SiliconANGLE: Rapid7’s security chief Jaya Baloo: Break up silos to lock down cybersecurity

Not many chief security officers will point out not one but two times they took a job while their companies were under attack. But this is what happened to Jaya Baloo, who is now chief security officer at cybersecurity provider Rapid7 Inc. Even more interesting, she considers both times — which happened at two different companies — career highlights. She has a lot more to say in this profile for SiliconANGLE,


SiliconANGLE: CIOs’ relationship with AI is complicated, but they have hopes for a promising future

Artificial intelligence — its value, risks and utility in enterprise scenarios — not surprisingly dominated the discussion at this week’s MIT CIO Symposium, one of the year’s biggest gatherings of senior information technology executives. In this post for SiliconANGLE, Paul Gillin and I review what some of the CIO panelists revealed about the state of their domains, and their relationship with AI tools.

Listening to the OG IT managers, part 3: It’s all about the people, not the tech

If you are just tuning in to my series highlighting some of my long-time IT manager sources, see part 1 where I introduce them and part 2 where I talk about some of their more memorable purchases. In this edition, I want to talk about the people behind all the gear.

Erica Wilson has had many career transitions “but I’d have to say taking on a CISO role was certainly a good experience. I learned a LOT about myself and why having a people-first mindset – supporting their wellbeing and growth — needs to be critical for all organizations. By doing so, with a small but mighty team we were able to accomplish some amazing things.”

Adam Kuhn told me that looking at all his career transitions, “My biggest failure was staying in positions too long.” Like many of my sources, he considers himself a lifelong learner and likes to learn about new technology. When you stop learning, it is time to find new challenges

Gayle Barton told me, “It’s fun to look back at the great projects and fun tools I’ve used, but it’s the people that I remember more often, and especially the people I had the opportunity to help, hire, mentor, or promote. I get the most pleasure from the opportunities I’ve had to hire people I think someone else might have overlooked, to move people forward on their career path, or to mentor students and help them see new possibilities. For the most part, I made some pretty great hires.” When she was at Springfield College she remembers: “They had never had a person designated to help faculty with using technology in teaching, and you can imagine the state of technology use in the classroom. I was able to create a position for an instructional technologist but the pay was low and the pool of applicants was very small. We ended up with a experienced high school teacher who had taught Microsoft Word to hundreds or thousands of students, and was looking for a career change, and I thought that if she could answer the same Word questions over and over, she could teach our faculty to use a new learning management system. She turned out to be great.”

She mentioned several other people who were special to her:

  • The English professor who was finally able to publish his life’s work with the help of a custom database. 
  • The 18 year-old administrative assistant who is now her university’s Director of Campus Services and Outreach. 
  • The former copier repair technician who is on his way to becoming a great network engineer. 
  • The people who Gayle nudged out of management positions, who were more successful and happier in new roles and actually thanked her later. 
  • The man who wanted to get home from the Middle East and who rebuilt a campus’ dying infrastructure. She said, “He has skills that I don’t, but I could sell the vision, ask hard questions, and remove obstacles. Together we put that university on a solid path forward, and it was a wonderful way to end my professional career.”

Gayle told me that “it was mostly great fun, but I am happy to be retired and to let someone else have a turn!”

David Goodman came to the CIO for the International Rescue Committee to create a functional and more business-oriented IT organization. “It was both the high and low points of my career and I doubled the headquarters department during my tenure. But when it came time to develop and implement a longer-term plan, my CEO just didn’t trust me. He rejected my plan and I had to leave. I realized I wasn’t the right guy to implement this plan. My core strength was as a turnaround guy to fix things.” That job helped him understand that “Work doesn’t define who I am. I found out that I had lots of value outside of work. And I was able to have a lot healthier attitude about work later on.”

David continues: “You were an enormous mentor and helped me early on in my career. You believed in me before I understood what I could do and taught me to take what the tech vendors said with lots of grains of salt. You have touched a lot of people and had a front-row seat to the industry and significant historical moments.”

Thanks David, and thanks to all of my sources for making my job so much fun and so rewarding. It has been a great 30 years, and I am glad to have played such a role for so many people, and hope you have enjoyed reading their stories.

Listening to the OG IT managers, part 2: first purchases

My celebration of longevity in the IT industry continues. See part 1 where I introduce my cast  of OG characters. In this post, they speak about some of their memorable first purchases. 

Back in the early days of the PC pioneers, we had to work a lot harder to make everything work together. Mark Lillie created Connecticut Blue Cross’ first internet connections, first web server and built the first set of web pages and installed the first LAN at an HMO that connected an HP minicomputer to a Novell Netware server, both running Oracle databases. “Yes, it actually worked and allowed our clients to easily query the HMO membership data base using PC tools they were already familiar with,” he remembered. Mark also remembers in those pre-internet times when he set up a 1.5M bps T1 lines between three of his offices and impressed his bosses with network links that allocated chunks of 56k bps bandwidth. That’s kilobytes for all of you that are reading quickly. “It was our very own wide-area network.”

Gayle BartonGayle Barton remembers the first time she wrote a purchase order for $75,000 worth of desktop computers when she was at St. Lawrence University. “It was probably three times my annual salary at the time and was quite exciting.” She got a handle on things since then: “For several jobs I changed the desktop purchasing process from ‘everybody gets what they want,’ with all the attendant complications of ordering, configuring, delivering, and training, to a standardized system.  People got four choices: laptop or desktop, Mac or PC, with exceptions for people who genuinely needed something else. We saved hundreds of person-hours and much angst every year.” She developed the first web pages at one university “at a time when the dining hall menu, the bus schedule, the weather and the campus directory were the most popular pages. We gradually moved into helping with digital storytelling for both faculty and students and marrying databases to the web.” Gayle also remembered picking her university’s domain name with the director of operations. “We knew we weren’t the right people to choose this but no one else would understand or care, so we just had a laugh and went forward. Our first user was a math professor who messaged his family in Israel.”

Adam Kuhn recalls that mainframe that I helped power down. “It was an IBM 4381 model 13. It had, at the end of its lifetime, a whopping 16 MB of memory and 7.5 GB of disk storage.”  

David Goodman said, “Lotus Agenda was the first personal information manager that was useful, it would categorize everything for you. I used it for years.” He contrasted it with Workday, “which was a great product but sadly the company didn’t care about the non-profit sector. Ultimately, we implemented it on a reduced scale. The head of HR and I were never on the same page about the technology, which impeded its deployment.”

When John Cronin was at a major telco company, he labored mightily to get Windows 95 to work with a team that was predisposed with OS/2: “they wanted us to fail and started sabotaging our work when they saw that Windows was a better bet.” Ah, those were the days: I labored to write a B2B book on OS/2 that went through numerous revisions, and was never published. He also designed that first Monsanto LAN (mentioned in part 1) to run DECNET protocols: this was prior to the internet but “once that took root, it was trivially easy to add TCP/IP protocols.“

Sometimes things didn’t always go according to plan. Jerry Hertzler went to their Bamako, Mali chapter in 1998. “I tried to connect their network and local email server to our global network but couldn’t complete the task.” Adam uses Microsoft Teams now, but “we bought some Teams desk phones that were both awful and unnecessary since the Teams PC client was excellent. We were lucky to sell them for a quarter of their purchase price!” Gayle bought a specialized academic software tool for $30,000 that was installed in just one classroom. “We never got any faculty on board and it never got used, but the students liked it.”

Sam Blumenstyk was involved in building various LANs and email systems at the Manhattan DA’s office and at multiple NY City agencies where he was one of the founders of an innovative interagency consulting group. He eventually became the Associate Commissioner of the organization. He was able to start with PC technology when it first came out and watch it evolve when he went to work for Prudential Bache Securities. He points to the longevity of Banyan Vines, which was one of the more innovative LAN operating systems, as standing the test of time. I was a fixture at many Banyan user group meetings for years because their users had so many great stories to tell.

Terry Evans said: “The IBM PC was one of the best decisions I ever made, because at the time there were several other contenders.” Despite his early IBM experience, he wasn’t a total fanboy: “Remember DISOSS and Displaywriters? All I can remember is the huge portion of my budget allocated to support them.” I do: I was an early DISOSS user, which combined electronic mail with centralized document storage when I worked in one of the early end user computing centers for a large insurance company.

Don Berliner remembers an early development project he did for the treasurer’s department of a major multi-national that was actually written in Fortran. Since then he has gotten more involved in building Salesforce applications. I was writing Fortran apps when I was in grad school. I am sure there are still apps running somewhere using it.

The IT purchase process

I asked my sources for some of the seminal moments where they made major tech purchases. Jerry recalls how they got involved with NetSuite. “We purchased it in 2017. It changed how we do our operations outside the US. We interviewed users in 23 countries and had reference calls with the UN and City of Orlando. It now runs in chapters in 150 countries.” Sam mentioned when he first got involved with VMware. “That had the biggest impact on my business, and still does,” he said.

For Terry, it was when they moved applications from mainframes to PCs. “There were many doubters that allowing people to do their own personal computing would be a waste of time and money.  Plus the fear of losing control of what people were allowed to do and NOT allowed to do. I felt at the time that this was the future, but really had no idea how far PCs would advance.” He put in place the first PC purchase standards to make support and mass purchases easier.

Erica Wilson doesn’t regret any of her tech purchase decisions. “Because in cybersecurity, traditionally almost all purchases were truly necessary if not required.” She recalls purchasing either an automated patching solution or vulnerability scanning product in her first job.

Next up is part 3 about understanding the career arcs of your people.

Listening to the OG IT managers, part 1

It is hard to believe that I have been working in IT for close to 40 years. I got my start doing tech support connecting dedicated NBI word processors to room-sized Xerox printers when the first IBM PCs were coming into corporations. I have written about my first editorial job at PC Week (now eWeek), and it has been quite a ride since then. And no, I am not writing this post with any thought of retirement. I am still having far too much fun. 

One of the best parts of my job is talking to my sources, IT managers who I have had the honor to know for decades through many job changes (both theirs and my own). It has been fun and rewarding to watch their careers and their responsibilities grow. Some are now retired or have moved on to non-IT fields and some are still running around fixing things for their companies. I wanted to celebrate the many men and women who have contributed to our industry and so here are some of their stories, and my thanks to having their contributions once again.  Let the celebrations begin!

David Goodman is working for Build Consulting and has been in the non-profit field since we first met when I brought one of my test servers to the Guggenheim Museum in NYC 30 years ago. His first IT employer was working for a small object-oriented compiler vendor in the late 1980s.

Jerry HertzlerJerry Hertzler began his career as an engineer at McDonnell Douglas back in 1998. He left there and started in IT for the Campus Crusade for Christ as a network engineer, where he still works and has supported many of their local chapters around the world. We met when I was doing a column for Infoworld back in the mid-1990s where I would hook up a vendor with a new product with an organization that wanted to upgrade to the product. (Think of an HGTV makeover but for nerds.) The vendor agreed to provide the product for free as long as I could write about the experience. The resulting article can be found here: Campus Crusade gets VG’ed, “I guess that was our first major purchase, getting additional VG hubs.”

Gayle Barton got first job in tech with Xerox in 1973, learning how to program in COBOL and being part of an early in-house training program there after getting a BA in economics. Her last job before retiring in 2019 was the interim CIO at Springfield (Mass.) College. Along the way she held other collegiate IT and CIO positions. We met when I spoke at a collegiate IT conference at my alma mater Union College.   

Mark Lillie started his career as a salesman at ComputerLand. Back then he sold Texas Instruments PCs, the Xerox Star and the Osborne. “Those turned out to be less than ideal choices,” he recalled. He went on to have a career in healthcare IT, ending up as Director of Customer Services for a software company. We met at a conference, and I came to speak when he was at Blue Cross/Blue Shield of Connecticut’s IT department. “The mainframe guys were incredulous that I knew you personally!”

Adam KuhnAdam Kuhn got his start in selling copiers and memory typewriters. He realized early on that he wasn’t the greatest salesman but recognized his love of tech. He got his first IT job working in a trade association in DC and has risen through the ranks where today he is Director of IT for a financial services-related trade association. “You met me early in my career and saw my potential,” he said. My favorite story was when his company removed their IBM mainframe back in 1995.

Don Berliner’s first employer was an early IT consultancy and he continues to help a local non-profit to better manage the services they provide their clients. We met in person a few years ago after corresponding for decades and found that we both got the same graduate degree in Operations Research, along with other similarities in our career paths.  

John Cronin got his start as an engineer at Monsanto, where he led a team that implemented the company’s first large-scale LAN and got Windows to run reliably across it. Later on, he worked as an IT architect for IBM even though his time there was unsatisfactory. “My biggest financial decisions were during my engineering days.  Our “small” projects were $10 to 20M, which by comparison many people had $1M IT projects. My approach was from my engineering days where you developed a deep understanding of the technology you were using and knew whether it would really work or not.  In engineering, failure is never an option but in IT, project failures are quite common and I actually killed my first three IT projects because the tech wouldn’t work.” While we didn’t meet until later in his career, he served as one of Infoworld’s IT advisory board members when I was writing for them. 

Terry Evans operated an IBM 402 accounting machine that used punch cards way back at Barden’s Pest Control, eventually moving into the PC era, and retired from the City of Long Beach as the Manager of the Data Center and Network Services. “The PC changed my professional life and has certainly withstood the test of time.” While at the city, he put in ESRI’s Geographical Information System, which was their first installation for a SoCal government.

Sam Blumenstyk started out with Arthur Anderson back in 1974 and just recently retired as the Technology Operations Manager for the NYC-based law firm Schulte Roth & Zabel, where he worked for many years. I wrote about his exploits several times, including this 1993 article for Computerworld. A mutual favorite of both of ours was a series I did for VAR Business called “Sam’s SAN Diary,” where he kept track of the first SAN put in at his law firm around 2003. “This gave me a lot of vendor visibility.” I wrote another article for Infoworld in 1995 which chronicled his work for one of his client agencies for the NYC government and his early exposure to the multiuser Citrix product.

Erica Wilson began as an IT Analyst at Anheuser-Busch and now is the VP of Global Security & Privacy Risk Management at the Reinsurance Group of America. We met many years ago when we both served on the advisory board for the cybersecurity program at Fontbonne University. She counts her greatest accomplishment being recognized for her career by the St. Louis Business Journal’s 40 under 40. “It is great to see how authentication has evolved. Long ago, we had hardware key fobs for MFA. At one company, we had a full-time staffer who was dedicated to managing these tokens. This would never happen today!”

In my next post, my OG crew talks about some of their more memorable early IT purchases.

Qualys annual user conference live blogging

Qualys’ annual security conference returned to a live-only event this week at the Venetian Hotel in Las Vegas, and the keynote addresses started things off on a very practical note… about selling coconuts, toasters, and carbon monoxide detectors. The first two keynotes featured speeches from both Shark Tank celebrity businessman and CEO of Cyderes, Robert Herjavec, and Qualys’ President and CEO, Sumedh Thakar. Both spoke around the similar theme of qualifying and quantifying digital cyber risks.

I am doing near-time blogging of their show, and this was the first of a series of posts.

The second post was a recap of the first day’s events, and included highlights from some of their customers and product team as they took a deeper dive into TotalCloud.

The third post profiled the special launch of the Qualys Threat Research Unit, showing some of its research and how it compiles threat intel and works with various industry bodies to share this data.

The next post highlights some of Qualys’ customers who came to the event to tell some of their stories about how their companies have benefitted from their products.

My final post recaps the second day of the conference sessions and some of the more interesting aspects of various Qualys products.

Dave Hearst Saves Lives by Delivering Blood for the Red Cross

Most everyone is familiar with American Red Cross blood drives. But collecting the blood is just one part of the operation. After processing, the right blood products must be delivered to the right hospitals at the right time, and that requires a lot of logistics. To get the job done, the Red Cross depends on volunteers to transport these donations. One of the most reliable and enthusiastic volunteers is Dave Hearst, who began volunteering in May of 2018 after hearing about the need for drivers while making his own regular blood donation. I interviewed him for a profile for the Red Cross here.

Like Hearst, I also volunteer as a blood driver for our local chapter. It is very rewarding work. We save the chapter more than $1M in transportation expenses annually.

Who is Maria Ressa?

What if you built an online news site from the ground up, ironically starting from a simple Facebook Groups page. You grew to hire dozens of editors and became the antagonist of the President as you investigated various criminal activities of his administration, including calling out various fake news proclamations by government officials. Then to silence your efforts, the  government used a new cybersecurity law to (again ironically) indict and ultimate find you guilty with a six-month jail sentence. Oh, and there were death threats and various Presidential proclamations and attacks along the way.

Maria A. RessaYou might be trying to figure out which American news source I am talking about, but it is the website Rappler, The site was founded nearly ten years ago by Maria Ressa, who just shared the Nobel Peace Prize (and has numerous other awards including a Fulbright).  Ressa’s Rappler has exposed a variety of Philippine government corruption scandals and various financial dirt and called attention to the anti-drug campaign that has resulted in the murder of thousands of supposed drug dealers.

Her arrest warrant was issued in 2019 was created due to one seemingly innocent action by Rappler: making a small spelling correction to an 2012 article that made it fall under the law’s purview. Ressa faces numerous other pending legal cases too.

Ressa’s plight was documented in an excellent PBS Frontline piece not too long ago. Called A Thousand Cuts, it shows how hard she worked to reveal the perfidy of her government, and the peril that she faced for running an investigative news operation. I am glad the Nobel committee has recognized her efforts and hope that all the attention will eventually overturn her unjust criminal charges. The world needs more people like her to bring sunlight into the real criminals running her government.

Red Cross blog: Volunteer serves Red Cross at home and abroad through his high-tech skillset

Over the years, David Sewell has worked for many different Red Cross departments, including a shelter worker and a damage assessment worker. With this history, it is no surprise that he has done about 40 different deployments all across the country. He now has two positions with the Red Cross where he is both the Disaster Services Technology Chief and a member of the international Information Technology and Telecommunications disaster response roster. As part of these assignments, he manages between 40 and 60 volunteers across the western part of the U.S. and puts in roughly three hours per day on Red Cross activities.

You can read my profile of his activities for various Red Cross chapters here.

Bob Metcalfe on credit, gratitude, and loyalty

For Bob Metcalfe, many things come in triples. His most successful company was called 3Com is one example. I met up with him recently and he told me, “You will be happier if you give and enjoy but not expect credit, gratitude, or loyalty.” Before I unpack that, let me tell you the story of how Bob and I first met.

This was in 1990 and I was about to launch Network Computing magazine for CMP. I was its first editor-in-chief and it was a breakout job for me in many respects: I was fortunate to be able to set the overall editorial direction of the publication and hire a solid editorial and production team, it was the first magazine that CMP ever published using desktop technology and it was the first time that I had built a test lab into the DNA of a B2B IT publication. Can you tell that I am still very proud of the pub? Yeah, there is that. Bob was one of our early columnists, and he was at the point in his career where he wanted to tell some stories about the development of his invention of Ethernet. We had a lot of fun getting these stories into print and Bob told me that for many years those first columns of his had a place of honor in his home. Bob went on to write many more columns for other IT pubs and eventually became publisher of Infoworld.

In addition to being a very clever inventor, Bob is also a master storyteller. One of his many sayings has since been enshrined as “Metcalfe’s law” which says a network’s effect is proportional to the square of its users or nodes. He is also infamous for wrongly predicting the end of the Internet in an Infoworld column he wrote in December 1995.  He called it a “gigalapse”  which would happen the next year. When of course it didn’t come to pass, he ate the printed copy of his column.

Oh well, you can’t always be right, but he is usually very pithy and droll.

Let’s talk about his latest statement, about credit, gratitude and loyalty. Notice how he differentiates the give and take of the three elements: with Bob, it is always critical to understand the relationship of inputs and outputs.

Credit means being acknowledged for your achievements. “The trick is to get credit without claiming it,” says Metcalfe. Credit comes in many forms: validation from your peers, recognition by your profession, or even a short “attaboy” from your boss for a job well done. I can think of the times in my career when I got credit for something that I wrote about: a fine explanation of something technical by one of my readers, or spotting a trend that few had yet seen. But what Bob is telling us is to put the shoe on the other foot, and give credit where and when it is due — output, rather than input. It is great to be acknowledged, but greater still if we cite those that deserve credit for their achievements. Going back to Network Computing, many of the people that I hired have gone on to do great things in the IT industry, and I continue to give them props for doing such wonderful work and to their contributions to our industry.

Gratitude is getting positive feedback, of thanking someone for their efforts. Too often we forget to say thanks. I can think of many jobs that I have held over the years where my boss didn’t give out many thank yous. But it is always better to give thanks to others than expect it. Credit and gratitude are a tight bundle to be sure.

Finally, there is loyalty. The dictionary defines this in a variety of ways, but one that I liked was “faithful to a cause, ideal, custom, institution, or product.” Too often we are expected to be faithful to something that starts out well but ends up poorly. Many times I have left jobs because the product team made some bad decisions, or because people whom I respected left out of frustration. If you are the boss, you can’t really demand loyalty, especially if you don’t show any gratitude or acknowledge credit for your staff’s achievements. “Loyalty is what you expect of your customers when your products are no longer competitive,” says Metcalfe.

I would be interested in your own reactions to what Bob said, and if you have examples from your own work life that you would like to share with others.