How I Lead Cybersecurity and Risk: 2011

Friday, December 30, 2011

2011: A Year Of Learning

Hello everyone. I feel like I have abandoned my blog but I have been quite busy lately working in a few projects. I have been writing though, with two blog entries and two articles for the International Legal Technology Association, ILTA.

What I want to accomplish with this post is not only summarize the highlights of my year, in terms of my career, but also what I learned from each project and situation and how I grew as consequence of them. So here I go.

Writing

I thought it was appropriate to start with this blog. It was launched in February with a goal of posting at least once a month but most importantly adding value. I did pretty well until the end of the year, when I got busy with our Windows 7 Roll out which I actually blogged about here and here. I feel like I continued to improve and define my writing style, and I learned how powerful social networks could really be. I never thought that I would reach over 1ooo people in three different continents with just a few posts and I hope I am adding value. Furthermore, I confirmed something that I know and practice; not taking action in your ideas and projects is a bad habit. Keep posting is a commitment that I made to myself and I am happy with the results primarily because I also participated in our ILTA Connected Community blog, but there are a couple of entries that I started and I think that would have been great and timely but never finished. So the take away is that once we have an idea or commit to something we must take action and finish it.

Many of you know that I serve as the Servers Operations & Security Peer Group VP for the International Legal Technology Association, ILTA and we launched a new blog which we hope will add value to our members. You can read not only our posts, but other formidable entries regarding Legal Technology here. In addition I wrote an article on Network Security for ILTA’s Risky Business White Paper and another for their Peer to Peer Magazine which describes how I work on strengthening my mind to achieve results and goals which you can read here. Again, I was reminded that I really need to make sure that I know and understand what I am writing about, which is the case, because of the impact that it could have in others. I re-affirmed that the goal is to add value.

Technology

I was pretty busy at Nexsen Pruet early in the year with infrastructure projects that included enhancing our dual MPLS network architecture by adding a second router to each location (formerly dual-homed in a single router). I learned more about BGP and EIGRP routing during this project and that while our network got more robust, it also did get more complicated. I also learned that Disaster Recovery and Business Continuity (DRBC) is an ongoing process that needs to be tested and adjusted properly as network and system topologies evolve. Besides, I again confirmed the importance of keeping good network and systems documentation up to date.

Four other major projects took place: an upgrade to our Video Conference infrastructure (VC), which I posted about here, the introduction of Application Level Monitoring through Riverbed’s Cascade appliance, expansion of Mobile Device fleet by introducing iPhones and MobileIron as our MDM solution, and a merger. I learned that while our VC system was heavily used the quality of experience by both the participants and IT folks in our team was very poor. Yes the investment was hefty, but the user experience has improved dramatically and in the last 2-3 months the adoption of desktop video both internally and externally has grown and is already in demand for 2012. That in addition to the ease of management tools of the new systems has probed the investment worthy.

We now have a better idea of what is going on in our network as far of traffic. We had been using Netflow collectors for a while which gave us a good picture of who was doing what, but I now personally have a much stronger understanding of how our applications interact with users and each other. Cascade gives us a great picture of all pieces interacting in a user action within our network and when there is a problem, it could tell us where it is, whether it is the network, servers, or clients. We are still on learning mode with this tool.

The introduction of iPhones and a merger kept me busy for a while. Whereas I learned a lot about mobile technologies and enhanced my knowledge of general security practices, I also discovered one a new passion on these two projects: Project Management. I have been managing projects since I became the Network Manager at the firm especially around telephony and facilities having c0-managed the last office move from a technology standpoint. The reason I like PM and that I will make an effort to continue to learn about this topic is because it gives me skills outside IT that I feel I need in order to continue to advance my career, specially so Risk Management, an area of great interest to me at the moment. I am not at a PMP level yet but I think that I am doing well and in fact, I have been tasked with building our Technology Project Management practice at the firm and now have a very talented PM reporting to me.

The rest of the year was dedicated to our Windows 7 and Office 2010 rollout. I learned so much that I don’t know where to start; from how many specialty applications we are running, to how attorneys and their staff work and use those apps, to how successful you could be when everyone is on board and rowing together towards the same goal. This was the most rewarding, and one of the most successful projects that I have been part of, and again, project management and planning was the key. My role during the project was of Deployment Manager in two different offices and Project Manager in two others. I learned a lot about how attorneys at different offices and practicing different laws work, and how unique their practices are. The most satisfying part of the project though, was seeing how so many talented people in our Technology Department grew during this project. This project also let me understand how important making adjustments while staying focus is; things go wrong, get delayed or even completely pushed out of the initial plan, but you must remain focused on the end goal and adjust as you go, which means that you must evaluate where you are constantly.

Leadership

I will never want to stop learning on this area, period. It is such a broad and complex, yet intriguing topic that I think evolution is the key to its mastering, if there is such thing. Anyway, as mentioned earlier I lead a group of legal technology professionals for ILTA. I got appointed as the VP for the Servers Operations Peer Group in August. One thing that I learned firsthand is how important succession is. My predecessor, Bob DuBois, did a great job getting me ready for the transition by assigning task with great visibility into both our team and the whole organization. Task that might seem trivial such as participating in calls with his peer officers or running our meetings really built confidence and got me ready to take it to the next level. This is something I have been doing since day one I became a manager but I had never seen in practice. I got promoted to a management role like many others because of achievements and results in the operations area without little management training or experience and it was a little tough at the beginning, but while adjusting and keeping focus made a difference then, I can now appreciate how much better it could’ve been if we planned ahead. I also learned how to deal with a larger team and building a new team, not to mention how different it is to manage your team at your company compared to managing a team of volunteers.

I also learned that leadership is about value, communication and helping others grow. Bob did a great job helping me transition to my Officer role and I recognized that and will always try to apply it as a way to help other grow. As we were getting ready for full deployment of Win7 my director and other project leaders recognized that the 3^rd party Project Management that we had hired for the project would not be a good fit going forward. He did a great job getting us to a point but things started to not go so well during the first office deployment. My Director approached me and asked me to take over as the Lead PM because we had discussed moving PM under me based on success in projects that I had led. Because of my passion for this area I was excited and honored by just being asked to take over such an important task. However, I also recognize an opportunity to build and help someone grow. We had hired our current PM a few years ago as a PM, but he never really had a chance to lead any project because of many different reasons. I saw this as his chance to grow into the role and gain credibility. He had just completed his Project+ certification and I ask my boss if he would be willing to let him lead the project instead. He hesitated a bit but I asked him to trust me, and most importantly, to trust him and he agreed with the condition that I stayed on top of it behind the scenes, which I did by mainly emphasizing communications. The rest of the project was a big success and I was greatly satisfied by seeing this person succeed when people doubted him.

So what is it about value? This year, during some hard times when the dark side wanted to take over me, I really had to dig and rediscover my core values. I learned that if I stick to those my whole life will make more sense to me and my family anyway, and I will in turn, be able to add more value to those around me. I thank Randi Mayes, Executive Director of ILTA, for her wise words on this topic and continued commitment to helping ILTA's officers and volunteers to grow.

My most precious take away about leadership, is that I am now learning how to apply all of these concepts to my personal life. While I think that friends and family have always looked up to me and willingly followed me, I never saw it as an opportunity to lead. Leading my family is my most important task and growing together as successful people is my most rewarding and precious treasure and I can now do it with a leadership approach which is enhancing our already strong relationship and making our core values stronger. It doesn’t get any better than that!

That's it. It was a year of learning, and it will always be. I will soon post on what is ahead for the 2012 year. I hope that it bring energy, health and prosperity to all of you and your families.

Here to a great 2011 and an even better 2012! Happy New Year!

Thursday, September 8, 2011

Win7/Office 2010 Deployment Office 2, Days 3 & 4

Last week I covered the first two days of our Window 7 & Office 2010 deployment in this blog. Today I am going to tell you how we close the deal during days 3 and 4.

Day 3. Closing the Deal

After a relaxing night closed out with a walk at one of Hilton Head beaches’ shore we were re-energized and it showed as soon as we got to the building. The first group, the support team, got to the office very early to be available to help the office staffers that got newly imaged PCs with the new OS and Office Suite as well as some new or upgraded applications, including our iManage DMS application. The deployment team arrived to the office later that morning to continue working on re-imaging machines and addressing escalated issues.

“Any change, even a change for the better,

is always accompanied by drawbacks and discomforts.”

Arnold Bennett

Yes, there was a lot of change and the next few days, and weeks will bring a lot of adjustment for our firm while dealing with a new interface that touches pretty much everything they do in a daily basis. However, I can’t emphasize enough the great performance delivered by our Training Team. This showed during the whole day. While there were a lot of different activities going on at the same time, the day went very well; I really had expected more issues and questions from our users but they held up and dealt with the massive change extremely well and they actually did bring up some very valid questions. Once again, Kudos to our Training Team here, and they were not done yet.

After a nice group lunch in the office the big test for our team arrived; attorney training. The challenge wasn’t only to engage them and keep them involved but also efficiently deal with the many activities going on at the same time. We had two people doing floor support, two folks conducting attorney training, and three re-imaging the rest of the machines of those in training. Once I finished imaging one of the machines assigned to me I saw the need of switching my role into that of a Project Manager. Issues were still coming up and the vast majority was being efficiently and promptly handled by the support team, while some would need more advance troubleshooting and help from the engineers back at The Mothership. Thus, I saw the need to become the central information repository and I started to centrally compile all issues in our log dedicated to that. We always intended to approach the project this way but we had to deviate a bit from it for many reasons. However, we were able to quickly adapt and react to the new situation and get that PM role going again, which will now be part of all future role outs as it should. The PM will focus on being the “Central Communications Center” as well as the data collector so everyone can stay focused on their tasks. So I started walking around and making sure that everyone was doing what they were supposed to while collecting information that we needed to pass on to the rest of the team.

At the end, we were able to re-image all remaining machines and complete both support and training. It was a long day for most, but the preparation and planning that went on for months paid off again. I think that the main challenge for most was adjusting to the new iManage interface and Idol search engine as well as the obvious adjustment to the Office Ribbon.

Day 4. The Attorneys & Training; Need I Say More?

I do indeed! But this time I wasn’t impressed because of the amazing job that our trainers did. They really engaged the attorneys who also did a great job embracing the new interfaces and really going for it and trying to make the most out of the new systems.

“Change brings opportunity.”

Nido Qubein

As I mentioned these attorneys were really trying to adjust and make the most out of the system. They had great comments about the iManage EMM plugin for email management, which was not being used by all of them; some were exploring the IDOL search engine and began to like it a lot; heck we had attorneys using Win7 Snipping Tool!!! One of then used this tool to create a Memo and here is how she summarized her experience: “This upgrade has revolutionized my day! I did a two-page memo faster than I've ever been able to do before”. Now, getting this type of comment on Day One, I mean like the morning after the attorney was trained and facing massive change?…Priceless, for everything else, there are Windows XP & Office 2003!

Now, there were still issues and one that we are looking at how to better handle in the future is synchronizing OST files over the WAN. When a person travels to a remote office and logs for the first time to a different computer, Outlook will start synchronizing its caching and could potentially cripple the bandwidth to the office depending on the situation. The way we approached the initial deployment was by bringing OST file from last production day, in this case Friday, with us so that we could sync up locally without going over the wire. The switch to cache mode presents a new challenge not only during the migration but on an ongoing basis going forward, especially for offices with small bandwidth capacity. I will be looking at how our Riverbed Steelhead can help here.

Thanks to the amazing work of the support team, the deployment team was ready to return home by 3:00 pm. Our trainers remained behind and assumed support responsibilities the rest of the week which went very well. In fact, I’ve been checking with our service desk analysts and the call volume from the offices that have been converted have been very low according to them.

We are working on the next deployment which starts this upcoming weekend in our main office here in Columbia, SC. This will be the largest deployment so far and will tell us a lot for the rest of the way but I am confident that our team will deliver once again. From this point on I will be

occasionally posting updates about the whole project as we go on. I will continue to be in some of the deployments as either the Operations Manager or Project Manager. Meanwhile, my team is coming behind the Win7 team rolling out Endpoint and Media Encryption using Credant's Mobile Gurdian at the offices that have been migrated to the new OS already and I will be blogging about that project as well.

Wednesday, August 31, 2011

Win7/Office 2010 Deployment Office 2, Days 1 & 2

"Always plan ahead. It wasn't raining when Noah built The Ark"

Richar C. Cushing

So here we are, delivering Windows 7 and Office 2010 to Nexsen Pruet's second remote office in as many weeks. But first, a little background. First of all, I had not blogged about this project before because I have been in and out of it and my role has been changing. I have been primarily responsible for testing a few applications under my area to ensure functionality in the new environment. However, this week I am the on-site Operations Manager, which could translate into the on-site Project Manager/Do-What-Needs-To-Be-Done Guy (and everyone in the team really does what needs to be done anyway). I am responsible for making sure that the deployments are completed and that issues are addressed and compiled in a central place so that we can go over those before our next deployment. Finally, I'd like to add that this project started very early this year and there have been many phases. We started with brainstorming around January/February, to then go over a Branding phase in March/April. Around April, we began testing our many legal specific applications used by our Attorneys; to then begin creating and fine tuning images. It took until early August and 9-10 versions to get the right image. Developing the outstanding training material took a few months as well and delivering training started in July with Technology Department members first, and then to our pilot group. Last week we deployed the new desktop to our Myrtle Beach, SC office. This week is Hilton Head Island, SC's office turn. The best part of the project? EVERYONE in our department has had an impact, all of the eighteen people that conform our team, including temporary personnel has indeed contributed in a positive way, just as our very supportive and knowledgeable vendors have. But this is about the deployment phase, "The Real Deal". Let's take a look.

A team of six departed Sunday afternoon from Columbia, SC to our Hilton Head Island office. This team includes our Service Desk & Training Manager who oversees the delivery of training as well as floor support; the Operations Manager, who oversees the deployment of the images as well as the many applications and customizations required by each end-user as well as issues logging, one deployment engineer, one hardware and deployment technician and this time, our Director of Technology made the trip to compliment the team and contribute where needed. In addition, twelve others remain at our main office in Columbia holding the fort. Last but not least, I am proud to say that this is The Best Team and Technology Department I have been part of during my 12+ years career.

Day 1. Setup and Deployment

The team got in the office by 6:00 pm and by 8:00 pm the "Technology Operations Center", the Training Room and the temporary Video Conference room were all setup and tested. I have to admit that I thought that we had too many people, but boy was I glad we did! It did paid off. I was amazed of how well and quickly we worked together. This gave the training team the opportunity to go rest at the hotel to prepare for next day's class with staff.

Once everything was setup the deployment team started deployment of images to staff machines and we quickly ran into an issue. We are using Microsoft SCCM to deploy images and we are using our local File & Print servers as local Distribution Points to minimize WAN traffic. Well, the images did not finish deploying to the server. Now, I was out for a week at a Technology Conference and I kind of panicked for a minute and I think that so did our Director, but our Engineer who has done an incredible job on this project even well before we started, was prepared for it and had multiple DVDs with images for each type of machine at hand. I think that we may have lost perhaps a total of 15 minutes or so before we started the deployment. Our engineering and project management teams had prepared a couple of very detailed sheets, one with all the specifics about each machine that we had imaged with information such as specialty applications, printers, drive letters, and anything else that the end-user would need in order to complete their job; and the second sheet contains step-to-step details on how to deploy application and what to check off.

Imaging the machines may have taken about 30 min in average for each. Then we went on to deploy and test most of the applications in each workstation. I tell you, this is very tedious job and what took the longest because of how focused and detail you have to be in order to get everything done properly. We finish around 1:00 am, primarily because we were in such a roll that we just wanted to keep going. After all, we had the whole Monday to complete the deployment ahead of us.

Day 2. The Real Deal

Monday morning I met with the Training team and our Director joined us to go over what we had accomplished the night before and what was left to do before they head to the office to start training the staff. I followed the meeting with a 3 miles run around town, which was very helpful to help me prepare for the day.

The deployment team, including myself, got to the office later that morning while training was being conducted to finish the customization of the machines, which really wasn’t too much after all, the work the night before. Things such as printer drivers, and a couple of specialty apps were the only outstanding issues and they were completed by lunch time. I have to give credit to our Training Manager here; she did a magnificent job in terms of Coaching, Mentoring and Leadership while introducing this incredible amount of change to our users. Want to know why? This was our Trainer’s very first time teaching a Class in our Firm. We did hit a couple of issues but the planning and preparation that went on for months paid up during execution, a perfect example of the 80/20 rule, which if executed correctly does pay off big time.

The day could have not ended in a better way. Our seventh team member, one of our great Service Desk analyst arrived that night to do floor support along with the rest of the team and we head to dinner. After enjoying a great seafood meal at local restaurant, all seven of us took a walk at the beach, which was not only relaxing and needed but it kind of served as a team building experience. IT WAS AWESOME! We looked like seven children having fun!!

Meanwhile, back at The Mothership

Kuddos also to our EVERYONE back at our main office in Columbia. They were so responsive when we needed them and the communication across teams was incredible, another stepping stone for delivering this effort effectively. Our DMS, DBA, AD, Exchange and Network Engineers as well as our main Trainer, Service Desk and Project Management teams were always at hand when issues aroused and were able to quickly address them. In addition, they were also tasked to hold the fort and support day-to-day operations of the firm and they get as much credit as the onsite team does, especially being so shorthanded.

Days 3 & 4 include deployment and training for attorneys as well as support and I will tell you more about it at the end of the day tomorrow, but I can tell you that it was an exciting day for everyone.

Wednesday, July 13, 2011

An Exquisite Weekend with Passionate Volunteer Leaders

ex·quis·ite

Of particular refinement or elegance, as taste, manners, etc., or persons.

pas·sion
Any powerful or compelling emotion or feeling, as love or hate.

This weekend I traveled to Austin, TX, home of the International Legal Technology Association, ILTA, to attend orientation for the organization's new Volunteer Officers as I was recently appointed as VP of its Servers Operations and Security Peer Group (PG), one of twelve PGs that conform one of three core columns that support the structure of the organization along with Regional Groups (RG) and Conference Committee (CC). New officers Chris Boyd, VP of Knowledge Management PG, Joanne Lane, VP of Litigation Support PG, and Kathryn McCarthy South Pacific Regional VP attended the meeting as well as members of the BoD Scott Christensen, President, and Michelle Gossmeyer, PGVP Liaison. ILTA was represented by the Exquisite Randi Mayes, Executive Director and the equally Exquisite Peggy Wechsler, Program Director. I wasn't really sure about what to expect going in other than a great conversation around leadership, which was not only accomplished, but surpassed. My main goal was simply to listen.

I was completely delighted to hear the way that Randi, who led the conversation, started the meeting. She talked about the two words that start the post as defined by Dictionary.com. Now, by definition passion can be good or bad, so when you are leading and communicating you have to be careful on how to use it and channel it in a positive way. We were reminded that Leadership is really a behavior and that controlling our emotions is an important part of it. Meanwhile, I love the context that Randi used when she talked to us about the word exquisite; communication and respect. These two words also reflect the way that ILTA's leadership is based on as stated by its core values, in short, by respecting each other while collaborating and being a steward to the organization and its members.

Leading to the meeting Randi sent out a couple of great articles on leadership in preparation to the meeting both by Jim Collins, "And the Walls Came Tumbling Down", which you can read here, and "The Misguided Mix-Up of Celebrity and Leadership." which you can find here . They both address different yet powerful aspect of leadership. The former tell us that great organizations that achieve sustainable success do embrace change and stimulate progress, but one thing remains pretty much unchangeable, their core values. They can evolve, they can mature, they can be re-written, but in essence core values remain unchangeable. Well, that is precisely how I have been able to advance my career, and the reason I believe that I was honored with the appointment as an officer of ILTA; I try to lead by sticking by my values and by modeling my behavior after them: Passion, Integrity, Commitment, Knowledge and Stewardship. Those are my core values and I see them very well aligned with those with the two world class organizations that I proudly represent Nexsen Pruet law firm and ILTA. So you see? I simply cannot stop being passionate because this quality is an important part of me. However, perhaps my passion and the way I apply it can evolve and become an even more powerful tool for me.

Another great point made in the article is that "true leadership is inversely proportional to the exercise of power". Again, this just confirms what I have always believed: first people starts following you, which makes you a leader, then you get recognition, whether it is by means of a title or not. I see leading as not exercising power; instead I see it as adding value and stimulating others to achieve common goals and personal and professional growth.

The second and equally great article "The Misguided Mix-Up of Celebrity and Leadership" talks about how good companies can evolve into great ones when they are led by individuals with objectives focused on the overall good of the company they serve, and whose "ambition is first and foremost for the institution and its greatness, not for themselves". Collins defines this type of leadership as "Level 5 Leadership." Level 5 leaders according to his studies possess all qualities of good leaders as defined by the other four levels "but also have and "extra dimension": a paradoxical blend of personal humility and professional will" I invite you to learn more about each level of leadership by reading the article. This goes back to the previous paragraph; leading is absolutely not about you but about others.

After reading about Level 5 Leadership I asked myself "How do I relate to it? And Can I become one such leader?" Collins gives us an example of a level 5 leader in Darwin E. Smith, former chief executive of Kimberly-Clark who remained pretty much unknown while transforming the business on a company that eventually beat monsters Procter & Gamble and Scott Paper in many categories. Darwin's vision and leadership was keen, but what struck me and I relate to is that he summed up his tenure by saying, "I never stopped trying to become qualified for the job." Wow! I so try to do that every day. Every day I try to be better and more efficient at doing my job and adding value to my team and The Firm that I represent.

Finally I was completely impressed with the different leadership styles and input of my fellow new ILTA VPs. Chris, an attorney and well-known Knowledge Management professional has been instrumental on the success of our KMPG as a founder member of the its steering committee (SC). What impressed me the most about him was his vision and exquisite, yet clear way to communicate; he even came up with a new line to express how ILTA relationship with its vendors should be viewed, something that Peggy, being the great leader she is, immediately recognized and will be adding to our arsenal. Joanne, who has built Litigation Support in different organizations from the ground up, is a proactive leader who does not shy away from stepping up and leading her team during difficult times, which she has already done twice during her tenure as a Litigation Support SC member, which ultimately led her to become the PGVP. Finally Kathryn, who has been a City Rep since 2006 and wears many hats at her firm, struck me as having a leadership style that combines thoughtfulness and creativity to drive people. Meanwhile, I have to thank Scott and Michelle for the exquisite job they’ve done as leaders of the BoD, and for trusting us with our new roles, which includes building the new leadership waves of ILTAns, just like they’ve done for years.

The day ended with a great local style dinner with fun conversations, followed by an old fashioned ILTA style social networking at the unique Austin's 6th Street, were we got to know each other better and have fun. I even learned that Chris and Kathryn are big soccer fans, one of my passions and topic of discussion in my next post about leadership.

About ILTA. For over three decades, the International Legal Technology Association has led the way in sharing knowledge and experience for those faced with challenges in their firms and legal departments. Through delivery of educational content and peer-networking opportunities, we provide members information resources in order to make technology work for the legal profession. Visit ILTA at www.iltanet.org

Tuesday, June 7, 2011

Troubleshooting WAN Failover with BGP. A good procedure and attention to detail are critical.

A few weeks ago we ran into an issue when our primary Internet Service Provider (ISP) went down and we automatically failed over to our secondary ISP. This had happened before but in a different type of setup when we were in a dual homed Customer Router (CPE), which means that both carriers terminate in the same customer router; today both of our carriers terminate in their own CPE, which are Cisco Routers that terminate in a Cisco 3750 Layer 3 Switch Stack. The main points I want to make with this post are 1) you must have a structured procedure in order to troubleshoot this type of issues, and any other technology problems that you may encounter in your network for that matter. While it took a while to figure out what was wrong with this setup, I believe that it could’ve taken longer and I would have not been able to keep my cool had I not had a procedure to follow. And 2) pay attention to detail, it can save you sometime.

The problem we experience wasn’t really fail over. That did happen as designed. When our primary ISP went down BGP and EIGRP did all their work and the network connection came back up within 2-3 minutes after the failure. I followed our procedure to make sure that fail over happened properly; makes sure we are up (pings and alerting systems), make sure we know which network we are riding (trace routes and alerting system), user experience (make a couple of calls to make sure that systems were accessible), phone system is up (dial some extensions, check PRI registrations at the gateway). Up to this point everything seemed fine. I even called folks and they said everything seemed to be up. However, one person emailed me to report phone issues and at that moment I noticed that our PRIs were not properly registered with our Cisco Unified Communications Manager (CUCM). And here is where the troubleshooting began, not to mention that I am adding this step to the procedure, which is a “living” document.

I ran a few Show commands in both routers and the switch stack and all protocols were up as well as the main routes that we were riding; however, I noticed that my internal routes were not being advertised properly which led me to understand that our voice system was up by means of SRST, the fail over mechanism used by CUCM. I ran a few Show Run commands in all routers and switches in each side. I could tell that Router BGP and Router EIRGP had been told to advertise all the proper networks as shown below.

Remote Switch Central Location Switch

I then turned my attention to the BGP routers and again, everything looked fine there as well.

Central Location (Hub) Router Remote Router

I also did run a Show IP Route as well as Show BGP in the routers and Show EIGRP as shown below. I realized that the internal networks from my remote office were not being advertised back to the Hub site but I missed what the main problem was, which I will explain shortly (screenshots below are from current config and they don’t reflect what happened then. Our 10.70.0.0 network was not showing at the moment)

Show BGP told me that I was missing remote LAN network (10.70.0.0 was not showing up)

Some EIGRP Stats

The next step in my troubleshooting procedure was to contact our primary ISP to confirm whether or not they could see the routes that we were sending through our secondary provider, and sure enough, they could not see them. At this point I really felt lost and followed the playbook which says: “Stop wasting time and call Cisco TAC”, so I did. After about 20 minutes of troubleshooting (that after the frustrating 30 minutes on hold), they finally identified what we were missing. CHECK YOU ROUTER ID (RID). The engineer realized that the BGP RID in both routers were the same, hence EIGRP was not able to send the routes properly because it had two BGP routers with the same ID. Once we changed the RID in one of the routers (in our case the primary router) the routes started to propagate accordingly and we were 100% operational while in failover mode. To change the RID go into Router BGP mode and then run the change RID command, where A.B.C.D is the IP address of the interface that you want to designate as the RID.

I am glad that we worked on this until we resolved the issue because this was a very long outage and we were still riding the alternate ISP the next morning. Bottom line: have strong troubleshooting procedures and methods, and revise them as your network changes and evolve, understand what the problem is so that you can tackle it accordingly and pay attention to detail. It can save you time and many frustrations. In addition, I checked other remote sites and noticed the same problem, which I addressed and now all branches are setup properly, which will eliminate further issues.

Wednesday, April 27, 2011

Using Managed Services and SaaS in your Information Security Strategy Makes Sense.

Over the last several weeks we’ve seen how big corporations have been hit by security incidents. Those who made the news were often because of incidents related to Data Loss, such as WikiLeaks or Episilon events. They show the need for security professionals in the enterprise is increasing. And there are other areas of concern like the current landscape of advance threats, internal threats from disgruntled employees or insider trading, or increase in usage of services like Dropbox, Skype, and mobile devices among others. And when solid Information Security vendors such as RSA and Ashampoo experience data security breaches, I just wonder if there is hope for the rest of us? I believe there is and it may not be inside your organization.

When it comes to information security I believe that you must hire the best resources that you can. Whether internal or outsourced this group must have the skills, knowledge and access to do what they need in order to preserve your company’s data, which should be one of the most valuable assets of the organization. And hiring partners in the form of SaaS and Managed Service Providers, MSP, makes sense because hiring your own resources with those skills will certenly be very costly.

We are a small team of two and half that is responsible for Network Infrastructure and Security for an eight offices, 400 employees law firm. None of us is a full time Security Professional dedicated to the area and that is why I have been making strategic alliances with our Security Vendors that can help us built a strong security team. For years we have partnered with DELL SecureWorks, one of the world’s strongest Security MSPs. Although all of us are very good security engineers with security certifications and strong skills, we just don’t have the manpower to dedicate a FTE to be watching firewall logs and alert us of possible incidents. The superior work that SecureWorks does led me to grow our relationship by also outsourcing two areas that are important to any security program, especially when regulations like HIPAA for example, are part of the conversation, such as IDS/IPS and Log Retention. They add value to our team by tackling the biggest challenges that these technologies present: keeping up with the logs and alerting when suspicious behavior is present. We still have to do our part, which is reacting to the alerts and mitigating the threat, but we have been able to react and pull machines out of the network or close a whole within minutes. Even if we had a dedicated resource for this area, I don’t think that we would be able to react and take action that quickly.

We’ve also hire SaaS companies to help us secure other areas of our network perimeter, specifically email spam, malware, and DLP filtering, and also Web Content Filter. We are currently transitioning our email edge security to Proofpoint, which has immediately added value to our security program with its very strong DLP engine. There are two things I like in particular about this vendor; one is that we don’t have to maintain the DLP dictionaries, something that most vendors would defer to you. The other one is that the appliances which are not in our premises, would attempt to make a TLS connection to the peer email server(s) and if it can’t and there is sensitive information, then it would send a secure message to the recipient. We still need some folks to look through logs and take some actions but less is required from our team. This setup is becoming kind of the standard on today’s email security practice.

At the web browsing edge we have merged from a complex in-house solution composed of three different vendors to another SaaS solution with ZScaler. Since merging to it, the Malware infection in our machines has decreased by 60%. We filter through many gateways in Zscaler’s private cloud by putting a PAC file in the machine’s web browser and the user then filters through the closest gateway to her. This is generally kind of pre-set when the user is in the office because we would always hit the closet gateway to our data center, and will fail over to the next closest one if the one goes down. Now we also have the ability to protect our laptop users when they are outside our offices. In that case, the Zscaler’s Geo-Location feature kicks in and the user browses through the closest node to her, whether she’s in her house, California, or Europe she will always hit the closest gateway available and proper security policies will be applied. The only time when we get involved is when a website is blocked and it someone needs access for business reasons. Many other capabilities are available with this engine, such as throttling bandwidth for media streaming or file transfer, which we use, DLP, which we are testing, or ability to prevent users from posting to media sites such as Facebook or Twitter. It can also block web access from pre-determined browsers, such as old IE, or Firefox for example.

Our team is still responsible for managing areas such as Anti-Virus and Malware, securing network gear, Server and Workstation patching, some areas of physical security and soon HDD and Media encryption, which are all candidates for outsourcing as well. However, we are much more effective by working with trusted MSPs and Security SaaS vendors than if we did it all in-house because. First of all, proper staffing to achieve the same goals would be costly and today is simply out of reach, and second, they can help us keep up with the ever changing and developing threat landscape while reacting to real attacks in a much faster and effective way. In addition, I can now concentrate in developing Policies and Procedures, Incident Response, as well as the other operation areas that me and my team are responsible for. It just makes sense to go this route as opposed to investing on in-house skills.

Monday, April 18, 2011

ILTA Conference 2011. Server Ops and Security, and Tech Ops Teams will deliver great content

2011 rev-elation Conference is approaching and our Server Ops and Security PG is bringing great educational content to it. Our fabulous Steering Committee team, led by Bob DuBois, and completed by myself, Tom Crowe, Mark Brophy, Nate Smith, Dave Nevala, and Toni Brester has done a great job developing sessions around topics often seen in the discussion boards around different technologies that support our demanding law firms. But first, a quick overview of the Conference Team.

The journey began on Friday August 27^th of 2010 while many of us where returning from the fantastic 2010 Strategic Unity in Las Vegas. Right then, our awesome Co-Chairs two-year veteran, Meredith Williams, first-year Co-Chair Kathy Lentini, BoD Liaison, Eric Anderson, along with ILTA’s TJ Johnson and Peggy Wechsler, began looking at their strategy to tackle this year’s conference. As for myself, I am on my 2^nd year representing the SOSPG in the Technology Operations Track. Meredith and Kathy made a great choice by appointing Skip Lohmeyer as Tech Ops Team Leader and together they brought in an impressive group of Legal Technology Professionals that make up our team. The same is true for the other three teams that complete the whole Conference Committee, which are Information Management, Organization Management and Applications/Desktop. Together the committee has come up with almost 200 educational sessions. I thought that last year’s conference was the best that I had ever attended; today I realize that I will say that after each conference that I attend. It is just amazing how the team came up with this amazing content, and how ILTA does it every year. Last but not least, Gaylord Opryland Resort has made an impressive recovery work after being 8-10 ft. under water after the flood in Nashville last year and it is looking better than ever; what a gorgeous venue for our Conference. Oh, and they will tell us their recovery story in Conference. You can’t miss it.

I can only give you a 10K ft. view of what we are bringing to conference as a Peer Group but I am very excited about our sessions and I know you will as well. The team tried to create good balance to bring relevant content that can have an immediate impact on technologies that you are currently evaluating from a servers operations and security perspective. In addition, the whole Tech Ops Team is delivering equally well balanced and amazing advanced sessions in areas of technology infrastructure that support our computing networks. Here is a quick view:

IPv6. Yes is finally coming. And it will be at ILTA this year as well. We are teaming up with the Emerging Technologies PG to deliver two sessions that will unveil IPv6 for us and what it means to how will be running our networks soon. As a reminder, watch out for “World IPv6 Day “on June 8^th. If you thought this is not relevant think again as Asia have ran out of IPv4 and Europe is next as reported by NetworkWorld here http://tinyurl.com/65e6d7v

Endpoint and Media Encryption. Three different Law Firms will tell their story on why this technology is needed, what’s available, what to watch for. There will be content for all firm sizes here.

VDI. We’ve done this one before, but never at this scale. See how two very large firms with global foot prints have delivered hundreds of Virtual Desktops effectively. An impressive session is being developed with equally impressive speakers.

Securing the Virtual Environment. You have to come see this one because traditional security no longer applies to the virtualized world.

Upgrading to Exchange 2010. How do you prepare for it? What challenges can you encounter when coming from different previous versions? Two firms and one of our great ILTA Sponsors will prepare you for it.

Technology Operations Forecast. The way we design, implement, and manage technology will not be the same. This session is part of ILTA’s Law 2020 initiative.

And there are other amazing sessions being delivered by the Tech Ops Team which include, a Disaster Recovery session where the Gaylord will tell their story after the flooding and a global firm with offices in Japan will do the same after the massive earthquake and Tsunami that hit them this year. Other Sessions include DLP, Exploring the Exchange 2010 Ecosystem, Hosted Communications (both voice and email), Securing Windows 7, Keeping Documents Secured in Mobile Devices, and Change Management Impact on Tech Ops.

Go register for this year conference, and when you get there, check out the SOSPG group and Tech Ops sessions. You don’t want to miss this year’s conference! And please join me on thanking the amazing people behind our PG and Conference Committee teams for contributing with their time and knowledge to help ILTA make this great conference happen!

Sunday, April 3, 2011

I Shall Become a Virtual Machine

“As far as personalities are concerned, if men are from Mars and women are from Venus, then IT people are from Microsoft and their business partners are from Apple.” Susan Cram in her book 8 Things We Hate About I.T.

The statement above got me really thinking, observing, analyzing, and connecting. At the end I concluded that I wanted to become a Virtual Machine. Let’s take a look.

IT people are generally seem, rightfully so, as Geeks and according to Paul Glenn from Leading Geeks they “are more captivated by technique than application.” This next statement in the book made me think about the Apple vs. PC commercials. On the one hand we have the Geek representing PC, or really Microsoft, who needs to do so much work to get a task done. He also struggles explaining the How, but cares little about the Why. On the other hand, we have the modern guy who just gets the task done. His main concern is to efficiently do what is needed from him while also being innovative and creative.

The problem is that they constantly fail to communicate, at least effectively, which is one of the big problems between IT and business units. Business Leaders are concern with strategy, growth, revenue, profits. And they should. However, more often than not they assume that IT can deliver what they need, the way the need it, and when they need it without discussing the current business goals and strategy with IT Leaders. On the other hand, IT believes that they know what they are doing and that they are delivering value to the business. Many times we assume that we are valuable to the business because we just delivered the newest, fastest and coolest Intranet, Phone, Email, Billing or ERP Systems. But is that what the business need in order to growth, generate revenue, and profit?

Connecting Apple and Microsoft

Then I started thinking about Citrix and VMware, two major technology players today that deliver Virtualized platforms such as servers, applications and desktops. Why? I own an iPad and I absolutely love it. While I don’t consider it my primary tool to conduct my day-to-day work (yet), more and more often I use the Citrix Receiver on it to connect to my Firm’s system and do my work. Others may use VMware View client to get the same work done, and again, the common theme between those two is that they are virtual platforms that are pretty much hardware or OS agnostic. Their sole focus is to Connect you to your office so that you can do your work. While I understand that this approach may still not address the two platforms failure to communicate to each other, I do believe that it addresses the disconnection between them because I can now run a Microsoft Desktop or Application, in an Apple device (chuckling while picturing Steve Jobs laughing about it)

Becoming a Virtual Machine. Becoming a Connector

And that is why I want to become a Virtual Machine (VM). I want to be able to connect Business and IT by establishing and maintaining an effective communication bridge between the two so that IT can deliver value and operational efficiency. I want to be able to help the whole IT Organization to understand What the business is trying to achieve, Why is trying to achieve it, so that we as an organization can be part of the “How we can achieve it” discussion. I want to help the Business Units to understand what the current capabilities of the IT Organization are, and what they might be in the future. I want to be able to connect both sides to deliver services that will help us become more operationally efficient as a whole, so that Technology can be used to create innovation and competitive advantage.

So I guess I want to be a VM, and next time you see me you may call me VM.

And I leave you with a question. Who is Google then? I believe that it is the Staff in general. The Staff outside Management or Leadership of any sort, which despite getting it done is having a hard time being considered into strategic discussions, but it is kind of making its way through, at least in the most efficient organizations. Food for thought.

Thursday, February 24, 2011

Easy Video Conferencing anytime, anywhere

A few days ago I had an email exchange with a group of industry peers started by one of them, an IT Manager of a single office Law Firm, asking about Video Conferencing vendors and strategy. He is starting a project on this area and one of the requirements is to have the ability to conduct business with clients via video. His questions got me thinking and I pointed out that he should look beyond the Conference Room, another requirement. I think that we all have to approach video conference this way nowadays and make it available to internal and external customers anytime, anywhere in order to enhace enterprise collaboration. Yes we need good setups in conference rooms, especially in multi-office environments such as where I work, but this technology has evolved during the last two to three years in part propelled by emerging technologies and trends such as Skype, mobility or a more mobile workforce.

Is Skype changing the game?

Certainly. Whether or not your enterprise supports Skype, you are probably asked to provide access to it often. We neither support it nor allow it in our Firm’s machines for security concerns primarily, yet we still have to provide our business with tools that facilitate the way they conduct business, which has led us to both be creative and upgrade our Video Conference Equipment infrastructure (VCE), which is Cisco Tandberg.

One thing that we have done to avoid Skype is use our Webinar technology. We use AdobeConnect to provide clients with presentations and other marketing events. We have taken advantage of the software’s video and VoIP capability by creating “Video Rooms” that our attorneys and their client can access securely over the web and run meetings effectively. It has been a good work around for now but the challenge expressed by our internal customers is that they need to be accessible by clients in an ad-hoc manner like that provided by Skype and such tools.

Today, after a recent upgrade to what I call “Cisco Tandberg ecosystem” we can provide stronger alternatives to our attorneys that extend the video experience to the desktop/laptop. This means that regardless of physical location, attorneys will be able to communicate via video with both internal resources and clients or partners outside the firm. We are introducing two different tools that we can now provide: Movi and Conference Me

Video Conference anytime, anywhere.

Movi, is a small SIP client that we can deploy internally and externally so that attorneys, staff and clients can participate in Video Conference right from their desktop regardless of whether they are inside or outside our network. The client can dial another Movi user and have video calls anytime in an ad-hoc fashion, or you can call video conference bridge that is in progress in the Codian. Now, one of the beauties of it is that we can send the executable to our clients who will now have the same capabilities as our internal customers. Attorneys and clients can now call each other regardless of where they are and have video conference meetings just like they would do with tools like Skype. Furthermore, with just one click of a button, Movi is also capable of sharing your desktop for presentations or document reviews for example, something very valuable for industries such as legal.

Another tool, Conference Me, has its place too. This tool can give internal and external customers access to video conferences held in the Codian from a web browser. We send the client the link they click on it and register to our VCS and they are in the conference room, much like we use our AdobeConnect today. This is more like a scheduled conference where everyone has to enter the bridge to communicate, but just as effective as being in the conference room. Conference Me can also be used in Streaming mode, so that attendees can watch meetings without necessarily interacting with presenters.

The Challenge: Conference Management.

Or is it? The Tandberg ecosystem also includes two management pieces, the Tandberg Management System, TMS; and Tandberg Content System, TCS. Traditionally, our Technology Department has been heavily involved with opening and tearing down these meetings which were held in pre-defined “bridges” in our Cisco MCU. However, with the addition of TMS meetings can be scheduled and dynamically started and finished by anyone with proper training. We are looking at delegating this function to our receptionists who are heavily involved with all type of video or audio conference scheduling anyway. This will eventually free up IT resources that can concentrate on other activities and only engage when troubleshooting is needed.

All of these meetings can be recorded by TCS and make accessible internally or externally to be viewed anytime. We have used this tool many times in different ways, such as regular meetings or presentations, or attorneys preparing for depositions, trials and such. And the addition of TMS will make it much easier to use as the recording piece will be scheduled just like any other endpoint.

What’s next?

Telepresence has been the next big thing in video conferencing for a while, but as you can see other, more affordable tools have emerged and in my opinion this trend will continue, beginning with enterprise video to mobile devices such as iPhones, Droids, etc. In fact, we have effectively tested a couple of H.323 apps for the iPhone which can be used to connect to our Codian conferences. I see this as big trend especially with newer video enabled tablets coming up soon. I can see how tools such as AdobeConnect could potentially be used from tablets in the same way we use them today from desktops to do presentations that incorporate VoIP and video.

Skype, and Skype-like service will continue to make their way to the enterprise and there are a few gateways that provide bridging to them today. If you are an AVAYA customer for example, they now have a gateway service that bridges telephony to Skype and they are working on video. Until Skype can be more transparent the challenge is avoiding having to run the Skype client inside your network.

Presence systems deployments, another feature of Movi, will continue to grow. We are expanding our Cisco Presence system, an Instant Messaging tool, which can now support video natively as well as IM with a click of a buttom. In fact, Cisco is incorporating Movi as its video engine and, in my opinion, will eventually phase out one of the two and give the client (CUPC) a new wacky name as they usually do.

Telepresence will eventually get there too, but that is big setup in a Conference Room, and adoption will continue to be slow until it is made more affordable and mobile. Small and mid-size business will take on Video Conference more and more as it becomes more accessible. The botton line is that we need to communicate effectively anytime anywhere, and for us Cisco Tandberg is making it possible for us.

Sunday, February 6, 2011

Technical Safeguards for Legal regarding HIPAA

In February 2010 the Legal Industry got hit with a pretty big compliance issue when the HI-TECH Act made changes affecting HIPAA Business Associates. The legal world gets directly affected by these changes because Law Firms that work with Covered Entities through their Health Care, Litigation, and perhaps other practices, become Business Associates. I will not go any further into details of the actual specifications of the law. Instead, I will focus on what you could do to implement Technical Safeguards to protect Electronic Protected Health Care Information, ePHI. Meanwhile, I will refer you to ILTA’s HIPAA Rules for Law Firms article enclosed in the Peer to Peer edition of March 2010. Notice that I am only dealing with Electronic PHI here, and hard copies of this form of data deserve attention as well.

Protecting that pesky ePHI and THE FIRM

HIPAA brings new Information Management and Information Security challenges to the legal industry and its technology practitioners but it is also a good opportunity to protect your firm as a whole, which I have been preaching since engaging in the HIPAA project because of my background on security. Any regulatory compliance requirement that your firm is going through is an opportunity for the Technology Department to build a strong security program around it. You may not need to apply specific HIPAA safeguards to the whole firm, but I can assure you that there are other regulations that you need to comply with, and if that is not the case, it is just common sense, especially with new regulations around Personal Identifiable Information around the nation.

Since we are focused on HIPAA here, let’s take care of the Health Care practice and the HR area that deals with ePHI and problem solved you may be thinking. Wrong! Expect MANY folks outside the Health Care practice to be BAs because involvement in different Matters. I encourage you to conduct a survey asking who handles any type of PHI, whether electronic or not. I bet you will be astonished with the results.

BUT WHERE IS THAT DATA? I mean, really. Do you know where all the ePHI is? If you do, then I salute you. Oh, and I know that you are thinking about your Document Management System, DMS, your Financial Systems, and your File and Print servers. Is that it? Can you probe it? How about laptops, desktops, and other servers? This is an ongoing process and the stepping stone of any implementation that follows. You can’t protect something that you are not aware of. It is important to understand that you must be able to log and audit your systems in order to probe compliance. Thus, my inclination for systems that meet that critical requirement.

Today there are tools that can scan your network and leverage built-in dictionaries and rules that help you identify compliance specific data. They are often referred as DLP tools (Data Leak/Loss Prevention tools) however, don’t rely on them completely. Talk to the data owners and users as well. I have found over the years that users are the best resource that you can use while building your security program.

We found the data, let’s build the Fort

Let’s start with Access Control. Make sure you understand your network as a whole, especially your Active Directory (AD) Security Groups and other security elements of it. I am sure that you follow industry best practices, but can you audit and probe that? Implement a strong Security Information and Event Management tool, SIEM, which goes beyond traditional Log Aggregation. Products such as TriGeo, and LogRythim have built-in “intelligence” that not only can help you log and audit, but also aid your Change Management strategy, something I am big on as stated in my last post. You will gain visibility into any changes made into your security groups. There are also AD specific auditing tools that can aid on this area and may be more accessible such as ManageEngine products.

Additionally, take a look at your Ethical Walls approach and see if you can extend it beyond your Records department. It is extremely important that there is ongoing communication and collaboration between IT and Records during this process so that you can expand your strategy to areas of IT such as DMS, and Financial systems through software like RBRO, WincWall or IntApp, in addition to Risk Management built-in features in your DMS or Financial systems.

Data in Motion is not only email

We often think of Data in Motion as email, so let’s start there. My background in Health Care taught me one thing: securing ePHI moving through your messaging system could become a nightmare if not thought thoroughly. In my experience I’ve found that the first thing to mind is TLS, which is a great encryption method, yet unmanageable in mid-size and large environments. The same applies to a Certificate based PKI approach. In both cases, the challenge is managing all those certificates and keys. Furthermore, you’ll have to deal with those smaller Health Care practices that don’t have an IT Department capable of setting up managing their end.

A third solution includes full email encryption products that deliver encrypted messages to the recipient’s inbox. Products such as Cisco’s IronPort, ProofPoint, or the very well-known in the Legal vertical Mimecast deliver messages either as encrypted attachments or with a link that will redirect you to a secure site where you can read your messages and take action on them. I highly favor this approach because they are centrally managed, more scalable, and have stronger logging and reporting capabilities. However, be prepared to provide clients with the other two alternatives. You will come across end-users that will hate having to go through an extra step to “just read an email”.

Then there is the new world of mobility, which includes Laptops in all forms, USB drives and other removable media, Smartphones, tablets and the list keeps growing.

You can address issues around laptops and removable media with Encryption tools such as those offered by Check Point, PGP, or Credant, or the free, yet extremely strong TrueCrypt. You will have to pick “your pain” when it comes to encryption. If you choose to go with a Full Disk Encryption approach then you are going to have to deal with pre-boot authentication, which can become a pain when performing trivial tasks such as troubleshooting a system that needs to be rebooted, or deploying software upgrades (in addition to the adoption opposition). If you go with just File Level Encryption only, your devices may still be exposed to Brute Force attacks. And then, there’s Credant’s interesting approach, which encrypts at the file level, yet, it protects the machine’s registry that deal with AD Security database and swap files, which protects the device against access attacks. I really like this approach.

Encryption tools also protect removable media such as USB drives and even SIM cards in Smartphones by deploying policies that can limit device access, white list them so that only approved devices are allowed, and encrypt data in a similar way as previously described. Just make sure that you are aware of what your mobile device float looks like and that you set expectations with regards to client involvement, meaning, what to do when you send data and devices to each other.

Smartphones are also a concern, and although most people think of the problem in regards to email I think that we need to look further and create a strategy that address security concerns around it as a whole, just like you handle laptops. As stated in 2010 ILTA Conference session, Strategies for Managing Disparate Devices in Your Mobile Fleet, these devices are PLATFORMS, so you must threat them as such. I will dedicate a different post to this topic, but for now, know that there are tools that can help you manage these devices by separating corporate data from personal data and in turn, encrypt and control the business data and take action such as deny access or remote wipe the firm’s data. Examples include Good Technologies, MobileIron and Zenprise. McAfee and TrendMicro among others, are also coming up with AV Software for these devices, which in my opinion, will be a must have by the end of this year.

If your firm is dealing with HIPAA, then take this an opportunity to enhance your Information Security program, which in my opinion, has been traditionally too loose in the Legal sector. I will be blogging later on Information Security Policies and Procedures, as well as Disaster Recovery, which are important areas to achieve HIPAA compliance.

What is your firm doing to protect Electronic Protected Health Care Information? Moreover, what other regulations are hitting your firm?