FIR B2B podcast #101: Machine learning comes to marketing

Posted on by
Reply

This week we talk about new ways that machine learning and artificial intelligence can benefit marketing organizations. While these three news items are all different aspects of this technology, they show collectively how these new technologies are changing the way marketing is done.

First up is a new smartphone app called Truthify that does advertising context analysis (as shown at right). The app interprets the user’s facial expressions to deliver what it thinks the user’s emotional state is, including fear, anger, or happiness, among other traits. The app comes with a web dashboard so you can analyze your campaigns and the resulting demographics. The app is now available for iOS users and soon for Android.

Second is a new influencer platform called AdHive. It is a combination of influencer marketing and AI-powered campaign management. You can sign up for the tool and influencers are paid to participate, while advertisers can choose the right kinds of people to exploit, er, we mean make use of, their tool.

Finally, Google last week announced four new products using machine learning that are aimed at helping marketers create more effective ads. These include responsive search ads, tools to optimize YouTube traction and local campaign management and smarter shopping. Google claims that advertisers who have tested these services have seen clicks increase by 15 percent.

Marketers who have been loathe to adopt new technologies do so at their own peril. These tools are good examples of what the future portends.

You can listen to our 18 min. podcast with my partner Paul Gillin here.

RSA Blog: New ways to manage digital risk

Posted on by
Reply

Organizations are becoming increasingly digital in their operations, products and services offerings, as well as with their business methods. This means they are introducing more technology into their environment. At the same time, they have shrunk their IT shops – in particular, their infosec teams – and have less visibility into their environment and operations. While they are trying to do more with fewer staff, they are also falling behind in terms of tracking potential security alerts and understanding how attackers enter their networks. Unfortunately, threats are more complex as criminals use a variety of paths such as web, email, mobile, cloud, and native Windows exploits to insert malware and steal a company’s data and funds.

In this post for RSA’s blog, I talk about how organizations have to become better at managing their digital risk through using more advanced security and information event management systems and adaptive authentication tools. Both of these use more continuous detection mechanisms to monitor network and user behaviors.

Not yet ready to cut the cable cord

Posted on by
9

If you want to completely cut the cable cord, it isn’t easy. I have been waiting for technology to become spousal-ready, and we are still about a year or two away. Today you have a lot of choices in the $40/month range that rival what the cable companies offer you for TV programming. The trouble is you have to make a choice between user interface and great TV resolution: you can’t yet have something that delivers both, other than your cable company.

I pay AT&T Uverse $125/mo. for my TV programming. That includes two receivers, one of which is a DVR and a boatload of various taxes and fees. Is it worth it to move to one of the online TV providers and save $85 a month? Eventually, I decided no, after trying two services, You Tube TV and Hulu Live TV. You can follow along with this column if you are brave enough: both offer a free trial of their services for a week, after which the monthly subscription starts. There are other services; my patience wore thin after experimenting with these two however.

Let’s first look at the user interface and mindset of the two online providers. You can obtain your TV programming in one of two ways: either by selecting your shows using a channel via your web browser or via an app that runs on your TV equipment. The web browser has the better UI because the developers working at the providers have more to work with and are more used to building web apps these days. And, you have a real keyboard for input, unlike your TV where you have to navigate around an on-screen one that can be infuriating.

So how do you get the audio and video signals from your computer to your living room TV? Two ways: either by connecting your computer directly to your TV with an HDMI cable or using one of several devices like Google’s Chromecast that does this for you wirelessly. If you use the direct cable connection from your computer, you will have to figure out a wireless keyboard and mouse to control it. If you use Chromecast, you will have to figure out the sequence of controls using the three apps that Google has (Google’s Chrome browser, Google Home and the Chromecast app itself) to get it setup. The workflow isn’t immediately obvious, and I suggest you learn the process before bringing your spouse into the room for the demo.

The nice thing about Chromecast is that any content that is displayed in a browser tab can be quickly transmitted to your TV by clicking a few buttons. I say a few: my wife got immediately weary of the process when I showed her what was involved. Your own experience may be similar. The bad thing about Chromecast is that the resolution is poor: nowhere near HD quality and even below SD video quality. Even if you have an old living room TV (and mine is more than five years old), you will be disappointed with the Chromecast video quality. And by the way, Google sells two different versions of Chromecast: one is for audio only; the other is for video and comes with the HDMI connector.  Make sure you buy the right one.

Another difference is how you access TV shows that have previously aired. Hulu’s web UI is very akin to the Amazon and Netflix web UI. In order to get the entire season’s worth of episodes, you have to click on the name of the show in the “My Stuff” guide. You can’t reorder the shows listed. If you click on the video itself, you are taken to the current episode. You Tube TV lists each episode as separate videos, much like the way ordinary You Tube does for its videos. (You can see the web version of the live TV guide above.)

So far I have only talked about using the web clients of You Tube and Hulu. There is a second method, which uses the native apps that run on your TV equipment. If you have a new TV, chances are it comes with apps for a variety of video providers, including Amazon, Netflix, You Tube and Hulu. I tried the apps that ran on my Samsung Blu-ray player: it didn’t have a You Tube app, again because it was more than five years old.

Sadly, there are UI differences between what you see with your web browser and the TV-based app clients, with the TV apps being far less capable than their web cousins. One big difference is how the onscreen channel or movie guide is shown. Netflix has the longest experience with developing its apps, and there are major interface and stability differences between its Android, iOS, web and embedded TV apps. On my Samsung device, the Netflix app frequently can’t find the Internet, or just quits working entirely. On the web client, that rarely happens.

Like Netflix, You Tube TV and Hulu both allow you to segregate your family’s preferences, so you can keep track of your individual tastes and what you have already watched. You Tube allows up to six different family members. Hulu is more restrictive and confusing, and there is also an unlimited extra-cost option.

Speaking of extra cost options, this is where the two providers are showing their relative youth. If you don’t want to watch live TV programming, Hulu has plans that start at $8/mo., or $12/mo. if you want to skip most commercials. If you want everyone to watch different streams concurrently, that will cost another $15/mo. There are also premium channel fees for HBO, Showtime and Cinemax.  You Tube TV has Fox Sports, Starz, AMC, Sundance and Showtime premium add-on channels.

Finally, Hulu with Live TV doesn’t support viewing live TV streams on all of its devices, according to this very confusing webpage. I read over the caveat several times and didn’t really understand what they were saying.

Alright, let’s move on to discussing the real benefit with using the TV apps from the online providers (or Blu-ray player, in my case).  Your video quality will be as good as anything else you run on the TV, full HD. But you have to put  up with a sub-par UI to get it.

So, what should you do? First, if you are in the market for a new TV, sign up for at least one of the online TV providers before you go shopping, and set up a simple temporary login password too. Go to your store and login to your provider, using the embedded app on the TV, and see for yourself if the UI is going to give you fits in selecting your programming with a couple of sets that you are interested in. If you really want a true A/B test, buy a Chromecast and bring that along with your laptop and see what the resolution will be if you don’t believe me.

If you just bought a TV within the last couple of years, try my experiment at home and see if you get better results that I did with my tests. The apps could be better than I experienced. If you have a large family and many different TV sets scattered throughout your home, you will probably end up sticking with your cable provider.

Freelancing tip: collecting your clips in one place

Posted on by
Reply

One of the best things that I ever did was put together a website that had links to all of my clips. Granted, this in 1995 when the Web was young, and many pubs didn’t have online versions. But now everyone is online and it is a lot easier to do.

Why should you build a clips site? Because you need a reference to your body of work. When you pitch a new editor, he or she wants to be able to quickly go someplace and review your clips and see how and what you write. If you have it all nicely arranged online, you make getting new work easier. All they have to do is look you up your website online and read your previous work.You can also use this website as a handy reference for what you should be pitching too. Finally, you also increase your Google juice and drive additional traffic to your work, which is helpful these days where everyone is counting page views.

What should you use? I use my own hosted WordPress site, and it is a good tool to learn anyway, since many sites now employ it themselves. You can take a look at my site here, and see that I have separate pages for each publisher, and then I also put up a new post whenever one of my articles is published. You can add keywords to make it easier to find particular subjects too and demonstrate your expertise in particular topic areas. I also add a short summary, or maybe the first paragraph of the piece, in my post. If you get a blog on WordPress.com, it is free of charge but then you are limited to their templates. If you want something fancier, you can run a WordPress site on your own domain for a few dollars a month, as i do.

But sometimes putting links to online stories isn’t enough. A lot of pubs have come and gone, and so for the articles that you really care about, take a moment after a piece is published and produce a PDF copy of the piece (If you have a Mac, this can be done easily through the print dialog box.  If you have Windows, there are utilities that can help too. Then put this pdf in a folder that you can retrieve later when the link dies, and post it to your website.

If you don’t want to build your own blog site, there are other alternatives that are free. Editorial-for-hire services such as Ebyline, Contently, and Skyword all offer this feature, and they also might notify you when a piece is posted so you can add it to your portfolio. Here are links to mine:

Note tthat you can create a custom URL in the Contently and Skyword portfolios, which is a nice touch. I went overboard with my page in Contently, putting more than 400 article links together.  I think they have the best of the three systems. Not sure that after you have more than 25 stories in your portfolio if it really matters, but if you are going to use one of these services for your actual portfolio, then you should maintain it. I still recommend you set up your own clips website outside of these systems for complete control and just in case one of the services goes out of business or changes things on you.

The hardest part about building your clips website is just getting started. Once you have it running, adding a new clip won’t take more than a few moments.

Ways to Watch Your Freelancing Rate

Posted on by
Reply

I have been in the freelancing business for 25 years and have seen a disturbing drop in per-word rates, especially in the past couple of years. I remember when $1 per word was considered the middle of the road for an established IT writer. Now it seems like the top of the heap, and in some cases almost unattainable. I frequently get asked to write for ten cents a word, or even less.

So my suggestion to freelancers is this: Try to work for the editors that you respect that will pay you the most per word.  In the long run, this will make you the most money.

In order to do that, you need to know how much work is involved in creating the kind of article that you will be asked to write. This means understanding how much research and reporting is needed; and for that you need to be careful about your own limitations and understand the process of how a story gets constructed.

These days research almost always means looking stuff up online and spending time clicking and reading various websites. That isn’t too hard, but it can get time consuming. The good news is that this research isn’t limited by anything other than your own curiosity and time. Sometimes you don’t understand something and really could talk to a live person to clear things up and you need to do some reporting.

Reporting is where the time can get away from you. I recently wrote a story where my editor asked me to get a quote from a source at IBM. I was working with the right PR person (which for a big company like IBM can be a challenge in and of itself) and she was doing a great job hooking me up with the right expert. Except it was taking too long. I couldn’t file my story until I had this quote: weeks went by before the stars were in alignment and I could do my interview. So, be prepared in some instances research can take far longer than expected, and you should account for this when you decide to accept an assignment. And don’t take your client’s word for how accessible a source could be: oftentimes they don’t realize what is involved in securing an interview and obtaining a quote.

Finally, don’t forget my advice about accounting for the number of edit cycles that a client may have in store for you. That should be reflected in your contracts and your rates. Don’t be shy about requesting a heavy surcharge for additional edit cycles, because that can eat up your time quickly.

How to Know When to Write

Posted on by
Reply

have been a freelance writer for more than 25 years, and before that, a professional trade journalist for another six years. Over the years my income has varied but always been very comfortable. I have written magazine articles for most of the major IT pubs, created dozens of websites, and written three books, two of which have been published (and let’s just say the results were less than stellar).  Over that period I learned a few important lessons about being a freelancer that I want to share with you. Here is one biggie:

Find your best time of day to write, and protect it.

I am a morning person, that is the way it is. I am most productive in the hours before 10 am. On all of my books, most of the major writing was done in the early morning hours. You need to listen to your body’s biorhythms and follow them. If you have an article to write and it is the wrong time of day, put it aside until tomorrow. Don’t try forcing the words on the page. You will be more productive.

Maybe you have never thought of your writing in this fashion. I know when I first began to do freelancing, I was a bit lost. What do I do first? How do I put together a pitch proposal for work? You have a lot of things competing for your time. So, structuring what you are planning on doing is critical.

For the next week, keep a short journal and note what you spend you time on during each day. Start paying attention to when you can write with the fewest distractions. Do you need to turn off your email, not answer your phone? Shut down a few windows on your computer? Whatever it takes, it is time to focus.

Finally, keep track of ideas. You can use a journal, or have a Word doc that you annotate. Your editors are always looking for new ideas, and it is helpful to have a ready supply of potential pitches.

Now make sure to schedule your “writing time” so that you don’t have other things going on that invade this important part of your day. Dentist or doctor appointments? Visits with friends? Keep them, certainly, but schedule them around your best and most productive moments.

Avoid Rewrite Nightmares: Keep the Edit Cycles to a Minimum

Posted on by
Reply

One secret every freelancer has to learn is the writing part of the job pales by comparison to time needed for work to be edited. I have worked for very good and very bad editors over the years. From the best editors, I have learned how to sharpen my writing and improve how I frame particular ideas. From the bad ones, I have learned patience and, well, read on.

There are some clients that just can’t seem to help themselves and have to rewrite almost everything from top to bottom. To avoid getting trapped in these situations, you need to be crystal clear about how your work will be treated once it leaves your computer. Some clients think they are better writers than you, others want to show to their bosses that they have added value to your work.

Now, my contracts are very explicit about this process. I put in language that exactly says I will perform one edit cycle: I write it, the client makes comments, and I submit the final version. If they want to go back and forth endlessly, I charge more.  In some cases, a lot more, such as two or three times my original rate. That usually gets my point across: the editing is almost more time consuming than the original writing. If you don’t have a standard contract, now is the time to look around onlineand modify one that will suit your purpose.

I am not saying that every word that I create is precious and needs to be in the final piece. Just that I enjoy writing, not fiddling with syntax and word usage.

It also helps to have a clear idea of who is going to be involved in the actual editing process itself. Sometimes you get stuck between two editors, one who undoes the changes of the other. Insist (and in writing too) on a single point of contact at your client and have them consolidate and filter all the requests for changes to you. Otherwise, you go nuts with this back-and-forth. And put that in your contract too.

With some writing projects that I have done, I wanted to get multiple comments from reviewers very quickly into my draft, almost happening in real-time. For these situations, I have used one of the real-time editing tools such as Google Docs or PiratePad.net. Both tools reflect requested changes with a scrolling chat window and different colors to represent each person’s changes. But you have to know your client very well to implement something like this.

If all else fails, then don’t work for these clients: They can make you work much harder  for an end product that isn’t always superior. In the end, you will be happier and enjoy the writing process more if you limit the number of edit cycles and approvals up front.

The Russians are coming! The Russians are coming!

Posted on by
1

There has been a great deal of misinformation about Russian hackers lately in the news. Let me try to set the record straight.

Earlier this week the Wall Street Journal reported on a briefing given by the Department of Homeland Security about attempts at compromising electric utility control rooms to bring down our power grid. These attempts were actually documented by another US government entity called CERT here back in March.

According to the WSJ piece, “Hackers compromised US power utility companies’ corporate networks with conventional approaches, such as spearphishing emails and watering-hole attacks. After gaining access to vendor networks, hackers turned their attention to stealing credentials.”

However, as this Twitter stream describes, the claims made in the WSJ article are somewhat misleading. The reporters claim the control centers operate with air gaps, meaning that their computers aren’t directly connected to the Internet. That isn’t quite true. DHS and CERT both learned about these hacks from private security firms.

But that isn’t the only hacking effort that the Russian government has been involved. Mueller’s GRU indictment was announced earlier this month, naming 12 individuals involved in the hacking of various political organizations’ networks. That document makes for interesting reading and shows the lengths that Russian spies went to penetrate the DNC and the Clinton campaign.

Here are just some of their techniques mentioned in the indictment:

  • Spearphishing and watering-hole emails using URL shorteners to hide malware webpages, in one case using a phony email account that differed by a single character that mimicked a Clinton staffer
  • Stealing account credentials to obtain emails from DNC and Clinton staffers
  • Entered the DNC network using open source tools to install various RATs and keyloggers to obtain additional credentials.

These three attacks were also used in compromising the utility networks too. But wait, there is more:

  • Spoofing Google security notification email messages
  • Using the malware-infested document hillaryclinton-favorable-rating.xlsx that linked to a GRU-created website
  • Coping and exfiltrating documents via encrypted connections to a GRU computer in Illinois
  • Using PowerShell scripting attacks on Exchange email servers
  • Deleting log files and other traces deliberately to hide their presence
  • Setting up various websites: some mimicked a typical political fundraising page, others that appeared to be news sites with negative stories on the DNC
  • Making cloud-based site backups and then used them to create their own accounts to steal additional DNC data
  • Creating fake Facebook and Twitter accounts to leak DNC data and promote the leakers websites

Some in our administration debate whether Russians were behind both of these attacks, but the evidence is pretty clear to me. If you want to see the data firsthand, you might want to first take a look at an analysis of the Russian Troll farm’s Tweets by academic researchers here and then download their data on GitHub if you want to do your own analysis,

The indicted members of the GRU were first seen in the political networks in June 2016, at which point the DNC hired CrowdStrike to investigate further. However, the GRU spies continued to operate their RAT tools and persist on the DNC network until October 2016.

These efforts have been known for some time: Motherboard ran a story in April 2016, and then came out in July with this piece from Thomas Rid that offered a detailed technical explanation, saying that the forensic evidence about Russia is very strong. And a December 2016 story in the New York Times actually shows one of the rack-mounted servers breached by the GRU, sitting in the DNC offices, shown above. The Times documents the “series of missed signals, slow responses and a continuing underestimation of the seriousness of the cyberattack.”

As many security analysts well know, you don’t remove the physical servers anymore. That is strictly old school. Instead, forensic investigators make digital copies of their hard drives and memory so that they can preserve their state and detect in-memory exploits that would be gone if the machines are unplugged. This is called imaging and has been around for decades.

It is time to get more serious about protecting your email

Posted on by
5

Did you get a strange email last week from someone that you didn’t know, including one of your old passwords in the subject line? I did, and I heard many others were part of this criminal ransomware activity. Clearly, they were sent out with some kind of automated mailing list that made use of a huge list of hacked passwords. (You can check if your email has been leaked on this list.) It really annoyed me, and I got a few calls from friends wanting to know how this criminal got ahold of their passwords. (BTW: you shouldn’t respond to this email, because then you become more of a target.)

But the question that I asked my friends was this: Do you still have logins that make use of that password? You probably do.

Email is inherently insecure. Sorry, it has been that way since its invention, and still is. All of us don’t give its security the attention it needs and deserves. So if you got one of these messages, or if you are worried about your exposure to a future one, I have a few suggestions.

First, you need to read this piece by David Koff on rethinking email and security. It brought to mind the many things that folks today have to do to protect themselves. I would urge you to review it carefully. Medium calculates it will take you 17 minutes, but my guess is that you need to budget more time. There is a lot to unpack in his post, so I won’t repeat it here.

Now Koff suggests a lot of tools that you can use to become more secure. I am going to just give you four of them, listed from most to least importance.

  1. Set up a password manager and start protecting your passwords. This is probably the biggest thing that you can do to protect yourself. It will make it easier to use stronger and unique passwords. I use LastPass.com, which is $2 per month. For many of my accounts, I don’t even know my passwords anymore because they are just some combination of random letters and symbols. If you don’t want to pay, there are many others that I reviewed at that link here that are free for personal accounts.
  2. Create disposable email accounts for all your mailing lists. Koff suggests using 33mail.com, but there are many other services including Mailinator.com, temp-mail.org, and throwawaymail.com. They all work similarly. The hard part is unsubscribing from mailing lists with your current address, and adding the new disposable addresses.
  3. Even with a password manager, you need to make use of some additional authentication mechanism for your most sensitive logins. Use this for as many accounts as you can.
  4. Finally, if you are still looking for something to do, at least try encrypted email. Protonmail.com is free for low-end accounts and very easy to use.

There is a lot more you can to make yourself more secure. Please take the time to do the above, before you get someone else trying to steal your money, your identity, or both.

Cyber Security Threat Actions This Week (podcast)

Posted on by
Reply

If your organization is not using the MITRE ATT&CK framework yet, it’s time to start. Katie Nickels from MITRE, Travis Farral from Anomali and I join host David Senf from Cyverity to talk about ATT&CK tactics, techniques and tools. You can listen to this 45-minute podcast here.  We discuss what ATT&CK is and isn’t, how it can be used to help defenders learn more about how exploits work and how to become better at protecting their enterprises, what some of the third-party tools (such as Mitre’s own Caldera shown here) that leverage ATT&CK and what are some of the common scenarios that this framework can be used for.

I did two stories for CSOonline about ATT&CK earlier this year: