Author Archives: Mike Jones

Asking and answering hard questions

Posted on by
1

It struck me during a session at work the other day that sometimes “fear of saying the wrong thing” or procrastination seems to lead people to behave more like politicians than leaders. By behaving like politicians I’m not referring to the current inability to know the difference between a “work related expense” and “taking a sly one”, which was at first amusing and swifly became another nail in the “what are they good for?” coffin they were already lying in for me. I am more referring to their habit of answering a question with another question.

Let me answer that by asking you this…

I’ve seem to have a reputation at work for speaking my mind without holding back, whoever the recipient may be, peer or exec. This may get me into trouble one day (and probably already has) but I’d rather deal with occasionally clearing up a mess than sit there in a perfectly clean but static environment. I think especially at senior levels within larger organisation the feeling that the people on the ground who come and quiz you know more than you do about some areas of the business. As mentioned before the fear of saying the wrong thing and looking like an idiot leads to skirting round the question. I believe this stems from a mis-perception that great leaders have all the answers. When I ask someone in a role that has a great span of control than mine their opinion on something, I’d rather have their view based on that span of control they have as it will help me in a few ways. Firstly, it will give me an insight into areas that I don’t have (e.g. I think numbers are up and they may be 300% in my area but that is cancelled out by a 10% drop in a much larger area than mine). Secondly, they teach me about the information flow and any improvements that may need to be made to help people make more informed decisions. Thirdly, people just see things differently based on their background and career. I would rather have the benefit of hearing that and add it into my understanding and experience.

So next time I ask a tough question, don’t reflect it back to me as a question please. I’d rather …

You know what, I don’t know for sure but based on my understanding …

Pretty please.

Wading through the layers

Posted on by
Reply

I’ve started reviewing the presentations and messages we’ve developed internally around the security product set and talking to the people in our company with more experience than me in this area. There are a couple of things that instantly strike me:

  1. Too much, too much, too much. A.k.a. the 50+ size monster PowerPoint files.
  2. Related, the customers don’t care about half of the “features” we talk about.
  3. This is so similar to the position Brightmail was in a year and half ago when I joined the company (or the Symantec Mail Security 8300 Series with AntiSpam and AntiVirus as it was lovingly known then)

First task has got to be simplification and a focus on three or four key areas that people actually care about. I have a meeting this afternoon to make a first pass at trying to get some thoughts together. I can’t wait for the Big Corp HQ to give this to us because we’ve got to get moving now to get back in our stride and off the back foot.

Grabbing the Symantec Endpoint Protection nettle with both hands

Posted on by
Reply

For the last year and a half at Symantec I’ve been working on what we call Information Risk Management. At its most basic level it’s four key pillars:

  1. Keeping the bad stuff out
  2. Keeping the good stuff
  3. Keeping stuff as required
  4. Finding stuff easily when needed

I love the using the word “stuff” when I’m talking to people, it always surprises them! However, it nicely sums up the fact that data or information is largely unstructured and unclassified these days and not immediately identifiable based on what system its in.

My focus has been largely the first two pillars in the context of messaging security. For Symantec that means the Brightmail family of technologies. My team mate Jaap has focused on the second two which fall under our Enterprise Vault related products.

However as you can see from the title of this post I’ve had a slight change of direction in the last few months and been pushed towards a stack of solutions in our security products that include the infamous Symantec Endpoint Protection (a.k.a. SEP). SEP is our desktop and server anti-virus product that is what most of the world probably associate with Symantec and it’s yellow boxes. If you use the twitter search site and search for the keyword “symantec” you’ll get an insight into what a vocal group think of that product. You’ll soon understand why I called it a “nettle”!

The reason I’m now working with it is my main focus, Brightmail, is now included in a bundle called Symantec Multi-tier Protection (SMP, must have acronym for everything in technology). SMP contains amongst other things, SEP for the endpoint, SMS for Exchange/Domino (anti-virus for the mail stores) and Brightmail. It’s designed to give complete coverage for end-to-end protection.

SEP has gained a bad reputation because we essentially rushed it to market and didn’t do adequate testing on all ranges of customer sizes. As a result we killed some of our smaller customers servers (who generally don’t have high-end dedicated machine per application). My challenge is that a bad reputation is quick to gain and doubly hard to shrug off. It also doesn’t help when idiots from PR companies try and replicate “comcastcares” on twitter and offer to help “fix peoples problems”. Just makes us look like we don’t have a clue.

The reason smart people though will realise from my title that “grabbing” a nettle is actually not a bad plan. Brushing up against a nettle will result in a painful rash, but grabbing it quickly results in no pain. Now you see my task: dive in, get knowledgeable as to what our customers want, speak honestly and make it work.

Reboot Writing

Posted on by
Reply

I’ve realised in the last few days that my mind has gotten slow through too much inward looking. I need to lift my head above the parapet more because it helps contextualise what I do. Writing for me was always part of that, even if it was never published and sat in a drafts folder. Consider today a “reboot day”.

May State of Spam … Rising still!

Posted on by
Reply

We’ve recently been cranking out the monthly “State of Spam” reports which you can find here. They are a really strong demonstration of the kind of work that goes on behind the scene by humans in our operations centres around the world.

According to the report the volumes of spam have recently risen to peaks of 87% globally. However I’ve seen a few snapshots from dashboards that customers have sent our team recently showing 98.2% over a period of a week! I repeat … 98.2%! Just think about the volume of email the hits your inbox legitimately on a daily basis and imagine that’s less than 2% of the volume your organisation is processing for you!

One of the great things I love about the Symantec Brightmail technology that drives the anti-spam products I work with is the mix of humans and technology. It’s almost like bionic man (or woman) in someways. The reason I know that the human-machine mix works so well was the tweaks they’ve done in the last month to slow very effectively the NDR (Non Delivery Report) attacks that were happening. The volumes dropped significantly without a patch or new release of software etc. It was done through crafting rulesets that were deployed automagically to our customers. I was saying to one of our Product Managers, Jason, that it’s a shame we currently don’t have a really effective way to let our customers know what we are doing on their behalf but I think we’re we’re looking into some sort of a direct news feed to our customers in the upcoming dashboards. We could send them an email but it might get marked as spam and as far as I know we’re not hard-coded a whitelist entry of “*@symantec.com”!

I should be getting a tour of one our operations centre’s in Dublin later this month and I’ll try and write up a bit more if they let me.

Developing Information Risk Management Stories

Posted on by
Reply

My what a dull sounding post title but one of the fun things about being a specialist is developing the stories we tell to help the technology make sense. Not stories in the fictional sense, we couldn’t get it past legal! I’m privileged to work on a bunch of products that are genuinely integrated and not just thrown together by somebody in marketing looking to meet some new buzzword requirement.

The usual corporate-PowerPoint-hell exists at Symantec with 50 slide monsters containing everything you ever wanted say written on the slide itself. I apologise if you’ve ever been subjected to one of ours! Personally I try and use whiteboard wherever possible and I’ve been re-thinking the one I usually give recently in the light of our Vontu acquisition.

Vontu as a standalone entity focused on data loss prevention (DLP .. Another fab TLA) which is fundamentally about discovering where your important data exists within your organisation and keeping in the hands of only the people that need it. I think as I’ve been reviewing their messages and slides that the thing that most jumped out at me was the fact that “policy” was the core of all they do. Describe data. Describe access. Describe retention. Discover. Protect and prevent leakage. All those kinds of words and phrases revolve around policies. If you don’t know what your policy is handed down from a legal body, or an internal body, then how on earth are you going to decide how long to keep that pile of emails from your customers?

I think the biggest relief for me though as I discover more about the Vontu technology is that it’s not some toothless auditing or reporting tool but can actually impact and change user behaviour. You can run it in “Monitor/Discover” mode or “Prevent” or both. It’s not hard to build stories when you can impact the behaviour of thousands or millions of interactions of individuals using “our” information within an organisation!

“Stemming the data loss” or “Woo-hoo-Vontu!”

Posted on by
Reply

Being the sad individual I am – I was so excited when we announced our acquisition of Vontu at the beginning of the month. My main responsibility at work is the Symantec Mail Security 8300 Series Appliances (rolls off the tongue doesn’t it). This product is the one which has had Vontu’s filtering engine built in for a good while now. I built a slide for a presentation a few months ago that talked about the four main technologies on the box:

  • Brightmail – Top notch anti-spam filtering engine
  • Anti-Virus Engine – Well known and loved (or hated)
  • IMlogic – The core instant messaging security engine
  • Vontu – Advanced filtering technology for Data Loss Prevention (or Protection depending on the day of the week)

These four elements are all integrated on the boxes and I joked whenever I showed it that three were Symantec technologies, though you’d be amazed how many people didn’t know, and the forth would probably be soon. I didn’t do so with any insider knowledge! Just knew that the technology was too good to stay integrated and yet outside the organisation for too long!

The team I’m in is a group of specialists called “Information Risk Management” and it will be very interesting to see if we get the European Vontu employees in with us at somepoint soon. From my experience so far of this area of business need is that it’s only getting more and more important as our organisations (and in fact our entire economies) are being built on growing stack of data. How it’s managed, for good or for bad, internally or externally, with ease or pain – all these are going to be critical. I repeat again – Woo-hoo-Vontu!

Traffic shaping for my inbox

Posted on by
Reply

I’ve not written here for far too long. I love writing, but the only writing I seem to do these days is email! Since I joined Symantec my work day seems to never have time in it for stopping, contemplating and composing but I’m going to change that. I’ve realised that if I continue the same pace for too long I will basically run out of stored energy. For me, I am able to continue at a strong pace for a long time, but then I crash!

I’m on my way back from Barcelona right now and one of the things I have been thinking about is controlling my email inbox. The first day I was here, the in-flow was still it’s usual pace (a.k.a. far too much). The second day after people took note of the out-of-office reply they got, it slowed. The third day, it was even less. During the last 3 days I have sent very little email as I’ve been manning a stand here at TechEd. To me, that demonstrates that I’m actually generating in-flow probably by sending mail myself that requires a response (via email). I am going to make a conscious effort to send less email. Think before I send. Pick-up the phone. Do more digging before I reach for the “New mail” button.

Remind me of that in a week.

Yes, Symantec still make appliances…

Posted on by

… and they’re very good.

If you searched on our good friend Google for “Symantec appliances” you’d get the following results as the top two:

Symantec turns off on security appliances | The Register

Symantec is scaling down its hardware offering by pulling the plug on a range of network security appliances. The vendor will stop designing and making the
www.theregister.co.uk/2006/06/27/symantec_appliances/

Avoid Symantec appliances, says Gartner – vnunet.com

Analyst firm predicts that Symantec will exit market sector.
www.vnunet.com/vnunet/news/2159677/gartner-advises-avoiding

Oh dear, that doesn’t bode well for me in my new role at Symantec where my two focus products at the moment are Enterprise Vault (formerly KVS, archiving software) and the Mail Security 8300 Series appliance! I’ve only been in the role two weeks and I’ve already overheard colleagues describe themselves loosing business because “.. we don’t do appliances”. I repeat, yes, Symantec still make appliances… and they’re very good! They don’t make the hardware, it’s well spec’d Dell kit, but they do everything else involved in getting an appliance developed and with customers.

The communication problem stems from an exit from making appliance hardware and forming a partnership with Juniper that occurred mid-last year. The releases weren’t particularly clear and the press certainly focused on the “stopping making appliances” part of them. I’m still not fully clear on what has happened/is happening with those “SNS” and “SGS” products but “SMS” (Symantec Mail Security) is going strong. Amusingly the road-map code names for the upcoming releases are mountain names which keep getting higher and higher… I hope they’re pacing themselves on the way to Everest! Though I hear sub-ocean mountains are higher…

It’s going to be a challenge reversing the perception that Symantec don’t make appliances and that they are a worthy and safe investment for customers to make but I’m sure our team is up to the task! The most frustrating thing for me so far is working out what is publicly promotable about the products and what is “secret”. Everything seems to be marked “Internal Only” by default and only gets made “External” if someone asks the right person the right question about the right material and they agree. I’m still trying to discover the best way for me to change that without stepping on too many toes or ruffling too many feathers!

Blue Monster and more

Posted on by
2

I’ve been meaning to write the bulk of this post for weeks and weeks and finally got sick of it running round in my head and thought it best to put it down.

The “Blue Monster” is a little project that Steve Clayton (Microsoftie) and Hugh Macleod (of GapingVoid fame). The back story is here and it centres around this little cartoon: Blue Monster

I’ve followed Steve and Hugh separately for a long time and even had the pleasure of meeting Hugh years ago at a Joi Ito meet-up in London and it’s been funny to watch the two worlds collide. If you’ve not heard of the blue monster then go read the back story and come back before you read my thoughts. Otherwise, read on!

My interpretation of the blue monster runs along some thoughts that I’ve had for years about the concept of “Cow paths”. I can’t remember the source of this story but I think it was told by one of the Gillmor Gang on their weekly podcast. The story goes that one university in the USA decided after building its new campus to not lay any paths around the site, between buildings. Instead they let the students walk whichever way was quickest for them. They then returned a year later, looked around and saw the “cow paths” (worn tracks) and laid paths on those. Now the way I think this fits in with the blue monster is that for a long time now people have created pathways at Microsoft and its time for the next generation to make their own. Abandoning the paved stones for the rough grass. Now I’ve recently started walking a new way to the train station that takes me through a patch of grass which for some bizare reason has a wonky cow path on it that doesn’t take the straightest route and I’ve been pioneering a new one and I think its beginning to take shape. However, I have to be careful because people walk their dogs on the grass and though they wouldn’t let them poop on the path, they do let them in the rough. So my take in a nutshell: Make a new cow path, mind the poo.

Now this story takes on another twist today because you may recall my story of trying to get an evangelist job with Microsoft a short while ago. Well I never got round to writing that I didn’t get the job… rejected! Reasons were “not enough experience with the latest version of SharePoint” and “not enough experience taking to groups of 300 plus”. Which I personally thought were very poor reasons… a good evangelist can get their head round almost anything, it’s a personality type, not tied to a specific piece of software.

However, another large software company who I’ve also worked closely with for the last few years thought I was good enough and offered me an evangelist role. That company is Symantec and I start in a few weeks as a “Sales Development Specialist”. It’s going to be very interesting because if Steve et al think Microsoft have a way to go on their transparency then Symantec are miles behind them. I’m yet to discover the boundaries of my open-ness in the new role but as one of the groups I will be charged with enthusing is the channel (partners by another name), I can’t see that being successful behind closed doors. I’m sure I have many lessons to learn, mistakes to make, and frustrations to overcome but I’m really looking forward to it.

I wonder if Steve Clayton will be good enough to meet me sometime and swap tips… How far does the Blue Monster go? (and how often does he check Technorati to see who’s talking about him!)

technorati tags: , , ,