Category

Technology

"Technology is the campfire around which we tell our stories."

Do I really have to worry about cross-site contamination?

I get this question a lot when I talk to people on the phone. I deal mostly with agencies and larger companies who have 20, 30, 100 sites sitting on 1,2, or 5 servers (or dozens of hosting accounts) and want to know about cross site contamination. It’s an interesting concept. If one site gets compromised and infected with malware, will the other sites that are sitting on the same server get compromised? Well, the real answer is…..maybe.

  Let’s talk about life…

I started doing research on this subject when I came to work for Sucuri. I always thought it was a notion cooked up by the security experts trying to scare consumers into submission—you can get screwed just by sitting next to someone or sharing the same cutting board as the raw chicken? But this holds true in life all the time. Whether you’re at the movies and some unruly teenagers walk in—there goes your enjoyable movie-watching experience. Or you serve a platter of vegetables after you’ve cut them on the same counter top you forgot to wash off after you marinated the steaks—lucky party guests!!

True story: 

Stephanie Smith, a children's dance instructor in Minnesota, was paralyzed from E. Coli which just happened to infect the burger she ate at a backyard BBQ that her mother cooked her. How, you ask? Through cross contamination, and a very slight change in the slaughterhouse's process. You can read about her grueling ordeal here - Real Life Impacts: The Stephanie Smith Story

And how does this relate to website cross contamination, well it’s a pretty straight line. If a website is infected with a virus, then that virus can spread or attach itself to all the other websites it sits next to. And this is how it happens, it can be subtle, or slow, fast or fierce, but it can (and does) happen!

Yet…I still wasn’t happy with that answer or analogy. So, I dug a little deeper and a little closer to home. Let’s look at traditional computer worms and viruses. The kind that can really mess with your local computer. How are those delivered? How do they get on my computer? Let’s define what worms and viruses do.

Quick Computer Lesson

Computer Worm: a standalone malware computer program that replicates itself in order to spread to other computers. Computer Worm – Wikipedia

Computer Virus: a computer program usually hidden within another seemingly innocuous program that produces copies of itself and inserts them into other programs or files and that usually performs a malicious action. Computer Viruses – Wikipedia

Computer with a virus on it

So how do you get this type of malware on your computer?

That’s a great question and one that’s hard to answer because malware distribution has gotten so sophisticated these days, it’s hard to tell exactly how your computer got infected. Certain delivery method culprits could be:

  • Phishing lure pages / Spear-phishing emails: You get an email from someone you know (or think it’s someone you know) and you click on a link. Same as if you go to a website you think you trust and click on a button/link.
  • Drive-by Infections: These are super dangerous because this means you just visit a malicious website and it can infect your computer. Just by being on that website for one second can deliver a payload that really inconveniences your life.
  • Using unsecured networks: We’ve come to expect free wifi everywhere we go, but beware because that means anyone else (especially unscrupulous users) have access to it as well. And the good hackers can gain access to your system through all the various software tools available and then crack passwords with ease with all the various software tools available!
  • Using an infected flash-drive: Ok, this one is unlikely, but if you’re a student and need to back up your files and you use a flash-drive your friend gave you—it can potentially be dangerous. Just buy new ones that are sealed in their packaging!
  • Downloading music, movies, and other stuff illegally: I’m sure people still do this, but it’s a sure-fire way to get infected with malware. Be careful what you download and what source you use to download it from.
  • Social Media: Social media platforms are our best friends sometimes, but they have lots of things that we click on from interesting top stories, to party invites, to alluring ads. These can all be triggers for malware distribution and according to Business News Daily is now the world’s largest attack surface.
  • Mobile Apps: Yup, now your mobile phone can be hacked! Cybercriminals have created apps as “utility” apps and when unsuspecting users download it, it fills their phone’s memory with malware. The next time that phone gets connected to a computer, for whatever reason (maybe just to charge it), the computer gets infected with malware.

As you can see, there are a myriad of ways to get infected with malware. And that malware can come from a plethora of sources. Depending on how the virus, the worm, or malware code is written, it can spread like wild-fire infected everything in its path from phones to connections with local computers over unsecured networks to other local computers and servers.

And if we think about this concept, at its very foundation it’s considered cross-platform contamination. But let’s look at viruses on a granular level. What happens when the virus infects my computer? How does it spread?

A virus has several moving pieces to it, all of which help with its end goal of inflicted damage.

  1. Infection mechanism – this is how the virus spreads or propagates. There’s something called a ‘search routine’ which locates files/disks to target, then copies itself into those files/disks.
  2. Trigger – known as a logic bomb, it’s the piece of the virus that activates the payload and can be done through a number of different actions or executions, such as on a certain date or time, the presence of another program, disk capacity, or a simple click.
  3. Payload – the code/data that performs the purpose of the virus, often times the malicious or harmful activity.

If we look at these pieces, we’ll see that a virus on a local computer will move throughout that entire computer replicating itself in different files, disks, programs, applications and so on, delivering a payload.

So cross-site contamination is quite similar. A server is really just a computer. Let’s dive into that…

Cross-site contamination with a side of fries, please…

Going back to our food analogy, let’s say you go to your favorite fast food restaurant. And let’s say you order a big juicy burger with a side of fries. Only unbeknownst to you, that burger is contaminated, does that mean the fries are too? Well, if they’re served to you in the same bag, then yeah, it could be!

If you take a server, let’s say a shared hosting account with any of the big boys out there, and you Virus with a side of friescurrently have 5 sites on that shared hosting account. What’s the likelihood of a site getting infected? Well… if you don’t have any security measures in place, then the answer is very high. But let’s say you do have security measures in place. Let’s say you have a website application firewall and you scan every day for malicious activity. But let’s say you only have those security measures on the two most important websites on that server. The other 3, you could care less about!

Why this train of thought sucks:

If you go back a little and look at cross-platform contamination and contamination of files on your local computer, cross-site contamination works the same way. You’ve got 5 sites that are sitting on the same shared hosting account and only two of those sites have a Firewall. That means that the other 3 do not! So they are still susceptible to brute force attacks, DDoS attacks, malware distribution, and every other form of malicious activity…essentially making every site on that server susceptible.

Once a hacker gains access to one of your sites that sit in your shared hosting account, realistically they can do a lot of damage. They can add files which can change permissions, inject code that locks you out of your site, and they can take over your entire web server and damage the sites that “were” protected, or so you thought.

What to do??

Well, a few things. One—you can have security measures across the board. If 5 sites are on a server, make sure you have a Firewall for each of them, make sure you monitor each of them. Or you can isolate sites, which is another avenue. Maybe it’s more cost-effective for you to take those two (important) sites and move them to their own environment. You can clean up your server, I totally recommend doing this. Take a lazy Sunday and look at how many sites you have on your server. I’m talking about all of it – the subdomains, sub-directories, the development sites, and so on.

The more sites you have sitting on your server, the more susceptible you are to malicious activity. If you have 20 sites, and 1 is protected, there’s a good chance it’ll be compromised. Even if you have 19 that are protected, there’s still a chance you could be compromised. Albeit, it’s a small chance at that ratio, but it is still there.

Protect your sites, protect yourself, protect your visitors!

 

The Frustration with Website Security

May 1, 2016
Comments Off on The Frustration with Website Security

People just expect their websites to be secure!

People just expect their sites to be safe, and I’ll admit, I did for the longest time too! But that’s a far cry from reality and one that’s hard to sell.

I work for Sucuri, one of the best website security companies on the market today (probably the best – and yes, I am biased!). But I sell web products to agencies and enterprise level clients. It’s not so difficult to sell them on our products. Sucuri’s products, they just work and very well at that! What I need to sell people on is website security as a whole, which is much more difficult than you may realize.

Let me break things down.

There are all these moving pieces to the web, correct? Yes, there are. Even more so at a granular level when you look at company’s servers or hosting environments, file structures and setups, their clients and others who have access to these sites, the sites themselves and all their vulnerabilities. Not to mention the hackers, who rarely leave a trace and rarely get caught and rarely get punished for it.

Let’s start with different environments. There’s a great analogy I use for shared hosting, VPS, and dedicated accounts.

  1. Shared hosting – this, essentially, means that you are sharing resources with everyone else in that environment, like CPU time or memory space. It’s like living in an apartment complex and sharing the pool, laundry, and parking lot with your neighbors. You still have your own place, but if the laundry is tied up, you’ve got to wait!
  2. VPS (Virtual Private Server) – this is like living in a condo, because you’re still sharing resources that are outside of your condo, like parking space, but you’re ultimately responsible for things inside your condo. So, in a VPS environment, there are still shared resources, but portions of those resources are dedicated to each individual VPS.
  3. Dedicated server – this is like owning your own home. You’re responsible for the upkeep, but you also have access to all the resources, and no one shares them with you.

So, this is a very simplified version of server environments. Nowadays, people use the term ‘server’ and the term ‘hosting’ in somewhat the same way. Years ago, when someone said we host internally, it usually meant that they had physical servers inside their offices where they would manage them and actually host their sites on those servers. And for those of you who don’t know, a server is just a computer, with a little different hardware on it (even though, a desktop computer could run a server) – I know, confusing!!!

Hosting is done by a number of different providers like WP Engine, 1and1, GoDaddy, Pantheon, and so on. They have the hardware and resources to handle many different types of platforms (or a specific one), and they also make things easy for people to manage their environments through something called a C-Panel or Control Panel. It’ll give you access to your domains (if you’ve pointed them from your registrar or used the hosting company to buy the domain) and let you change the directory path and DNS settings, things like that.

Now with most servers, there will be server-level firewalls set up with the infrastructure, but that means that it’ll still let in web traffic, which is what we need a lot of protection from. Port 80 (HTTP) and port 443 (HTTPS) traffic can let in a lot of different activity (good and bad).  This is how your visitors reach your site, through one of those two ports depending on whether or not you have an SSL certificate. So, there are many different ways a website can get compromised.

  • Software vulnerabilities
  • XSS (Cross-site scripting)
  • Backdoor Injections
  • SQL Injections
  • SEO Spam
  • DDoS (Distributed Denial of Service) Attacks
  • Brute Force Attempts

And the list goes on…and on…and on…

But you have to be aware of this stuff, and keep in mind that a lot of these attacks are automated. Some may be done manually by a bored teenager sitting at home in front of his computer. But for the most part, they’re automated attacks. And keep in mind there are attacks of opportunity (which we are all susceptible to) and targeted attacks, which are usually for the bigger brands and companies, but make no mistake if you engage in controversial content on your website (like religion or politics), you can very well be targeted too!

There are a few different reasons why someone would want to attack your site or gain access to it. It’s not just money, but that can be part of it.

  1. Revenue – and I’m not talking about people trying to steal credit card info (although, that happens all the time), but if you don’t do anything with e-commerce, hackers can still profit off of your website. Imagine a hacker injects your site with malware and then your mom visits your website. She unwittingly downloads something that your site told her to download (because she trusts you and what you put on your website) and then four hours later she has no money in her bank account. BOOM!! Oops… That’s what I’m talking about. And there’s also SEO spam. Hackers who use your site to redirect traffic to their pages to make money by inserting links, or keyword stuff your site (which will send your rankings through the floor – and it’s hard to recover from) to get better rankings in the short term and make money off of your audience.
  2. Resources – this is another big one. Maybe the hackers don’t want money, but they may want your resources. Things like bandwidth or CPU. They can build a network off of your system and lease it to others. Now hackers can take your resources and use them to attack other unknowing parties, without YOU (the website owner) even realizing it. Scary, right??
  3. Lulz – yup, that’s right, lulz!! What is that you ask? Well…it’s just for the hell of it! Fuck it, let’s try it! I want to see if I can do this. Again, it could be some bored teenager just sitting around chatting on the security forums. Someone tells them about a tool to drop scripts in a website via a contact form, and they want to see if they can do it and gain access. Then once they do, who knows what could happen!! Be careful of this, because this is really hard to mitigate against. Get a WAF (website application firewall).

We have to be careful of things like Ransomware (holding a website owner’s site hostage) or Cyber CrimeMalvertisements (malicious ads) and there’s no one right way to do this. It really starts with education, so if you’re reading this post, kudos!

Some thoughts on general security

In order to keep your site (and your visitors) safe, you’ll need to explore general website security. Starting with monitoring and a firewall. Sucuri offers an awesome monitor/firewall package, our Website Security Stack. But if you can’t afford that, then look at all the free stuff out there.

You can use our Sitecheck to see if there is malware on your site. But keep in mind this only scans remotely, it can’t check the database.

You can learn how to harden WordPress. Which is basically locking a few things down like access, having containment, certain configurations.

Or you can take a look at OWASP and ModSecurity – which are open source and free to use, you just have to configure the firewall yourself, and that can get confusing!!

The Frustration of Website Security

And this is the frustration of website security—is that there is no 100% solution out there. I don’t think there ever will be! Ever! The reality is is that the landscape of websites and their environments change so frequently that once a solution had been produced, hackers have already found a solution of their own to beat it. And that’s the continual cycle.

So educate yourself and the people around you. If you own a website, you not only have a responsibility to it, but to your audience, and the web in general.

More to come on this topic…..

 

The Cost of Doing Business with a Web Agency

March 3, 2016
Comments Off on The Cost of Doing Business with a Web Agency

I got asked a really great question last weekend and figure I would expand on it in a blog post. The question was “what’s the difference between a $2,500 project/website and a $15,000 project/website?” This, believe it or not, is one of the most probing questions I’ve ever been asked. Hence, the need to write a blog post on it.

So…what is the difference?

I’ll tell you as I see it, and I want to preface this by saying, my word is not absolute. This is completely my opinion and my thoughts that stem from the experiences I have working at a small agency and a larger one. The smaller agency charged anywhere from $2k – $20k per project and the larger agency charged anywhere from $50k – $250k per project. I would love to say that the difference is level of effort, but that’s not necessarily true. I think what we have to do first, is look at the variances of what we’re talking about. There are many, many variances in agency types or tiers, types of projects or websites, and variances within those projects.

So what kind of an agency is right for your business, what are the pro’s and con’s of each?

Types of Agencies

In the design and development world there are all types of designers and developers ranging from freelancers to mega-web agencies, small design shops to professional engineering firms. There are marketing agencies, social media agencies, and SEO agencies. For the sake of this post, I’m going to concentrate on the different types of website design/development agencies, the ones that do strategy, design, and development. This will be mostly for people or companies looking to get a website designed and built.

  1. Freelancers: These are the hardest ones to put in a category, because like agencies, freelancers can range a great deal. There are the novice freelancers, many of them do projects for next to nothing, sometimes they actually charge nothing. They’re just starting out and want to grow their portfolios. But then, there are other freelancers out there who are phenomenal. Usually these freelancers are expensive and don’t take on many projects because their plate is already full. You can usually find freelancers ranging from the novice to the expert on sites like Upwork or Elance, just make sure to check out their ratings and reviews.
    • Advantages: One person owns the project from start to finish (not being shuffled between people); Almost always less expensive than agencies; Can usually get the job done very quickly
    • Disadvantages: One person owns the project from start to finish (so, stability could be an issue depending on the freelancer), if they run into a speed bump that could mean the end of the project; Skill set is usually limited to one area like development or design, not both — unless you find that unicorn freelancer, they are out there!
  2. Small ‘Everywhere’ Web Agency (2 – 10 employees): These agencies are very common and popping up everywhere (hence, the ‘everywhere’), and like freelancers, they can range a great deal. Most small web agencies don’t have a focus in terms of industry. They’ll work with a lot of companies ranging from lawyers to restaurants to local businesses. The owners often times act as project/account managers and the staff is limited in their experience. That’s not to say that these agencies aren’t good, there are good ones out there, but they mostly do simple marketing redesigns, blogs, and brochure-style websites.
    • Advantages: Prices can range, but usually it’s within a small businesses’ budget. Often times you can get redesigns done for $2k to $10k; These agencies are friendly and will treat you like family, and they’ll go the extra mile to keep you as a client.
    • Disadvantages: They sometimes use templates for design, so you’ll see many clients that have the same navigation bar or search box style; Sometimes they’ll modify themes instead of making custom ones; And often times they don’t have an in-depth process when it comes to the strategy surrounding the project.
  3. Boutique Web Agency (5 – 25 employees): These agencies are the ones that usually have sharp focus in a niche industry, like “we only work with non-profits,” which makes them really great in that one (or two ) specific vertical(s). Their process is somewhat refined and they have a small team. They usually have top-tier talent (one or two rockstars) and project or account managers. They work with medium-sized business and most likely have a few enterprise level clients.
    • Advantages: Focused verticals, know the specific industry inside and out; Refined strategy processes; Top-tier development and/or design talent; Most likely have good project management skills
    • Disadvantages: They have small teams that are most likely working on a number of different projects; May push out the start date depending on workload; Often times rely on the top-tier talent to take the bulk of the projects
  4. Professional Web Firm (25 – 75 employees): These firms are the ones that have focus in a few different industries and market themselves that way, but they’ll also push their own boundaries and take on projects outside their industries (not all the time!). They usually have a sales department (or sales guy) and marketing team. They’ll have dedicated project teams and a handful of project managers. They’ll also have a solid leadership team to motivate and corral the team members when needed. They have processes set in place and incrementally improve them. They consider strategy a big part of the web game and use it to deliver solid projects. They have full day discovery workshops and probably do user testing to confirm hypotheses. They work with big companies and enterprise brands, but still have a few small to medium businesses that they got when they were starting out.
    • Advantages: Custom work, you’ll get a unique website that’s built for your users (hopefully!); There will be an outlined process; Roles and responsibilities will be defined; Strategic thinkers that will use data to make informed decisions; Will assign a dedicated project manager; Top-tier talent
    • Disadvantages: They’re expensive; And they’re not the quickest on project timelines, they plan and plan, and that takes time; Often times they overload their team because of client demands
  5. Mega Web Agency (100+ employees): These are the large agencies that take on a number of different verticals, they almost always have distributed teams and work on some really big projects. They’ll have every type of agency person including user experience designers, digital strategists, marketers, software engineers, strategy partners, and a large leadership team with dozens of years of combined experience. They usually don’t take on projects for less than $250k (I know some that start at $500k or even above!). They work with brand names (think Google) and they’ll do mostly (if not only) custom work.
    • Advantages: Super custom work tailored to your users; Strategy will be the biggest part of the project; They’ll usually work in sprints and test at the end of each sprint to verify concepts and prototypes; Quality Assurance will be meticulous
    • Disadvantages: You need to be a huge company to work with these guys, because they are expensive; There might be a waiting list to work with them; There will most likely be a number of people in on the project at different phases/stages of the project, so you’ll meet new people constantly

What about agencies with 75 to 100 employees?

Good question! Well, this is by no means a complete list. I’ve noticed the farther I go in web services (or just web in general) there are soooo many types of agencies out there. There’s also the Digital Body Shop which usually has anywhere from 50 – 100 employees, and they do a bunch of different projects in different verticals and work with a myriad of industries.

Just remember, this stems from my own experiences and the people I’ve talked with.

Let’s get into project type and what their average costs are with the different agencies.

Types of Projects / Types of Websites

Like agencies, there are definitely a myriad of different projects and websites that can be created, designed, and built. Some are simple, and some are super complex. So, I’ll list out the most common projects most people are likely to encounter and most agencies and/or freelancers would take on. To limit things (because this is already a long post!!), I’m going to just do pricing for the 3 web agencies in the middle: Small Agency, Boutique Agency, and Professional Agency. Please keep in mind, these are averages (prices all depend on the scope) and can realistically range from $1,000 to millions!

  1. Blog: This is perhaps the simplest type of site which mainly consists of a content management system (like WordPress) and updated content coming out on a regular basis.
    • Price:
      • Small: $1,000 – $5,000
      • Boutique: $3,000 – $15,000
      • Professional: $10,000 – $35,000
  2. Microsites: These can be deceiving. Just the term ‘microsite’ sounds small, but I assure you they can be the opposite of that! Microsites are usually when a company wants to promote an event or showcase a certain branch or department of their company. Often times there is video or images, CTA’s (calls-to-action) prompting the user to do something like signup for a service or check out certain resources. They can be cool ways to get more awareness.
    • Price:
      • Small: $2,000 – $8,000
      • Boutique: $5,000 – $25,000
      • Professional: $25,000 – $75,000
  3. Marketing Site: These are called different things, sometimes Informational sites, or Brochure-style sites, but essentially these sites just market your company or cause or whatever! They can be a little trickier than blogs because often times they require implementation of ad-serving, email newsletters, videos, or image galleries. I’ve seen these sites range anywhere from $5,000 to $80k, depending on what’s involved with them.
    • Price:
      • Small: $2,000 – $10,000
      • Boutique: $10,000 – $50,000
      • Professional: $35,000 – $100,000
  4. Site/Application Build: These are a little trickier to price because they almost always involve doing some type of integration with another system. Like integrating with a booking engine or an events registration system. These builds can be complex and should be handled by top-tier talent. Be careful to go with a price that’s too low (there is such a thing!) because they should be priced accordingly – they are hard projects to work on!
    • Price:
      • Small: $8,000 – $20,000
      • Boutique: $35,000 – $120,000
      • Professional: $75,000 – $250,000
  5. Membership Portals / Member-Based Sites: These can be fun projects and if done right can come out really well. With WordPress there are some default membership properties like Editor, Author, Subscriber, etc. But a good agency can do almost anything with these and other CMS’s, like Drupal, let you customize your user roles. But because the needs of a client can vary a great deal depending on what they want their membership site experience to be like can determine how much the project will cost.
    • Price:
      • Small: $5,000 – $25,000
      • Boutique: $30,000 – $150,000
      • Professional: $75,000 – $300,000
  6. Ongoing Support: Obviously this all depends on the size/scope/scale of your digital property and what your needs are, but usually prices start at the following amounts.
    • Price:
      • Small: starting at $100 per month
      • Boutique: starting at $500 per month
      • Professional: starting at $1,000 per month

Again, this is not a complete list. There really are multiple (sometimes endless) types of sites that you could potentially do. You could also have a hybrid of sites, like a Microsite within a Membership-Based Site, oh the possibilities!!

I guess that’s what I like about the web, the possibilities, they are endless!

But I hope this sheds a little light on what types of agencies are out there, what they typically charge for web projects, and what to expect from them if you ever need their services.

So, to answer the original question, I’m not sure what the difference between a $2,500 website and a $15,000 website is. I would say there are different types of agencies that price projects out differently depending on their market size, location, and client type. But with that being said, I really hope that a $100,000 project from a professional agency comes out better than a $10,000 project from a small agency,  but I tell people it’s like buying a car – “You can get a Hyundai Accent for $15k and you could get a Lamborghini for $250k (is the Lambo better? Maybe..) but they’ll both get you from point A to point B!”

I Am My Own Worst Critic

February 22, 2016
Comments Off on I Am My Own Worst Critic

I’ve had two really bad performances in my career as a tech professional. One was with about 8 stakeholders from an association in New York (a well-known association) where I presented with my Director of Strategy at the time (who totally saved the presentation) and the other was yesterday at WordCamp Miami. Of course, I am my own worst critic, so it probably wasn’t as bad as I thought is was. But I know how good I can be (*insert humility here)!

My talk Coffee’s for Closers (but only if you have an established sales process didn’t get bad reviews. In fact, I got about a dozen positive tweets and a few people reached out to me to ask where they could find my slides online. Which I think is great and I appreciate everyone who said something about the talk, and everyone who sat in on the talk. But I really think people thought it was good because my slides have some really great content. I talk about Pre-sales activities, Engagement, and Post-sales. I grid out the four essentials of each stage and it’s compelling information especially for the small agency or freelancer who is unsure of their sales process or even how to start.

But I felt like my speaking style was hurried, rushed, uncomfortable. And it’s absolutely killing me today! I. Hate. This. Feeling. But, there is a silver lining. And if I can take a line from Elisha and Elyssa (@WhollyART) who have an awesome website (WhollyART.com) dedicated to positive principles, that “you need to love yourself ” and I do, I’m just a little upset with myself right now! Which I feel will give me the strength to continue speaking at events like these. Because I’m better than that!

I’m also trying to take another principle from @WhollyART and write in my genuine voice. I’m laying my cards out on the table and telling everyone that I absolutely hated my talk, and feel really embarrassed about it. And now it’ll be online for everyone to see. I also got asked a few really great questions that I’d like to take this opportunity to answer because I don’t feel like I gave the greatest answers yesterday.

So, let me see if I can remember them all:

  1. What’s the difference between a $2,500 project and a $15,000 project?
    • The answer is about $12,500 (*insert sarcasm). But in all honesty, I’ve worked for a small agency that charged $2k to $10k and I’ve worked for a large agency that’s charged $50k to $300k. The biggest difference I see between the two agencies is process, plain and simple. With the smaller agency, clients had a little more say in the project. I know that sounds weird, but clients would come to us with their IA already set in stone, they would have ideas for designs, etc. With the large agency, the process of delivering projects uncovered all those things as the project progressed. For example, the large agency would test information architecture and refine it before we implemented it. Our design process started with IA, went into wireframes, style tiles, and then mockups. The development was based on user stories. It was a more in-depth process, discovery was imperative with the large agency, while the smaller agency would usually start by putting together a few different designs. Which isn’t necessarily bad, just different. I think the main difference is process.
  2. How do you talk about money with a client? What if they won’t give you their budget?
    • Talking about money with a prospect or client is absolutely imperative. You can’t be afraid to ask them about their budget. I generally ask in a very nonchalant way “is there a number range we’re trying to stay between with this project?” as if the question is just routine and no big deal. Some times I actually get a “yeah, our budget is x-amount of dollars.” But more often than not, I get a “I’m not sure what our budget is quite yet.” or “we’re really unsure of what things like this cost, so we’re open in terms of budget.” — So, what I generally do is say “well, typical projects of that scope and size usually cost between $25k and $75k (big range), but you’re probably going to fall somewhere around $50k, give or take. Is that something that your team would be able to spend?” And if they don’t balk at the price, then continue with the conversation. If you can hear their jaw drop, maybe they’re not the right fit.
  3. If you’re a small agency and growing, what type of person should you hire to start a sales branch of your business?
    • This is a great question. So, there are a few different choices.
      • 1. The top salesmen from one of your competitors – offer them more money and they’ll come work for you. But you’ll need to have leads and resources to give this person, but they will sell, sell, sell for you.
      • 2. A sales manager or sales lead from any company in the tech industry – this person will know how to manage other people and manage sales. They’re able to think “big picture” stuff and have leadership skills.
      • 3. The failed entrepreneur – this person has failed in their own business, but they’re fighters and will do everything it takes to get the job done. They’ll work late hours, they’ll learn marketing, they’ll look for partnerships, they’ll cold call people, they will do everything in their power to be successful. I’d pick this guy.
  4. What if a client tells me their budget is $15k, and they want to do a project that I know will only take me $5k to do it. Do I charge $15k, or do I charge $5k?
    • This is another interesting question. But I would do everything in my power to get as close to their budget as you can (obviously, without being unethical). Most likely, agencies can charge higher rates. This depends on a number of different parameters including market size, location, type of client. But if a client comes to you and says we want to do this project and our budget is $15k, then you come back and say “I’ll do it for $5k” – that client is going to start to wonder why things are so cheap. That’s a huge disparity – $10k between those two numbers. Now, it wouldn’t be that much of a difference if your client had a budget of $100k and you came at $90k. But telling a client that you’ll charge them $5k when they already told you their budget is $15k, will make your client shop around to other agencies. There is always that possibility that they will think you’re missing something. And this is a classic example of value perception. They already value that project that you’ll potentially do at $15k (that’s why they gave you that budget), they don’t see the technical side of things, they see a number. And when you come back with $5k, that value (no matter what the actual value is) to them doesn’t seem valuable at $5k. When a client gives me a budget on a web service project, I try to get as close to that budget as possible. And obviously you want to add value (which you can do) but maybe it’s time to revisit your rate.
  5. What are the features you want to look for when shopping around for a CRM for a small agency or even just one person?
    • When shopping around for a CRM you want to look at a few different things. The two most important things are a ‘Contacts’ list and a ‘Deals/Opportunities’ list. Without these, there is no CRM. You need a place where you can keep track of your contacts and all their associated data – phone number, email, company name, etc. and a place to keep notes on them is great too. You also need a ‘Deals’ or ‘Opportunities’ list so you can keep track of what stages opportunities are in so there’s no confusion what you need to do as the deal progresses. Other things I look for are features that log activities, you want to be able to log the emails you have with someone or the phone conversations, etc. HubSpot has a great feature called Sidekick, which will let you send emails right from the CRM, check it out! Also being able to create tasks for yourself, and schedule upcoming calls and meetings is something else you want to look at.

If I’ve forgotten any, I apologize! But I want to take this time to say thanks for all who came to my presentation.

I’ve learned a valuable lesson. I know a number of people who have had horrible speaking experiences and end up never speaking again. I cannot be that person! So, I’ll get back on the saddle and give it another shot. But before I do I’ll be reading a number of public speaking books and I will definitely be prepared for the next talk I give! Upwards and onwards!

Talking Drupal…and selling it too!

February 11, 2016
Comments Off on Talking Drupal…and selling it too!

I recently had an appearance on the Talking Drupal Podcast — Had a great time with John Picozzi, Stephen Cross, and Nic Laflin. That episodes topic was Selling Drupal, so they had me on to talk about sales in relation to…what else….Drupal.

Here’s the video:

I had a really fantastic time! Steve, John, and Nic are great guys to be around and we always have thought-provoking conversations! Even though, I feel like this conversation fell into a talk about Drupal versus WordPress, that’ okay!

Now that I’m in website security, I would love to be asked back on to speak about securing Drupal! Hopefully, in a few more months you’ll see me back on there to discuss security matters.

Love being a part of the open source community and the Drupal community!

The Wonderful World of Hacking

February 9, 2016
Comments Off on The Wonderful World of Hacking

I’ve always been fascinated by hackers ever since I saw the movie Hackers, which I now know does NOT accurately portray what being a hacker consists of. Hackers are an interesting bunch. Why? Because their reasons for doing what they do can vary the full length of the spectrum.

Let me explain

Back before computer systems and the internet got to be wildly popular, the term “hacker” was used to embody the tinkerers of software or electronic systems. These hackers enjoyed learning (and exploring) all they could about computers and the way they operated. In the beginning, hacker was a term that was used to describe a person who was really awesome at working with computers.

Now…it’s taken on a slightly different and somewhat complex meaning.

When you hear the term hacker, you automatically think of someone who tries to gain entry to a website or system to do something malicious, whether that be stealing information, defacing a website, etc. The term hacker now refers to someone who maliciously breaks into systems for personal gain. But the key phrase within that sentence is personal gain. What is personal gain? Well…it could be just about anything.

SOME OF THE REASONS WHY HACKERS HACK:
  1. Profit – this could be money or this could be web traffic.
  2. Notoriety – some hackers like to hack for the esteem it brings them in the hacking community.
  3. Hacktivism – hackers try to disseminate political or social messages and campaigns to raise awareness surrounding a certain issue or issues.
  4. Hobby – others do it because they want to see what they can break into, how hard it is, and so on.
  5. Because they can – yup, some do it just because they can.

Now, just like hackers hack for varied reasons, there are also several types of hackers out there and their motivations are varied as well.

TYPES OF HACKERS:
  1. Script Kiddies – these hackers are considered (in the hacking world) to be novices. They take advantage of hacker tools and upload scripts to different places (often times, without knowing what that script will do or how damaging it’ll be) for the fun of it. Hence the name, Script kiddies.
  2. Hackers for Hire – these hackers are the mercenaries of the cyber world. People will enlist their services for money.
  3. Cyberterrorists – usually they attack government networks or power/utility grids. These hackers will crash systems and steal government top secrets (aliens, UFO’s, stuff like that!). Very dangerous hackers, very dangerous!
  4. Criminal Hackers – often a part of an organization of hackers, they are very skilled in breaking into systems (often times, without a trace) and either stealing credit card info or personal identification information.
  5. Security Researchers – these guys are the good guys, the ones who find flaws in companies and organizations’ systems and bring them to light without causing harm. They’re also the ones who develop the tools to use against malicious hackers.

Now let’s talk a little bit about the different categories of hackers, they can all be described by colors. I know, pretty cool, huh?

CATEGORIES OF HACKERS:
  1. White Hat Hacker — the good guys!
  2. Black Hat Hacker — the bad guys!
  3. Grey Hat Hacker — kinda the in-betweeners, sometimes for good, other times, not so much.
  4. Blue Hat Hacker — the ones who get paid to uncover vulnerabilities (I feel like these guys should be called the green hat hackers, but that’s just me).

So, now that you have an idea of what types of hackers are out there, and before we get into what types of security threats are out there, let’s take a look at why it’s getting increasingly easier to hack systems and websites.

  • Networks, nowadays, are extremely widespread and we are all connected
  • Lots of hacking tools available
  • Many and many wifi networks that are open
  • Applications have complex codebases
  • Generations of our kids are getting super smart when it comes to computers
  • Anonymity

There are sooo many things that people should be concerned with if they are on the internet, have a website that they manage, pay for products online, or have personal identifiable information online.computer keyboard If you don’t participate in any of the preceding things, then you are a hermit and stop reading this post. Ha!

But hacking happens every single day. Every. Single. Day. Every. Single. Hour. Wrap your head around that! It does happen and if you have not been hacked, then you’re lucky, but it will eventually happen to you unless you take proper action, which I’ll write about in an upcoming post. But (and this list is by no means complete) here are different ways hackers can mess with you or your systems.

TYPES OF ATTACKS:
  1. Brute Force – these attacks are when a hacker keeps on trying to gain access to your login credentials on any number of password protected sites, by continually trying different password combinations. Almost like a guy trying to break down your door. When ramming his foot into it doesn’t work, he’ll try a battering ram, when that doesn’t work, maybe he’ll try to pick the lock. Hence, brute force. These happen on my WordPress sites everyday.
  2. DoS / DDoS – ahh, the infamous Denial of Service or Distributed Denial of Service. This is an attack that’s designed to flood a website or network with traffic overload to render it inoperable. The group Anonymous (which is a network of hackers that primarily hack to bring certain issues to light) is well-known for a series of public DDoS attacks. Interesting group and I would never want to do anything to upset them, that’s for sure!
  3. SQL Injection – SQL stands for Structured Query Language, which is used for communicating with databases. The injections are attacks that “inject” (obviously) malicious code into a database to gain access to that database.
  4. Cross-Site Scripting (XSS) – this is a vulnerability which allows hackers to insert client-side (meaning executed by a user’s web browser) scripts into pages on a website or application. Then they can go on and do anything malicious or see certain activity, etc.
  5. Cross-Site Contamination – this is when hackers gain access to a “secure” site by infiltrating it from a site that’s not secure, but on the same server. We see this a lot when people have outdated CMS installs on the same server they have the updated ones on.
  6. Phishing Emails – have you ever gotten an email asking you to update your profile on Facebook, but it looks a little off? That’s because it probably is! Phishing emails are exactly that, they’re when hackers are fishing for information. You’ll get an email that looks a lot like it came from Facebook (the good phishing emails are the ones where you can’t tell the difference) asking you to put in your password or personal information. Hackers are able to log what you do on these sites/emails, so don’t ever click anything in an email unless you absolutely trust the source, but even then you can’t be 100%, be careful!
  7. Social Engineering – this is a method many hackers use that relies on interacting with humans. It’s basically getting a person to be relaxed enough to offer up information they normally wouldn’t give out. So, if you’re ever on the phone with someone (a person you don’t know, like someone claiming to be from the post office or some other government agency) and they ask you what your mother’s maiden name is, don’t give it out unless you are absolutely positive you’re speaking to the proper person.

Again, this is by no means a complete list, but these are some of the common things hackers will try. The best way to protect yourself is by getting a service like Sucuri’s AntiVirus or Firewall plans, making sure to keep your systems updated, and by being informed. Make yourself aware when you’re online and be cognizant of what you are clicking on and activity in general. And luckily, you won’t be another statistic of getting hacked!

Website Security 101: Web Fundamentals

February 3, 2016
Comments Off on Website Security 101: Web Fundamentals

 

As I continue on my first week at Sucuri, the global website security company, I realize that there are things I really need to fix in relation to my own websites. I have a few different properties that I manage, Being AJiLe is just one of them, but I do have a small business website, several blogs, my music, and my portfolio all hosted with 1&1 hosting (which is a shared account, not ideal!).

The more I move through my training plan that’s been outlined for me, the more I realize the importance of security, even if you have a simple blog that’s read by 7 people out there. Which is probably how many regular readers I have.

This is going to be a series on web security. And I’ll tag it as such, but I wanted to quickly start off with super basic fundamentals on how the internet and world wide web work. Because make no mistake—those are separate things!! Yes, the web is NOT the internet, it’s a part of the internet, but not the same.

The Internet: a massive networking infrastructure that connects millions of computers globally. 

The World Wide Web (aka The Web): a way of transmitting and receiving data using certain protocols, like HTTP (Hyper Text Transfer Protocol—the standard protocol for transferring data over the web). 

I know, right? You thought it was the same thing. Yeah, I kinda did too, just don’t tell anyone.

So, with that in mind, there are two different components that are imperative to communications over the web: clients and servers. Clients are pretty much you right now. If you’re reading this post on a Mac, or iPhone, or PC — then your device is acting as a client. A client really is any device that requests and renders web content.

On the flip side, there needs to be servers, which are applications that deliver web content to clients. Now technically, and this is where it gets tricky, but you could potentially turn your computer into a server with the right type of software installed. And you could deliver web content if you truly wanted to.

Now let’s take a look at a URL, also known as a Uniform Resource Locator, it’s that link that you type into your address bar, which I’m sure you all know. But! Do you know how it works? Cause it’s pretty cool! Well let’s break it down… When you type a link into the address bar it goes to locate the requested content, which will then pass through a DNS (or Domain Name Server) which translates that URL into an IP address. All domains have their own IP Address, something like 273.84.97.554, but if you had to remember that every time you wanted to find it, that would suck! And not be very fun! So URL’s were invented to be a human-readable way to remember web addresses. Pretty neat, huh?

There are a lot of different protocols for transmitting/transferring data over the web, but here are a few:

HTTP – Hyper Text Transfer Protocol — the standard protocol for transferring data over the web. It’s considered a “stateless” protocol, which means that once the connection is made, it’s forgotten about which makes it great for the web as not to use a continual amount of bandwidth.

TCP/IP – Transmission Control Protocol / Internet Protocol — first networking protocol defined as the standard.

RTP – Real-time Transfer Protocol — standard protocol used for video and audio.

SMTP – Simple Mail Transfer Protocol — standard for sending and receiving emails, but if you want encrypted emails you’ll need to enable PGP (or Pretty Good Privacy – I’ll write about this in another post ’cause it’s pretty dang cool. I sent my first encrypted email just the other day!)

Browsers

Now, browsers pretty much have all the same components across the board. That is not to imply they’re equal. I very much like Chrome, but I know others who love Firefox and Safari. However, I don’t know many people who like Internet Explorer, I know people who use it, but I don’t think they like it!

COMPONENTS OF A BROWSER:

  1. Browser User Interface: this is stuff you see – the bookmarks bar, address bar, the window, visual elements, etc.
  2. Internal Engine: this is what you don’t see that directs communication across the various components.
  3. Rendering Engine: now this is different for each browser. Like Firefox uses the Gecko rendering engine and Chrome uses the Blink rendering engine. That’s why when web dev shops build a website they have to test all these different browsers to make sure things are rendering properly, it’s a pain, but these are getting more standardized!
  4. Networking: the protocols used.
  5. Data Storage: internal data storage and session management capabilities, usually in the form of cookies.
  6. JavaScript Interpreter: this interprets and executes client-side JavaScript scripts.

Let’s talk a little about web standards

Web standards are one of those things that really has evolved in a short amount of time. Back in the 1990’s there was a browser war going on between Netscape Navigator and Internet Explorer, it was a war for market dominance! But what happened was that each browser (or team) kept coming out with proprietary features making website building very difficult!

So, a group of web developers and designers got together and started W3C, the World Wide Web Consortium, to implement “recommendations” to each company making browsers to make things easier for the web development community. It promoted and encouraged the use to standard-compliant browsers. Because in the wild west world that was the web in the 90’s, it really needed some law and order. And it got it. Now we have standards and most companies follow them. I’m a big fan of standards, I think they’ll continue to evolve and get better.

You can always check out the Web Standards Project to see the cool things they continue to do. Today, the big thing in web standards is accessibility. So, if you have a site, try and make it web accessible. Meaning putting alt image text tags, using skip links, etc. To learn more about web accessibility, check out The A11Y Project — be a part of it!

That’s what I got for you on this post, but have no fear, I will be back next week to tell you more of my exploits and education as I continue down the journey to be the most knowledgeable web security consultant out there!

 

Career Moves and Climbing up the Tech Tower

January 28, 2016
Comments Off on Career Moves and Climbing up the Tech Tower

It’s an interesting thing to look back on one’s life. The places you’ve been, the people you’ve met, skills you’ve learned, jobs you’ve loved or loathed, and the experiences that etch the fabric which falls softly around your character, warming it or making it cold.

I can’t specifically say when I think my life started. I guess it started when I was born, but I don’t remember that. As time progresses, I’ve become less concerned with where I’m going because I realize the journey is the important part. That’s not to say that I don’t have an end goal, but how’s the saying go?

It’s good to have an end to journey towards, but it is the journey that matters in the end.

So now I think more about chapters. You close one, another one opens. Or maybe my life is more like vignettes or episodes.

I wanted to write this post for a few different reasons.

  1. Career moves — I’ve made one!
  2. Mentorship is key to success
  3.  Becoming an expert

Career Moves

As most of you may know, I’ve worked for Oomph for almost two years. Awesome agency, super smart people, quality work, great clients. Quite frankly, Oomph was the best (and most rewarding) career choice I’ve ever made. It poured great buckets of knowledge through my ever absorptive and permeable mind. I’d like to take a quick moment to say ‘thanks’ — it’s been super fun!

But as the tides of tech roll on and the call of career maturation bellows, I’ve taken an offer from an awesome website security company aptly named Sucuri (pronounced Sue—coo—ree, with kind of a rolling rrrr sound; the more widely known pronunciation is Suh—cure—ee), I will be starting next week. Sucuri is distributed (which means I can work wherever there is wifi, hello Costa Rica!), they have incredibly great products, are well-known in the open source technology space, and I’m super excited about meeting and getting to know the rest of the team.

Career moves might be hard sometimes, but they’re important. The level of growth that comes with each new company (or position) gets you that much closer to your end-game. Which you may not even have a clue what that is yet. But the more you learn, the more you know and the more you do, then the more you become.

And in tech, if you’re not growing, you’re stagnant. This is an environment that continually changes, don’t be afraid to change with it.

A wise man once told me that there are two things you take with you when you leave a job. 1). are the skills you’ve learned and 2). are the references you’ve made. References can be as important as skills because connections matter, in any business.

Mentorship

Mentorship is one of those things that kind of happens organically. You get to know your coworkers and other people in the tech space. Sidenote: the tech space can be very intertwined. You’ll continue to see the same people at the same events year after year—so make good impressions.

Why?

Because mentorship is vital to success. When you get to know people and you click with someone, they’ll guide you through the sometimes hostile world of business and you’ll learn real actionable items from your mentors. This means everything for your career development as well as helps your personal growth. I’ve been legitimately lucky that I have certain people who are undoubtedly invested in my success. Which I think can be very different in other industries like construction or boiler-room sales. But I have a handful of experienced mentors that I can turn to for sage advice.

It’s nice to be able to call on people who are much more versed and qualified in certain areas to get good answers, vent when I need to, help me make a connection I might not be able to make myself, and bounce ideas and goals off of.

Again, I’m lucky to have a few in my corner who have distinct and divergent areas of expertise. It makes you a little rounder, a little more informed, and enlightens. Seek a mentor, and if you’re already awesome at what you do, then be one for someone else.

Becoming an expert

I had the pleasure of sitting down with Jason Pamental who works for Fresh Tilled Soil. He also wrote a book on Responsive Typography and is considered to be a leading expert in web typography. He gives many talks around the world on the subject and leads workshops to help other designers, developers, and strategists understand this niche area of design and technology. Not to add more credentials to his curriculum vitae, but he’s an accomplished author and writes for a number of publications.

When we sat down for lunch at the FTS offices (which are the coolest offices I’ve ever seen, btw!), we talked about expertise in tech and design. I’m going to paraphrase, but Jason’s journey started some 20 years ago (I know, I have a long ways to go!) and he got into typography because a). he liked it and b). there weren’t many people into it at the time he started. Typography had been a little overlooked in the web world.

But he started reading a lot about print typography and hanging out with people in that world soaking in everything he could. After a while he started speaking about it on a small scale. Before long, organizations and institutions were asking him to speak on it on a much larger scale. Of course if you ask Jason, he’ll say he’s still learning! But the important thing is to find something that you’re really into.

So what am I really into in the tech world?

The cool thing is that there’s so much I can do, but I’m at a point now where I have to start narrowing it down. Like the college kid nearing the end of his second year and still hasn’t chosen a major. I’m good at sales, have a proven track record, but I’m not sure if I’ll always want to do it. I like what I did at Oomph, the creative freedom to craft proposals and put presentations together. I think I’m going to like what I do at Sucuri, because when it comes down to it, I like solving peoples’ problems. There’s strategy in that, and it’s challenging. And I think I’d like to learn more about that, the strategy side. There will always be sales in my DNA. I’ve given talks on solutions consulting and more recently I was the guest speaker on the Talking Drupal podcast this week. I’ll post that when it’s available.

In closing

I feel I’m on the right path and this decision to leave Oomph (which was not decided lightly) was the right one to make. I’ll keep on climbing up the tech tower and hopefully one day I’ll look back and say “wow—what a view?”

WordCamp RI and the Open Source Community

October 2, 2015
Comments Off on WordCamp RI and the Open Source Community

As you all may know, last weekend was WordCamp Rhode Island. It was awesome! I had a fantastic time. My talk – Coffee’s for Closers – went really well. I got a lot of great feedback and compliments afterwards. But I want to talk briefly about the different types of sessions and the community itself.

There were three tracks this year for WordCamp RI – 1) WordPress for Beginners. 2) WordPress for Developers. 3) WordPress for Business. This was the first year we had something like this, and it turned out to be very successful. I think it was the biggest representation of the open source community in Rhode Island ever! Nice job, everyone!

It really had something for everyone. If you were just getting into WP and wanted to know how to set yourself up with a .org CMS, instead of a .com, that was available. If you were a hard core developer and wanted to know how to contribute to WordPress core, that was available. And if you were a part of the business community in WordPress (selling WP sites), then there was something for you too!

Unfortunately, I was unable to see very many talks because I was stuck behind a booth (which I enjoy!) talking to people about WordPress, letting them take some Oomph swag, and just being there to answer any questions. But there were a couple talks that stuck out. In case you didn’t realize, I was most comfortable in the WP for Business track!

Aileen McDonough, owner of 3amWriters (they are creative communicators) talked about content – Content is King – her stage presence was elegant and her knowledge is vast. She talked of tools to use to make your lives easier as content creators much easier. Thanks for telling me about TweetDeck! Super cool!

Then there was Brett Cohen from eMagine (a digital agency), he talked about landing bigger clients. Their whole strategy for getting clients is based on outbound sales. Even Brett will admit they get clients”the hard way!” But he talked about starting eMagine and the successes/failures he went through to turn it into one of the east coast’s premier digital agencies. He gave me some great advice on landing better clients.

Jesse Friedman, from Automattic, gave the Keynote speech. It was awesome! He was funny, serious, and heartfelt. He talked about how far the internet has come! Look at what we’ve done in just a short amount of time. He discussed how important it is to be a part of the open source community and giving back to it. And thanked us all for being at WordCamp. His keynote was inspirational!!

All in all, WordCamp was a fabulous weekend. I met some terrific people and companies, and had a wonderful time helping those who had questions. It’s just nice to be a part of a community that accepts any one at any skill level. The open source community just wants people to be jazzed about the open source community….and WordPress!

Virtual Reality Coming Soon

September 14, 2015
Comments Off on Virtual Reality Coming Soon

On my drive into work today I was listening to NPR – oh, how I love NPR. The TED Radio hour was on and it started off talking about corporate office calls. How journalists can call in via conference calls to corporate stakeholder meetings. This particular meeting was of Mark Zuckerberg explaining to his stakeholders why Facebook just spent 2 billion dollars (that’s right, BILLION!) on Oculus, a virtual reality technology. And Zuckerberg apparently did this in March of 2014, where was I when this happened?

But this is interesting, right? Because what is the next big technology out there? I remember virtual reality (VR) in the 80’s when Disney Imagineers (engineers who make cool rides at Disney) were playing around with this technology.

Camera WorkI think of VR as a video game or a simulation. But for the future, this is a very viable option for how we will live our lives. We are all becoming attached to our phones/computers. Think about it, when you want to know something, you don’t stop and think about it, you immediately look at your phone to find the answer. I walk through the airport and literally 3/4’s of people are on their phones or laptops.

People have this innate necessity to feel connected. People like being connected to each other, which is cool. I, myself, like being connected as well. And that’s why we’re all on our phones and computers. We get into accidents over this, we walk into people on the sidewalk, we totally drown out the actual real world when we’re on our computers. It’s fascinating! And a little disturbing, but this is what we do because we feel connected.

So what does this mean??

So, what does this mean for the world and how we’ll interact with our devices. Well, Mark Zuckerberg thought that our experiences would be much more immersive, much more augmented. Instead of pulling up a companies website on your mobile phone or computer screen, you’ll put on goggles and step into their websites. You’ll be immersed in their experience and be able to interact with it.

If you think about it, this could work. Imagine putting on goggles and being in a classroom of people all over the world listening to the teacher, looking over at the next desk and seeing your classmate, asking them a question. It’s cool!!! Imagine walking through the grocery store in the comfort of your own home and being able to go up and down the aisles, picking up a food product and checking the label to see how much sugar is in it. That’s super cool!!!! Imagine you have some kind of a rash on your arm (not cool!) and instead of getting in your car and going to the doctor’s office, you just pop on your VR goggles (the doctor does the same) and you interact with them in a virtual world. They’d be able to diagnose you without you ever leaving the house and without them ever leaving their office (or where ever they choose to be) – they could be somewhere in Paris or the Bahamas diagnosing people all over the world.

It’s really quite interesting and scary, all at the same time. I feel like people are less connected on a human level, and more connected on a digital one. With this new technology that’s coming down the pipeline, trust me, it’s definitely coming, will we be more connected because we’ll be able to actually see one another face to face? Online people seem to have a disinhibition effect which is partly caused by no face-to-face interaction. Would virtual worlds end that? I mean, you’d have to look at someone, people would see your face. Would people then not do the stuff they’ve done in the past online, I’m not sure, but it’d be interesting to find out!

Whatever comes of this technology I will definitely keep my eyes peeled to the screen (no pun intended).