example, former GOP Presidential candidate Carly Fiorina failed to register carlyfiorina.org and thus had an opposition group use it as negative publicity against her, but she has since acquired the site. Yet 2016 proved to be a turning point in political hacking because of the level and sophistication and sustained effectiveness. The Washington Post reported, “Russian government hackers were able to penetrate DNC servers, compromising opposition files, chats, and emails on republican nominee Donald Trump (Eliza Collins, 12/30/16, USA Today). With this information, Russian intelligence agents masqueraded as third parties to create very believable spear phishing campaigns. These fake emails worked to trick victims into typing in their usernames and passwords after which Russian agents moved further into their networks, undetected at the time.

On 12/29/16, in a first of its kind move, the Obama Administration released a joint FBI and DHS report (JAR-16-20296: GRIZZLY STEPPE – Russian Malicious – US-Cert) on the technicalities of the hack and sanctioned the GRU and the FSB (Russian intelligence agencies) and key companies they contracted with (Katie Bo Williams, 12/29/16, The Hill). The following diagrams (Fig. 1-a and 1-b) show there were two main hacking groups and that they used mostly classic hacking tactics that were clearly preventable. APT29 hides via encrypted communication and speeds up commands via PowerShell code automation, applied to multiple operating systems. Thus they must have been observing and studying/testing for a while to get this right as its complex across phones, tablets, and PCs. At the same time, APT28 was using a private tunnel (like a VPN) to install and remotely run applications – key loggers designed to steal information and credentials.

Russian DNC Hack Diagram – Fig. 1 – a: (JAR-16-20296: GRIZZLY STEPPE – Russian Malicious – US-Cert).
Russian Hack Part 3.png
All this started as far back as the summer of 2015, so the full penetration went undiscovered for more than a year. In that time, it has been alleged that the hackers were releasing embarrassing info to manufacture fake negative news against Hillary Clinton. In one instance the release of this info resulted in the resignation of the on DNC Chair, Florida Representative Debbie Wasserman Schultz. Yet the hack is not fully partisan because many sources confirmed that, Republican House members, thought leaders and non-profits to the GOP, were also hacked (Jeremy Diamond, 12/16/16, CNN).

Russian DNC Hack Diagram – Fig. 1 – b: (JAR-16-20296: GRIZZLY STEPPE – Russian Malicious – US-Cert).
Russian Hack Part 2.png

On 12/30/16 the Obama Administration took the strong action of expelling thirty-five Russian diplomats in response to the hack. Shortly thereafter they enacted OFAC (Office of Foreign Asset Control) sanctions against Russian business entities associated with these people. They left the country under close U.S. escort on 01/01/17 as they arrived at an airport to depart on a private Russian plane sent by president Putin.

Alleged Hacker and Russian Spy, Alisa Shevchenko – Fig. 3:
1483128352073-cachedInterestingly, one of the people expelled, Alisa Shevchenko, was praised a year before by the United States which does not speak well for U.S. intelligence agencies. Specifically, The Department of Homeland Security said “Alisa Shevchenko had helped prevent cyber crime under a program for information sharing between the public and private sector. Ms. Shevchenko was also said to have assisted a French company, Schneider Electric, in identifying vulnerabilities in its software” (Andrew E Kramer, New York Times, 12/31/16). However, we think she may have been a Russian spy all along and could have been inside key U.S. systems at that time but this unconfirmed. Her company, Zora Security, has been a key supplier to the Russian Military’s Main Intelligence Directorate, or G.R.U. In her recent Twitter posts she indicates that she is indifferent to being discovered by the U.S. intelligence agencies. This is likely because she is a close pawn of Putin’s who did a fairly good job going undetected as long as she did. More intel is likely to come out substantiating this.

At present, the election systems aren’t considered among the sixteen U.S. critical infrastructures and thus they have no federal protection. This is because current law defines the administration of elections as in the hand of each state and these states do not want federal involvement into their election systems out of fear of political persecution. We can understand this (especially Texas) but think some compromise could be accorded if a state election system was targeted by a foreign government, thus making it a national interest. The federal government is less involved in the day to day activities and security of the sixteen critical infrastructures because 80% of them are owned by private enterprises. However, when Sony got hacked in 2014 it became a national issue a few days later and then the Federal government helped out, but afterward, Sony quickly wanted to avoid contact with them. This is because, although well intentioned and large, the federal government is not as good at most I.T. security as the private sector is. Yet the case of multiple state election systems is unique because they are used only for elections and then are put in storage. Ultimately each states voting data rolls up to the federal level and most of this supply chain is at risk to hacking and manipulation. Thus, the maintenance and updates of these systems and the systems used by dispersed political parties for campaigns need to be improved. This may require some sort of hybrid-critical infrastructure protection, increased private sector partnership, or just more dollars spent by the state election bodies and political parties. Why are commercial facilities and their systems more important than the systems that track election activity and results in a country that fought several wars to stay democratic? By including the election process and systems as a critical infrastructure or hybrid-critical infrastructure, researchers and entrepreneurs will be inspired to improve the process, all the while sustaining or increasing privacy which is a must for a nation as diverse as the United States. More news outlets, advocacy groups, consultants, and academics need to debate this publicly!

2) Tesla and the Growth of the Electric car – decline of the gasoline based car: 
2016 was a profound year of announcements when it comes to the market for electric cars. Many car manufacturers have been playing catch up with Tesla for a few years now. That being said, several companies have produced versions of their own electric car. But there are very few that have produced an electric car designed from the ground up. The Nissan Leaf and BMW i3 were two of those, and as of November 2016 Chevrolet started manufacturing its Bolt EV. Mercedes also announced that it will have several different types of electric vehicles soon. This includes their urban electric-powered straight truck (Fig. 3) which has self-driving capabilities. This would allow inter-city delivery on an EV platform.

Mercedes Electric Self-Driving Truck Prototype – Fig. 3:

mercades-self-driving-truckSimply put, the market is starting to catch up to Tesla. 2017, we think will be the year that makes or breaks Tesla. If Tesla can ramp up production like it plans to, it will continue to maintain market share. By 2018, it has audacious production goals of a half million. With just about every major automotive company producing plans for electric vehicles, competition for this segment will start to get really competitive.

3) Self-Driving Cars – personal and commercial:
Google has been developing a self-driving car for a few years now, but it has been slow to fully develop and bring them to market. In fact, a few of Google’s employees left to start their own company for self-driving trucks. That company, Otto, was recently sold to Uber for $680 million (Mark Harris, Business Insider – Back Channel, 12/03/16). Uber has also been working on self-driving cars with its Ford Fusion line. Now, these cars still have people behind the wheel just in case of an emergency, but it’s the next step in fully rolling out an autonomous fleet of vehicles. Uber gave their fleet of Volvo XC-90s a try for only a week in San Francisco but picked up and moved on to Arizona to continue testing. This was because they didn’t want to comply with California DMV requirements to file paperwork and pay a registration fee. Otto, on the other hand, also made their first delivery of Budweiser beer in Colorado (Fig. 4).  

Otto Self-Driving Budweiser Delivery Video – Fig. 4:

This is dawning the start of Uber Freight where shippers can ship through an Uber App for their truckloads. C.H. Robinson and Amazon are both developing apps like this. We think before cars get the green light to drive in inner-cities, self-driving semis will get the regulatory green light, firstly on interstates. This is because commercial vehicles cost a lot more, are bigger, serve thousands of customers per year, thus the investment in self-driving technology is a justified priority in spite of any risk.  Additionally, commercial shipping is automated in most parts of the supply chain and this is a precursor for self-driving trucks. The NHTSA did publish guidelines on self-driving cars and their testing in September (link here). We think 2017 will be the year of testing self-driving vehicles and in 2018 it will start to become a mass market idea.

4) Surveillance via Smart Phones – privacy implications:
Smartphones are small supercomputers that house more personal info on their users and families than any other device in modern history. From texts, PHI, fingerprint scans, downloaded documents, contact lists, photos, geolocation tags, the use of many cloud databases – both upload and download, and apps that take away some of our privacy – via partial and full consent. A smart phone is more advanced than any gadget dreamed up by 007 and the need for privacy on it is just as important.

2016 proved to be a turning point in the privacy vs. government surveillance debate. It intensified after the mass shooting in San Bernardino, CA, which happened at the end of 2015, killing 14 people. Then in 2016 the government sued Apple to get them to build a backdoor into the perpetrators iPhone to which Apple strongly objected. The government eventually broke into them phone shortly thereafter with the help of Israeli tech contracts. Keep in mind that ever since Edward Snowden leaked NSA documents in 2013 about the government’s overreach into technology companies, to get them to build back doors, it has become more politically acceptable to resist such demands. Congress has made very minor surveillance rollbacks, mostly related to phone metadata but much more work needs to be done (Ellen Nakashima, The Washington Post, 11/27/15).

Andriod phones have also suffered hacks and backdoors.  A source described it this way, “security experts say they have discovered secret ‘backdoor’ software in some Android phones that sends users’ personal data to China. Kryptowire, the security firm that discovered the vulnerability, confirmed this information on its website on Tuesday. The firm wrote that certain Android devices contain pre-installed software that collects and sends personal data, such as texts and geographical location, to an unauthorized third-party” (New York Times, 11/15/16).  This is a clear blow to android privacy and will require costly R&D by Google.  With the growth of third party phone applications these risks will continue to increase and get more complicated.

Illustration of Apple vs. The FBI – Fig. 5:
1458594148060
Although the government argues that back doors make the nation safer, this makes no logical sense and there are no real world case studies to support it. First of all, the fact that the government needs to rely on the private sector for such backdoors and tech consulting proves that the private sector is where technology innovation comes from and that supports the concept of intense free competition.

The U.S. intelligence agencies would not be much better than a “drunken inspector gadget” without third-party consultants and tech firms. Key private sector innovation in the military industrial complex has helped this nation win wars and secure freedom for all – way back to the founding of the Union. This includes stealth fighter technologies, radar technologies, canons, and it does not require government overreach or back doors. The government is a paying customer of the best tech products and has always been.  

Yet when the same consultants and tech firms serve regular customers, like Apple with the iPhone, those customers have a reasonable expectation of privacy and quality. This should not diminish merely because the government can’t solve a crime or problem quickly. Apple CEO Tim Cook described the government’s request this way, “it’s the software equivalent of cancer. He said he was prepared to take the fight all the way to the Supreme Court. This would be bad for America, he said. It would also set a precedent that I believe many people in America would be offended by” (Enjoli Francis, ABC News, 02/24/16). There are far more security benefits in keeping private technology data private. This includes privacy after domestic breakups, privacy from cyber-stalking, privacy from annoying marketing, privacy from political persecution and harassment. Also, Government agencies can use these same private technologies to conduct military and intelligence operations without worrying about being hacked by opposing governments or terrorists.

In 2017 we think technology companies will increase the security of their products, and companies like Apple and Google are already in the process of doing this. In Apple’s case, they have spent millions to hire encryption legend Jon Callas, who invented PGP encryption, to redesign the security of their products (Reuters, 05/24/16). We think most company shareholders, investors, customers, and finance people now see the additional cost to build in great security as required.  To customers, security on a product is worth a price premium and a globally competitive company must have secure products.

We also think policy makers will have to do more to accommodate the privacy concerns of citizens, perhaps partly like the E.U. has done. We also think 2017 will further debunk the connection between backdoor system hacks and terrorism prevention. Clearly, monitoring the entire free world’s metadata is a violation of democratic norms, and it waters down security greatly because it can easily be manipulated for every imaginable bad reason. Most likely, setting people up, and government leaders throughout all history like to find people to blame for their problems/misdeeds. Yet behavioral profiling and good traditional police and intelligence work in conjunction with advanced sustained diplomatic dialogue with a range of diverse groups, friends and enemies alike, should produce better intelligence for more specific actionable results. The intelligence community has thousands of tech tools to use to secure the nation, mostly private sector based, so they don’t need to monitor all metadata.

5) Using Drones for Last Mile Deliveries – suited for rural and high traffic areas:

Amazon Prime Drone via Prime air – Fig. 6:
imagesAmazon made its first test delivery by a drone in the U.K. in 2016. This will continue to be developed as Amazon continues to test and tweak its system for making deliveries by drone. In fact, this is one of many programs where Amazon is developing its systems in “last mile” delivery. They also currently have their own fleet of vans to deliver and they use their Flex program of drivers to pick up and deliver packages. They also recently filed a patent for “floating warehouses” where these would have inventory in an airship that drones could pick up products and then deliver them, for example to a sporting event (Kate Abbey-Lambertz, 12/30/16, Huffington Post). Realistic but far out innovation like this will continue to challenge UPS and FedEx to provide a better customer experience. Drone delivery is just one idea. The benefit or idea behind drone delivery is that it could deliver to customers within a half hour. This would drastically improve the time to deliver to its customers. Currently, with Prime Now, you can get one-hour and two-hour delivery in certain areas.  

We think Amazon will continue to develop its drone delivery in 2017 by testing it in many countries across the world. The FAA in the U.S. has been one roadblock to Amazon testing in the United States. This is just one agency that is figuring out how to regulate this new technology as it tries to prevent small planes and traffic from colliding with drones. Amazon’s competitors are watching and we’ll see how far they get in 2017.

jeremy-swensonmike-cassem
Jeremy Swenson and Mike Cassem are two seasoned, part-time, Intel certified, retail technology marketing and training representatives on assignment at Best Buy for clients including Intel, H.P., Trend Micro, Adobe, and others – presently on sabbatical. They also spent five years crafting their public speaking and writing skills in Toastmasters International. For full-time work, Swenson doubles as a Sr. business analyst, process improvement and project management consultant. While Cassem doubles as a marketer and sales logistics analysis consultant. Tweet to them @jer_Swenson and @micassem.

Michael Kirk Please Interview us For Your New Prince Movie “Prince: R U Listening”!

Film Director / Producer Michael Kirk of Maltese Productions please interview us for your new Prince movie “Prince: R U Listening”!

–First of all we are huge fans! —

I am writing this open letter to introduce you to my esteemed friends who are music aficionados and Paisley Park regulars.  Together we have more knowledge about Prince than most of the so-called experts in the media frenzy over the last six months.  We want to help with the making of your new documentary film “Prince: R U Listening”.  We don’t care about money or publicity.  We do this for the truth and because we were a part of that Paisley Park scene that showed “love4oneanother”!  Here is a brief background of each of us.

Fig. 1. Matt Martin and Jeremy Swenson – Dance Party at Paisley Park, Oct, 2015.
matt-martin-jeremy-swenson-paisley-park-oct-2015
1) Dr. Griffin Woodworth has a Ph.D. in Musicology from UCLA where much of his research has been on Prince and Frank Zappa.  Since 2012 he has been working on a book “Prince, Musicologist” (working title) for the University of Michigan Press Tracking Pop series.  He has been a Paisley Park regular since about 1995 and has written articles, blog posts, and has also been cited by the media on the history of Prince and music generally.  He is also a music history, music technology, and music commercialization professor – he has taught at leading colleges and universities from MN to SC.  See the links to some of his publications here:

a) Blog: PAISLEY PARK IS IN YOUR HEART: A REMEMBRANCE.
b) News Media: At Prince’s house, heartbroken fans mourn ‘a piece of my childhood gone’.
c) Academic article: Prince, Miles, and Maceo: Horns, Masculinity, and the Anxiety of Influence.
d) LinkedIn: https://www.linkedin.com/in/griffinwoodworth

2) Mark Bonde is an energetic leader with a firm understanding of the global security landscape and is focused on helping organizations deliver higher levels of physical security through the effective use of technology.  He possesses a strong set of interpersonal skills that enable him to communicate effectively in diverse cultures and environments.  He has been going to Paisley Park since 1995 and is friends with one of Prince’s longstanding and highly regarded tour and party DJs, DJ DUDLEY D (AKA Dustin Meyer).  He was also in Prince’s 1996 MTV Emancipation Broadcast as an extra.  He has a BA from the University of MN in Political Science, and has been cited by the local media about Prince and has blogged and spoken about him in the following links:

a) Video Blog Eulogy:

b) Blog: Paisley Nights.
c) Media commentary: Prince fans still visiting Paisley Park.
d) LinkedIn: https://www.linkedin.com/in/mark-bonde-b249353

3) Sara Savoy is a seasoned business leader with over 20 years of success in sales and sales management.  She focuses largely on driving net new revenue and exceeds quota attainment for Digital Technology and Marketing (Software and Software as a Service) products.  She is a strong local music insider, creative photographer, and has also been a Paisley Park event regular for many years.  She has a few impressive blog posts and media citations, including a photo of Paisley Park that went viral from TIME, Rolling Stone, and other publications this summer:

a) Media: Her Paisley Park photo cited by TIME Magazine among others.
b) Blog: A Rehearsal of Fortune with Prince at Paisley Park.
c) LinkedIn: https://www.linkedin.com/in/sarasavoy

4) Michael Holtz is a data and infrastructure technology professional who runs a DJ business on the side.  He has been Prince’s event party DJ for about the past two years and still does so for his estate on occasion.  He has an exotic flair for funky beats and is respected among Paisley Park staffers and the electronic music scene in MN.  He has commentated on Prince and the music industry many times and can be seen in the following news links:

a) Fox News: Prince’s Studio DJ Opens Up About Pop Icon’s Final Public Performance.
b) DJ Video Commentary: A Tribute To Prince | A Reflection On His Life with Mike Walter and Michael Holtz | #DJNTV.
c) DJ Service web-site: 2 The Max Entertainment.
d) LinkedIn: https://www.linkedin.com/in/michaelholtz

5) My name is Jeremy Swenson and I am a passionate creative, music curator, and Prince super fan who has been a regular concert goer and party goer at Paisley Park since 2000 – both public and under the radar events.  I watched Prince audition and select his best drummer ever, John Blackwell,  and even got on stage to sing with him in the year 2001 at a jam session.  I am connected with many of his present and former bandmates and staff on Facebook, LinkedIn, and in other social channels.  I was at the last dance party on 04/16/16 and was one of the lucky few to hear from Prince before he passed away the next week as were my friends Mark Bonde, Michael Holtz, Harvey Andrus, and Sara Savoy.

I have a BA in Political Science and Jazz from UWEC, an MBA from St. Mary’s University of MN, and am currently pursuing a rare and exceptional masters degree at the Univ. of MN in Security Technologies.  I have blogged and commentated about Prince, the Mpls music scene, the music business, economics, and related technology concepts.  I am also a speaker and Sr. Consultant to the insurance, banking, retail, and healthcare industry at the intersection of process improvement, security, and technology.  See a few of my written works below:

a) Blog 1: Prince and Purple Rain 30 years later: Business and Music Innovation.
b) MN AMA Blog 1: Three Keys to More Innovative Marketing: The Case of Prince.
c) Blog 2: Social Tech CEO Jimmy Chamberlin Rejoins Smashing Pumpkins.
d) MN AMA Blog 2: U2: Music Marketing Tweaked for a Hyper-competitive Digital World, While Still Appealing to Emotion.

We have open hearts to help with your film pursuit of the Prince scene in whatever way we can.  Our insights and stories are valuable as you move your documentary forward. 

Fig 2. Bill McKee and Jeremy Swenson visiting The New Paisley Park Museum, Oct, 2016.
20161022_135516

Please contact me here to set up a meeting.

Much love and respect,

Jeremy Swenson

Lessons Learned From the Sony Hack

sony-hack-photo-3This article reviews the 2014 Sony hack from a strengths and weaknesses standpoint based on select parts of the SysAdmin, Audit, Network and Security (SANS) and National Institute of Standards in Technology (NIST) frameworks. Although an older hack the lessons learned here a still relevant today.

Strengths – A Track Record of Innovation and Multilayered Information Security:
From early boom-boxes in the 1980s to the first portable disc player in the early 1990s.  To high-quality headphones, the first HD TVs, to high-quality speakers, a gaming system revolution called the PlayStation, and now a massive on-line gaming network, Sony has been creative and innovative.  This has made them one of the most respected and profitable Japanese companies to date.  Yet this success derived overconfidence in other areas including information security but they still have the potential and the money to be a security leader.   The managerial layering of Sony’s information security team was a good start even if their head count was too low.  One source stated, “Three information security analysts are overseen by three managers, three directors, one executive director and one senior vice president” (Hill, 2014).  Although contradictory, at least there was some oversight.

Failure 1 – Poor Culture and Lack of Leadership Support:
Sony’s leadership is on the record as not respecting the recommendations of either internal or external auditors.  A quote from an I.T. risk consultancy summarized it this way, “The Executive Director of Information Security talked auditors out of reporting failures related to Access Controls which would have resulted in Sony being SOX (Sarbanes-Oxley) non-compliant in 2005” (Risk3sixty LLC, 2014).  Things like this trickle down the layers of management and become a part of the company culture.  Specifically, low level whistle blowers were silenced even though their I.T. risk arguments were solid.  “Sony’s own employees complained that the network security was a joke. (Risk3sixty LLC, 2014)”.  When this happened Sony’s leaders failed to execute their fiduciary duty to the board, shareholders, and customers.  They did this so they did not look bad in the short term yet it cost the company more in the long term.

Failure 2 – Not Understanding Their Baseline:
The baseline is a measure that determines when you have the right amount of security and security process in relationship to your required business objectives and risk tolerance.  Being below the baseline means risk is too high and an attack or breach is likely.  This is why the baseline changes often and needs to be closely monitored.  For example, when you are producing a very politically controversial movie about an unruly world leader who has a history of making war threats against his political opponents, you should have a higher baseline to be on guard from hacktivists.  Sony overly focused on their cash generating core competencies and security was at most an afterthought.  According to one source, Sony Pictures had just 11 people assigned to a top-heavy information security team out of 7,000 total employees (Hill, 2014).  For a technology company that is way too few people working in security.  It’s not enough people to collect and intelligently review logs, patch software, pen test, red team, and be available for one or more war room type projects which are bound to come up – all things prudent security would require.

Understanding your I.T. risk baseline requires testing and measurement and this has to be based on some framework, SANS, NIST, or some of the others.  One former employee described Sony’s failure to comply with any framework as follows, “The real problem lies in the fact that there was no real investment in or real understanding of what information security is.  One issue made evident by the leak is that sensitive files on the Sony Pictures network were not encrypted internally or password-protected” (Hill, 2014).  Had they conformed to the SANS or NIST framework they would have been required to encrypt the data – see conclusion.

Failure 3 – Weak Password Policies:
Sony’s password policy was embarrassingly weak.  In fact, so weak you might think they were deliberately trying to help hackers.  “Employees kept plaintext passwords in Microsoft Word documents” (Franceschi-Bicchierai, 2014).  Even very small companies from the 1990s would have policies against that.  Moreover, one source confirmed that the word files were named with password in the file name (Risk3sixty LLC, 2014).  Once in the network, all a hacker has to do is search for a file with password in the name and they have it.

Failure 4 – Late Detecting the Hack and Data Exfiltration:
Right away the intruders easily walked into Sony’s internal network and began stealing unencrypted sensitive data with apparently no log alarms going off.  Sony had not followed data classification, retention, or governance plans – not even checkbox compliance.  If they did they would not have had all types of data mixed together.  One reporter described it this way, “Intruders got access to movie budgets, salary information, Social Security numbers, health care files, unreleased films, and more” (Hill, 2014).  Thus, their network segmentation here must have been weak or non-existent.  Health care data should not be near unreleased film files as they are totally different.  There is no business justification for this.  Segmenting and encrypting the data would have greatly reduced and delayed any data theft.

Conclusion:
sans-top-3-sony
nist-cyber-sec-framework-for-sony

References:
Baker, L., & Finkle, J.  “Sony PlayStation suffers massive data breach”.  Reuters.  Published 04/26/11.  Viewed 10/26/16.  http://www.reuters.com/article/2011/04/26/us-sonystoldendata-idUSTRE73P6WB20110426

Franceschi-Bicchierai, Lorenzo.  “Don’t believe the hype: Sony hack not ‘unprecedented,’ experts say.”  Mashable.  Published 12/08/14.  Viewed 10/20/16.  http://mashable.com/2014/12/08/sony-hack-unprecedented-undetectable/#359BD06aEkq6

Greene, Tim.  “SANS: 20 critical security controls you need to add.” Networked world.  Published 10/13/15.  Viewed 10/23/16.  http://www.networkworld.com/article/2992503/security/sans-20-critical-security-controls-you-need-to-add.html

Hill, Kashmir.  “Sony Pictures hack was a long time coming, say former employees”.  Published 12/04/14.  Viewed 10/20/16.  http://fusion.net/story/31469/sony-pictures-hack-was-a-long-time-coming-say-former-employees/

NIST.  “Framework for Improving Critical Infrastructure Cyber Security”.  Published 01/01/2016.  Viewed 10/23/16. https://www.nist.gov/sites/default/files/documents/cyberframework/Cybersecurity-Framework-for-FCSM-Jan-2016.pdf Risk3sixty LLC.

Risk3sixty. “The Sony Hack – Security Failures and Solutions.”  Published 12/19/14.  Viewed 10/20/16. http://www.risk3sixty.com/2014/12/19/the-sony-hack-security-failures-and-solutions/

Sanchez, Gabriel.  “Case Study: Critical Controls that Sony Should Have Implemented”.  SANS Institute Information security Reading Room.  Published 06/01/2015.  Viewed 10/20/16.  https://www.sans.org/reading-room/whitepapers/casestudies/case-study-critical-controls-sony-implemented-36022

Why Would Salesforce Pay Billions More for LinkedIn?

In June Microsoft agreed to buy LinkedIn for $26.2 billion in the largest acquisition of its time, betting the professional social network can recharge the company’s software offerings despite recent difficulties.
Microsoft LinkedIn Deal
Microsoft never had a good social media platform and their search and web analytics still can’t shake a stick a Google’s.  Although Microsoft has done well with the Surface, Office 365, and business software tools like SharePoint, OneDrive/Cloud, and Azure, they have struggled with their Nokia phones running on Windows – wasting money.  LinkedIn is fiercely respected among recruiters and job seekers, and had great income streams in prior quarters.  Yet they have scaled back what they offer to free members, removed their events feature years ago, and have made many user and cosmetic changes that have forced some people to use LinkedIn only as a tool to promote their own sites which they can directly control and monetize – thus driving their revenue and market appeal down.

Buying LinkedIn cost Microsoft $196 per share, a 50% premium from their before sale announcement price.  This is a win for LinkedIn shareholders, and is likely a win for Microsoft in the long run.  Once Microsoft integrates its systems with LinkedIn it will have a giant CRM like Salesforce.com or Oracle.  This CRM will be used to tastefully listen and market Microsoft subscription solutions to LinkedIn users, among related items.  Yet even if that effort backfires it does not matter because LinkedIn by itself produces good income.  Thus, with some user experience tweaks, for example, bringing back the event feature which will allow them to see what interests and products can be inferred from event registrations.  Facebook presently does a good job at this.  Even if a person does not go to the event they have still indicated interest by registering, and that is valuable data especially when cross referenced with other LinkedIn data.  The key is data mining, analytics, cloud services, and tastefully cross marketing and selling these and yet unknown services.

Observing the above, it’s of no surprise that Salesforce was one of the early bidders to buy LinkedIn but it is a surprise that they lost out since they like Oracle have such a nasty track record of successful acquisitions.  Recently in a securities filing, LinkedIn disclosed an email from Salesforce CEO Marc Benioff in which he says that Salesforce would have increased its bid and restructured its offer had it been giving an opportunity by LinkedIn.

“Reflecting on the additional proposals it made after LinkedIn and Microsoft agreed to exclusivity, the email indicated that Party A would have bid much higher and made changes to the stock/cash components of its offers, but it was acting without communications from LinkedIn,” the filing says. “The Transactions Committee also considered the contractual provisions contained in the definitive merger agreement with Microsoft, including those relating to discussions with third parties, and determined not to respond.” (Salesforce’s Benioff says he would have paid more than $26B for LinkedIn).

Yet after carefully reviewing how it handled the bidding process to make sure it wasn’t legally exposed, LinkedIn’s deal teams decided not to respond to the email.  Although, the Benioff email didn’t say how much more he would have offered – many new sources are speculating $4.2 to $4.7 billion more than Microsoft.  Let’s hope both companies continue to compete to make the industry better.

By Jeremy Swenson

Infrastructure-As-A-Service Shifts To The More Economical and Flexible OpenStack Platform

Storm Enterprise Logo

OpenStack was founded by Rackspace Hosting and NASA in 2011. Since then it has become a global collaboration of developers and cloud computing technologists creating a universal open source python based cloud computing IaaS (infrastructure-as-a-service) platform for public and private clouds. OpenStack aims to deliver solutions for all types of clouds by being easy to implement, massively scalable, and by having lots of features – all managed through a dashboard that gives administrators control while empowering users to provision resources through a web interface (Fig. 1).

Fig. 1. OpenStack System Flow
OpenStack Image 1

Over the last three years OpenStack has been deployed at about 10% of the Fortune 100 and has become a niche play mostly for public cloud providers. Today these companies see a range of growing use cases from running simple web servers to using hundreds of cores for high-throughput computing. Other benefits include more secure servers, segregated environment infrastructure for research and deployment based projects, and outsourcing of infrastructure to reduce risk and cost. Cloud services like Google Compute Engine, Amazon Web Services (AWS), and Microsoft Azure are proprietary platforms that automatically lock users into their platform while the benefit of OpenStack is that they do not.

Fig. 2 (OpenStack Kilo Demo).

OpenStack just had its 13th major release with the 14th due late this year. They have over 10,000 community members and over 1,000 active code contributors. Customers can expect new enhancements in major releases every six months for the foreseeable future. AT&T recently committed to 500,000 OpenStack nodes between now and 2020. Volkswagen has committed to deploy the world’s largest OpenStack network. Verizon, Walmart, and NASA use it; while Intel has been a power user and collaborator for some time (Fig. 3.).

Fig 3. Intel OpenStack-Summit-Session, Nov 2013
intel-open-stacksummitsessionnov13final-10-638
Locally Target has three OpenStack clusters and 120 server nodes in total. It’s likely to grow to 360 nodes this year. FICO has eradicated all but a few VMware (virtual machine) servers. Thomson-Reuters is in the process of deploying 500 servers of OpenStack. Digital River has said “no” to their VMware ELA (enterprise license agreement) and will replace 600 VMware servers and all of their Cisco switching with OpenStack and software-defined networking in the next 24 months with an estimated $6,000,000 in software savings. Best Buy and 3M also have active OpenStack deployments in progress. OpenStack is the fastest growing open source project on the planet and is likely to inspire new competitors.With this track record many pundits and users project very high adoption in the Fortune 100 within the next five years.

Why implement OpenStack? It saves and makes companies money by the wheelbarrow full. Through lower software, hardware, operational labor costs and faster time to market with more innovation through automation. It also provide risk reduction via virtual segregation, and offers an unlocked platform unlike most of the establishment competition as noted above. But companies need help. They need to understand the costs and the risks involved in a deployment.

To learn more about how your company can innovate and save with OpenStack reach out to Storm Enterprises, a noteworthy and growing MN based implementation consultancy for this and related technologies.
Storm Enterprise Logo

 

Demystifying 9 Common Types of Cyber Risk

1)       Crimeware
This is designed to fraudulently obtain financial gain from either the affected user or third parties by emptying bank accounts, or trading confidential data, etc. Crimeware most often starts with advanced social engineering which results in disclosed info that leads to the crimeware being installed via programs that run on botnets which are zombie computers in distant places used to hide the fraudsters I.P (internet protocol) trail. Usually the victim does not know they have crimeware on their computer until they start to see weird bank charges or the like, or an I.T. professional points it out to them. Often times it masquerades as fake but real looking antivirus software demanding your credit card info in an effort to then commit fraud with that info.

2)       Cyber-Espionage
The term generally refers to the deployment of viruses that clandestinely observe or destroy data in the computer systems of government agencies and large enterprises – unauthorized spying by computer, tablet, or phone. Antivirus maker Symantec described one noteworthy example where the U.S. Gov’t made a worm to disable Iran’s nuclear reactors arguably in the name of international security (Fig. 1).

“Stuxnet is a computer worm that targets industrial control systems that are used to monitor and control large scale industrial facilities like power plants, dams, waste processing systems and similar operations. It allows the attackers to take control of these systems without the operators knowing. This is the first attack we’ve seen that allows hackers to manipulate real-world equipment, which makes it very dangerous. It’s like nothing we’ve seen before – both in what it does, and how it came to exist. It is the first computer virus to be able to wreak havoc in the physical world. It is sophisticated, well-funded, and there are not many groups that could pull this kind of threat off. It is also the first cyberattack we’ve seen specifically targeting industrial control systems” (Accessed 03/20/16, Norton Stuxnet Review).

Richard Clarke is the former National Coordinator for Security, Infrastructure Protection and Counter-terrorism for the United States and he commentated on Stuxnet and cyber war generally in this Economist Interview from 2013.

Fig.1.

3)       Denial of Service (DoS) Attacks
A DoS attack attempts to deny legitimate users access to a particular resource by exploiting bugs in a specific operating system or vulnerabilities in the TCP/IP implementation (internet protocols) via a botnet of zombie computers in remote areas (Fig. 2). This allows one host (usually a server or router) to send a flood of network traffic to another host (Fig. 3.). By flooding the network connection, the target machine is unable to process legitimate requests for data. Thus the targeted computers may crash or disconnect from the internet from resource exhaustion – consuming all bandwidth or disk space, etc (Fig. 3.). In some cases they are not very harmful, because once you restart the crashed computer everything is on track again; in other cases they can be disasters, especially when you run a corporate network or ISP (internet service provider).
Fig. 2.                                                                Fig. 3.Botnet and TCP image
4)      
Insider and Privilege Misuse
Server administrators, network engineers, outsourced cloud workers, developers, I.T. security workers, and database administrators  are given privileges to access many or all aspects of a company’s IT infrastructure. Companies need these privileged users because they understand source code, technical architecture, file systems and other assets that allow them to upgrade and maintain the systems; yet this presents a potential security risk.

With the ability to easily get around controls that restrict other non-privileged users they sometimes abuse what should be temporary access privileges to perform tasks. This can put customer data, corporate trade secrets, and unreleased product info at risk. Savvy companies implement multi-layered approvals, advanced usage monitoring,  2 or 3 step authentication, and a strict need to know policy with an intelligible oversight process.

5)       Miscellaneous Errors
This is basically an employee or customer doing something stupid and unintentional that results in a partial or full security breach of an information asset. This does not include lost devices as that is grouped with theft – this is a smaller category. The 2014 Verizon Enterprise Data Breach Investigation Report gives an example of this category as follows:

“Misdelivery (sending paper documents or emails to the wrong recipient) is the most frequently seen error resulting in data disclosure. One of the more common examples is a mass mailing where the documents and envelopes are out of sync (off-by-one) and sensitive documents are sent to the wrong recipient” (Accessed 02/21/16, Page 29).

6)       Payment Card Skimmers
This is a method where thieves steal your credit card information at the card terminals, often at bars, restaurants, gas stations, sometimes at bank ATMs, and especially where there is low light, no cameras, or anything to discourage the criminal from tampering with the card terminal.

Corrupt employees can have a skimmer stashed out of sight or crooks can install hidden skimmers on a gas pump. Skimmers are small devices that can scan and save credit card data from the magnetic stripe (Fig. 4.). After the card slides through the skimmer, the data is saved, and the crooks usually then sell the information through the internet or if they really want to be secure the Darknet which is a secure non-mainstream internet that requires a special browser or plug-in to access. After this counterfeit cards are made, then bogus charges show up, and the bank eats the costs which unfortunately drives up the cost of banking for everyone else. Also, some skimmers have mini cameras which record the pin numbers typed at ATM machines for a more aggressive type of fraud (Fig. 5.).  Here are two images of skimmer technologies:

Fig 4.                                                                       Fig 5.
Card Skimmer and Camera

7)       Physical Theft and Lose
This includes armed robbery, theft by accident, and/or any type of device or data lost.  Although some of the stolen or lost items may never end up breached or used for fraud sometime they are depending on what device and/or what data is on that device and/or if it was encrypted or not, or if it the data could be deleted remotely, etc.

8)       Point of Sale Intrusions
See my 2014 post on the Target Data Breach here for a good example.

9)       Web App Attacks
These incidents were carried out primarily via manipulation of vulnerabilities in input validation and authentication affecting common content management systems like Joomla, Magento, SiteCore, WordPress, and Drupal.

According to the 2015 Verizon Data Breach Investigation Report these types of attacks are not only a reliable method for hackers, but also fast with 60% of the compromises taking a few minutes or less(Accessed 02/21/16). With web applications commonly serving as an organization’s public face to the Internet, the ease of exploiting web-based vulnerabilities is alarming (Accessed 02/21/16, 2015 Verizon Data Breach Investigation Report). According to The Open Web Application Security Project these are two common types Web App weaknesses (Accessed 02/21/16, 2013, OWASP 10 Most Critical Web Application Security Risks):

“i) Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

ii) XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping (Fig. 6.). XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites access unauthorized pages”.

Fig. 6.
RXSS
Jeremy Swenson, MBA is a seasoned, Intel certified, retail technology marketing and training representatives on assignment at Best Buy for clients including Intel, Trend Micro, Adobe, and others. He also doubles as a Sr. business analyst and project management consultant. Tweet to him @jer_Swenson.

 

What the Windows Phone Must Overcome to Gain Traction:

There is no doubt that Microsoft is a tech super power in this game of smart phone wars, but Google’s Android and Apple’s iOS have challenged them to date.  As per Fig. 1. Microsoft’s phone OS (operating system) market share has stayed about steady at about 2.9%.  Blackberry on the other hand has so little market share they are hardly worth mentioning since their mobile phone OS market share has dropped to .09% at the end of 2015 (Fig 1.).  Although different phone OS market research reports have slight up or down variations, the point is that Microsoft and Blackberry are hugely losing the Smart Phone Wars.

Fig. 1.
Smart Phone Stats dec 2015Last time Cassem and I commentated on this situation was August of last year when Microsoft was high on the release of Windows 10, arguably their best operating system in a decade but not without risk.  In our last piece we valued many aspects of Microsoft’s products including the Cloud, SharePoint, and Windows 10 for business users, but we only began to address the full story.  Yet our prior conclusion that Microsoft as a company is undervalued is unchanged because they have so many successful products including Server, Exchange, Visual Studio, System Center, Dynamics, and SharePoint, in spite of their phones weaknesses.

In this post we will specifically explore why Microsoft is losing the smart phone war and what can be done about it so they can win.  First of all, Microsoft was late to the game in October 2010 with the release of the Windows Phone 7.  Google was early with the T-Mobile G released in October 2008. (Fig. 2.).  Apple was the first with the iPhone 1 released in June 2007.  Microsoft’s late entrance in conjunction with their delay to take phone apps seriously has proven to push app makers to the dominate platforms, Android and iOS.

Mobile applications are increasingly addictive for phone users and since the Windows platform has so few that means most mobile gamers, media streamers, and multitaskers will avoid the Windows Phone in the immediate future.  Most corporate mobile phone contracts favor the iPhone and those contracts will take years to be undone to the detriment of Microsoft.

Fig. 2.
First Android Smart PhoneWith 53.3% (Fig. 1.) of the phone OS market share there are a few things that Android got right.  The integration of Google Calendar is easy, useful, and free.  Conversely, on a Windows phone, the integration of Microsoft Outlook is awkward, overly optimized for a traditional PC, and it’s not free for the full version.  As an owner of many Android phones I can see how the many OS updates have proved to make the platform much better with more efficiency and less bugs, especially on the Lollipop release of Android.

Apple comes in second with 42.9% of the mobile OS market share (Fig. 1) because they have gotten a lot of things right.  Apple’s OS works well together and is recognized as artful by the majority of the creative community — their early integration of iTunes and the iPod into the iPhone made it a big hit.  Also, you can use the iPhone with Apple TV, an iMac, iCloud, the Apple Watch, and Airport Time Capsule, to name a few.  ITunes has been a force to deal with but has started to lose market share in recent years as streaming services and other digital music services have come on board, specifically Pandora and Google Play.  Android users will say iPhones are overly simplistic, but to those users, that is a benefit.  There are a lot more settings options in Android, but Apple fans feel they don’t need all those features.  This is one ongoing battle between iOS and Android.

Security varies greatly in each of the platforms.  Apple has a very secure and closed off OS and network and they rarely share info with other tech companies.  Apple’s app network is also massive and thus they have experience with a lot of different architectural frameworks and they are good at approving and declining apps based on security.  Unlike Apple, Android has had some issues with fake apps designed to compromise security that were available for download in the app store.  Additionally, in recent weeks Apple has taken a respected but partially controversial stance to protect its user’s privacy in the wake of what many argue is an overreaching government. (In Debate Over Apple-FBI Dispute, Gates And Zuckerberg Don’t Agree).  This is a public debate that needs to continue and unfortunately as of now, Microsoft has given a more a-political and lukewarm response to this debate – though Microsoft founder Bill Gates disagrees with full privacy coverage arguments.

Windows 10 appears to be a pretty solid platform that builds off of some security benefits of Microsoft’s enterprise systems.  Windows 10’s Credential Guard protects corporate identities by isolating them in a hardware-based virtual environment.  Device Guard depends on Windows 10’s virtualization-based security to allow only trusted applications to run on devices — letting the service use signatures defined by your enterprise-controlled policy (Tech Net Device Guard Overview).  In our mind, Microsoft needed to do this to help leverage its legacy network of enterprises that could upgrade to the new Windows 10 OS in the most secure way including Server, Exchange, Visual Studio, System Center, Dynamics, and SharePoint.

Moving on, iPad and Android based tablet customers have been frustrated with the slow speed and low power and functionality of these devices for a long time.  In response to this Microsoft has been an innovator and leader with the design and release of the Microsoft Surface.  The Surface redefines what a tablet can be.  It brings full computer power, something that had not been done on a tablet in the past.  As the Surface improved up to its latest iteration, the Pro 4, it proved to validate the clever Windows 10 OS.  As of January 28th 2016 Surface sales are up 29% from last year (2015) (Microsoft Q2 2016 Earnings Report) which suggests that with the right improvements they could also get considerable gains in the phone market.

Why would someone change to a Windows Phone?  First off, there are a lot of users out there that are familiar with Windows in general.  “For example, Skype has been downloaded more than 900 million times on iOS and Android devices, Microsoft CEO Satya Nadella said during a recent earnings call” (Microsoft Q2 2016 Earnings Report).  The only problem in most people’s minds is that they use their phone differently than they use their PC.  Microsoft has to convince these people that there are similarities, cross usage benefits, and that the user experience is better or good.  From a user experience standpoint, Windows Hello is a great feature that provides for facial recognition log in and Cortana is the virtual assistance that is controlled by voice recognition (Fig. 3.).  Positively, Office Mobile comes with all Windows 10 phones and that includes a great iteration of PowerPoint with a fun and easy to use interface (see video below).  Moreover, all Windows 10 phones can connect to Blue Tooth keyboards, mice, and dual monitors.  Grant it, the mobile version doesn’t have a desktop built in like the PC version does but it has something better for the mobile environment, Continuum.  Continuum turns your phone into a big-screen projector and a big-time productivity tool when you have the Microsoft Display Dock as described in the video below.

Fig. 3.

The new Windows 10 is a much more connected OS than previous OSs.  It seems that part of Microsoft’s strategy is connecting the new OS with their cloud business over time.  The Windows 10 Phone gives a lot of connected apps that show new emails, current weather, and news just by glancing at the home screen.  In the iPhone, the icons will rarely show updates.  The only iPhone app that comes with the phone that shows updates is the calendar app.  This is an idea that is built into Windows 10 giving people the convenience of not actually having to open the app to get the information they are quickly looking for.  If they want more information, they can open the app and go from there.  Lastly, the criticism of Nokia as a phone company is exaggerated.  It is a good thing for a hardware and software company like Microsoft to own a phone maker and although not all Lumia models have been hits they have a positive trajectory.  This trajectory is due to enhancements including a great camera, crystal clear screen, a removable battery, Windows Hello, Office Mobile, and most of all its ability to transform into a desktop computer via Continuum.

Jeremy Swenson and Mike Cassem are two seasoned, Intel certified, retail technology marketing and training representatives on assignment at Best Buy for clients including Intel, Trend Micro, Adobe, and others.  Swenson doubles as a Sr. business analyst and project management consultant while Cassem doubles as a Marketer and Sales Consultant.  Tweet to them @jer_Swenson and @micassem.
Jeremy Swenson About Photo for BlogMike Cassem

 

Windows 10 Review: Mobile $ Centric, Cloud Informed, Touch Winner!

Ever since Google’s Android and Apple’s iOS have dominated the mobile operating system (OS) market, Microsoft has been running scared and has realized they cannot rest on their non-mobile products and established business application strongholds. The present and future OS market is heavily about mobile cloud-connected devices and that is why Android holds 78% of the mobile OS market (Fig. 1, 2015). Google’s release of the Chromebook in June 2011 was a quiet nuclear bomb against Windows, thus threatening their personal computer OS leadership.

Microsoft’s counterattack was supposed to be Windows 8.1 in 2012 to 2013 which was designed to run effectively on mobile and traditional devices but as per Fig. 1. their phone market share fell from 3.2% in 2013 to 2.5% in 2014 and then rose only to 2.7% in 2015. These results are horrible for a global software company that dominates the non-mobile OS and business application markets with more than 1.5 billion daily users according to Corporate Vice President of Education Marketing at Microsoft, Tony Prophet (2014). Windows 8.1 did not go over well because the Microsoft Store has few apps, people did not like the new tile start menu, it is clumsy to navigate, Internet Explorer is slow, and next to no one was inspired to get a Windows Phone because of Windows 8.1.

Fig. 1. Smart Phone OS Market Share
Mobile Phone MarketShare 2015
(IDC, May 2015, http://www.idc.com/prodserv/smartphone-os-market-share.jsp)

Windows 10 is supposed to be Microsoft’s comeback album and it’s going to be just as big as Carlos Santana’s 1999 Supernatural album with the hit song “Smooth”. Windows 10 was released on July 29th and so far the reviews are great all bugs aside. To share the love they are giving away free upgrades from Windows 8.1, 8.1 Phone, and 7 for one year. Microsoft never could quite sell the idea to everyone that you didn’t need a start menu. The Windows 8.1 start menu became the start screen, much the same way your tablet or cell phone works with tiles laid out like a board game. Thus Microsoft is bringing back the start menu on the bottom left yet they are leaving a partial live tile display for mobile enthusiasts that can be collapsed or expanded as per Fig. 2.

Fig. 2.
windows_10_start_screen_desktop_full_screen_0Windows 10 also introduces a function that allows you to utilize multiple desktops not just screen extensions, and this is a lot like Mission Control from Apple OS X. This will be a big benefit for business users, creative users, students, and people who do a lot of multitasking. The hot key shortcut to open a virtual desktop is: Windows key + Ctrl +D. Windows 10 also adds something new for gamers and graphics focused users, direct X12, which is a Microsoft proprietary graphics card decoder that communicates with and optimizes the many different graphics chips on thousands of computer models. It is the industry standard and that is why it’s used on the hugely popular X-Box. Windows 7 and 8.1 will not get access to direct X12 so graphics will be better on Windows 10. A creative person could even game in one desktop while they work in another assuming they have the RAM and CPU power needed for those specific applications – this is pretty cool. Another interesting visual add is the Windows Snap feature which allows you to split your screen into two, three or four separate areas and the hotkey shortcuts for this are:

  • Windows Key + Left – Snap current window to the left side of the screen.
  • Windows Key + Right – Snap current window to the right side of the screen.
  • Windows Key + Up – Snap current window to the top of the screen.
  • Windows Key + Down – Snap current window to the bottom of the screen.

For years customers have been unimpressed with the slow speed and incompatibility of ad-ons with Internet Explorer. Microsoft made a good move to create an all new browser similar to Google Chrome and it’s included for free with Windows 10. Code named Project Spartan and unveiled as Edge the new browser is up to 112% faster than Chrome according to Business Insider (07/15/15, http://www.businessinsider.com/microsoft-edge-windows-10-faster-than-google-chrome-2015-7). Edge allows you to circle, highlight and write your thoughts directly on web-pages. It also has a very cool reading view that strips out all the ads, sidebars, pop-ups and links, so you can scroll through a single column of text and pictures. However this does not work on all web-sites because some websites have not made the updates for 10. We really like this feature as we have been annoyed by these distractions when reading on-line and we like a lot of people do a lot of on-line reading.

Yet probably the second biggest addition to 10 will be Cortana. This is Microsoft’s digital assistant and promises to be much bigger than other voice assisted programs out there. Cortana is much like Dragon or Siri but much more advanced and integrated into the operating system. It will tell you your schedule and schedule things for you and is also an advanced web encyclopedia. It will learn more about you based off of Microsoft’s cloud databases which you can opt to share information with, including your e-mails, phone numbers, and web search data.

Fig. 3.
CortanaAfter upgrading to Window’s 10, we weren’t sure if we would use Cortana, but the more we use it the more we like it. In playing around with Cortana, you can provide feedback with screenshots that go right back to the teams at Microsoft. To prepare for the 10 release Microsoft was using an estimated five million external testers known as “insiders” to get this type of bug feedback.  This impressive number is a considerable increase from prior releases. Cortana is easy to locate in the bottom left of the screen next to the start menu. We find that if the user types a question in the search bar it will add tips and give you interesting facts each and every day, if you let it. Cortana starts out giving you information on the weather, finance, and sports but you can customize this under notebook settings (Fig. 3). Cortana is very intuitive and can track things for you. If you’re receiving a package, it will tell you the progress or details of that package. Say you’re picking someone up at the airport, Cortana will tell you if the flight is on time.

We really see Microsoft using Cortana to compete with Google Search and Google Analytics. Much the same way Google uses search on Android, Microsoft can use Cortana to provide different results for what you are looking for on phones, tablets, or computers. This really gives Microsoft a link to future ad and analytics revenue which could seriously challenge Google’s revenue streams.

In summary, Windows 10 is a much better product than prior operating systems and is a real threat to Apple and Google’s OS growth. It is designed for mobile and non-mobile devices and has the ability to exponentially learn about you from your use habits and Microsoft’s big data in the cloud. It is also a threat to Apple because they do not have a touch based OS on their computers but only on their iPads and iPhones. A lot of companies up to this point are still using Windows 7 but we see some of them moving to Windows 10 thus bypassing Windows 8.1. Imagine an HVAC worker, health care worker, or tax assessor having the power of Windows 10 to query their corporate database with Cortana while working in the field customized from their GPS trail.

With Cortana, the cool mobile aesthetics, the useful features of touch, the speed of the Edge browser, the ability to use multiple virtual desktops, the quad split screen, this is a growing hit among consumers. Based off these new upgrades it is much easier to use and much closer to what people are familiar with from previous versions of Windows yet it is still creatively different. We think app makers who have focused much of their energy in the past on the Android and iOS platforms will be forced to make more apps for Windows 10 and this will force more phone makers to sign on with Windows 10. We predict Windows 10 in conjunction with Microsoft’s own proprietary devices like the Surface will help them gain a lot more of the mobile OS market in the next 18 months thus driving Microsoft’s stock price above $55-$60 per share.

Jeremy Swenson and Mike Cassem are two seasoned, Intel certified, retail technology marketing and training representatives on assignment at Best Buy for clients including Intel, Trend Micro, Adobe, and others. Tweet to them @jer_Swenson and @micassem.

Jeremy Swenson About Photo for BlogMike Cassem