FIR B2B podcast #102: Fixing Facebook’s flaws, for real this time

This week we review what Facebook could be doing to make things better for all of us. Its problems have been well documented, from privacy violations to a massive sell-off in its stocks to untrustworthy comments from its CEO. It’s CMO position has remained open for most of the year, prompting them to list the job on LinkedIn of all places.

I posted my thoughts on some of Facebook’s issues two months ago. I talk with my podcast partner Paul Gillin about how the company can rescue its image from the recent tarnishing, such as:

You can listen to our 15 min. podcast here:

The wild and wacky world of cyber insurance (+podcast)

If you have ever tried to obtain property insurance, you know you have a “project” cut out for you. Figuring out what each insurer’s policies cover — and don’t cover — is a chore. When you finally get to the point where you can compare premiums, many of you just want the pain to end quickly and probably pick a carrier more out of expediency than economy.

Now multiple this by two factors: first, you want to get business insurance, and then you want to get business cyber insurance. If you are a big company, you probably have specialists that can handle these tasks — maybe. The problem is that insurance specialists don’t necessarily understand the inherent cyber risks, and IT folks don’t know how to talk to the insurance pros. And to make matters more complex, the risks are evolving quickly as criminals get better at plying their trade.

My first job was working after college in a key punch department of a large insurance company in NYC. We filled out forms for the keypunch operators to cut the cards that were used to program our mainframe computers. It was strictly a clerical position, and it motivated me to go back and get a graduate degree. I had no idea what the larger context of the company was, or anything really about insurance. I was just writing numbers on a pad of paper.

Years later, I worked in the nascent IT department of another large insurance company in downtown LA. This was back in the mid 1980s. We didn’t know from cyber insurance back then: indeed, we didn’t even have many PCs in the building. At least not when I started: my job was to join an end-user support department that was bringing in PCs by the truckload.

So those days are thankfully behind me, and behind most of us too. Cyber insurance is becoming a bigger market, mainly because companies want to protect themselves against any financial losses that stem from hacking or data leaks. So far, this kind of insurance has been met with mixed success. Here is one recent story about a Virginia bank that was hit with two different attacks. They had cyber insurance, and filed a claim, and ended up in a court battle with their insurer who (surprise!) didn’t want to pay out, claiming some fine print on the policy.

Sadly, that is where things stand for the present day. Cyber insurance is still a very immature market, and there are many insurers who frankly shouldn’t be writing policies because they don’t know what they are doing, what the potential risks are, and how to evaluate their customers. If you live in a neighborhood with a high rate of car thefts, your auto premiums are going to be higher than a safer neighborhood. But there is no single metric — or even a set of metrics — that can be used to evaluate the cyber risk context.

I talk about these and other issues with two cyber insurance gurus on David Senf’s 40 min. podcast Threat Actions This Week here. I am part of a panel with Greg Markell of Ridge Canada and Visesh Gosrani of Guidewire. If you are struggling with these issues, you might want to give it a listen.

Why adaptive authentication matters for banks

The typical banking IT attack surface has greatly expanded over the past several years. Thanks to more capable mobile devices, social networks, cloud computing, and unofficial or shadow IT operations, authentication now has to be portable, persistent, and flexible enough to handle these new kinds of situations. Banks have also realized that they aren’t just defending themselves against external threats, that authentication challenges have become more complex as IoT has expanded the potential sources of attacks.

That is why banks have moved towards adopting more adaptive authentication methods, using a combination of multi-factor authentication (MFA), passive biometric and other continuous monitoring efforts that can more accurately find fraudulent use. It used to be that adaptive authentication forced a trade-off between usability and security, but that is no longer the case. Nowadays, adaptive authentication can improve overall customer experience and help compliance regulations as well as simplifying a patchwork of numerous legacy banking technologies.

In this white paper I wrote for VASCO (now OneSpan), I describe the current state of authentication and its evolution of adaptive processes. I also talk about the migration from a simple binary login/logout situation to more nuanced states that can be deployed by banks, and why MFA needs to be better integrated into a bank’s functional processes.


FIR B2B podcast #101: Machine learning comes to marketing

This week we talk about new ways that machine learning and artificial intelligence can benefit marketing organizations. While these three news items are all different aspects of this technology, they show collectively how these new technologies are changing the way marketing is done.

First up is a new smartphone app called Truthify that does advertising context analysis (as shown at right). The app interprets the user’s facial expressions to deliver what it thinks the user’s emotional state is, including fear, anger, or happiness, among other traits. The app comes with a web dashboard so you can analyze your campaigns and the resulting demographics. The app is now available for iOS users and soon for Android.

Second is a new influencer platform called AdHive. It is a combination of influencer marketing and AI-powered campaign management. You can sign up for the tool and influencers are paid to participate, while advertisers can choose the right kinds of people to exploit, er, we mean make use of, their tool.

Finally, Google last week announced four new products using machine learning that are aimed at helping marketers create more effective ads. These include responsive search ads, tools to optimize YouTube traction and local campaign management and smarter shopping. Google claims that advertisers who have tested these services have seen clicks increase by 15 percent.

Marketers who have been loathe to adopt new technologies do so at their own peril. These tools are good examples of what the future portends.

You can listen to our 18 min. podcast with my partner Paul Gillin here.

RSA Blog: New ways to manage digital risk

Organizations are becoming increasingly digital in their operations, products and services offerings, as well as with their business methods. This means they are introducing more technology into their environment. At the same time, they have shrunk their IT shops – in particular, their infosec teams – and have less visibility into their environment and operations. While they are trying to do more with fewer staff, they are also falling behind in terms of tracking potential security alerts and understanding how attackers enter their networks. Unfortunately, threats are more complex as criminals use a variety of paths such as web, email, mobile, cloud, and native Windows exploits to insert malware and steal a company’s data and funds.

In this post for RSA’s blog, I talk about how organizations have to become better at managing their digital risk through using more advanced security and information event management systems and adaptive authentication tools. Both of these use more continuous detection mechanisms to monitor network and user behaviors.

Not yet ready to cut the cable cord

If you want to completely cut the cable cord, it isn’t easy. I have been waiting for technology to become spousal-ready, and we are still about a year or two away. Today you have a lot of choices in the $40/month range that rival what the cable companies offer you for TV programming. The trouble is you have to make a choice between user interface and great TV resolution: you can’t yet have something that delivers both, other than your cable company.

I pay AT&T Uverse $125/mo. for my TV programming. That includes two receivers, one of which is a DVR and a boatload of various taxes and fees. Is it worth it to move to one of the online TV providers and save $85 a month? Eventually, I decided no, after trying two services, You Tube TV and Hulu Live TV. You can follow along with this column if you are brave enough: both offer a free trial of their services for a week, after which the monthly subscription starts. There are other services; my patience wore thin after experimenting with these two however.

Let’s first look at the user interface and mindset of the two online providers. You can obtain your TV programming in one of two ways: either by selecting your shows using a channel via your web browser or via an app that runs on your TV equipment. The web browser has the better UI because the developers working at the providers have more to work with and are more used to building web apps these days. And, you have a real keyboard for input, unlike your TV where you have to navigate around an on-screen one that can be infuriating.

So how do you get the audio and video signals from your computer to your living room TV? Two ways: either by connecting your computer directly to your TV with an HDMI cable or using one of several devices like Google’s Chromecast that does this for you wirelessly. If you use the direct cable connection from your computer, you will have to figure out a wireless keyboard and mouse to control it. If you use Chromecast, you will have to figure out the sequence of controls using the three apps that Google has (Google’s Chrome browser, Google Home and the Chromecast app itself) to get it setup. The workflow isn’t immediately obvious, and I suggest you learn the process before bringing your spouse into the room for the demo.

The nice thing about Chromecast is that any content that is displayed in a browser tab can be quickly transmitted to your TV by clicking a few buttons. I say a few: my wife got immediately weary of the process when I showed her what was involved. Your own experience may be similar. The bad thing about Chromecast is that the resolution is poor: nowhere near HD quality and even below SD video quality. Even if you have an old living room TV (and mine is more than five years old), you will be disappointed with the Chromecast video quality. And by the way, Google sells two different versions of Chromecast: one is for audio only; the other is for video and comes with the HDMI connector.  Make sure you buy the right one.

Another difference is how you access TV shows that have previously aired. Hulu’s web UI is very akin to the Amazon and Netflix web UI. In order to get the entire season’s worth of episodes, you have to click on the name of the show in the “My Stuff” guide. You can’t reorder the shows listed. If you click on the video itself, you are taken to the current episode. You Tube TV lists each episode as separate videos, much like the way ordinary You Tube does for its videos. (You can see the web version of the live TV guide above.)

So far I have only talked about using the web clients of You Tube and Hulu. There is a second method, which uses the native apps that run on your TV equipment. If you have a new TV, chances are it comes with apps for a variety of video providers, including Amazon, Netflix, You Tube and Hulu. I tried the apps that ran on my Samsung Blu-ray player: it didn’t have a You Tube app, again because it was more than five years old.

Sadly, there are UI differences between what you see with your web browser and the TV-based app clients, with the TV apps being far less capable than their web cousins. One big difference is how the onscreen channel or movie guide is shown. Netflix has the longest experience with developing its apps, and there are major interface and stability differences between its Android, iOS, web and embedded TV apps. On my Samsung device, the Netflix app frequently can’t find the Internet, or just quits working entirely. On the web client, that rarely happens.

Like Netflix, You Tube TV and Hulu both allow you to segregate your family’s preferences, so you can keep track of your individual tastes and what you have already watched. You Tube allows up to six different family members. Hulu is more restrictive and confusing, and there is also an unlimited extra-cost option.

Speaking of extra cost options, this is where the two providers are showing their relative youth. If you don’t want to watch live TV programming, Hulu has plans that start at $8/mo., or $12/mo. if you want to skip most commercials. If you want everyone to watch different streams concurrently, that will cost another $15/mo. There are also premium channel fees for HBO, Showtime and Cinemax.  You Tube TV has Fox Sports, Starz, AMC, Sundance and Showtime premium add-on channels.

Finally, Hulu with Live TV doesn’t support viewing live TV streams on all of its devices, according to this very confusing webpage. I read over the caveat several times and didn’t really understand what they were saying.

Alright, let’s move on to discussing the real benefit with using the TV apps from the online providers (or Blu-ray player, in my case).  Your video quality will be as good as anything else you run on the TV, full HD. But you have to put  up with a sub-par UI to get it.

So, what should you do? First, if you are in the market for a new TV, sign up for at least one of the online TV providers before you go shopping, and set up a simple temporary login password too. Go to your store and login to your provider, using the embedded app on the TV, and see for yourself if the UI is going to give you fits in selecting your programming with a couple of sets that you are interested in. If you really want a true A/B test, buy a Chromecast and bring that along with your laptop and see what the resolution will be if you don’t believe me.

If you just bought a TV within the last couple of years, try my experiment at home and see if you get better results that I did with my tests. The apps could be better than I experienced. If you have a large family and many different TV sets scattered throughout your home, you will probably end up sticking with your cable provider.

Freelancing tip: collecting your clips in one place

One of the best things that I ever did was put together a website that had links to all of my clips. Granted, this in 1995 when the Web was young, and many pubs didn’t have online versions. But now everyone is online and it is a lot easier to do.

Why should you build a clips site? Because you need a reference to your body of work. When you pitch a new editor, he or she wants to be able to quickly go someplace and review your clips and see how and what you write. If you have it all nicely arranged online, you make getting new work easier. All they have to do is look you up your website online and read your previous work.You can also use this website as a handy reference for what you should be pitching too. Finally, you also increase your Google juice and drive additional traffic to your work, which is helpful these days where everyone is counting page views.

What should you use? I use my own hosted WordPress site, and it is a good tool to learn anyway, since many sites now employ it themselves. You can take a look at my site here, and see that I have separate pages for each publisher, and then I also put up a new post whenever one of my articles is published. You can add keywords to make it easier to find particular subjects too and demonstrate your expertise in particular topic areas. I also add a short summary, or maybe the first paragraph of the piece, in my post. If you get a blog on, it is free of charge but then you are limited to their templates. If you want something fancier, you can run a WordPress site on your own domain for a few dollars a month, as i do.

But sometimes putting links to online stories isn’t enough. A lot of pubs have come and gone, and so for the articles that you really care about, take a moment after a piece is published and produce a PDF copy of the piece (If you have a Mac, this can be done easily through the print dialog box.  If you have Windows, there are utilities that can help too. Then put this pdf in a folder that you can retrieve later when the link dies, and post it to your website.

If you don’t want to build your own blog site, there are other alternatives that are free. Editorial-for-hire services such as Ebyline, Contently, and Skyword all offer this feature, and they also might notify you when a piece is posted so you can add it to your portfolio. Here are links to mine:

Note tthat you can create a custom URL in the Contently and Skyword portfolios, which is a nice touch. I went overboard with my page in Contently, putting more than 400 article links together.  I think they have the best of the three systems. Not sure that after you have more than 25 stories in your portfolio if it really matters, but if you are going to use one of these services for your actual portfolio, then you should maintain it. I still recommend you set up your own clips website outside of these systems for complete control and just in case one of the services goes out of business or changes things on you.

The hardest part about building your clips website is just getting started. Once you have it running, adding a new clip won’t take more than a few moments.

Ways to Watch Your Freelancing Rate

I have been in the freelancing business for 25 years and have seen a disturbing drop in per-word rates, especially in the past couple of years. I remember when $1 per word was considered the middle of the road for an established IT writer. Now it seems like the top of the heap, and in some cases almost unattainable. I frequently get asked to write for ten cents a word, or even less.

So my suggestion to freelancers is this: Try to work for the editors that you respect that will pay you the most per word.  In the long run, this will make you the most money.

In order to do that, you need to know how much work is involved in creating the kind of article that you will be asked to write. This means understanding how much research and reporting is needed; and for that you need to be careful about your own limitations and understand the process of how a story gets constructed.

These days research almost always means looking stuff up online and spending time clicking and reading various websites. That isn’t too hard, but it can get time consuming. The good news is that this research isn’t limited by anything other than your own curiosity and time. Sometimes you don’t understand something and really could talk to a live person to clear things up and you need to do some reporting.

Reporting is where the time can get away from you. I recently wrote a story where my editor asked me to get a quote from a source at IBM. I was working with the right PR person (which for a big company like IBM can be a challenge in and of itself) and she was doing a great job hooking me up with the right expert. Except it was taking too long. I couldn’t file my story until I had this quote: weeks went by before the stars were in alignment and I could do my interview. So, be prepared in some instances research can take far longer than expected, and you should account for this when you decide to accept an assignment. And don’t take your client’s word for how accessible a source could be: oftentimes they don’t realize what is involved in securing an interview and obtaining a quote.

Finally, don’t forget my advice about accounting for the number of edit cycles that a client may have in store for you. That should be reflected in your contracts and your rates. Don’t be shy about requesting a heavy surcharge for additional edit cycles, because that can eat up your time quickly.

How to Know When to Write

have been a freelance writer for more than 25 years, and before that, a professional trade journalist for another six years. Over the years my income has varied but always been very comfortable. I have written magazine articles for most of the major IT pubs, created dozens of websites, and written three books, two of which have been published (and let’s just say the results were less than stellar).  Over that period I learned a few important lessons about being a freelancer that I want to share with you. Here is one biggie:

Find your best time of day to write, and protect it.

I am a morning person, that is the way it is. I am most productive in the hours before 10 am. On all of my books, most of the major writing was done in the early morning hours. You need to listen to your body’s biorhythms and follow them. If you have an article to write and it is the wrong time of day, put it aside until tomorrow. Don’t try forcing the words on the page. You will be more productive.

Maybe you have never thought of your writing in this fashion. I know when I first began to do freelancing, I was a bit lost. What do I do first? How do I put together a pitch proposal for work? You have a lot of things competing for your time. So, structuring what you are planning on doing is critical.

For the next week, keep a short journal and note what you spend you time on during each day. Start paying attention to when you can write with the fewest distractions. Do you need to turn off your email, not answer your phone? Shut down a few windows on your computer? Whatever it takes, it is time to focus.

Finally, keep track of ideas. You can use a journal, or have a Word doc that you annotate. Your editors are always looking for new ideas, and it is helpful to have a ready supply of potential pitches.

Now make sure to schedule your “writing time” so that you don’t have other things going on that invade this important part of your day. Dentist or doctor appointments? Visits with friends? Keep them, certainly, but schedule them around your best and most productive moments.

Avoid Rewrite Nightmares: Keep the Edit Cycles to a Minimum

One secret every freelancer has to learn is the writing part of the job pales by comparison to time needed for work to be edited. I have worked for very good and very bad editors over the years. From the best editors, I have learned how to sharpen my writing and improve how I frame particular ideas. From the bad ones, I have learned patience and, well, read on.

There are some clients that just can’t seem to help themselves and have to rewrite almost everything from top to bottom. To avoid getting trapped in these situations, you need to be crystal clear about how your work will be treated once it leaves your computer. Some clients think they are better writers than you, others want to show to their bosses that they have added value to your work.

Now, my contracts are very explicit about this process. I put in language that exactly says I will perform one edit cycle: I write it, the client makes comments, and I submit the final version. If they want to go back and forth endlessly, I charge more.  In some cases, a lot more, such as two or three times my original rate. That usually gets my point across: the editing is almost more time consuming than the original writing. If you don’t have a standard contract, now is the time to look around onlineand modify one that will suit your purpose.

I am not saying that every word that I create is precious and needs to be in the final piece. Just that I enjoy writing, not fiddling with syntax and word usage.

It also helps to have a clear idea of who is going to be involved in the actual editing process itself. Sometimes you get stuck between two editors, one who undoes the changes of the other. Insist (and in writing too) on a single point of contact at your client and have them consolidate and filter all the requests for changes to you. Otherwise, you go nuts with this back-and-forth. And put that in your contract too.

With some writing projects that I have done, I wanted to get multiple comments from reviewers very quickly into my draft, almost happening in real-time. For these situations, I have used one of the real-time editing tools such as Google Docs or Both tools reflect requested changes with a scrolling chat window and different colors to represent each person’s changes. But you have to know your client very well to implement something like this.

If all else fails, then don’t work for these clients: They can make you work much harder  for an end product that isn’t always superior. In the end, you will be happier and enjoy the writing process more if you limit the number of edit cycles and approvals up front.