Personal Financial Health Season

As we approach Thanksgiving and get inundated with pleas to spend a lot of money for the upcoming holidays, I declare this the beginning of Personal Financial Health Season. Why? Because this is the time that fraudsters, identity thieves, and other miscreants target our wallets hoping that we we’ll be spending too much money and be too wary to be diligent about our finances. Remember the Target breach of 2013 and use it as a reminder that we as consumers are easy targets this time of year.

US: Please Come Down Hard on JPMorgan

The U.S. Government needs to come down hard on JPMorgan Chase for its woeful performance in disclosing and responding to a privacy data breach that reportedly affects 76 million customers.

Free market principles can, eventually, affect cybersecurity change. When data breaches like the 40 million record breach at Target in late 2013 and the 56 million record breach at Home Depot earlier this year, customers can effectively respond with their feet. That reportedly happened with Target, and anecdotally, I’ve become a much more frequent patron of both my local town hardware store and Lowes. By withholding business from organizations that suffer a breach of your personal and financial information, customers can punish the company financially. It may take a lot of customers to really have an effect on the bottom line, but when they act in unison, customers are an economic force to be reckoned with.

Microsoft, Please Open Source Windows XP

The day is now upon us. After a nearly 13 year affair, marked by manic periods of love and hate, we now face the inevitable conclusion of our relationship with Windows XP. We knew that our time together was only temporary, and many are applauding the end of an era that was probably several years past its prime. As much as I appreciated the time that Microsoft granted us, I recognize that it’s time to move on.

My acceptance aside, I believe that many others are forced to remain in denial. Consider that some reports continue to pin XP usage at anywhere from 10% to nearly 30% of all desktop systems. Combine these statistics with reports that 95% of all ATMs, many medical devices and cash registers run Windows XP. I’m not one to succumb to FUD (Fear, Uncertainty, and Doubt), but the numbers imply that we face a potentially catastrophic security condition once Microsoft ceases its support for the operating system. How many vulnerabilities are hiding out there, their hacker benefactors giddy as they wait for Microsoft to cease providing security patches for XP computers? I suspect that we’ll find out soon.

Microsoft can help by making the XP operating system core available as open source software. I think that it should.

The Mobile Security Failure

Mobile has substantially changed the security update landscape, driven in part by evolving consumer expectations that champion frequent, minor enhancements over stability and security. I first discussed the defect acceptance trend in 2012 as a way to explain how software companies have been able distribute flawed software while also handing responsibility for maintaining that software to the consumer. In the two years since, accelerated use of mobile, and by extension cloud, applications has worsened the trend by limiting end-user control and forcing the consumer to accept unwanted feature changes to receive security updates. Not only must consumers accept flawed software, they must now also trade flexibility for some semblance of protection.

I’ve recently had three operating system software updates that each provide new perspective on how software maintenance has changed over the last decade. I’ll take a look at how those changes reflect new cost to consumers.

Identity Theft: Be Prepared for the Long Haul

Nearly a month after first detecting a potential identity theft when reviewing my credit reports, I’m frustrated by the lack of progress despite my efforts. A recent email from Experian, the credit bureau that seems to be the source of my problems, highlighted the company’s refusal to remove what I believe is the root cause record on my report. Just when I thought I was entering the final phase of cleaning up my credit report, I came to realize that I’m probably just getting through an early chapter in what will be a much longer story.

Identity Theft: Proof that Life is not Fair

I spent a weekend fuming over the fact that my credit reports from two bureaus showed a fraudulent collection from Dish Network and several personal information entries that listed names, addresses, and phone numbers on my report that were not mine. There were several possibilities for the entries: 1) The bureaus screwed up; 2) Someone fat-fingered my social security number when providing credit for Dish Network service; 3) Someone had fraudulently used my social security number. No matter how little control I had over the initial event, if I wanted clean credit reports, I knew that no one was going to help me out.

Identity Theft: Guilty Until Proven Innocent

“What is your identity?” It’s more than just an existential question, it’s a question that you need to ask yourself when addressing a potential identity theft situation. To be more precise, you have to ask yourself, “What is it that identifies you?” To begin the recovery process once you detect an identity theft, something that I discussed recently in relation to my own issue, you have to be able to provide documentation that assures everyone involved that you are who you say that you are. Perhaps even more important is the inverse, that you need to be able to show that you aren’t who you say you aren’t.

Federal Contracting Part 4: Intervention and Rehab

The challenge faced by HHS and CGI Federal to build Healthcare.gov were exceptional. They attempted to tackle an extremely complex data integration and communications platform in the relatively short timeframe of just under two years. Even without the highly charged political environment that hovered over the project, threatening to rain down at every moment, I would consider the project to be as ambitious as any government IT project has been. Add to that the directives and regulations that the project had to be managed against and I would have though initial success to have been an improbable expectation.

A Victim of Identity Theft?

I believe that I am the victim of identity theft.

At first, I didn’t think much of it. Perhaps my understanding of how personal data flows and security drove me to discount what it was I was seeing as “really no big deal.” Or, maybe I have become so cynical about how the definition of identity theft has expanded to include acts that I wouldn’t naturally consider a “theft” that I disregarded the event. Whatever the root cause of my denial, I’ve moved on. It’s time to deal with the problem and I plan to share my experiences every step of the way.

Federal Contracting Part 3: The Definition of Madness

There is a common assumption in government IT services procurement that past experience is an indicator of future success. But, when working with an industry that benefits mostly from the efforts of individual performers, the idea of ‘corporate’ past experience is a logical fallacy. Not only does it put the government at an immediate disadvantage, it favors repeating inefficient activities that benefit large contracting firms rather than promoting the innovation needed to move into new technology areas.

Federal Contracting Part 2: Good to be a Contracting Firm

This is Part 2 of my Federal IT Contracting series. Please be sure to check out my Introduction posting that includes a disclaimer about my past relationship with CGI Federal, the primary contracting firm responsible for the Healthcare.gov project.

My previous Federal IT Contracting posting presented a jarring insider analysis of how contracting firms realize success from failure. Some may interpret my analysis as a shot against contracting firms, illustrative of a tainted industry that deserves more oversight. With recent movements to reduce how much firm executives can earn despite very limited direct involvement on any customer-facing project, I admit to harboring some animosity towards those firms. But, having also served as an executive in a startup firm for several years, I submit that the government is far from blameless. That government managers often channel an insatiable childlike appetite for wants without really understanding what it is they need leaves them susceptible to failures like that currently embodied by Healthcare.gov.

Federal Contracting Part 1: Lucrative Failure

This is Part 1 of my Federal IT Contracting series. Please be sure to check out my Introduction posting that includes a disclaimer about my past relationship with CGI Federal, the original primary contracting firm responsible for the Healthcare.gov project.

This Washington Post opinion piece is accurate in its success through failure assessment. Where it fails is in not going deep enough into the cause, focusing instead on the visible symptom of executive advancement despite failure. I want to go deeper.

What We've Learned About Federal Contracting Through Healthcare.gov

The Healthcare.gov roll-out has been an epic debacle. If media reports are to be believed, just about everything that the Department of Health and Human Services (HHS) did for the project was wrong. From the limited procurement process, to the management structure, the scope and requirements, and the final testing, HHS is suffering from poor execution at every level.

Most of the media coverage seems to imply that the failure conditions are exceptional. Federal contracting insiders will admit, albeit quietly in some circles, that the only difference with Healthcare.gov is visibility. Set aside the scrutiny, and the Healthcare.gov failure is, unfortunately, quite common.