Gathering requirements (the hard way)

dearsantaI’ve written about communication a few times; it’s an important part of my job, I enjoy it, and I’m always learning about it. Recently I’ve been involved in a project which included a requirements gathering phase, consulting hundreds of users across two Schools of the University, and what I learned there forced me to completely re-think my approach to this process, and to communication with users in general.

Continue Reading

Anatomy of a banking trojan outbreak

virusmemeIt started innocently enough, a member of staff opened an email from their personal email account with a subject line “Confirmation of payment”.  Unbeknownst to the unfortunate recipient the attachment contained malware from the Dyre banking trojan family (specifically Troj/Dyreza-FP). One week, 500 hours of staff time, and 128 infected systems later we’ve learnt a lot of lessons the hard way.  Learn from our experience (we have).

Continue Reading

How to manage emails

Email-inboxIt’s everywhere.  You can’t get away from it.  It never stops. It can contain the most trivial of information, or the most important thing you’ll read that week.  A recent study concluded we spend 28% of our time reading and answering email.  I receive about 185 emails a day on average, on a bad day over 300, but my inbox is nearly empty and I know where everything is and what I have to do.  How do I do it?

Continue Reading

How not to do project management

somuchfailBack  in 2012 I wrote a blog post about the ‘new parent‘ method of project management.  Now, I cringe when I read that article, because I was missing some fundamental principles behind the project management methodology.   The proof of the pudding was definitely in the eating, as I ‘tested the theory’ in a deployment of a product called Druva InSync across our estate.  Unsurprisingly, it was not as successful as I’d hoped, but the reasons why are useful lessons to learn.

Continue Reading

Is user security awareness training worth it?

pedagogy-194931_640Back in August 2013 I blogged about the importance of IT staff training, and I’d planned to follow up shortly after that with a post about end user training.  Unfortunately the challenges of a new role took over, and it’s only now I’m returning to the topic, with a particular challenge in mind, increasing end user awareness of information security threats.

Continue Reading