Reading the ex-GE CEO, Jack Welch's book titled Winning. One of his chapter - LETTING GO IS HARD TO DO illustrated the reality of business and it is an necessary process to weed off the rotten apples. He mentioned that the most complex and delicate kind of firing is when an individual has to let do because of poor performance.
In my entire career, I have executed not once, twice but thrice layoff plan.
The objective of the layoff plan is to reduce manpower cost due to the significant slow down of business during the Internet Boom time.
The GM of the company executes the planning of the layoff in a professional manner with total transparency and no there is no traces of humilation. (This is a lesson that I learnt). The middle management (like myself) is called into the meeting and informed the layoff plan and package. We commenced our re-ranking exercise based on few critical criteria to ensure that the ranking is fair and open. All the middle management to discuss each performance with the quantified value related to it! The first round of layoff is easier and quicker as the recommended staffs are under-performancers. (as the managers seemed to understand who is delivering the value; while the rest is not! As Jack Welch mentioned about the 20:70:10 rule. The finalised list are submitted and approved. We talked to the individual staff in a quiet room to announce the bad news to them. The environment is serious and easier accepted (perhaps, the under-performers staff had already knew what had happened). There is a total of 10% of staff being layoff.
However, barely a quarter, due to recessions persisted, we had no other alternative to continue to reduce our manpower cut again. This time, some of the middle management was layoff as well. The ranking exercise became more difficult as we knew that those with us are really good person. However, we have no other alternative but to proceed on. The total % is more than 30% of the staff. The GM spoke to all of us in the conference and emphasised that the ONLY CONSTANT is CHANGE. I even offered to reduce pay cut instead as I do not want to see any of the good staff to go. However, GM had highlighted that everyone has a living based on the current package. Reducing packaging will immediately de-moralised everyone further and may hurt one's living as well. Hence, a bold and open decision made, and the second layout is done.
I called out my contacts so that I could find alternatives to them. Fortunaltely, I managed to get some jobs for my subordinates.
The last layoff is more amusing. After a year of the layoff, due to fewer staff and everyone need to do more with less, I was instructed to hire another presales engineer to offload the workload. After 3 months of searching, we managed to get this guy in. Howeevr, after just 3 months, my immediate boss (not the GM) requested me to fire him due to revenue has not grew as expected! I was confused but prefered to execute the plan by myself (instead of him).
Of course, layoff is nit a fun thing! At times, I felt gulit but believed that this is the reality of life. My dad was forced to open his workshop not because he wanted to, but rather he could not found a job in the 50's. Hence, I believed I am blessed that I still has a job.
Saturday, November 24, 2007
Tuesday, November 6, 2007
Data/Info Leak Protection (DLP) acquistion war
Companies are facing spiralling pressures to protect all types of business data due to the fact that today's network is extremely porous especially the influx of consumer-based technology into the workplace, such as digital media players, cameras, IM and social networking sites, and USB devices.
Almost all businesses fall under a regulatory mandate to protect private or personal information, and all worry about internal, confidential information falling into the wrong hands.
The recent data leaks from Monster.com is a serious alarming event to all.
Hence, there is an ongong acqusitions and the big companies are snapping up the DLP players.
--Symantec Corp of $350 million acquisition of Vontu
--Websense acquired Port Authority about 10 months ago for $90 million
--EMC's RSA Security unit acquired Tablus just two months ago for an undisclosed sum.
--McAfee early last fall acquired a slice of DLP technology (the end point/desktop) in its $20 million deal for Israel’s Onigma. It also acquired SafeBoot mobile data encryption deal ($350 million)
-- TrendMicro acquire Provilla
-- Check Point Technologies expects its recent acquisition of encryption vendor Pointsec
Again, the traditional 3 major AV players coupled with RSA (focus on data integrity), Websense (web-security) and Checkpoint. Looking into the competition, there is a good reason why the traditional AV players, if do it right, will be a prevalent players than others due to the broad-based of markets and offerings.
Of course, technology can only do so much. Enterprise will require People & Process to get the puzzle fix up as well.
A 2007 Gartner report identified consumer products in the enterprise as one of the biggest threats to corporate security. The security holes these products and applications create need to be closed, and business’ acceptable use policies extended to cover these areas.
The report named four key technologies as presenting the biggest risks. Let’s deal with each of these in turn, and evaluate the solutions and policies that can deliver management of each risk type.
1. Stopping the bus
USB devices (cameras, MP3 players, portable drives etc) represent a key risk, according to the Gartner report. The starting point for protection is to include them in the business acceptable usage policy (AUP), to educate users on the importance of following policy, and the business risks if they do not. But policies alone aren’t enough, so they must be backed up and enforced. Some companies have taken the empirical approach of blocking USB ports with epoxy glue, but a more manageable method is investing in a port control product, which can automatically block USB devices from being connected to PCs without authorisation. More advanced products also include transparent encryption, so that information copied to USB devices is automatically rendered inaccessible to thieves.
-- Technology: Needs Device Control mechanisms
2. Curbing the office social
Blogging, and use of social networking websites should also be added to the AUP. With blogging, you’ll need to specify what the business is comfortable allowing employees to discuss. Company intellectual property and confidential information should obviously be restricted from blogs, and the same with social networking sites. As with USB devices, policies should be enforced by products, to truly limit risk.
-- Technology: Need restrictions IM/P2P and blogging activities
3. Mobile matters
Mobile devices run increasingly robust applications, carry a great deal of business data and increasingly are a target for malicious code. Enterprises can take precautions to limit the risks of these devices without resorting to an unenforceable outright ban – an example being deployment of encryption for all approved mobile devices that have access to sensitive data. Ensure that the encryption product you choose is proven, transparent and automatic, eliminating user interaction and creating a fully enforceable solution that holds up to stringent compliance requirements.
-- Technology: Mobility Security Solution
Going remote
Employees connect to enterprise resources through both unmanaged networks and unmanaged remote devices, reported Gartner. This can increase productivity, but it can also punch holes in the company's network security. Companies should deploy VPNs to restrict access based on checks of the security of the user’s endpoint. The VPN can be SSL or IPSec, according to the company’s needs. IPSec clients enable increased control and management of the remote access point, which in turn increases protection of corporate assets.
-- Technology: Needs SSL VPN Solution
Almost all businesses fall under a regulatory mandate to protect private or personal information, and all worry about internal, confidential information falling into the wrong hands.
The recent data leaks from Monster.com is a serious alarming event to all.
Hence, there is an ongong acqusitions and the big companies are snapping up the DLP players.
--Symantec Corp of $350 million acquisition of Vontu
--Websense acquired Port Authority about 10 months ago for $90 million
--EMC's RSA Security unit acquired Tablus just two months ago for an undisclosed sum.
--McAfee early last fall acquired a slice of DLP technology (the end point/desktop) in its $20 million deal for Israel’s Onigma. It also acquired SafeBoot mobile data encryption deal ($350 million)
-- TrendMicro acquire Provilla
-- Check Point Technologies expects its recent acquisition of encryption vendor Pointsec
Again, the traditional 3 major AV players coupled with RSA (focus on data integrity), Websense (web-security) and Checkpoint. Looking into the competition, there is a good reason why the traditional AV players, if do it right, will be a prevalent players than others due to the broad-based of markets and offerings.
Of course, technology can only do so much. Enterprise will require People & Process to get the puzzle fix up as well.
A 2007 Gartner report identified consumer products in the enterprise as one of the biggest threats to corporate security. The security holes these products and applications create need to be closed, and business’ acceptable use policies extended to cover these areas.
The report named four key technologies as presenting the biggest risks. Let’s deal with each of these in turn, and evaluate the solutions and policies that can deliver management of each risk type.
1. Stopping the bus
USB devices (cameras, MP3 players, portable drives etc) represent a key risk, according to the Gartner report. The starting point for protection is to include them in the business acceptable usage policy (AUP), to educate users on the importance of following policy, and the business risks if they do not. But policies alone aren’t enough, so they must be backed up and enforced. Some companies have taken the empirical approach of blocking USB ports with epoxy glue, but a more manageable method is investing in a port control product, which can automatically block USB devices from being connected to PCs without authorisation. More advanced products also include transparent encryption, so that information copied to USB devices is automatically rendered inaccessible to thieves.
-- Technology: Needs Device Control mechanisms
2. Curbing the office social
Blogging, and use of social networking websites should also be added to the AUP. With blogging, you’ll need to specify what the business is comfortable allowing employees to discuss. Company intellectual property and confidential information should obviously be restricted from blogs, and the same with social networking sites. As with USB devices, policies should be enforced by products, to truly limit risk.
-- Technology: Need restrictions IM/P2P and blogging activities
3. Mobile matters
Mobile devices run increasingly robust applications, carry a great deal of business data and increasingly are a target for malicious code. Enterprises can take precautions to limit the risks of these devices without resorting to an unenforceable outright ban – an example being deployment of encryption for all approved mobile devices that have access to sensitive data. Ensure that the encryption product you choose is proven, transparent and automatic, eliminating user interaction and creating a fully enforceable solution that holds up to stringent compliance requirements.
-- Technology: Mobility Security Solution
Going remote
Employees connect to enterprise resources through both unmanaged networks and unmanaged remote devices, reported Gartner. This can increase productivity, but it can also punch holes in the company's network security. Companies should deploy VPNs to restrict access based on checks of the security of the user’s endpoint. The VPN can be SSL or IPSec, according to the company’s needs. IPSec clients enable increased control and management of the remote access point, which in turn increases protection of corporate assets.
-- Technology: Needs SSL VPN Solution
Google Internet Phones
Google Inc., the new operating system for mobile phone, will trying to shake up the wireless industry by helping to create cheaper phones that can access advanced Internet services -- and carry its lucrative advertising.
http://online.wsj.com/article/SB119427874851482602.html?mod=hpp_us_whats_news
By turning phones into mini computers, it will mean that Google again will try to flatten the world by getting as many people to connect to the WWW! Such initatives will also mean MOBILE SECURITY will be more prevalent eventually.
Look like Microsoft will need to do more to prevent "GPhone" be the trend (maybe by offering Microsoft Mobile free). However, I believed that the key battle field is not the mobile OS, but the killer application over the mobile OS to allow people to COLLABORATE with ease (I think Blackberry needs to work harder as well) including of perform similar functions (perhaps mini-functions) as the PC.
Since Google mobile OS will be open-source to allow Appication Service Provider to layer their killer apps. It will eventually empowered the individual to collaborate more effectively (always connected)
What about Apple iPhones then?
http://online.wsj.com/article/SB119427874851482602.html?mod=hpp_us_whats_news
By turning phones into mini computers, it will mean that Google again will try to flatten the world by getting as many people to connect to the WWW! Such initatives will also mean MOBILE SECURITY will be more prevalent eventually.
Look like Microsoft will need to do more to prevent "GPhone" be the trend (maybe by offering Microsoft Mobile free). However, I believed that the key battle field is not the mobile OS, but the killer application over the mobile OS to allow people to COLLABORATE with ease (I think Blackberry needs to work harder as well) including of perform similar functions (perhaps mini-functions) as the PC.
Since Google mobile OS will be open-source to allow Appication Service Provider to layer their killer apps. It will eventually empowered the individual to collaborate more effectively (always connected)
What about Apple iPhones then?
Sunday, November 4, 2007
Joa meets her old K2 friend
Last saturday, I brought my little girl to National Libray - Bishan branch to look for her favourite Rainbow Magic collections (The dad has bought her 6 books already! Yet, it is NOT enough for her). She managed to got 2 books with one of the book -Indigo fairy was read before. She was encouraged to pass it on to someone that wanted the book so that every girls can read it as well. Of course, she was willing! She also managed to spot her K2 friend - Melia Chua @Tai Pei Childcare. However, to my surprise, an extrovent, she was too shy to approach her and insisted me to ask and identify on her behalf whether the girl is her ex-classmates. She even remarked that she will go off if I refused to do so! I did explain that it is better to approach by herself, however, she still refused. As a good dad, I approached her and confirmed that she is the girl - Melia Chua, even though she refused to acknowledge earlier. Her elder brother just told me that instead. One thing really puzzled me why the girls are so shy? (especially, my girl, that I always thought she is bold to try new things!)
Nevertheless, I went back to told my girl and yet my girl has requested me to hand over the Rainbow Magic story book to her on her behalf. I tried to persuade her to do this time, however, she refused. Anyway, I took the book and passed it to the girl. I can see her eyes was sparkling when she saw an UNCLE, a stranger can pass it to girl (I hope that she can do the same to other girls as well i.e. SHARE) a book that she wanted (Look like the author, Meadow Dasiy, has the right ingredients to spark the interest of the juniors). I can see that she was more surprise than grateful. I grab the opportunity and re-introduce Joaquim to her and emphasised that the book belongs to Joaquim and she is willing to pass it to u. She replied with a courtesy thanks and wave goodbye. So is my girl. I really hope that they can interact more socially and acquire both phone/email address, but they did not.
The lesson is that Joaqium is put into uncomfortable zone to dealing with "strangers" and got loss to express herself well. I think I need to get her to learn and relax in fronts of old mates.
Hope that this encounters will benefit the girls and defintiely myself.
Nevertheless, I went back to told my girl and yet my girl has requested me to hand over the Rainbow Magic story book to her on her behalf. I tried to persuade her to do this time, however, she refused. Anyway, I took the book and passed it to the girl. I can see her eyes was sparkling when she saw an UNCLE, a stranger can pass it to girl (I hope that she can do the same to other girls as well i.e. SHARE) a book that she wanted (Look like the author, Meadow Dasiy, has the right ingredients to spark the interest of the juniors). I can see that she was more surprise than grateful. I grab the opportunity and re-introduce Joaquim to her and emphasised that the book belongs to Joaquim and she is willing to pass it to u. She replied with a courtesy thanks and wave goodbye. So is my girl. I really hope that they can interact more socially and acquire both phone/email address, but they did not.
The lesson is that Joaqium is put into uncomfortable zone to dealing with "strangers" and got loss to express herself well. I think I need to get her to learn and relax in fronts of old mates.
Hope that this encounters will benefit the girls and defintiely myself.
Thursday, November 1, 2007
Symantec Threat Report
I went to check out the Threat report of Symantec -
http://eval.symantec.com/mktginfo/enterprise/white_papers/ent-whitepaper_internet_security_threat_report_xii_apj_09_2007.en-us.pdf
The key findings has 4 important componets (Jan 2007 to June 2007):
1. Attack Trends Highlights
2. Malicious Code Trends Highlights
3. Phishing Trends Highlights
4. Spam Trends Highlights
Again, China, a powerhouse in economics and huge Internet users almost topped in most of the categories except Phishing Trends. Japan, followed by Taiwan topped the table of most-phishing activities instead.
One of the interesting findings is that when SYMantec - Malicious activity by country per Internet user, Sri Lanka topped the table (illustrates that hacker preferred to house their malicous server in a under-developing countries whereby law & regulations coupled with low-skilled in security capability) Singapore, ranked 4th with 13%.
Hence, stay vigilant and keep malware out of bound.
Subscribe to:
Posts (Atom)
