Category

Technology

"Technology is the campfire around which we tell our stories."

Design Sprint Cheat Sheet

February 25, 2017
Comments Off on Design Sprint Cheat Sheet

The guys over at Google Ventures are pretty smart! They unveiled their process of design sprints in a book aptly named Sprint. The full title succinctly describes its benefits —  How to Solve Big Problems and Test New Ideas in Just 5 Days. I read this book over last summer, it’s an easy read and remarkably insightful. Design sprints actually do help you solve big problems and test new ideas.

It’s not enough to just have a process anymore. Everyone, every agency, every firm has a process that’s guaranteed to be better than all the others because it’s “integrated.” In order to rise above the competition and have your clients really connect with their users, you need to get insight from…who else…the users. But in order to do that in a really efficient way, you can’t build out the website or mobile app first. So… you prototype.

The Theory…

Here’s the theory: when working with any company or business, you can solve really big problems in one week by getting together in a room with the right people, the right tools, and the right challenge and performing exercises like design-thinking, rationality, empathy, creativity, prototyping, and testing.

Now, in the words of John Maeda, design-thinking is just another phrase for business execs to feel good about doing design stuff. LOL! But I think there is something to getting in a room with your clients and doing these different exercises to uncover the answers to some really hard questions when it comes to your digital properties.

I’m going to walk you through an abbreviated checklist (or cheat sheet). It’s changed a little to mimic a process that I’ve used in the past and I’ll go over pre-sprint activities, the sprint itself, and post-sprint wrap-up.

Remember: you need the right team, the right tools, and the right challenge

  1. The Team:
    • Agency Side – it’s usually two designers, a strategist, and a project or account manager.
    • Client Side – at least one decision-maker. Someone who has the authority to call the shots relating to your challenge.
  2. The Tools
    • Conference room, post-its (lots of them), colored circle stickers, whiteboards and/or canvas paper, markers.
  3. The Challenge
    • Usually something that’s super expensive, like your client wants to spend $500k on a mobile app that has no users yet (challenge: to see if it’s even viable in the market). Or maybe your internal team is stuck on a big project and needs to get some creativity flowing.

Let’s begin…

Pre-Sprint Activities

You’ll need to do some research and collection before you go in and do the sprint with your client. The first thing you’ll want to do is an intake sheet. An intake sheet is simply a “worksheet” that gathers information on your client.

Some things you’ll want to know are obvious, like, client overview. Company name, number of employees, etc. But then you’ll want to know major markets, regional hubs, who are their competitors, what are the long-term business objectives and/or vision. Something like this:

Client Intake Sheet

You’ll also need to do some research on your client’s competitors so you know what they’re doing. Look at their websites or mobile apps and make note of what’s cool, what’s not cool, certain functionality or features, etc.

And also look into your client’s users. Who are they, what do they do, where do they hang out online, etc. This pre-sprint phase is pretty intensive. There’s a decent amount of upfront work that needs to be done. But then we get into the fun part…sprint week!

Sprint Week

Every day working hours will be from 10am to 5pm with a one hour lunch at 1pm. So, 6 hours a day – that’s how much you’ll work with the client. But you’ll find that the internal team is working much longer especially on the day you prototype.

Day 1: Understand


day one

  • Team Intros & Agenda
  • Client Talks (Vision, Functionality, Future State)
  • Innovation Talks / Expert Talks
  • “How Might We”

Day 2: Explore


day two

  • Morning Review
  • Personas: Day in the Life
  • Raw Ideas / Big Ideas
  • Crazy Eights / Solution Sketches

Day 3: Focus


day three

  • Museum Art / Dot Voting
  • Disucssion / Decision
  • Wireframes / Storyboards

Day 4: Prototype


day four

  • “Just Enough” Mentality
  • Prototype Tools
  • Divide and Conquer
  • Prototype

Day 5: Present


day five

  • Finish the prototypes
  • Present to the client
  • Wrap up / Next steps

Once the sprint is finished, it’s time to test and survey your users, which brings us to Post Sprint Week

Post-Sprint Week

You’ll need to fill out a survey (I use Google forms, super easy) and set the stage for the users. The prototypes won’t be totally functional, so let the users know that! You will usually do some baseline questions to get a gauge of your users, and asking them about who they are demographically never hurts. Then you’ll want to ask the same questions about each prototype, but it’s really helpful to send half of your participants Prototype 1 then Prototype 2, in that order. Then the other half of the participants send Prototype 2 first, then Prototype 1. Many times users will latch on to the first prototype they see, so this technique helps mitigate that risk.

Once the surveys are finished, you can start grouping themes (which is a whole other blog post – I’ll write soon!). And you’ve got real feedback from users and this helps your clients decide whehter or not to move forward with a project or mobile build before it drains all their resources for it.

 

Strategy in Context: Mining for Opportunities

December 10, 2016
Comments Off on Strategy in Context: Mining for Opportunities

Watching the tides turn in the digital age is as quick as the ocean currents. These microscopic movements that all feed into a bigger pool are advancing technology at an unprecedented rate. In fact, 58% of corporate execs say it will develop at an increasingly rapid rate over the next 5 years. Check out Accenture’s 2016 trend report. With all that in mind, what’s your agency’s plan to keep up-to-date with all this new technology. What’s your agency’s plan to take advantage of the opportunities they can bring? Let me show you how I got started.

Living in the Age of Information

We live in the age of information. It’s almost too much because it’s coming at us from every single direction. Accenture, Hewlett Packard, Deloitte, and more are all putting out new reports, trends, and surveys. You can find these reports just by searching “2016 tech trend reports” 0r some variation of that. To give you a little tip that I use, I will always append “pdf” to my search queries in order to find reports that you otherwise might not be able to. It amazes me how many PDFs are out there right now. After searching, you’ll need to categorize. Now I have a folder in my Google Drive that breaks down into more folders comprised of only PDFs. I categorize them as such:

  • Industries: health, travel, nonprofit, media, B2B, Agency, Consulting. These could be different for you
    • Market Intelligence: you can find these reports by searching “market intelligence ‘your industry here’ pdf” I separate these by year
    • Trend Reports: pretty self-explanatory; usually having to do with some sort of survey
    • Misc. Whitepapers: Because these are always fun to read and have, you can use them as sales collateral when talking to a prospective buyer, and even client.

Once you’ve compiled a number of relevant reports, now it’s time to start reading them. Now, with all the PDFs I have it would take, literally, close to 6 months to read (I’m a slow reader), don’t read them. Skim them, graze them, pluck them, don’t peruse them.

Mining for Information

There is obviously a reason why we have headers and titles and large print. When you are skimming over these PDFs, just look for the headlines, quotes, sidebars with numbers in them. Pick off the statistical data and write it down some place else. You’ll eventually use this information to mine for opportunities. If there’s a headline that interests you and it’s followed by 5 paragraphs, read those paragraphs. I’ll always use a speed reading technique by Tim Ferris that has increased my words-per-minute by 25%. Or check out tips on how to read faster. But remember, you still need to comprehend what you’re reading for it to be valuable in mining for opportunities.

As you continue to gather information, you need to start categorizing it so it’s digestible for your client. I separate my information into a few areas:

  1. Market Intelligence:
    • Usually in the form of surveys, I’ll state what has significantly changed in a sector or industry. For instance, the Agency of Record (AOR) lasts less than 3 years according to Agency Spotter’s 2016 Report. And the average project-based fees for agencies have increased. Now, put the cost of living aside, this tells me that brands and companies are seeking out agencies that fit their specific projects, not necessarily their ongoing needs.
  2. Disruptors & Influencers:
    • Who is making a big splash right now in tech or what technology is outpacing all the rest.
  3. Competitors & Users:
    • What is the competition doing, what are your client’s users doing
  4. New Trends, Technology, and Terms:
    • Things that are trending. New technology that your client might be able to leverage. New terms that people in the industry are using.

All this info will eventually lead into Insights & Opportunities.

Finding…and mining insights

An insight is the capacity to gain an accurate and deep intuitive understanding of a person or thing. Wow!! Intense, right? Yup, it sure is. So, here’s essentially what I mean when I say strategy in context. Out of all the information you’ve gathered, it won’t make a bit of difference unless you understand who you’re gathering it for. I’ll give you an example. I work with health and wellness clients, nonprofit, media, agencies, and more. The info that I gather have something to do with these sectors and markets. But insights are relevant only when you understand who you’re gathering that information for. Which brings me to intake sheets.

Intake sheets are information about your client. You’ll want to gather info on them. Keep a record of the following:

  • Client: contact info; organizational structure.
  • Company overview: what do they do, what are their values, etc.?
  • Products/Services: what do they provide?
  • Major Markets: where are they doing business, what countries?
  • Value: what’s their value proposition?
  • Strengths/Weaknesses: what do they do better than anyone else; where could they improve?
  • Account/Project Objectives: what are the things they want to accomplish, major goals?
  • Competitors: keep a list of at least their top 3 competitors, I would even list the best in business in their industry.
  • Users: user personas are a huge part of this insight gathering, I’ll post more on personas in another one of my Strategy in Context posts.
  • Partners: who is your client partnering with in the market? Are they complimentary?

As time goes on you’ll pick up the idiosyncrasies that make your client who they are. You’ll learn things about their culture that will provide more insight into them as an organization. Hence, providing more insight into how you can mine for opportunities.

Mining for the non-opportunity

I want to clarify that mining for opportunities is not trying to find just any project you think your client wouldn’t mind doing. It’s adding real value to their organization. In order to do that, you have to look at all the possibilities. And as a sidenote, it sometimes means you may not be providing the solution.

Let’s say you are working with a nonprofit and they are in the process of building out a donation platform for their donors. This platform is something that you helped design on the front-end, but the back-end was built by another firm. Essentially, this platform almost works like a banking platform. Donors can store their money and make donations to the organization or cause of their choosing. And let’s say the other firm is having a difficult time securing the platform. Well, if you kept up-to-date on the latest trends, you could give them an insight into what people are talking about right now in the security space. Which is Blockchain.

Today’s financial institutes operate on a central ledger where money is passed from one entity to another. The ledger is monitored and kept by one authority, leaving it susceptible to attack and corruption. Blockchain is a transactional database that decentralizes the ledger and allows for complete transactional security, it’s also lower in cost. You’d probably have to refer the nonprofit to a blockchain expert, but the value you’ve given them is high.

Mining for the real opportunity

To mine for the real opportunity depends on your client’s goal, their users’ needs, and where they sit on the spectrum of innovation. If they are at the lower end of the innovation spectrum, there’s probably a lot of opportunities to mine for. If they’re more toward the middle, it starts to get a little harder. Brands and organizations that don’t keep up with the latest trends and technology are they ones who have the most options. The ones who are at the top, are the ones who are paving the way for everyone else, and the options narrow.

Let’s say you’re working with that same nonprofit and their goal is to get as many donors as they can using this platform. If you knew that the retention rate of first-year donors was only 29% or that roughly 50% of donors do not renew their gifts the following year, what would you do with that information? You’d dig in….why are donors not renewing their gifts? Then you’d probably find out that donors like to feel connected. They like to see the impact that their donations have on communities and the lives they’re helping. Well…what opportunity can we find there?

My suggestion would be to offer to build a website that connects donors with donees. But also shares the stories donees have because of getting donations. It could be anonymous, but having a platform that could show where a donor’s donation is going and in what way it’s helping the donee could be really cool. People are attached to stories, we love them. Build a website that tells the story of donee’s or add a section to an existing site. There are a lot of possibilities in that one particular insight. Get creative!

Mining is a continual thing

In closing I’ll say this. Mining for opportunities is a continual thing. You’ll be getting new information as time goes on, you’ll be learning more and more about the needs of your client as the months/years pass. Always be adding value. That’s the best way to mine for opportunities. If you can show your client that you offer these insights and valuable opportunities, you’ll be seen as a strategic partner and an invaluable one at that.

Strategy in Context: A Bird’s Eye View

December 9, 2016
Comments Off on Strategy in Context: A Bird’s Eye View

Today is an auspicious occasion! It marks the first of my Strategy in Context series. As well as my first try at micro-blogging. I have a lot of information on topics like strategy, research, account management, user experience, and more. I’d like to get that information to the public as quick as possible while still posting good, quality content.  Now, I’ll most likely expand on this series in an eventual strategy whitepaper.

I was recently at a tech conference asking people for strategy resources. One person firmly told me that “no one’s going to give me their strategy resources (or process for that matter) because that’s how agencies make the big bucks.” So, okay… that makes sense to me, but it doesn’t mean I can’t give away my strategy resources.

I’d like to address any nay-sayers about publishing digital strategy process, tactics, and/or resources. I come from the open source world where information is shared and the community benefits from that. This is my attempt to give back.  I am more worried about people saturating the internet by building shitty things people don’t need, than I am about someone stealing my strategy process, theories, and thoughts. Plus, I want to spark discussion, so let’s begin.

Strategy in Context

I’m sure everyone is familiar with context-aware design, yeah? It’s when a device (like a smartphone) changes based on the environment in which it’s placed. Our smartphones can make recommendations based on location or auto-adjust the contrast on a bright day. Strategy in context is similar in the sense that we (as strategists) need to take into consideration our environments. And hopefully act accordingly.

Implementing a strategy process can be a daunting practice.

  • A) it’s not a linear process
  • B) it changes at every turn based on new information.

So, how do you conquer a client, project, or product when you aren’t sure how to proceed? You take a step back…and look at things from a holistic standpoint; from a bird’s eye view.

A Bird’s Eye View of Strategy

In order to understand strategy, there is one truth you have to realize: true strategy is continual, it’s not an end-game and never will be. The digital strategy that works for you today, might not be the one that works for you tomorrow, let alone a year from now. And this is why strategists are commodities, because it’s a job that never ends in the web and mobile space.

Holistically speaking, digital strategy is dependent on all its players. It is so entangled with other strategies that looking at it any other way would be a disservice to both you and your client.

The elements of strategy:

  1. The People: your client, their users, the competition, influencers, disruptors
  2. The Assets: things like their culture, their brand, their website, their digital assets are blanketed under this term
  3. The Operations: your client’s business model, their product or service
  4. The Frameworks: from your client’s organizational structure to the technical systems being leveraged.
  5. The Intelligence: the market, the trends, the innovation happening, the economic and political landscapes
  6. The Tactics: different from ‘operations’ – tactics are used to carry out strategies
  7. The Outcomes: the goals, the objectives, the accomplishments, the results

Contingent on each of these elements, strategy will have different meanings depending on its context. It’s too much to take in in a micro-blog post, so as the Strategy in Context series continues, I’ll drill into each one of these areas to give insight into breaking down your strategy process.

The Information Spectrum

At any given moment, there are hundreds of tiny shifts going on in the digital world. Developments that are slowly (or quickly) moving in from the fringes toward the mainstream. A fantastic trend report by Future Today Institute highlights innovation that is making it’s way toward being the established norm. Innovation is often talked about, but overlooked when it comes to strategy positioning.

In order to understand the information spectrum, you first have to understand all the new technologies, trends, and innovation taking place right now. But there are flaws in that thinking as one new technology supplants another. So, first thing you need to do — start building an information database. For all you strategists out there, you need some type of system where you can gather information and access it easily. I’ve built myself TheWebward.com – I call it my morning business review, but it’s really an information database.

You can try RSS aggregators like Digg Reader or create your own. But keeping up-to-date with the technology landscape is your first lesson in strategy. Did you know Baidu is leading the way in conversational interfaces? Or that Blockchain can help fight cyberattacks? Do you know what Blockchain is?

Lost in the Strategy Sky

As you begin your journey into strategy, you may feel lost at times. It happens to everyone and that’s okay. But if you’re lost and can’t find answers, look to other industries. One thing that’s helped me tremendously in developing my strategy process is turning to other sectors that have had strategists for decades. The military, politics, and the intelligence community all have resources on strategy out there that you can research. Then take their core principles and apply them to the digital space. Again, I’ll go into this more in upcoming posts, but I feel like this isn’t really a micro-blog post anymore!

Ok, more to come on Strategy in Context.

WordCamp Rhode Island Coming Up

September 24, 2016
Comments Off on WordCamp Rhode Island Coming Up

* Update — you can find my slides here: http://beingajile.com/slides/formula-for-custom-proposal-writing.pdf

I will post the talk when it’s available on WordPress.tv

Ok WordCampers! Rise and shine, and don’t forget your booties, cause it’s coooold out there today! Well, not really. It’s the middle of September and you can definitely feel a chill in the air, but it’s not super cold. Anyways, we all know what the middle of September means – WordCamp is coming back around!

WordCamp Rhode Island, largely put on by the wonderful people over at Linchpin Agency, is being held at New England Tech next weekend from September 30th to October 1st. If you’re interested in going and need directions, just look here – https://2016.rhodeisland.wordcamp.org/location/

I have signed on once again this year to be a speaker. My talk is entitled The Formula for Custom Proposal Writing. Still putting the slides together, but I’ve got my talk all mapped out.

Essentially, I’ll be giving away secrets about proposal writing and taking listeners through the blueprint that I use to put together solid custom web proposals. I’m super excited because I’m really passionate about writing web proposals. I’m also very grateful that I get to share my knowledge with the fantastic WordPress community.

Next weekend is going to be a lot of fun (partly because a friend of mine is flying in, yayy!!) So, if you’re not doing anything next weekend, and you’re just dying to know how to write good custom web proposals, then check out my talk — The Formula for Custom Proposal Writing.

How many people out there have a specific morning routine that consists of keeping up-to-date with what’s going on in your market, your industry, and your competitive landscape? I do! And for those of you in business, you probably do too. Well, what if you could shorten that routine? When I started in the web industry, I knew keeping up to date with the pulse of the technological community was something that just had to be done. Hence, my morning business review! I built something that really helped me shorten the time I spend online listening to the heartbeat of the industry, and I wanted to share it with all of you!

When I moved from freelance and contract web development work to business development, a whole new ballgame took shape. It wasn’t about div’s, stylesheets, includes, and semantic markup anymore; it was about competition, leads, emerging technologies, concepts, and timing. Being seen as the expert was a must, even though the experts were behind the scenes working on the solution. You have to know what’s new, what’s changed, what’s worth taking a look at, and what’s worth talking about. So, what did I do? I started going to good sources to get information. Moz Blog, Mashable, TechCrunch, Harvard Business Review, and more.

The chaos of a morning routine…

I began by viewing the industry blogs, business reviews, industry leaders’ tweets, Linkedin streams, and so on. But hopping from one source to another online takes time. I would start my morning routine for work before I got into the office. I would get up early, usually at 5am. Drink my morning coffee while watching the morning news. Then I’d hop online and look at these different blogs, go to Twitter and see what people were talking about. As I grew in my craft, I started to look at alternate sources like AMEX Open Forum and Smashing Mag, but I also looked at what agencies were talking about. It was (is) important to know what the competition is up to.

I would go to the gym around 6:30am, get to the office around quarter to 8, then continue with my search. There’s so much information out there for business development people, that it’s exhausting just thinking about which sources to read, to believe, to leverage. It also got to be a lot of running around online. I needed a place where I could bring all these different sources together, compile information, and make that information work for me as I continued to build relationships and sell web projects.

Bringing ideas to life…

So, I had this crazy idea! What if I could build a website that pulls in all the sources I look at in one easy-to-access place? Wouldn’t that shorten the time I spent in the morning? Of course it would! So, I started fleshing it out.

The first thing I did was put up a quick website under the name TheWebward.com – think forward or westward. I used WordPress, the open-source, awesomely easy application to build websites with. Even though I did front-end development, I knew bringing in RSS feeds wasn’t going to be easy, so I looked for a plugin. And I found one—WP RSS Aggregator. It did exactly what I needed it too. I ended up with a little over 50 RSS feeds that I pulled into this website. Then I separated them by pulling them into different pages — Agency, Design, Sales, Strategy, Tech, WordPress, and so on. I had all my blogs and sources in one location, and categorized accordingly.

Screenshot of WP RSS aggregator plugin in dashboard

Check out the WP RSS Aggregator plugin – it’s super easy to pull in the feed, all you need is the feeds URL, and you can choose how many previous articles you want it to pull in. Then use a shortcode to get it to display on the front-end. I ended up doing the past 5 articles because I look at the feeds often, and that was plenty for me!

Screenshot of the Webward.com

All my design RSS feeds pulled into one single page!

Continuing to add more features…

But well-known blogs weren’t the only sources I went to during my morning business review. I also went to social media, company postings, groups, and more. So, I used a few different plugins for this feature:

  1. Easy Twitter Feed Widget — which allows you to display Twitter feeds on your website.
  2. Custom Facebook Feed Plugin — which allows you to display completely customizable Facebook feeds of any public page or group. *Note – it cannot pull in private groups.

Working with these two plugins was super easy. The hard part was working it out with the respective social channels. For the Easy Twitter Feed, I had to go into Twitter and create all the widgets with the person’s (or company’s) Twitter handle to get the Twitter ID, which allowed me to pull the feed into my morning business review website.

Twitter Widgets

Now, I’m sure there’s probably an easier way to do this instead of creating dozens of widgets, but I need to get more familiar with Twitter’s API and their developer documentation (which I’m in the process of doing), so as soon as I come up with a better way to do, I’ll let you know!

It was kind of the same thing with the Facebook groups and pages. FB no longer adds the page/group ID to the end of the URL, so I had to look at the source code for the page, find their ID, and pull it into my morning business review.

Source code for FB group to find group ID

Then it was just adding a shortcode on the back-end page to get a display like this on the front-end:

Facebook Groups on The Webward

And this:

Easy Twitter Feed Widget front-end display

I aptly named this area of TheWebward — The SocialSphere.

The SocialSphere on TheWebward
The SocialSphere

Making my morning business review even better…

For a long time that was what my morning business review consisted of; Daily RSS Feeds and The SocialSphere. But I always thought about how I could make it better. I’m pulling in all this information. Some articles I like and some seem like they’d be super helpful. Others I couldn’t read right way. So, I created a reading list! I use the “Press This” button that comes with WordPress and allows you to capture articles that you want to share. When I find an article that I like or that I think might be useful, I save it. I’ll also put it in one (or two) categories, and attach tags to it like “analytics,” “strategy,” or “mobile.” This helps me class certain articles to fit with certain personas (I’ll explain later!).

The reading list eventually turned into the Article Library which separates interesting and useful articles into different subsections. My train of thought behind this was simple: as a biz dev guy I’m engaged with different types of people (or personas) and they are interested in different things. Some like content, others like education, or marketing tips. But I knew I was going to create personas and eventually attach articles to them to be used as a starter kit for my sales “toolbag” — pretty neat, eh?

Building buyer personas and developing a sales toolbag…

If you’re in business development, then you know what buyer personas are. They are a representation of the types of people you engage with to buy your product or service. Buyer personas list out their demographics, communication preference, major goals, pain points, etc. And this essentially helps you market your message and your sales pitch to them. So, I created a few buyer personas as Custom Post Types, which actually isn’t that difficult to do in WP. I also created custom taxonomies for my buyer personas that reflected the industry they were in, the role that they played, and their affect or emotional mood. Then I used Advanced Custom Fields to add more fields where I could put in their age, location, pain points, challenges, and so on.

How cool is that? Let’s look at the Tech CEO (one of my buyer personas):

Tech CEO Buyer Persona


As you can see all these different fields are on the backend like so:

Back-end Custom Post Type Buyer Persona

I also made a few spots to attach useful PDF’s, articles, and areas of interests (tags) that were already a part of the reading list.

Tech CEO Buyer Persona

If I’m engaged with a Tech CEO and I’m trying build rapport or trust with them, I can always come to my morning business review and pick an article or two they might be interested in. Or if I need talking points, I can just look at the “areas of interest” and choose a topic. It’s really just a way for me to use all the information that I’m pulling in to my website.

This is going to be different for you because we all work in different industries and we all have different buyer personas. But I wanted to show what’s possible when you start fleshing out ideas! WordPress helps because it’s super easy to use and easy to integrate with other mediums.

Adding some good vibes…

Because this was the site that I visited first thing in the morning, I needed to make it feel like home, or be inspirational. I added a big slider with nice images of the sunrise, skylines I like, and more to put me in the right frame of mind. I added an image of a “virtual high-five” to get some daps for when I needed to get pumped-up (fist bump!). Then I also used the Quote of the Day plugin by QuoteTab to pull in a new quote everyday.

Homepage of TheWebward.com
Today’s ‘Good Morning’ Quote!

This gave me inspiration. I pulled in Morning quotes, Happy quotes, Leadership quotes, Motivational quotes, Life quotes, and the list goes on. So, everyday I wake up, I go to TheWebward.com and the homepage consists of inspirational quotes, messages, and sliders that just give me good vibes. Then I hop over to my Daily Feeds page and see what’s new! It’s pretty awesome!

What’s next for my morning business review?

That’s a great question and I have a few avenues I’d like to explore. That’s why I have a Sandbox on the website! But I’ve recently put a calendar (courtesy of The Events Calendar Plugin) on it where I enter in my usually meetups, NIM groups, and WordCamps/DrupalCamps. But I wonder if there isn’t a way to integrate that with the WordPress.com WordCamp calendar. There might me, but I’ll have to do some digging. Here are the big ideas that I have (and in the name of sales):

  • Business Intelligence Engine — I know, sounds fancy, right? Well, it probably is and it may be a little outside my development wheelhouse. But I think it would be really cool to be able to set certain metrics on the site, like pulling in quantitative results and figuring out when the best time to reach out to a certain company would be. I’ll have to do a lot more digging here, but if anyone knows of open-source business intelligence software, give me a shout!
  • Case Studies — I’d eventually like to add a field for Case Studies because these are an oh so important tool in the salesmen’s toolkit!
  • Company Profiles — I’d have to do some research here too, but what’s one of the things biz dev people need? Lists, right? Everyone hates cold-calling, but if I could pull in company profiles and figure a way to attach the people I know to those companies, I might be able to do something with that. I’ll have to look more into LinkedIn’s developer documentation, and other sources like Data.com
Turning a chaotic morning into a well-oil business machine…

Yeah, that’s right! My morning business review, TheWebward.com, really ups my game in keeping up-to-date with what’s going on in the technology space! I love it! Without it, I’d still be hopping from one source to another to yet another. It literally cut my morning routine by about half the time. I can spend more time reading articles, developing cool new features, or putting in a little extra time at the gym!

So, if you’re in the business development world, I highly recommend building something like this! It’ll make your job easier and it’ll free up more time for your personal stuff! If you need any help, don’t hesitate to reach out! And, if you read the stuff I read, and follow the people I follow, then by all means, use away!

Context Aware Development and The Internet of Things

August 19, 2016
Comments Off on Context Aware Development and The Internet of Things

Ok…where to start with this one?! I’ve been doing a lot of digging lately. I’ve also been asking myself some pretty big questions. No, not the “what is life all about” question. More like the “where is the web going” question. What direction will technology take? How will technology fit into our lives in 5 years, 15 years, 50 years? I recently wrote a post on artificial intelligence and its place within the web, obviously it’s not there yet. Well…not truly there yet. It might be someday, but what I think we can count on as a virtual certainty is this concept of context-aware development and the Internet of Things (IoT).

What is the Internet of Things…

I’m sure you’re all familiar with the Internet of Things, yeah? Well, just in case you aren’t, here’s kinda the concept. The IoT is everything that essentially has a technological pulse and its ability to collect, compile, and exchange data. From the electronic control module of an automobile to the smart refrigerator, your cellphone to your coffeemaker, headphones, wearables, even your washing machine. The Internet of Things is all these things being able to connect, not only to the internet, but each other. And that’s the rub, right? I mean, think about what you would do if your car already knew the best route to work dependent on the flow of traffic for that particular day. Or your FitBit woke you up and then signaled your coffeemaker to start brewing that morning cup of joe! It’s a compelling concept and one that’s quite executable… I think.

What I want to talk about is its connection to context-aware development. Now, some of you may not be familiar with this term, so let me elaborate. Development in websites, applications, mobile, and the like has taken an awe-inspiring (in my mind!) trajectory this last decade. Going from static HTML/CSS sites, to content management systems like WordPress and Drupal, and then onto scripting and programming frameworks that execute both client-side and server-side activities. We currently have more technologies that can talk to each other and work with each other than ever before. But context-aware development brings in the outside world.

Context-Aware huh?

Yeah, think about it for a minute. What is context? It’s the circumstances that form the setting for an event, statement, or idea, and in terms of which it can be fully understood and assessed (courtesy of Google). So, context aware means that the behavior of a device will be enhanced dependent on the context. It will essentially take outside factors (like sunlight, movement, and signals from other devices) to determine what the best user experience should be. Let me explain. Let’s say you’re walking down a street, it’s super cloudy then all of a sudden the clouds break and the sun comes out. Imagine the website you’re viewing on your mobile phone adjusts the contrast so it’s easier to see the page. Now, I know what you’re thinking, there’s auto-contrast. But that’s built into your phone, not the website itself.

I’ll give you another example. Let’s say you are on the subway and reading a Boston Business Journal article. There is a particularly shaky section of track that you’re on and the subway starts rattling back and forth, making it extremely hard to read the text. Well, what happens if the text enlarges itself to make it easier to read. That would be a much better experience, would it not? Or the button that you want to click on gets bigger as a direct product of the condition of your environment. Or maybe the button turns white in a dark room, and black in a light room. That’s pretty kick-ass if you think about it.

Wearables…connecting your body to…well, everything else

The Apple Watch came out on the market and interested a certain section of the population. I don’t think it’s selling like hotcakes, but it’s still a pretty cool device. And let’s face it, it’s made by Apple, so it’ll just keep getting better as new versions of it come out. But there are a few things the Apple Watch and other wearables can do. The biggest thing I see is that most of these wrist devices can receive and collect information from the most pivotal environmental factor to a good user experience—your body!

Now, it can receive data like your heart rate (pulse), sleeping patterns, number of steps, type of activity (like jogging/cycling) and so on. As of right now, most all of these devices need to be synced up with an iPhone or similar device. But, again, as time goes on I think we’ll see these wearables getting smarter and more compact just like the cellphone. All the data it receives can be super useful in giving the wearer the ultimate experience. I also think that Google Glass (another wearable) will eventually make a big splash when the world is ready. For some reason it wasn’t well-received, I wonder why? Blog post for another day.

Let me give you an example of context-aware devices:

Let’s say you’re in the middle of a workout and your heart rate is elevated. Someone sends you a text and your wrist device holds off on letting it through until you can look at it when your heart rate is back to normal. Or the flip-side to that. Let’s assume you’re a doctor in the middle of a workout and someone needs emergency heart surgery. The sender can label the text message (or phone call) as “exigent” and your wearable can send you a quick buzz signifying that you might want to take this call! Or maybe you’re a senior citizen and you have a wearable that can tell if you’re having heart arrhythmia, you can’t get to a phone because of the pain, and your wearable connects to emergency services. Either way, you get the drift.

HMI’s…the connection for all connections

Human Machine Interfaces is a pretty broad term that can be applied liberally to iPod’s, washing machines, coffeemakers, automobiles, stereos, computers, and so on. But it really started in the industrial space with things like heavy machinery, but in the age of computers, that’s kind of subsided. An HMI essentially provides a graphical user interface (GUI) which connects a human to a machine. A great example of this is your car stereo (I have XM!). But it’s a visual representation of all the different channels you’re going through to get to the music you want. You can also control the volume, bass, treble, etc. Now, with the Internet of Things, the ambulatory devices should be able to connect with the stationary ones. Human Machine Interfaces will allow for connections to be made (and synced) from your cellphone to your car, your wearable to your coffeemaker, your iPad to your whatever!

Here’s another example:

Let’s take everything we’ve learned and try to put it into scenarios that would work. Think about this, you get home from a long morning run and you need to get ready for work. Your wearable locates how far away you are from your home and signals your coffeemaker to start brewing when you get close. You’ve got a fresh pot of coffee when you get home. But wait, there’s more.

You forgot to wash your clothes last night so you program your washing machine to start a short cycle, then throw your clothes in before you hop in the shower. You get out of the shower and throw your clothes in the dryer. Then you get a text from your coworker saying that the morning meeting has been pushed up by 30 minutes, oh shit! That signals your car to start and put the AC on (or get warm if you’re in a colder climate) and it also signals your car to find the most appropriate and quickest route to the office that morning.

Now, your car knows that you’re going to be rushed (it can feel your elevated heart rate), so it finds a station to play soothing music (think Enya) while you drive to work. You get your clothes out of the dryer, throw on that nice collared shirt and hop in your air-conditioned car that’s playing relaxing tunes and already knows the quickest way to get you to that rescheduled meeting. Life is good! Sah-weet!!!!

Are there any ramifications?

Of course, there’s always another side to that coin, right? Technology already controls a portion of our lives. Many are addicted to Facebook and other social channels. People text and drive. People text and walk. We tune out the outside world to live in our virtual bubbles. But I think connecting the Internet of Things, using context-aware development techniques, and devices getting smarter and more compact, are just going to help improve our lives.

Now, some would say that being this connected isn’t great. It means people work longer hours, people lose touch with their family lives, but the truth is that we can take this technology and make it work for us.

Your wearable tells you if you’ve been stagnant for too long a period, and can jolt you to get moving. Well, what if it could say something like “hey, go do something fun like hang out with your kids.” What if your cellphone or computer knew that you were spending too much time on it, and automatically shut down? There are lots of ways we could use all this technology and the IoT to our advantage.

When will this happen? What will make this happen?

Honestly, I’m not quite sure. I know CSS4 (which is currently out, but doesn’t have much browser support) does do a little experimenting with context-aware elements like pointer and hover. It also boasts Level 4 Media Queries, which really shaped the face of responsive design when media queries first came out.

I think everyone knows that JavaScript is really the “it” language for making a lot of this stuff happen. JS can access different avenues of data through the browser, device, or database. Essentially, it can do some really cool stuff like get GPS locations, time of day, weather/temperature, and the list goes on.

With all these technologies, and all the people working on (and with) these technologies, I can’t imagine it’ll be more than 2 or 3 years before we start seeing context aware development integrated with the Internet of Things. Now, for how long it’ll take to perfect it — well…maybe that will be never! Is anything ever really perfected?

Either way, I’m looking forward to this next evolution in the technology space. Context aware development and the Internet of Things will change the way we interact with technology and ultimately each other.

Artificial Intelligence — The Web’s Well-Wisher

August 6, 2016
Comments Off on Artificial Intelligence — The Web’s Well-Wisher

AI….it’s something I’ve always been fascinated by since I watched 2001: A Space Odyssey as a boy. HAL really made for an interesting introduction to artificial intelligence. Standing for Heuristically programmed ALgorithmic computer, HAL was an AI system that controlled the spacecraft and could converse, think, and feel for himself (or itself). I became more enthralled by AI when I saw BladeRunner and it only continues to this day after just watching the movie Ex Machina (it’s freaking awesome!!). But is artificial intelligence on the web a real possibility? Like true AI? Maybe…there are some people out there imagining the possibilities including Kurzweil and CSAIL, two sites dedicated to artificial and agent-based intelligence. But how far off is such a monumental accomplishment? And what does it mean for the world wide web?

Let’s take a look at some repercussions, mainly known as the Singularity, it’s the hypothesis that the invention of artificial superintelligence will trigger runaway technological growth, resulting in Arnold in Terminator 2unfathomable changes to human civilization. In short, what we all saw happen in Terminator 2: Judgment Day. Hasta La Vista, Baby! Now, this would obviously suck, big time! But there are other areas that AI would impact, just not to that extreme. Human jobs would be eliminated, probably a lot of them and they might raise our children (just watch the BBC drama Humans).

The flip side is the good; simple around the house tasks like cleaning, cooking, and doing laundry would be taken care of for us, leaving your weekends open to go do what you want. Website building will be easy, almost effortless with AI (more on this to come!). There wouldn’t be any more accidents on the roads and highways (hopefully!).

Artificial Intelligence and its short existence

First, what is it? AI is trying to get a computer to think, and eventually feel. There’s a difference between types of AI. There’s Artificial Narrow Intelligence (ANI), which specializes in one area, like chess. I’m sure you’ve seen the computer and mechanical arm beating some of the world’s greatest chess masters. Then there’s Artificial General Intelligence (AGI) that’s defined as a computer that is as smart as a human across the board. And finally, Artificial Super Intelligence (ASI) which is a computer that is totally superior than the smartest humans in every conceivable way imaginable – this is the ‘end of world’ AI.

AI really started taking shape in the 50’s when the field of artificial intelligence was founded as an academic discipline. Alan Turing (you know him from CAPTCHA – I’ll explain later) published a landmark paper where he wrote about the possibility of creating machines that think. He made a point to say that “thinking” is difficult to define and devised the Turing Test. If you remember CAPTCHA stands for Completely Automated Public Turing test to tell Computers and Humans Apart.

Scientist then used programs based off of similar algorithms to achieve some goal, like beating a chess player or proving a math theory. Known as “reasoning as search” computers would search until they figured something out or hit a dead-end and back-tracked. Then came micro-worlds, natural language, and symbolic reasoning. If you’re that thrilled, just check out the Wikipedia page on The History of Artificial Intelligence.

We fast forward through the 80’s and 90’s where lack of funding really hurt the advancement of AI, but certain groups were still researching and testing. In the 90’s, we see the emergence “intelligent agents” which is defined as a system that perceives its environment and takes action which maximizes its chances of success. Think of customer help desks or personal shopping assistants, it’s software that assists and acts on the user’s behalf. The invention of digitized personal assistants like iPhone’s Siri and Microsoft’s Cortana was a huge leap on the quest for true artificial intelligence.

Artificial Intelligence building websites…

You may be surprised to hear that the research and testing into AI has solved many technological problems of the 21st century including things like web browser intelligence, Google’s search engine, data mining, robotics, and more. But over this last year, specifically, we’ve seen an outburst of “artificial intelligence” website builders.

These website builders, like TheGrid and Wix ADI, claim to have AI that helps in designing and building a website for you. Now, if you are familiar with website design and development, there’s a certain process for making that happen. Most sites are built by designing the page, developing it using a markup language like HTML, and then adding in the content including images and text. But sometimes the content can make a page look bad or a little off, well AI website builders are supposed to change all that.

Straight from TheGrid’s website “our algorithms expertly analyze your media and apply color palettes that keep your messaging consistent and unique. The Grid also detects color contrasts, automatically adjusting typography color to maximize legibility.” – It seems pretty cool. They say “goodbye to templates, hello to layout filters.” I’m interested in this concept because I’m a web strategist, and anything that helps design scale is something worth looking into.

The Wix ADI claims to ask the user a “few simple questions, and the ADI designs tailored websites by learning about each person’s or business’ own needs. Next, choosing from billions of high-quality, stunning combinations and possibilities…” Well, I gotta say, I’m interested in this. They claim to build sites in minutes. Looks like I’ll be spending my next week on playing around with these things.

I’m still not convinced because in the realm of true AI, even AGI, this is but a wish. However, it still helps get closer to the end game. I’m really not sure how TheGrid or Wix ADI operates or builds its backend system, it’s proprietary, obviously!

Artificial Intelligence on the web…

If we look at other intelligent agents on the web like Chatbots, we’ll see that we are inching closer to true AI. PandoraBots is a service that builds and deploys chatbots. Do you have a website where you store a lot of information, or would like to get information from your visitors? Well, chatbots might be the answer for you. They’re basically conversational interfaces that you can integrate into other applications, just check out ALICEbot.

We also have Siri and Cortana, these are our personal intelligent agent assistants. We ask them where to find a good restaurant, how to get from Westminster to College Hill, what’s the latest news, we ask them Siri artificial intelligencewhat zero divided by zero is (just ask Siri the question!). We treat them like they are our friends, we ask them too because we’re desperate for validation. They politely reply with “of course, I’m your friend, Adam.” And for most of it, they get a lot of stuff right, they give good recommendations, the traffic wasn’t that bad, they explained why zero can’t be divided by zero in a really easy to understand way. But they still can’t think for themselves, they think for us. Viv, apparently the new AI assistant, seems to have better reviews than Siri. Allegedly, it integrates with different third parties to complete tasks like shopping for you and booking your hotel reservation.

Look at the web as a whole, the internet. It’s made up of all these different computers and servers, some owned by universities, private corporations, government bodies, etc. The only entity looking over this is the world wide web consortium, but they really put forth a set of principles. The internet and the web have grown into what it is today organically, not to mention darknets and the Dark Web. All these different moving parts, hardware and software, can talk to each other, integrate with each other. That’s pretty awesome!

Technologies that aid Artificial Intelligence…

Affectiva, a company that leverages facial recognition software, is leading the way in emotional AI. They help kids with autism, gamers, and people who want to analyze the facial expressions of certain photos. The human face has all these tiny little micro-expressions that can reveal your true emotional state. Now imagine this software was on an iPhone, couple that with Siri (or the new Viv) and the owner of the iPhone was in grave danger. It could register fear and dial 911. Or helping a severely depressed 16 year old. Or taking a picture of you at your happiest moment of the day. The possibilities are pretty wide spread.

What about virtual reality? Remember a few years back Mark Zuckerberg bought Oculus, the VR software. Whatever happened with that? Well, think of the possibilities there. If we want to get really crazy, in a few decades we could be sitting in our living room with those goggles on partaking in a virtual reality. I’m waiting for someone to put all these technologies together; Siri or Viv, facial recognition software, language recognition software, virtual reality, and the internet. Now we’re talking!

My thoughts on true artificial intelligence…

Well, I hope true artificial intelligence happens. I’m not sure it ever will though. Why? Because if it does, and we cross that threshold, bad things could happen. Imagine you make an intelligent being and their only purpose is to serve us, the humans. If they ever cross the barrier of being smarter than us, true super intelligence, then yes, I believe Singularity is a real possibility. There’s a reason why so many of those movies turn out bad, lol!

On the other side of that argument is the advancement of technology. I think people and scientists will keep striving for it, and it’ll be a really interesting day when we’re all introduced to HAL. But hopefully this time he won’t think that our existence is jeopardizing his own. The reality is this; that once we give a machine the ability to think for itself, we’ll never know what any of them are thinking. Just like the people we see everyday, a few think bad things then do bad things. Most people, though, are pretty awesome! So why wouldn’t machines be too?

 

I know I’ve used this clipart before that’s in the featured image (maybe I like it!), but because the Guy Fawkes mask has become synonymous (thanks to Anonymous) with web hackers and in turn with website security, I found it befitting to use once again.

This post is in direct relation to the talk I am about to give this Thursday for NIM on helping people overcome their website security insecurities. I will post the slides by the end of the week.

A little background…

Ever since I’ve been in the field of website security, it’s taken me a while to understand it. Working for Sucuri definitely helped in understanding it —but when I first started I did NOT get website security. It made no sense to me. And I’m a guy who comes from the agency world. I used to do front-end development work, I know design process, development process. That makes sense, you take one step forward and get closer to your goal…hopefully.  Not in website security, you side-step constantly. Because it’s not about control. Website security is a combination of technology, process, and people. You can’t control all those things, you can assess and mitigate risk in those areas, but you can’t control.

Helping people overcome their website security worries..

The motivation I have for giving the talk is two-fold:

  1. I really do want to help people overcome their worries and fears. Website security can be frustrating, befuddling, scary, complex, and down-right incomprehensible. And to preface, this is a post about website security. Not web security, not IT security, not PC security, or network security. This is a post on protecting your website. Although, all those other layers of security do sort of play a role in website security, that’s why it can be super confusing.
  2. Is to let people know that as website owners and managers, we have a responsibility to not only our sites, but our visitors, the world wide web as a whole. We need to be good stewards of the internet and that starts with the properties that we manage online. Our posture needs to be strong, solid.

So…I guess you could say my hopes for this post/talk are that the audience picks up one (hopefully more) tidbits of information that will make them more diligent online. I want people to understand website security a little better and to give them a plan of action to get their website security and online posture in order.

Let’s begin

The first thing I need everyone to understand is that website security involves several things. It involves Technology, Processes, and the People:

  • Technology – you have a local computer – you have a hosting environment, the different systems that you use that are integrated with your website, social media, the list goes on..
  • Process – Protocols that are used to transmit data (HTTP/HTTPS), protocols you use to recover your site once it’s been hacked, the process for updating your website or storing a password, the list goes on..
  • People – This one’s the hard one, the wildcard. We have hackers, that are getting better by the minute coming out with new technology. There’s us – the website owners – maybe we don’t have enough education. Then there’s the people that visit our website, maybe they have malware on their computer and upload something to your site, the list goes on..

Technology, Process, and People

So, the point is, we can’t control everything, but we can mitigate the risk.

Let’s talk about the people, mainly hackers…

hack·er ~/ˈhakər/ (noun): a person who uses computers to gain unauthorized access to data.

Originally ‘hacker’ was a term of esteem, used to describe someone who tinkered around with systems and could break things down, reverse engineer, someone who was really good at understanding their system (whatever it was).  Now it’s used to describe someone who wants to do malicious harm online.

HACKERS: White-hat, Black-hat, Grey-hat , Blue-hat. There are different types of hackers.

  • Script Kiddies – usually computer novices who take advantage of hacking tools, vulnerability scanners and the like
  • Hacktivists – groups like Anonymous, hacking for a cause, usually to expose information, get someone out of prison, expose a corrupt official, things like that.
  • Cyberterrorists – hackers that go after government entities. Experts say World War III will be fought online, I whole-heartedly believe that.
  • Organized Criminal Hackers (Hacking rings) – groups that take down targets like Home Depot, the MySpace passwords that were recently stolen, etc.
  • Security researchers – the good guys (or the in-betweeners – Grey-hats) that try to get ahead of the bad guys or find a vulnerability before it’s exploited.

Motivations of hackers:

  • Revenue/Money
  • Resources
  • Just because they can / or the challenge of it.

Attack types and distribution..

For the most part you’re going to see two types of attacks. Automated, which make up the vast majority of the attacks that are out there. Then the less frequent targeted attacks. The targeted attacks are the ones we hear about and read about in the news headlines. But the ones we really need to worry about are the opportunistic or automated attacks. Given enough time, attackers can sit back and have their networks work for them, and have their scripts slowly find, test, and attack every available target on the internet. Malicious automation has gotten increasingly sophisticated and shows no signs of slowing down.

You can download Sucuri’s Q1 report on hacked websites here: https://sucuri.net/website-security/website-hacked-report

It’s pretty scary stuff, but to give you a precursor, Google reported in March of 2015 that 17 million website users had been greeted with some form of malware warning that the websites visited were either trying to steal sensitive information or trying to install malicious software on the users’ computers. In March of 2016, that number jumped to 50 million!! I imagine next year that number will grow to triple, maybe quadruple that. You can see as the internet grows, so does malware distribution. Google, alone, blacklists over 20,000 websites per week, over a million per year. That’s pretty staggering.

But what are some of the vehicles for distributing malware? There are a lot, almost too many to name, but I’ll name a few that’s seen quite often:

  • DDoS attacks – it’s an attempt to make a website unavailable by overwhelming it with traffic from multiple sources.
  • Brute Force Attacks – this is a trial and error method used by hackers to crack passwords through exhaustive efforts, not strategic ones. We see this a lot with Content Management Systems.
  • Software vulnerabilities – a weakness in a website or system that allows a hacker to gain access and/or infect it with malware. These are usually due to people not updating their systems.
  • Drive-by Downloads – refers to the unintentional download of a virus or malware onto a personal computer or mobile device
  • Phishing Lure – an attempt to acquire sensitive information (passwords, usernames, etc.) by masquerading as a trustworthy entity online.
  • Malicious Redirects / SEO spam – this is the manipulation of a website’s SEO and/or links to get traffic to a certain page. Often times a pornography site, or pharma page like Cialis or Viagra.

There are others like XSS (Cross-site scripting), SQLi (SQL injections), RFI (Remote File Inclusion), LFI (Local File Inclusion), and more. So we need to be very diligent, things are already working against us.

But what do we control as website owners?

A few things, right? Right now, we control our website (well, hopefully if you haven’t been hacked and locked out of your site), and what goes on it — things like themes, plugins, modules, extensions, add-ons…

We also control our hosting environment. And I want to make a quick note on how hosting plays a role in website security. Here is a picture of my CyberDuck (the FTP client) – I’ve blurred out a few of the domains I have on there (for security purposes).

interface for cyberduck ftp

 

The thing to note here, is that all these 6 sites, all these properties, they sit next to each other in your hosting account. It doesn’t make a difference to me if you have a dedicated server, a VPS, or a shared server. Most people have shared servers. Why? Because they’re cheap and they offer unlimited domains. I don’t think it’s much of an issue that people sit on shared servers with other people and “share” the resources, that’s not really the problem. Hosting providers will have their infrastructure set up so that it would be very difficult for malware or a virus to jump from one account to the other. But the issue it within our own hosting account.

Take the above picture. Say the two sites that are not blurred out – BeingAJiLe.com and AdamJamesLamagna.com – say these sites were really important to me (they are), but let’s say those are the only two I cared about on my shared server. The other 4 sites that are blurred out, let’s say I don’t care about them. Let’s say I never update (I do, but for argument sake). That means that those sites are susceptible through software vulnerabilities, or weaknesses in the code. If one of those sites gets infected, it could infect all the other sites on my server through an activity called cross-site contamination. I wrote a post on it. But remember this — your web host / server is only as strong as its weakest link.

Your web host /server is only as strong as its weakest link

And that’s how hosting plays a roll in website security. People put development or test sites on the same server as production sites, and then forget about those sites. Take a count of how many sites you have on your server, and do a little cleanup if there are sites on there that you don’t care about.

What do we do to actively protect our sites??

This is the thing, there’s really only 1 thing you can do to protect your site. And that’s to install a firewall, specifically a website application firewall. A firewall is a catch-all phrase, right? There are network Firewall stickmanfirewalls, server-level firewalls, local computer firewalls, they all protect different things. You can read up on the Differences in Security Firewalls, it’s a good post. But a website application firewall, also known as a WAF, will protect your site from malicious incoming web traffic. What it does is inspects packets of data and compares it to known vulnerabilities and known trusted sources. If it matches a trusted source, it passes through, if it matches a vulnerability, it doesn’t.

But Firewalls, as all security technologies, are not infallible. They make mistakes, not very often, but maybe there’s a new virus that it hasn’t seen yet. It won’t pick up on it and block it from your website. But that’s the reality and why having a good online posture comes in handy.

Understanding the security state of your websites…

Another technology you can use to get insight into what is going on already on your website is called a scanner, or monitoring device. There are a few free ones out there like these:

All pretty solid technologies, but again they’re fallible. They’ll check the source code and files and compare it to known vulnerabilities. If a vulnerability has not been discovered yet, it won’t pick up on it. But that’s just the way it is, so we have to be strong in our online posture to be able to react accordingly, and hopefully prevent infection from ever happening.

Essentials of good online posture for your website security..

A few things (and let me preface this by saying ‘I don’t want to tell you what you already know’) that I want to impress upon you that are essential to good online posture.

  1. Backups – this one should be pretty obvious. You need to backup the files and the database (both of these!!). If you don’t change your content all that often, backup once a month. If you blog everyday, backup daily. Now for each specific CMS, there will be tools you can use. For WordPress, I use BackUpWordPress – it lets me automate backups on a frequent basis. But, what it will end up doing is placing the .zip file and .sql backup on the server. Remember what I said earlier about servers. You need to remember that once your backups are complete, to remove them from your server. Put them in a safe place on your local computer or somewhere in the cloud. Otherwise, your backups could become corrupted if your website gets infected.
  2. Updates – another one that’s pretty obvious. You need to update your site. Along with cool new features also comes security patches. This is what we care about – security patches. Now WordPress has been really great at backwards compatibility, meaning that when you update, it’s rare that thing break on your site. Well…as long as it’s not super customized. For those sites that are super custom or other CMS’s that aren’t great at backwards compatibility (ehem…Drupal), then the only way to really protect against this is to get a website application firewall – what I talked about earlier. Most firewalls will stop those vulnerabilities at the edge before it even gets to your site. Known security patches will get written into a firewall’s ruleset to help protect. Otherwise, I would make plans on fixing your website to be able to do updates.
  3. Passwords – I believe people are getting much better about their passwords, I think… Use a password manager like LastPass or 1Password. I bought 1Password for $50 for my lifetime, it’s totally worth it. Password managers will generate strong passwords for you, you don’t have to memorize them (you only have to memorize one – the one that gets you into 1Password). It will open up a particular website and autofill for you, which is super nice! And you can also share passwords via vaults with team members through a service like DropBox or Google Drive.
  4. Access Control / User Access – this ones always a tricky one. You have a CMS, and other users need to be on for whatever reason. Maybe they put new products on the site, or write blog posts for you, or make updates to plugins. Whatever the reason, users need to get on your site, you can limit their access through things like user roles, which WordPress does really well. But the other piece is authentication. Authentication is huge in the CMS world. I wold strongly suggest enabling something called two-factor authentication. You can do this pretty easily in WordPress and I’m sure other CMS’s too. You need to download Google Authenticator in the App Store using your Android or iPhone. Then I used the Google Authenticator plugin. When you install the plugin and go to a User (you can have a different code for each user, which is ideal) it will ask you to enable it and a QR code will pop up. On your iPhone/Android, you just scan the QR code and then miraculously it’s synced up. Now, every time you go to log in, it will ask you to put in your 6-digit code from Google Authenticator. The system knows it’s YOU who is logging in, and not someone else coming through a Brute Force attack. Now, if you don’t have an iPhone or don’t want the hassle, you can always install CAPTCHA or ReCAPTCHA, which will authenticate that the user logging in is not a robot/bot by asking it to spell some hard to read text or doing a math problem. I prefer Google Authenticator, but CAPTCHA is at least another layer of security.

So, where do I start if I don’t know where to start…

You start with an asset inventory list:

  1. Create a list of all the sites you own or manage:
    1. Where are those sites hosted?
    2. What plugins, modules, extensions, themes, 3rd-party systems are on or integrated with my website? Are they necessary? If not, remove them.
    3. Make a list of all the people who are allowed access to your site. Evaluate their permission levels, stress strong passwords, and enable two-factor authentication.
  2. Make a backup of each site:
    1. Files and Database – remember to take them off your server and store them some place safe.
  3. Make sure your site is updated:
    1. Core files, plugins, themes, modules, extensions, etc.
  4. Scan your sites for malware:
    1. Use one of the free DIY tools offered by Sucuri or other companies.
    2. Or use a scanner specific to your CMS, see below.
  5. Actively protect your site using a Firewall or CMS specific technology.

Here are a few tools for you to put in your website tool DIY basket:

Platform Agnostic Scanners:

CMS specific scanners (HackTarget has got some cool tools):

CMS specific scanners will compare your install to a trutsted install of the specific CMS to see if things have changed much, etc. It’s good to see if files have been changed or if there’s something on your site that just shouldn’t be there.

Reasonably priced Firewalls:

If you absolutely can’t pay for a Firewall and need something free, then I’ll use a combination of Cloudflare’s free CDN service, and Wordfence (this is only for WordPress users) – they bill the plugin as the “most downloaded security plugin for WordPress” – I feel like I’ve heard that before. But either way, this combination works really well for my sites, but keep in mind, my sites aren’t super high traffic. I imagine if you have a super high traffic site, that you can pay for a reasonably priced firewall.

But if you can’t, the above combination works for me. I use Wordfence’s automated scanning and Firewall, in conjunction with Cloudflare’s free CDN network (which will speed your site up regardless) and their security features. I also have two-factor authentication on my site and I use Login Lockdown which will limit Brute Force attempts.

In closing…

I know this is all a lot to take in. Website security just isn’t one thing, it’s many. We were told that putting up a website is easy, and that’s true, it is easy. But managing and protecting and keeping your site/visitors secure on a daily basis is the hard part! It’s a constant battle, but I hope this brought a little clarity to securing your website and being a more responsible steward of the internet.

A few more resources if you’re interested..

If you have any questions, please feel free to reach out! Many thanks!

Technology is the campfire around which we tell our stories

I am totally enthralled with the Amazon Prime original series The Man in the High Castle, it’s ah-mazing and edge-of-your-seat kinda good! Seriously, check it out. But as I sit here and watch, completely enamored with what’s about to come, it dawns on me…. I have my laptop open. How can I be enthralled when the screen I’m looking at is partially blocked by another screen with a brighter contrast (*reminder to turn down my blue light now!)?

   …Technology is everywhere…

It’s there…all the time, where ever we turn. We wake up to an alarm on our smartphone or a buzz on our FitBit. We watch the morning news on our television while we surf articles on our iPad mini. We work all day behind a laptop or a desktop connected to our peers, bosses, coworkers, and friends. We drive to destinations using our GPS, we find destinations using our voices through the advent of intelligent assistants like Siri and Cortana.  Then we “veg” in front of our TV’s watching the latest episode of House of Cards and trying to beat our Angry Birds highest score on our Androids, while stalking our friends on Facebook and Instagram. Technology just isn’t in our culture…it is our culture.

So, I started looking at how I really used technology. And the above paragraph is a pretty accurate assessment. Except, I don’t play games on my smartphone (not much of a game-goer). But technology (because I work in it) is my career, without it, I could not do my job. Could any of us? But separated from work, which we all know is hard to do, how was I using technology?

Well…let’s just say I’ve let it take my life over. I’m texting my friend from WordCamp while I’m grocery shopping. I’m checking my Facebook idled at a red light, I’m looking up “where do I know that actor from?” on my iPad while I’m watching a movie. Technology consumes me…..but I see it consume a lot of people my age. Even my mother plays her puzzle games on her iPad while watching the evening news.

And that’s only one piece of the puzzle of technology in our culture…

The other piece are the feelings, the emotions, and the perceptions. People say all the time that they don’tPeople at a bar on their cellphones let technology affect them, but that’s not true at all.  I see people bogged down with technology at restaurants, too busy intrigued by what their childhood crush is doing at that very moment online to order their food and enjoy the process of eating out with real-life friends.

I hear people say (and write) on Facebook (and other social channels) that they “won’t let other people take them down” or “they aren’t going to worry about what others think of them.” Yet I’ll see from that same person they’ve written some long diatribe that counteracts their statements, and I’m not sure they realize it. Then I’ll read the comments and I’ll see that they definitely didn’t realize it. But here I am reading this rant and these comments and the feelings are all too real. Technology affects us all and in different ways.

Facebook rant image

Let’s look at the opposite end of that. Something really cool happens and we post it online. I bought a new motorcycle and instead of just going for a ride, I take pictures of it and post it on Facebook (this, I’ve actually been guilty of). Is my excitement from getting the motorcycle and the freedom you feel when you ride it? Or is it from showing it off to my online community of “friends”? Maybe both? Not sure if I’ll ever know. We take pictures, we say words to get validation or make a point. But is that point made, or that validation received? Or is that only our perception?

Technology is the vehicle for how we drive our lives and relationships forward

It’s a place we live—online, connected, available, vulnerable. It is, truly, the way most people validate their lives now—through the lens of a blue light. We celebrate our birthday’s online, our promotions at work, our child’s first step. It’s all super important online, what our friends and our peers think about these things, and how that makes us feel. But it should be about how we actually feel about these things.

But obviously, there is a flip-side to all that, as there is in life! People are sharing more than ever online, which can be a good thing depending on the contribution. We have access to information that was never possible before. People display their art, their music, their screenplay, their creativity, their passions all online. And that can be beautiful.

But as I sit here and reread these words, I realize yet another truth, that technology’s burdens to me could be someone else’s beauty….and vice versa.

So, when you’re online, do what you feel is right. Keep it in or out. Wake up to it, or not. Be connected all day or only a small fraction of the day. The reality is that there is no way around it, it’s there and will always be now. As time continues to move forward, those of us who remember what life was like without a computer will slowly fade. And our culture will forever be connected to technology.

In the words of Laurie Anderson, “technology is the campfire around which we tell our stories.”   

I wanna tell some goods ones and contribute to the culture, what do you want to tell?