25 June 2024

The Joys of Security conferences

The security conferences scene is exploding...
with fluff.  Some honest talk is below. 👇

It is a bubble that may last longer than I like.

The keynotes are regurgitating high-level common sense stuff.
The solutions are generic. Vendors are desperate to speak to Prospects.

As a vendor, If you don't attend the conferences, there is this fear of missing out.

Vendors swarm executives. 
They may have access to funds. 
Not because they are thought leaders.

You realize,
  • more than half of the "Executives" showed up for free food, to build their social profiles, to skip work, or all of it.
  • most have no intentions, interest, or authority to make a buying decision [irrespective of their titles].
Who is having fun on whose cost is unclear?

A clear case where selling shovels is more profitable than digging gold.

21 June 2024

How to do deep work and accomplish great things, learnings from Cal Newport

 Listening and reading to cal Newport has been refreshing. I have heard great things about his book "Deep Work" and it has been sitting on my table for a few days.

I happened to listen to a couple of his podcasts, and YouTube videos.

I also dive deeper into his book and start devouring some of the chapters. Here are some of the lessons I came out learning from the book, and I thought I would share


What qualifies as deep work?

It must demand brain power.

Things that are hard and need us to think, plan and engage our brains.
It must happen without distractions and context changes.

A zone where we only focus on one thing.

Why focus on deep work?

It moves the needle. It is the Strategy. the Big decisions. The Directional ideas. These are important to our lives, helping us achieve big goals.
Shallow work is necessary as it moves things and keeps the light on. We need to strike the right balance based on our job or work.

Here are a few strategies cal suggests:

  1. Know Your ratio of Deep Vs Shallow work. Each of them is important in its own way but be aware of what is your mix.
  2. Study your work pattern. Establish an approach that works for you. Cal outlined the following:
Monastic approach - Focus on that one thing.Disconnecting from everything else.
Biomodal approach- Shuttling between the two. Turn into a monastic and then return to normal. A few hours a day or a few days a week of distraction-free time.
Rythmic approach - Finding a secured time on a daily or a rhythmic basis to do your goals. This is shorter in comparison to monastic or bimodal approaches. For example, 15 mins to write every day.
Journalistic approach - Making the best use of time when you can find it. Using time emergencies to induce and complete work.

3. Set up a space and a routine for deep work. Make it non-negotiable.
4. Set up a ritual. It may be the desk or the cup or drinking coffee or closing the door of the room. Let your brain knows that it's time for work.

What are the practical tips that have helped you carry out deep work?

Finding where to go is the most difficult thing in the world

 The resistance is real.

In enterprise sales, there are days when your calendar is already filled. you have meetings, proposals to finish, pricing calculations to be done, slides to review, executive summaries to write, and deliver presentations.

But, there are days when you are faced with an empty calendar. A blank sheet of white paper.

When those days come right after a grueling work week, it's a welcome change. you relax. organize your work. think about strategy, improve, and prepare for the next thing.

but when these days are followed by empty calendar days, the resistance becomes your enemy.

Breaking the rhythm becomes really difficult.

It becomes hard to differentiate if this is temporary or permanent.

To some degree everyone faces it. 

We want our strings attached to someone or something, so they can pull us.

Having a clear direction to march towards is such a luxury. 

You are told where to go, and what to do.

But the hardest thing in the world is to put that plan for yourself, let alone an entire organization.


20 June 2024

Why no is reading my posts? Or newsletter? Or cold emails

 The above questions have plagued me often.

This is a constant question i ask myself every few days when I notice a plateau.

In my pursuit for engagement, I turn to twitter.

I drown in the ocean of smart writers, great hooks and threads.

They have so much to say, yet the real connection missing. That secret sauce is often behind a sales page in form of a ebook or a guide or a course.
A ton of them offer their highest value product Free. ”only until this friday”. If only you gave them the email ID right now.


But, my question remains open.


This question is like asking

"What is the meaning of life".


There is no one answer.

Plus it may not be worth finding the answer but living and experiencing.
Here is what has what has helped me move forward every time i ask that question.

Clarity and Purpose


What is that i am sending that email? why i am writing weekly? What is the larger purpose behind? knowing this is important. it reminds you of your mission. Doing something without a mission can be disorienting.

Who is this for, What is in it for them


Why should they read? It is important to continue to sharpen the persona for whom you write. It better be not for everything. and, why? Assuming that persona and putting yourself in those shoes, tells you what may be worth their time. Why should they read? why should they get on a call? why should they leave everything and listen to you?

Embrace Trial and Error mindset


This is the life and blood of anyone who works with any creative pursuit. No one knows the recipie. heck, if there is one, it changes. People are doing million things. so, it is important to start with a failure case in mind, and adapt trial and error mindset.

Simplicity of the message is super power


The simplicity is key. writing in simple language. focusing on benefits. not blowing your own horn. keeping the message short. the simplicity matters. Dont over complicate it.

Staying at it if the purpose is noble


The final piece is to pick yourself up and show up. even when you feel like giving up, do it one more time. remind yourself about the goal and the purpose. If the purpose is noble, stay the course.

Here are 7 powerful Daily practices that have a deep impact on my work, personal life, and mindset

 The biggest gains in life come from compounding. be it an investment of money, time, or building skills. The longer the time horizon the bigger skill you can build.

A shortcut method will not work. Here are things that give me immediate returns on invested time. I ask you to try them out and include them in your day.

7 hours of sleep

sleep is a game changer. Our brains have neuroplasticity which means they can change. The right sleep and nutrition can do amazing things for us. Lebron James schedules everything around 10 hrs of sleep at night. He knows sleep is at the core of peak performance.

10 glasses of water

Once you start chugging more water, you realize how dehydrated you have always been. Drinking more water gives me higher energy, reduces fatigue, and keeps me active.

Write to untangle your head

I have been guilty of not being regular. The days I write are calmer. Writing down first thing or in the first hours of the morning helps me untangle my mind and reduce anxiety. My tip is not to not write with a pre-set format or prompts. write as your head wants. keep it open-ended. the mind will clear itself.

Exercise to change your state

Exercise is amazing. it has one of the fastest ROIs. you don't need to run a marathon or deadlift 500 pounds to get benefits. a few mins of sprinting can fire you up. Tony Robbins says, change your state to change your mindset and strategy. Something that ups your heartbeat and gets blood pumping can do wonders for our mental state.

2 to 5 mins of Deep Breathing

2 to 5 mins of deep breathing can clear your head. the extra oxygen helps calm the body and reset the monkey's mind. I usually do this a few times a day, and it feels incredible.

5 mins of Meditation

Sitting down and meditating is a game changer. My personal practice is not to use any chants. I sit down with my thoughts. 10 mins of meditation have great benefits throughout the day.

Fasting for 16 hrs

I have been intermittent fasting now for over a year. I eat my first meal at 12:30 and my dinner at 7:45 pm. The mornings are chugging water and coffee. This has been great for me. It has ROIed in reducing weight, making me fitter, more active, and more attentive compared to my old self.


That's it.
What are your favorite activities? The ones that have a quick return on time investment in improving your days?

Controlling what is controllable in enterprise sales

 Everyone wants to get the sales, bring more customers, and add revenue.

Every leader wants results.

Outcomes matter. But, are they in anyone’s control?

Spending any type of money, talent or any resources can’t guarantee results.

They can increase your probability.

So, why not leaders and the community start focusing on the process.

What is in their control?

What can they influence?

It’s the effort. The method. The process.

Every leader that asks for results, or wants to deliver outcomes should focus on the quality and direction of the effort.

A strong focused effort will always yield results.

But focusing on outcomes only means results will elude you.

The outcome focused culture only breeds frustration, anxiety and the revolving door policies that a lot of companies in the US are famous for. 

If the sales resources/leaders dont bring in revenue, lay the team off, hire a new one and start again.

That needs to stop.

18 June 2024

Notes from the book - Extreme Ownership

 This is a solid book. You must have read A lot of the principles in various books. What makes it special is the storyline, and lessons learned from SEAL training & War experiences.

The book has 12 chapters around 12 key principles.

Every chapter starts with an anecdote from a war experience.

That follows a principle explanation

and followed by the “application to business’ section.

This is another way to read the book if you wish to skip the war experience storytelling.

I particularly found application to business helpful.

Here is what I learned from it.

  1. Extreme ownership- acknowledge mistakes, not blame others. It is about leading the team to success.
  2. There are no bad teams, only bad leaders. Extreme Ownership means taking full responsibility for projects, teams, and outcomes.
  3. It is not what you preach, it's what you tolerate. Focus on Quality and performance. Set Benchmarks. Iterate until teams achieve those and provide support to make those happen.
  4. Believing in the cause and spreading the ‘why’. Understanding why something is being done helps teams persevere through challenges.
  5. Team and mission should always be above ego. Operating with a high degree of humility is important for leaders and teams.
  6. Success is always a shared goal. It comes from understanding the end goal and the role everyone has to play to get there.
  7. Complexity compounds every problem. Keeping things simple and concise is important. This applies to communication, protocols, expectations, goals, and everything.
  8. Focus and execute. Determine the highest priority tasks and execute them. It helps not lose focus, or get lost in the details. Communicate priorities. Ask for inputs. then go solve them and execute. Repeat the process.
  9. Setting up decentralized command. setup boundaries and within those, let everyone make decisions and experiment. It is important for leaders to step back and have a bigger and broader point of view.
  10. Planing is the most critical part of executing any mission. Even more important is the post-mission brief. It is critical to reflect and learn. Consider that as your own feedback loop. The purpose of the plan - objectives should be clear to all the folks responsible for executing it.
  11. Leading up/down the chain. The big picture should be always understood by the team. Leaders and teams must understand each other’s roles. They are always working to achieve a common goal. Take responsibility for leading everyone be it superiors or juniors or peers.
  12. Leaders must act decisively amid uncertainty based on available information. The picture is never complete, perfect or 100% data is available.

The 90 day notice Period. Why a dangerous bubble is building in the Indian IT Industry

 Great resignation gets a lot of attention. But, Due to the talent crunch, its flip side is companies throwing absurd amounts of money to retain and attract new talents. In a competitive market like India, IT talent with niche skills get 3 to 5 offers each. Candidates use these offers to trade better packages. Here is why I am happy about it, and also alarmed by this trend.

  1. Apart from a few organizations pushing people to return to the office, access to talent has flattened. You could work from anywhere and deliver the goods. The value of good talent has gone up.
  2. Any biased arrangement eventually fails. Indian IT Industry has been running the practice of 2 to 3 months notice period. It is an attempt to strangle talent, of course, making new hiring even more painful. Due to this, Engineers have realized their value appreciates every day while they are on notice period. They are taking full advantage of it.
  3. Hiring companies splurge on an engineer who has 15 15-day notice period vs 90 days. It gives them an edge in fulfilling a requirement for a customer.

I am happy for the IT engineering community to take full advantage of the potential. I won't take any high moral grounds here, because the industry leaders & companies have not set a great example.

However, I see a major downside to this trend:

  1. The flattening of the world is squeezing the contracts. Customers are not paying more. Margins are not going up. Money splurged by the hiring companies will come from these diminishing margins and bottom lines.
  2. Business is not sustainable if the cost of doing business becomes higher than the value it creates.
  3. It is commendable to pocket a great package after negotiating several offers but may come at a risk. Companies that are today involved in bidding wars may become unstable tomorrow. Companies would resort to cutting staff the moment they are unable to meet the revenue & margin targets. This is setting up an approach of hiring and firing for business needs.
  4. The strongest offers don’t mean cutting edge or most exciting projects.
  5. Wealth creation happens on sustained long-term bets. The short-term uptick from negotiations won't help.

Companies should make policy changes with notice periods. Our next progression will come from automation & building a gig culture, and not trying to retain talent by these unscrupulous methods.

17 June 2024

I cut my 7 meals a day down to 2 and I am not going back

 For the past month and a half, I've been eating two times a day. The experience has been liberating. In this post, I share my experience and some of my learnings through this change. The outcome has been great, and I am not going back.

Daily Routine Before I made the change

  • Start of the day: A cup of tea + 2 biscuits
  • Breakfast @ 9: 3 eggs or oats. A couple of toasts of bread with peanut butter.
  • Snack @ 11:30: granola bars, fruits, junk sometimes.
  • Lunch @1: Typical Indian lunch- vegetables, Curry, and a couple of roti (bread)
  • Snack @3:30: granola bar
  • Tea time @5:30- 6: some small food serving.
  • 7:00-7:30 I would have a protein shake with water & a spoon of peanut butter after getting back from the gym.
  • Dinner @ 8:30- vegetables, curry with roti.
  • late-night snack. (occasionally)
  • Four Cups of Tea. 2% milk sugar.
  • One cup of coffee. Pour-over, black & no sugar.

What changed?

  • I eat two times a day.
  • My first meal is at 1 p.m.
  • My second & last meal is around 7:30 p.m.
  • I drink a lot of water.
  • Three cups of tea. One cup of coffee. No sugar.
  • I don't drink any liquor.
  • No snacking. No binging.
  • Read and learn about insulin and how the body produces and stores energy/fat

Observations in the past 45 days?

  • I am much more attentive throughout the day.
  • No effect or impact on my way of training or resistance training.
  • No negative effect on my work routine.

This change showed me how much wasteful eating I was indulging in. It cant be useful to my body since what I am operating is far more efficient.

How do you make a shift?

  1. The first barrier is to make a mental shift. There is an adaptation in unlearning eating patterns and shifting over to fasting.
  2. The image of Feasting and fasting has been impactful on me. That is how humans have lived for millions of years as a species. We should not be snacking all day.
  3. Start slow.
  4. if 18 hrs of fasting is not an enticing idea, reduce # of times you eat.
  5. Give a minimum of 4 hrs gaps in between meals. let the body digest what it has gotten, and not always be in a catch-up mode.

This has been a great experience.

Fast forward, a year from writing this post, I documented 7 daily practices that have impacted my life and work in a powerful way

I found the following videos and Doctors as mentors on these subjects


16 June 2024

10 work ethic traits we can learn from Ravish Kumar



If you listen to Indian news, you have heard about Ravish Kumar, NDTV. It does not matter if you like or dislike him, agree with his style or not. You can not ignore him.

I highlight Ten traits we can learn from him and apply to whatever you and I are doing. These are also the reason according to me why ravish continues to be visible and appreciated.

  1. Detailed- Ravish's reporting and analysis is impeccably and sometimes painfully detailed. He comes with specific clauses & snippets from govt websites, international press, and sources. On issues like jobs, immigrants, ravish has built a massive library of reporting work.
  2. Find a new viewpoint- Ravish is a good storyteller. However, his genius lies in finding a fresh point of view when everyone is focused on one viewpoint.
  3. Use facts and backgrounds - Ravish leverages facts and data points heavily. He presents facts instead of using emotions to create impact.
  4. Leverage community - Ravish is seen quoting and leveraging other experts in the community. He shares good work from various reporters, organizations outside of NDTV.
  5. Give credit - He often credits his colleagues, reports, cameramen, and border community for their contribution. He is regularly seen recommending good books and reports.
  6. Focus on substance - He doesn't indulge in bickering around the issues. He focuses on substance. He dives deep into long-tail subjects.
  7. Keep things simple - His reporting style, studio setup, etc are super simple.
  8. Keep it calm - He doesn't invite 20 people to the panel. He doesn't shout. He is not animated or raises his voice.
  9. Show up every day - He shows up every day with detailed work, day after day. It is visible in his reports. He proves there are no shortcuts for doing great work.
  10. Sarcasm - he is highly sarcastic and uses it to wake up listeners.


What did you think of these 10 points? share in Comments.


Ravish kumars book


15 June 2024

What is the likelihood of a cyber security incident? [a better metric instead]

 Cyber Security has been a hot topic for the past few years.

It will be discussed furthermore in the coming days with the increasing cyberattacks. I always thought how cool it would be to predict the likelihood of an event? I used that lens to understand what helps ascertain the likelihood of cyber security incidents.

I have tried to cover those findings here. You will understand the factors influencing the likelihood of a cyber security incident but about a more suitable metric. Read on.


Most of the cyber security stats play to the innate fears of people.

Everyone talks about the sky falling. Every statistic amplifies it.

Here are some examples:

  • There is an estimated cyber attack every 39 seconds. (University of Maryland)
  • Cyber Crimes have increased 600% due to covid 19
  • macOS malware up by 165% in 2021
  • Ransomware attacks have risen by 350% and are estimated to cost $6Trillion in 2021
  • The average cost of a data breach is $8.19 Million/breach.
💡
These stats scare the executives who worry for their business. 🤯. These stats help consulting companies sell better. 🤑

While it is not a fluke that cyber attacks have increased manifolds and even state-sponsored attacks have gone up in numbers, where is the balance?

How should an executive responsible for cyber security take action?

There are three main approaches:

Identifying vulnerabilities in the systems

Focusing on vulnerabilities was a common approach for years. It gives a good idea of gaping holes in enterprises. Engineering teams go into customer ecosystems and study and compare to the best practices and frameworks(NIST), policies, patches, and guidelines. It is highly comparative with a certain baseline suitable for an organization and maturity levels. There are several tools to scan and identify vulnerabilities across network, cloud, data, Identity, and access management. Typically in these reports, the engineers can also guide how severe these gaps are. As you will see, the approach is not very effective in itself.

Understanding the likelihood of cyber security events

Security professionals have gone after identifying the likelihood for a while. Modern risk modeling takes that into account. But the truth remains, predicting likelihood is a really hard task. Models can be heavily skewed to the quality of data. Moreover, there is significant training and feedback loop required to train the models for accurate predictions. then there are external factors like intelligence from security providers, trends in the market or industries, geolocation data, certain patterns of exploitation, etc. an accurate likelihood prediction must take those into account and spit out something used.
so, while it is a cool metric to chase down, it is a complex task to be able to get into prediction.

A Rather better metric - Impact

How would you feel if we tagged an event with very high likelihood but No or Minimal business impact?

It changes the whole scenario. Isn't it?

The outcome or the impact is far more superior and actionable metric.

Rather than being afraid of the statistics, it is far more helpful to contextualize threats and vulnerabilities for your business.

Furthermore, a business can draw worst-case scenarios and conduct exercises to see their level of preparation in dealing with those scenarios.

It forces you to consider:

  1. What is the impact on our business of this scenario playing out in real life?
  2. Is there a financial risk with this scenario?
  3. Is there is a business disruption?
  4. Is there an impact on our shareholder value? Our partners
  5. How do we recover?
  6. How soon can we recover?

When you connect vulnerabilities, likelihood, and impact, the activity becomes actionable and measurable. A better picture emerges.

It forces you to focus on the top priority items.

Order of Priorities for taking action

Priority 1: Very high or High Impact Items with Imminent or high degree of likelihood

Priority 2: Very high or High Impact items with medium to low degree of likelihood

Priority 3: Low Impact items with imminent, Very high, or Low degree of likelihood

The senior leadership can tie investments to these actions and priorities.

Parting thoughts

Enterprises should focus on business impact and not just vulnerabilities and threats. Enterprises must use assumed likelihood to draw worst-case scenarios. Instead of focusing on the negative sentiment in the broader market, it is valuable to contextualize these threats and ensure they can build resilience in their business by preparing for the worst-case scenarios.

Behind the Scenes | Brainstorming


14 June 2024

Cyber Security Opportunities & Ideas: A long list for a better 2022 & beyond

 Should you beef up the cyber insurance? Should you invest in tools? Should you train your staff? Should you focus on monitoring and quick responses? Security initiatives similar to any other program get a finite budget. On the other hand, the threat landscape is constantly evolving. Executives also know there are no silver bullets out there.

In 2022 and coming years, Executives will need to rely on the lens of People, Process & technology to find holistic solutions in firming up their cyber security programs. We would have already solved it if it was just a technology or a tool problem.

So, I have put up this long list of top items for your holiday reading. This list is a mix of philosophies, best practices, and advice based on lessons learned from 2021.

I have put these in bite-sized bullets for digestion.

These should act as reminders.

These may guide new ways to build security programs.

As always, I would love to hear from you about your experiences. Enjoy the read.

  1. Being compliant does not mean being secure. Compliance does not reduce your attack surface.
  2. Investments in Cyber Security do not equal buying insurance. Instead, It is investing in accelerating your transformation.
  3. CEOs want to see ROI correlation to security investments. Cyber Security Executives should use metrics like improvement in business productivity, time to market when thinking about their initiatives, and the impact those have on the broader organization. Cyber Security can not be about keeping you safe. It should be about moving you forward. (Does your new patching solution reduce the need for system downtime? What were the savings in productive hours? for how many people? )
  4. Every security conversation should not lead towards adding more tools. If anything, organizations have too many tools.
  5. Knowing your current posture and Cyber Security blind spots is more valuable than it is realized. Successful & secure companies are proactive.
  6. Organizations that treat Cyber Security as crucial as performance or quality will continue to do well. Rest will learn those lessons the hard way. Pile of technical debt to cover security issues, expensive re-designs, hacks & breaches.
  7. People will (and have been) remain the most crucial asset. They will also continue to be the weaker links on a cyber security front. Investing in people and creating a Cyber security culture will pay for itself.
  8. Cloud has made enterprises inherently more secure. But remember, everyone carrying a smartphone doesn’t automatically become smart. Adapting & applying Cyber security for your organization and your industry standards is key.
  9. The threat landscape is ever-changing. Bad Actors need to be right once. You need to be right every time. Of course, the equation is set up against you. The only way is to stay on top of the game and ahead as much as possible.
  10. Identify your organizational Crown Jewels. They must be secured and audited. But a mechanism to recover & restore them in case of a breach will differentiate men from boys. (Accenture, a great recent example of it where they were able to recover & move on quickly.)
  11. While evaluating products, Cyber Teams focus too much on features. 80-85% of those will seldom be in use. Be it our car, mobile phone, enterprise tool, or software. A security executive must focus on the essential objective & solve it. Think - business capability matrix.
  12. No organization is immune to attack. 80% of enterprises have suffered a security incident in the past 12 months of 2020/21.
  13. About 45% of organizations are not armed to meet the cyber security challenges. At least 50% of the organizations waste significant time investigating low-level alerts and getting lost in the noise.
  14. 1/2 of the SMB organizations lack the right tools to detect, isolate, respond and clean up cyber threats. Moreover, massive integration gaps exist within organizations, which do happen to have the required tools.
  15. I am seeing almost every company drawing cyber liability insurances. However, About 50% of the organization would not know when to engage the legal team when an incident takes place. Is an intrusion taking place? Should legal be engaged upfront or post containment? Most organizations do not have a runbook to leverage their legal counsel and operating procedures in such cases.
  16. People directly in charge of an asset know everything is penetrable. They focus on investing in cyber-attack resilience. Those who gloat about their security programs mostly are not responsible for an(any) asset.
  17. "Return to office date is history". "Omnicron may turn into an endemic in 2024". These articles & deep dives confirm- remote work is here to stay. It is high time organizations focus on improving endpoints visibility for employees & associates. For the past 2 years, 55% of executives have been concerned about endpoint security and lack of visibility.
  18. Elapsed time to identify, remediate, contain a threat is critical. In today's day & age, automation in incident management, threat detection, and threat containment is crucial. It is not humanly possible to make a decision based on manually sifting through logs from hundreds of devices & systems which may run in GBs.
  19. A considerable number of enterprises with investments in incident management tools may still lack a disaster recovery plan and incident responsiveness. While companies use NIST and MITRE-based frameworks, fewer than 40% of companies conduct exercises for incident responses.
  20. Enterprises across the board are reeling with talent management challenges. Finding security talent was a challenge, but with the Great Resignation 2021, talent retention has become a headache. Re-skilling your people and leveraging a robust partner ecosystem will be necessary for 2022.
  21. Operational disruption (60%), Sensitive data compromise, or loss(64% of enterprises) is top of the list of damage from a cyber security intrusion.*
  22. Executives from mid-size Organizations seemed to be most concerned with losing sensitive data. At larger organizations, Executives are most anxious about the revenue impact from a cyber attack.
  23. Some of the best tools for identification, detection, isolation rely on interconnection to communicate, exchange information, and recognize patterns. Lack of integration among the tools & systems continues to be low-hanging fruit for executives in 2022 looking to gain rapid mileage from existing investments.
  24. Enterprises invest in purpose-driven tools. New tools may be acquired as the goalpost or the leadership changes. With time, tools overlap, silos build up. These tools can be studied & rationalized. Often it can unlock a significant spend reduction in the license & maintenance costs.
  25. It is incredible how many organizations invest in expensive security tools but do not have the MFA enabled. 45% of the compromises still originate password compromises. Get it done. Now.
  26. Businesses are well versed in tracking traditional risks like delayed projects, cost overruns, or business impacts. However, they need to consider risks originating from digital transformations. Think about Risks associated with PII data, its movement, laws governing data storage, privacy laws, etc. Data and its associated risks are a new frontier in itself.
  27. Inherent biases in the application or data quality issues can lead AI applications can misguide organizational focus. These can also open companies to new risks.
  28. Gartner predicts that in 2 years, privacy laws will cover 75% of the population. With GDPR, CCPA, and more laws in the making, the grip on a consumer’s data, privacy will continue to get tighter & complex. So, CISOs and leaders need to advance and automate their privacy management systems. They need to ensure a process to capture, scrub or remove data if requested by their customers or readers.
  29. Gartner also made a startling prediction- by 2025 threat actors will weaponize technology environments. We are already seeing signs of it. Oil and Gas, Utilities, School districts, Water utilities do not have consumers' PII data alone. The population's daily lives depend upon these utilities/service providers. Hence, It's essential now to prepare for ramped-up cyberattacks towards these spaces in the coming years. They will not come for the consumer data you have, but weaponize your facilities against the customers you serve.
  30. A significant number of Mckinsey's surveyed companies(48%) reported "being able to identify the risk" as their biggest challenge with digital and analytics risks. If you can not identify or measure the risk, it is hard to manage or plan for those.
  31. The majority of companies approach their assets, then study security controls around those assets, and then work on how to fill the gaps, add procedures, tools. It is time the conversation becomes rather business-focused. What are the business crown jewels? What type of disruption is non-negotiable? What is the organization's risk appetite? It is a much approachable problem to solve when the focus is shifted upside down. Once those questions can be answered, focusing on security controls, tools become more meaningful.
  32. It's time to define a data-driven approach to cyber risk assessments. Being able to associate $ values to risks, their likelihood is important to convey and move the business into action. It will also guide security budgets - "Where should we invest, first?". Leaders can prioritize and ask 'what level of financial risk organization is ready to take?'
  33. Communication is the key to garnering attention and improving cyber security within an organization. Cyber Security is top of mind for CEOs/Boards. However, their focus is often on aspects like Shareholder value, business growth & competitive edge. Reporting on Traffic lights (red, yellow, green) won't convey the context and meaning of actual risk to organization vs business KPI. Communication must be in the business language. A tool implementation, a current list of vulnerabilities, and technical details, or a technical roadmap will fog the actual impact or risk to the organization. It will also confuse the non-technical board/CEOs for being unable to get to the crux of the matter.
  34. If as an investor I know you(your company) have the right cyber security practices in place, would you not become a better company to invest in? Am I willing to see erosion in share price value due to an overnight cyber-attack that stuns the enterprise? SEC is already working on a Cyber Disclosure policy in this regards

References: The above insights have been gained from tons of reading materials over the past 3 months and experiences with customers. I am quoting notable links that are a constant source of knowledge.

  • https://www.garp.org/garp-risk-institute
  • https://www.mckinsey.com/business-functions/risk-and-resilience/our-insights
  • https://www.wsj.com/news/cio-journal

13 June 2024

How I setup my first raised bed garden in Chicago summers?

 Hello Friends,

We have had some good harvests over the past two summers growing tomatoes and a few other vegetables in the backyard in a small space.

the harvest from tomatoes was phenomenal last. so much so that we shared tons of them with friends in the neighborhood and We still had plenty to enjoy during summer and fall.

This year, however, I decided to experiment with a raised bed kitchen garden in one of the open sides of our house.

Here is how it looked when it was put together and started roughly 45 days ago (Early May).

Garden bed when i just planted a few plants
This is how the bed looked like in Early May after initial plants were put in.

Garden bed on June 13th

This is how the bed looks like on June 13. I have recently harvested from here.


since I re-started my blogging again, I didn't take photos of the whole process, but here is how I approached it.

10 Take-Aways: A Book you must read: The Psychology of Money

 I have started a new section on my new blog.#10takeAwaysThe purpose is to share dense knowledge bytes from the books I read. I very much encourage you to read the book but if you are pressed for time, these posts should help.

The books also can cover a variety of topics and go to lengths and breadths.

💡
I will pick the top 10 lessons from every book and share them in easy and palatable bytes.
Get the book 
  1. When finances are taught from early childhood, there is too much focus on rules and laws instead of psychology covering emotions and nuances. The study of the history of greed, insecurity, and optimism provides a huge window into why people bury themselves in debt. A financial study of debt is not required for that. 🤑
  2. The skill which makes you wealthy and which keeps you wealthy are different. Both are equally important to observe, learn & practice.
  3. Timing is everything. Someone who grew up during the 1940s in the US when the stock markets doubled vs Germany or Japan which paid the prices of World war II, timing plays a huge role in the psychology of how you invest. The same is true for the era where Stock markets were standstill compared to an era where stocks were going through the roof.
  4. Risk and Luck and doppelgangers. Opportunities, where the downside is in complete ruin, must be avoided. Avoid single points of failure. Avoid ruin. You want to be able to survive and keep playing the game. There is no reason to risk what you have and need for what you don't have and don't need. "You can be risk-loving and yet completely averse to ruin" - Nassim Taleb.
  5. The margin of safety should be appreciated. "The purpose of the margin of safety is to render the forecast unnecessary" - Graham bell
  6. The hardest skill in finance is to get the goalpost to stop moving. It is critical to know when you have had enough. Your best shot at keeping things that are invaluable to you(reputation, independence, family, friends, happiness, peace of mind) is to know when it is time to stop taking risks.
  7. Compounding is a no-brainer to wealth. The biggest secret behind compounding is 'undisturbed compounding'. Warren buffet's massive investment success came from it. Smart decision making, reading, intelligence, financial acumen are all contributing factors too. "First rule of compounding is to never interrupt it unnecessarily" - Charli Munger
  8. The ability to do what you want, when you want, for as long as you want, has infinite ROI.
  9. People are poor forecasters of future selves. Everything changes and must change. Anchoring decisions to past efforts that can't be refunded will be a huge cause for disappointment. Don't have the concept of Sunk costs hold you back.
  10. Instead of being persuaded by others' success, identify if they are playing on the same field(risk appetite, time horizon, investment behaviors) where you want to be. Only then act upon that advice.

Thanks for reading.

Do tell me what you liked the most about it.

I will appreciate it if you Buy the book through our affiliate amazon link.

Happy Reading🙏

Hello World- I am Returning to blogger and blogging.

Hello World,

It's been a while since I blogged on my website. 

I have been writing constantly, but it has been mostly on my personal LinkedIn account.

But, there has been a ton happening in my personal life that I have not documented.

Life has been fantastic, and I am grateful. But sometimes you need some space to let your creative juices flow and document your journey.

I moved to Ghost.org on a recommendation while listening to a YouTuber.

Similarly, in past years I had moved my blog to Wordpress. 

Both of these moves have been damaging to my blog, and my blogging habit.

It was a relief to see my blogger account still intact. My past posts are still here.


So, we are making a comeback.

12 June 2024

What can you achieve by removing meetings? 76,500 in freed-up time

 Hello All,

I surveyed my readers for what they would like to see in the newsletter in 2023.

We have the results.

A majority asked for more news. That is what we will do.

If you are one of those who participated and responded, thank you! If you did not, my goal is to persuade you to join in read the newsletter, and engage often.

No alt text provided for this image

Read this week

  • Security issues due to mass exits of employees?
  • What can you achieve by removing meetings? 76,500 in freed up time. A decision others can copy.
  • Microsoft eyes a massive stake in ChatGPT.
  • The Most Interesting Story from CES 2023
  • AWS finally comes around to encrypting S3 buckets by default.
  • Will "Matter" really simplify the smart home ecosystem mess?
  • Quote I am pondering this week
  • Layoffs in Jan 2023. Simple but powerful visual

Let's go!

This one habit alone can catapult you into the top achievers club

 I can predict you did not spend the last week of the year as you should have. I can predict the same behavior for the first week of the year. A year ends, a new one kicks off. We make new resolutions. We put new goals & commitments. We get busy in time offs, partying, eating, and drinking too much. We return to work stunned from the holidays and another week goes by. Those resolutions begin to fade away as the work pressure builds up. Then things get busy. Soon you realize another year speeds by without much. What happened to the goals you wanted to achieve? What happened to the commitments? I will show you one yearly ritual that has bolstered my achievement rate of over 300% for the past 4 years. If you pay attention and spend a few hours on it, you can get those massive returns yourself too. In this post, I share my practice, how that practice re-wires our brain, and then share my template. You can make this year a winning story you would tell to 2023. Read on.

What is the value of doing a personal yearly review?

It is said don't live in the past, but reflect upon it. Past is for us to learn from it and get better. History teaches us lessons. When we don't acknowledge those lessons, then history repeats itself.

Great behaviors must be repeated. Bad practices must be dropped.

It is all about getting that 1% better in everything we do and incremental improvements.

And those improvements only come from pausing and reflecting.

Think about it-

  • Are we busy pounding away or, are we doing the right things?
  • Are we making progress or standstill?
  • Are we headed towards our goal or in a completely different direction?
  • How much have we achieved? (it is not just about financial metrics)

Since when did I start doing yearly reviews?

For the past 3 years, I have been doing my yearly reviews. It feels like second nature. When I come to think about it, people in the industry (especially IT) would fill out long-form reviews - quarterly, yearly and sit down with their bosses in a review session. It is seen as a mundane, energy-sucking activity.

How often do you hear a friend excited about submitting their yearly reviews?

How often do you hear a friend or colleague looking forward to their yearly reviews with their bosses or their subordinate or peer?

the reality is those discussions are tied to monetary benefits- a raise, or a promotion. It's mostly reactive and hardly proactive. There is little to no discussion on future challenges. It's almost like a delayed feedback session.

Secondly, it is a push and not a pull. An organization is pushing employees to fill these reviews up and submit them. It is pushing bosses to finish reviews within a stipulated period.

No one wants to submit the reviews, and no one wants to review those reviews.

When I started doing my yearly reviews, my inspiration was opposite to the system I have seen closely. My inspiration came from listening and following closely the likes of Tim Ferris, Naval Ravikanth, and more folks who use reflections and reviews as a massive driving force. My motivation was to reflect and gain value from my patterns.

Have I gained tangible benefit from doing these year-end reviews?

Yes. Let me share an example. During my 2018 year-end review, I noticed a pattern. I called myself out on it. I was starting too many new projects, then interest faded and I would drop them. On closer inspection, I noticed that on some of these projects(like my photobook, a business idea, a technology certification), I was much closer to the finish line. Breaking the initial inertia is hard, but in my case, I would do the difficult work of starting but then would drop it.

I took a note. I promised to take smaller projects or break larger ones into smaller chunks. Not to take more than 2 personal projects at a time. And just doing it.

As a result of this small change, during 2019,2020, 2021 I have been able to lock myself in and finish my IELTS(8.5 Band in 40 days prep), AWS Cloud Practitioner Certification in 25 days, AWS Solution Architect Associate in about 40 days, and a massive list of items which I am proud of. I published more than 15 posts on LinkedIn each year and made significant progress.

This was one of the simple changes which I needed to do, and it emerged from the end-of-year review of my patterns. Hope this inspires you.

How do I review my year?

My process and template are simple. In 1 sitting, I typically allocate 4 hours of thinking and writing time. I allocate 2 hours on the next day to schedule action items on the calendar.

In 2018 and 2019, I carried out the review using physical paper & pen.

In 2020 and now 2021, I reviewed using OneNote and digital template.

The approach you could follow to do your year review

Here is a simple template you can use to do your reviews.

The whole process focuses on two aspects-

Reflect on the past, learn in the future.

#1: Every time you review a past event, it should not go Gaga over the achievement or get drowned in pain over the horrible mistake you made.

Let it hurt or feel amazing, only shortly.

We are reviewing to learn and observe patterns, not daydream.

#2: My focus for learning is around reading, writing, and real-world experiences. Hence I actively track specifics around how many books I read, how many articles I write. For you, this could be different, hence adapt accordingly.

In conclusion, I find the year-end review extremely helpful for personal and professional growth. It is an investment to make next year better. I encourage everyone to do this. The first week of the year is also a good time for this activity.

If you need any help with it, don't hesitate to ask via the comments or email me at quitefar@gmail.com.

Have a great year ahead.