How Do You Protect Your Business When the Threat Landscape Is Always Evolving?

Security Ransomware

Staying ahead of the curve when it comes to security attacks can be a challenge many find to be nearly impossible to achieve. But why is it so difficult? Every day, attacks targeting juggernauts of industry are featured in breaking news. An example is the recent “Wannacry” ransomware attack, which affected thousands of computers all over the world—from Europe to Asia to North America, locking users out of their computers and demanding ransoms. What’s concerning about these attacks is not only the frequency of them, but how they quickly inspire imitators.  

New attacks using combinations of execution code to bypass defense systems are popping up. Even more concerning, ransomware/botnet attacks are now hijacking ICS to re-route ambulances causing life-threatening consequences. And the hard truth is this won’t stop; new malware will be written with multiple code execution paths that are designed to set off benign processes while under scan and then execute malicious code once your anti-virus deems it to be safe. 

You might be indignantly thinking why? My anti-virus is supposed to stop all threats—my vendor said so! Why is it so difficult to defend my organization? 

The short answer is that it doesn’t have to be. Having implemented and reverse engineered many security solutions, I can say honestly that you cannot adopt or rely upon a single strategy or single solution to defend your posture. It takes a holistic and tiered approach to be able to defend and take on attacks from different vectors. 

A long time ago, I was once on the offensive side acting out DDoS attacks while playing a game called “Counter-Strike.” Why is this relevant? It seems hard to believe, but this game helped me adopt a philosophy on cybersecurity that I will never forget and will use for the rest of my career. I hope you can take this philosophy to heart, and that it will also help you protect your business as well as yourself from being hacked. 

Know your risk. 

Designing a secure infrastructure starts with knowing your greatest risks and weaknesses. Think like a hacker. What is the most critical asset? What type of attacks are you vulnerable to? What would someone do to exploit it that risk? Knowing is the first step. 

Identify your risk. 

In the following tiers: Reputation, Operational, and Intellectual Property. Once you’ve identified your risk in these arenas, plan a defensive strategy accordingly.  

Defend. 

Your strategy should lead to you knowing your network better than anyone else. You are the first and last line of defense. Security solutions are simply technology, but without configuring that technology to its strictest potential, you will not win. Do not allow any attacker to exploit your posture. Conduct vulnerability assessments and risk audits. Conducting threat assessments regularly is a critical step in continually developing your security plan.

How I Prioritize Projects

Piroritizing Projects

Prioritizing projects while keeping up with the day-to-day of client support can lead to a hectic, seemingly 100mph day. As a Client Support Manager, responding to a variety of email requests, following up with manufacturers and processing paperwork all need to happen in real time as things come in. But the job isn’t all emails and case handling. I’m also curating our internal resources, investigating best practices, and creating new processes for an even more efficient team. I don’t know if you’ve read a hardware warranty recently, but it’s not the kind of thing you can skim and easily come away with an understanding. These are tasks that require deep work and focus. 

So how do I ensure my important projects are not lost in the sea of urgent emails and RMA paperwork at a bustling company such as Myriad? The answer may surprise you! 

Routine 

Establishing a daily routine has been paramount for me. Outlook always gets a whole monitor to itself; emails come in throughout the day and are my most urgent task. First, I read all the emails that have come in overnight and flag any that require action. Then I go over each of my open cases and send out follow-ups to manufacturers and update clients on the status of their requests, unflagging emails as I respond to them. Any emails flagged for action after each case has been updated then get addressed.  

This routine sets the day in motion ensuring that I don’t start the day behind the eight ball. With each case having been addressed first thing in the morning, I can then turn my full attention to my larger projects until a new case or email comes in.

Old-Fashioned Checklists 

There are a lot of really great productivity apps and services available these days, but there is a lot to be said for a handwritten checklist. I’ve tried dozens of apps and programs that I began using with enthusiasm, but quickly turned away from. Time and time again, I always go back to the handwritten list.  

For me, the handwritten list has some benefits that keep me engaged in a way that apps do not. Writing by hand engages the parts of the brain responsible for learning and creativity, plus, a physical list creates a concrete visual pathway through your tasks. Sometimes if I’m stuck on where to start while creating a new internal process, just the act of breaking it down into a list will make all the pieces fall into place for me.  

For a large project, I use checklists to break it down into smaller tasks to accomplish throughout the week or day, similar to an outline. For the most part, I try to keep the scope of each list to what needs to happen within the week. I use this system for work and home projects alike. For instance, if my tasks this week were to write a blog post and clean my kitchen my list might look something like this:

☐ Blog Post

☐ Research X,Y,Z
☐ Outline
☐ Write First Draft
☐ Add Hilarious Jokes
☐ Delete Dorky Jokes
☐ Source Images for X, Y, Z

☐ Clean Kitchen

☐ Dishes
☐ Clean Out Cabinets
☐ Clean Out Fridge
☐ Counters and Surfaces
☐ Sweep
☐ Mop

As I work my way through my checklist I may find that some tasks need to be expanded and in some cases migrated to the next week’s to-do list. Those items are marked with an arrow rather than a check and are continued into their own list (similar to bullet journaling).

☐ Blog Post ⇨

✓ Research X, Y, Z
✓ Outline

⇨Write First Draft ⇨

☐ Send Draft to Trusted Colleague
☐ Incorporate Feedback into Rewrite

Source Images for X, Y, Z

In our increasingly more technologized workplace, sometimes in order to find the best tools to keep us organized and productive, we don’t have to look any further than a notebook and pen. Checking things off my list is also satisfying. I find the feeling when I am about to complete a task and I know I get to put a checkmark in one of the boxes on my list to be energizing.  

It’s easy to downplay the importance of prioritizing and breaking down tasks—especially when the tools are so simple—but it’s imperative to my role at Myriad to ensure nothing falls through the cracks.  I’m always looking for new ways to work smarter, but the key is consistency. The best tool for organization—whether it be the hottest technology or a simpler method like mine— is whichever one that you’ll use consistently.  

What I Do in IT Sales

What An IT Salesperson Actually Does

“Sweetie, can you help me get my printer to work?” my mom called from the kitchen while I was visiting for Father’s Day last month. “Umm, I can try?” I stammered. These scenarios with family and friends have become commonplace since I began my IT career five years ago.  I’m sure other people can relate—when you work in IT sales, for some mysterious reason, so many people think you can fix their printer, laptop, or broken iPhone. 

“So what do you do?” I might be asked by an older family member. Here’s what I say: 

     1. I am constantly learning.

In my first week of training as an Account Executive, we focused on an overview of networking, speeds and feeds, port counts and what things like “single-mode” and “POE” meant. Over the years, as Myriad has expanded, our training program has grown to cover systems/storage, security and cloud, and network services. (Alas, still no training on how to troubleshoot a printer…) All kidding aside, much of my knowledge has been tailored by the clients that I have the privilege of working with.  

Many of the companies that I work with are service providers who have extremely demanding SLAs and require immediate solutions since they are the people responsible for ensuring there are no issues with their office’s internet. As a result, I’m constantly listening to what the best and brightest companies need to keep their IT departments running smoothly and helping them fill that need. Over the last few years, I’ve seen across the industry that security (specifically surrounding ransomware and DDoS attacks) is of paramount concern to these companies. Introducing clients to our Engineering team—who can design a client’s environment that solves and prevents problems—is extremely gratifying and one of my favorite parts of the job.  

      2. I build relationships.

Without a doubt the most exciting element of sales for me is landing an initial order with a new client. Typically getting in front of a new company takes a multi-pronged approach leveraging shared connections and referrals. One of the most dynamic parts of sales is discovering shared interests with a client in addition to their goals and deal-breakers. Candor on both sides regarding strengths, areas for improvement, and measurements of success are fundamental to a mutually beneficial arrangement. 

Additionally, in the sales industry specifically, there is always staff movement, typically a salesperson moving on to a different role or being promoted to a manager. Those excited and committed to sales offer stability to our roster of clients. The ability for a customer to know that you will be their main point of contact for years to come is invaluable since no knowledge transfer is ever complete. Just like with any person you get to know, each client has particulars that are unique to them and tailoring our service to those specifics makes our business relationship stronger. 

     3. Above all, I help! 

The dynamic nature of sales and how each day presents new scenarios and challenges makes the job of a salesperson especially rewarding. Making real connections with clients and being able to be helpful while being yourself translates to a camaraderie that transcends time zones and miles. I work with people who have incredibly stressful jobs that keep them on call ‘round the clock. Being able to respond immediately, effectively and with empathy to let my client know that we are working on whatever they need together makes the burden for my clients feel just a little bit less heavy. It’s in those hard moments that meaningful, long-lasting business relationships are formed. Anyone can be there when you sign the deal for that new circuit or ship that shiny new router, but making it through and helping to solve customer challenges is something I am proud of when it comes to my team. 

And there you have it! While I might not be the first person to call when a printer breaks (sorry, Mom!), I’m thrilled to be standing with my team at Myriad, helping each other and our clients forge the right path in this brave virtual world.    

The API is the New CLI: Fact or Fiction?  

The API is the New CLI
The API is the new CLI. 

If you’re a network engineer who pays attention to new technology, you’ve certainly heard some variation of this statement. But is it true? 

Let’s start with the basics. 

You know what a Command Line Interface (CLI) is; it’s how you talk to your switches and routers, and possibly many other devices and programs. An Application Programming Interface (API), on the other hand, defines the methods of communication between various software components. In other words, it’s how programs talk to each other. 

In networking, there are probably three types of API that you’ll encounter: NETCONF, REST, and RESTCONF. 

NETCONF 

The Network Configuration Protocol (NETCONF – RFC 6241) “provides mechanisms to install, manipulate, and delete the configuration of network devices.1”  These are often called Create, Read, Update, Delete (CRUD) operations. 

NETCONF uses a remote procedure call (RPC) model to communicate between clients—typically scripts or applications—with servers (the network devices). Clients send RPCs (requests) and network devices respond with RPC replies. While NETCONF is transport protocol agnostic, Secure Shell (SSH) is required to be supported, and is the most typically used. All configuration data and protocol messages (RPCs and RPC replies) are encoded using Extensible Markup Language (XML). 

NETCONF uses a configuration lock to ensure that conflicting changes aren’t made simultaneously. This feature, along with the two-way (RPC) communication, can be leveraged to make atomic changes across an entire network of devices, ensuring “roll-back” to original state if changes fail on any of the devices. 

In addition to configuration data, NETCONF also defines state data and allows network devices to send notifications to clients. This allows for network monitoring and telemetry-type data to be conveyed in addition to (or in support of) configuration changes. 

REST 

If you hang out around web developers, you’ve heard someone talk about RESTful APIs. REST is short for Representational State Transfer. While that sounds complex, the easiest way to think of it is “how the web works.” It’s defined in full detail in a PhD dissertation titled “Architectural Styles and the Design of Network-based Software Architectures” by Roy Thomas Fielding. 

Essentially, RESTful or REST-like interfaces use the constructs of HTTP to communicate. Standard hypertext commands like GET, PUT, POST, DELETE are used. However, instead of a browser pulling down a webpage for you to view, we’re now using HTTP to communicate about any resource, potentially including network device configurations. And that brings us to our next API… 

RESTCONF 

RESTCONF (RFC 8040) is essentially just a RESTful implementation of NETCONF. In other words, RESTCONF is NETCONF based on HTTP(s). More accurately, it is “an HTTP-based protocol that provides a programmatic interface for accessing data defined in YANG, using the datastore concepts defined in the Network Configuration Protocol (NETCONF).2 

Other changes include the fact that RESTCONF can encode data as either XML or JavaScript Object Notation (JSON), which many find easier to read and work with than XML. RESTCONF also introduces the concept of an “event stream” which allows a client to subscribe to an ongoing asynchronous stream of NETCONF Event Notifications, enhancing telemetry capabilities somewhat. 

Network devices can support NETCONF, RESTCONF, or both. 

YANG 

YANG (RFC 7950) is not an API, but it’s important to note here anyway. That’s because YANG is “a data modeling language used to model configuration data, state data, Remote Procedure Calls, and notifications for network management protocols.3” That includes, of course, both NETCONF and RESTCONF. 

So you have YANG, which is the data model (template) for formatting your data. Then you use either NETCONF or RESTCONF to encode that data with XML or JSON and send it to (or receive it from) network devices over SSH or HTTP(s). Clear as mud? Great. Back to the original question… 

Is the API the new CLI? 

As I hope you can see from the quick run-down above, APIs are very powerful tools for interacting with your network devices. They are specifically designed to allow programs to communicate reliably with network devices. These programs might be scripts that you write yourself to speed up common configuration or troubleshooting tasks. They might also be comprehensive intent based SDN controllers that abstract the individual network devices completely away and let you interface with the entire network as a single system. 

This power and flexibility will surely make them a big part of every network, and so it’s important to be familiar with them. However, I don’t think we’ll see the CLI disappear any time soon, if at all. CLIs are still a great way for a human to interact with a single network device, and it’s likely that will be needed from time to time in the foreseeable future. 

My take is that APIs are here to stay, but so is the CLI; it’s our job as engineers to learn both, and apply them each effectively. 

Footnotes: 

  1. https://tools.ietf.org/html/rfc6241  
  2. https://tools.ietf.org/html/rfc8040 
  3. https://tools.ietf.org/html/rfc7950   

 

Demystifying the Cloud

Demystifying the Cloud

It seems no matter where you turn, you can’t escape the buzzword of “the Cloud.” Whether it’s a place to put phone data, the newest version of software, or just the ever-present promise of “It’s better because it’s now in the Cloud!”, it seems like everyone is poised to take advantage of the progressive, somewhat nebulous, Cloud.

But what is the Cloud, really? Depending on your daily interaction, it may be as simple as pressing a button to sync, hoping that your data is going to be saved somewhere. For others, the value of the Cloud may be in finally taking some aspect of technology off your organization’s plate and letting someone or something else manage it. No matter how you use it, the biggest mythbuster when it comes to the Cloud is that no matter what you’re committing—data, labor, equipment—it’s not evaporating up into the big Internet ether; it’s being moved to a tangible, physical place and being managed by experts whose entire job is the management of this outsourced item or service.

How is the Cloud useful?

Let’s think about an average company that sells a product to the public. In that office, there may be C-level leadership, teams in Research and Development, Marketing and Advertising, Finance, Human Resources, Logistics and Sales, just to start. Supporting all of these departments is the IT team. Depending on the size of the team and budget allocated to IT, at least one person on that team needs to be able to support the team from a helpdesk perspective, manage and continually update each user’s desktop and phones, maintain office equipment (printer/fax machine, conference room equipment) and manage all of the infrastructure behind all this. The goal of technology is to make everyone’s lives easier, get work done faster and connect us more than ever before. With managing all this equipment and updates manually in-house, it can increase the odds of things failing. It can also steal valuable time from all departments when employees are working with inefficient systems or having to constantly approve new equipment—missing the point entirely of what technology is supposed to accomplish.

What are the advantages of utilizing cloud technology?

One of the biggest allures of moving to the Cloud is eliminating some of the inherent risks of operating on-premise by moving your valuable data and/or equipment to a secure facility off-site. If you had the choice to keep all of your money in a shoe box under your bed or in a bank that had top-of-the line security and disaster prevention, wouldn’t you prefer to open an account at your local branch (and possibly get some additional perks to boot)?

Utilizing a Cloud provider offers security, both physically and through peace of mind. The data center facilities utilized or owned by a Cloud provider offer the type of security and disaster recovery that is largely unavailable at an individual office. Biometric scanning, 24/7/365 security personnel, robust HVAC systems, reliable power backups, architectural precautions and stability, and on-site technicians allow companies to breathe a deep sigh of relief and avoid risks associated with a disgruntled employee gone rogue, building power failures, or disasters such as flood or fire that can bring operations to a standstill.

Public vs. Hybrid vs. Private Cloud

While Cloud providers are going to be taking advantage of the data center facilities mentioned above, not all Cloud is created equal. There are different options to choose from when it comes to what’s best for you personally and for your company. In addition to Public, multi-layered Cloud, there is also Hybrid and Private Cloud.

When a company is using Public cloud, they could be taking advantage of the ability to spin up instances for testing and development, storing long-term data off-site or hosting their traditionally on-premise applications such as email in the Cloud via a monthly recurring fee based on the amount of CPU capacity, memory and storage being used. For many organizations, this equates to a streamlined monthly bill which has the benefit of being deemed an operational expense versus capital expense. However, with hyperscaling does come the challenge of managing spend once firmly entrenched into the environment—it’s a lot easier getting in than getting out.

Hybrid can feature multiple combinations—a Cloud strategy that mixes aspects of traditional on-premise equipment with Private or Public clouds or an approach that incorporates elements of Public Cloud with Private.

Private Cloud is just what it sounds like—a Private Cloud partner will be engaged to design an environment specifically for your organization’s needs while maintaining the elasticity many desire with a Public Cloud solution. These environments are typically vendor, technologically, and network neutral. Additionally, given that you are working closely with the architects designing your solution, there is typically a more granular level of support, monitoring/visibility and security involved. Therefore, it can sometimes be easier to manage spend and work with your partner to maintain the proper level needed – and without unnecessary bloat. This level of specification does come with a price; especially at the onset the upfront fees included can seem sizable in comparison to getting up and running with a public cloud provider, but this broaches the age-old conversation of price vs. cost.

There you have it, a small glance under the hood of that big, exciting, buzzword of “the Cloud.” Of course, when it comes to this topic, there are many layers of solutions available and different providers putting their twist on it. The important thing is to dive in and consider all the possible options for the right fit for you and your organization; there’s bound to be the right fit for you out there.

Myriad Congratulates Employees Celebrating Anniversaries this Month

July Anniversary

At Myriad, we believe that whether personal or professional, anniversaries are a special event in a person’s life. This month, we are celebrating the work anniversaries of five exceptional members of the Myriad team. Huge congratulations are due to:

Anthony Cesari
Celebrating: 10 years

Anthony Cesari is celebrating TEN years at Myriad this month. Anthony has been promoted four times over the course of his illustrious career, rising the ranks from working in hardware testing to his current title of NOC Manager. His favorite thing about working at Myriad is watching the company grow and seeing all great new people join the Myriad family. “When I started, I only had to remember eight names!”

Anthony’s best Myriad memory: 

“Ten years at Myriad Supply has provided me with an abundance of fond memories. I can think of some that happened my very first day at Myriad as well as ones that happened last week.  However, one memory stands out that encapsulates all ten years here.

We had just finished moving in to our new office. I was on the early shift of client support at the time so I was the first one into the office the following day. It was exciting to unlock the front door for the first time. I took a moment to take in the new space in the calm quiet of the morning. The new office felt enormous. I could see the general layout of the departments, but more than anything I saw the ocean of empty space in between. I remember thinking, “We will never fill this place up!” But then it hit me. This wasn’t an ocean of empty space, it was a reservoir of potential.  I walked over to my desk to start work with a smile. Well, I did that or maybe I grabbed one of the Razor Scooters and zoomed around the office quoting Fast and the Furious movies.  We can never know for sure.

The office floor is full now, but the reservoir of potential is still there. Myriad has always provided the space for potential as well as the encouragement and tools to jump in and succeed.  The people I have worked alongside for ten years will tell you the same. I look forward to what we will do together next.”

Jeff Segbers
Celebrating: 6 years

Jeff Segbers joined Myriad Supply in 2011 as an Account Executive and was promoted twice before earning his current title as Account Director in January 2016. Jeff has an impressive list of certifications he has garnered over his career, including CSE – Cisco Sales Expert, JNSA – Juniper Network Sales Associate, APSS – Avaya Professional Sales Specialist, ASE – Arista Sales Expert, ASP – Adtran Sales Professional, PSE – Palo Alto Sales Expert, RSA – Riverbed Sales Associate, and SSE – Sonicwall Sales Expert. Jeff attributes his success at Myriad to its “fun atmosphere, awesome leadership, incredible benefits and, more importantly, great people!”

Jeff’s best Myriad memory: 

“I remember when I first started and there weren’t nearly as many desks as there are now. It’s been a privilege to watch the company grow so significantly over the last six years.” 

Matt Cullen
Celebrating: 2 years

In addition to celebrating two years at Myriad, Matt recently celebrated a promotion from Account Executive to Senior Account Executive in April of this year. Matt believes the sense of camaraderie at Myriad is second to none, saying, “I have had the pleasure of working with some of the best people in my life. I’ve made many lifelong friendships.”

Matt’s best Myriad memory: Many memories come to mind, but my favorite has to be the debacle the softball team put together after coming back from 9 runs down in Summer ‘16.  We should have won, but error after error after error, it was the most fitting way for our season to end. It was also hilarious for everyone to just go out and commiserate after the devastating defeat.”

Justin Harbst
Celebrating: 2 years

Over the course of Justin’s time at Myriad, he’s earned an impressive list of Sales certifications, including Dell Security Competency Overview, Juniper JNSA, Juniper JNSA-EX, Palo Alto ASE, HPE Sales Certified – Enterprise Solutions, and Cisco NGFW Express for Account Managers. His favorite aspects of the work environment are his amazing team and Myriad’s dedication to corporate transparency.

Justin’s best Myriad memory:Two words: summer parties!”

July AnniversaryCelebrating: 1 year

Andrew Baffoe joined Myriad last year and hit the ground running, earning certifications such as AWS Business Professional, AWS Technical Professional, Intelisys Telecom Solutions Professional Certification, Intelisys Advanced Data Networking Solutions Professional Certification, and Intelisys Unified Communication-as-a-Service Solutions Professional. Myriad’s corporate culture keeps Andrew motivated, citing that “Myriad is a group of hardworking, highly intelligent, fun individuals who inspire me to improve every day. I have never been so motivated to do well by a company.”

Andrew’s best Myriad memory: The 2016 Summer Party happened to be at the end of my first week at Myriad which, admittedly, was a little nerve-wracking. It turned out to be a great way to get to know the team outside of the office and feel the caring, familial vibe of Myriad firsthand.”

Thank you to Anthony, Jeff, Matt, Justin and Andrew for the dedication, enthusiasm, and business acumen they bring to Myriad. Here’s to many more great years with us!