Archive by Author

Kaizen, it is everywhere

January 1, 2011 in musings with 0 Comments

Years ago, I started working for a small company that provided products and services to Internet service providers.  My role was to provide professional services around the security aspects of the product line.  At one of my first projects for a customer I remember becoming frustrated.   I could see where the client should go, but they were very resistant to move there.  No matter how hard I pushed, they resisted.   I was sitting with one of the founders of the company explaining my frustration with this particular customer.   He asked me if I ever heard of Kaizen.  I said no, and he proceeded to explain it to me. Kaizen is a Japanese word meaning continuous improvement, slow incremental and constant. He then applied it to my situation.  He explained that we see where the customer needs to go and we will get them there.  But if we do it all at once, they will resist.  Instead, we need to lead them it in slow steps, giving them some visibility into the future, but only as much as they can actually handle.  This is fundamentally different than what the customer might say they can handle and you need to watch and judge the customer constantly.

This lesson stuck with me.  At one point I even called this blog ‘Kaizen‘.  Lately, I have seen this concept applied everywhere.  This year, I decided to brave the boxing day sales.  I was amazed at the number of people and lineups at Best Buy, Future Shop and other stores.  I remember being a kid and stores were closed on boxing day.  The police would go around and fine stores that were open.  I remember my mom getting really upset that those stores would even open on boxing day.  Today, we just accept it as fact.  Stores open on boxing day and people work.  There are some places where no boxing day openings are permitted.

Same is true for Sunday shopping.  I remember as a child stores wanting to open and people up in arms about stores opening.  When it was permitted, most store owners asked employees to ‘volunteer’ to work on Sunday.  Over time, it got added to employment contracts for new employees that they agree they may have to work on Sunday.  Working on Sunday is now more common than not for many.  If your employer doesn’t require you to work on Sunday,  that is a priveldge now, no longer a right.  In some places they still have laws that do not allow Sunday shopping

A year and a half ago gas rose in Ontario above $1.00 per litre.

There was media attention, people talking and complaining.  Today, we no longer complain, we just accept it.

I have seen businesses do it as well with their employees and their customers.  Often, for whatever reasons, they no longer want to offer the same services or ‘perks’.  Rather then just eliminating them,  they grandfather them in, or slowly discourage certain behaviours — Kaizen.  I am not a psychologist, but I think that it is an excellent way to manage humans in general.  At the very least it seems to work.  I do wish more people were given Christmas and Sunday’s off though.  I find it sad that as a society we don’t value the time with family and friends as much as when I was a child.

chart credit

My 10 year old commented on body language

November 8, 2010 in musings, Profiling with 0 Comments

This afternoon Anna, my daughter who is 10 and I were sitting down eating some spaghetti for lunch.  Our daughter suddenly asked:

Have you guys ever smoked or done drugs?

Anna who had tried smoking a couple of times when she was a teenager wasn’t sure how to answer and immediately looked down at her spaghetti and started twirling it over and over.  She doesn’t want to lie to our daughter, but she also doesn’t want to give her a sense that it is okay either.  I responded saying that I had never tried smoking or drugs.  Anna kept twirling her spaghetti.

Our daughter looked over at mom and asked:

Mom, why are you twirling your spaghetti?

Mom said nothing, but I immediately asked our daughter:

Why do you think mom is twirling her spaghetti?

Daughter confidently responded with:

She is twirling her spaghetti because of the question I just asked.

This was cool.  Not only had our daughter noticed the body language, but she made the connection that it was a result of the question she had just asked, and verbalized that reasoning.  And she was correct! This made my day.  That skill will be invaluable to her throughout life.  More valuable than anything she will learn from a classroom.  I hope she continues to use it, trust it, and improve it.  I know I’ll encourage her every chance that I get.

photo credit

Why I work from home

November 4, 2010 in musings with 0 Comments

Working from home has it’s conveniences and advantages. There is no need to dress up, deal with the traffic during the commute.  You save on the cost of parking, coffee, and lunches.  However, for me these are not the main reasons I work from home.

Offices are at a premium. At large companies having an office with a door that closes is a luxury.  They are at a premium and so there are usually given out based on several factors including your level in the company, type of job, length of time with the company, theoretical types of  interactions you will have etc.  For example, most Human Resources personnel get a office because of the nature of their conversations.   I have been at the company less than a year.  I am currently acting in a consultative role across many parts of the organization (although I am a paid employee).  As such, I currently get a desk that is pretty much in the open.  It is a nice desk on a great floor, but it is still a desk in the open.  At home, I have my own office complete with doors. It is a really nice office.  The previous owner was a professional accountant that ran an entire business out of this office.  The office was included as part of the house design when they built, so it is not your typical ‘make shift’ home office.

Confidentiality and privacy. This is probably the biggest reason I work from home. The kinds of conversations I am involved with day to day are typically on the phone and often sensitive topics are discussed.  They involve my comments, thoughts, and evaluations of projects, the security plans around them, what is working for certain teams, what is not working and why.  Often times, I have knowledge of and am discussing network security issues and practices.  I need to control who can hear and who can not.  Rather than rushing around to try and find a unattended office, or leaving the building and calling on my mobile after trying to find a place to speak where there is privacy, it is just easier to work at home.  My family is not here during the day, so I am uninterrupted.  And if by chance they are, I can just close the door to my office.

Personal information and tasks stay private. I have a separate personal laptop that sits on my desk next to my work laptop.  This allows me to do any research or tasks that have nothing to do with work in a technology independent fashion.  I can easily switch from one to the other as required.  This is not possible in my work environment for security and compliance reasons.

When I am at the office, I am often not at my desk. When I do go to the office I am usually in one of three office towers in different cities.  I usually go to the office, because I need to meet people face to face.  As such, I am often in their office or meeting rooms.  If an office or a room is available with a door that closes, I usually take it for when I am not meeting people.  I do this for exact same reasons I work from home.  A couple of co-workers have given me questionable looks when they find me in an office I have borrowed.  One co-worker even ‘joked’ that I felt entitled.  Ask anyone that knows me and this is not even close to an accurate assessment.  I don’t much care for a person’s status or perceived status; I never have.  What I find very useful and what I pay more attention to is how others I work with react to status of people in meetings and interactions.  That awareness helps me do my job well.  But I personally don’t give a person’s perceived status much weight.  If you have something to add of actual value I am all ears of course, and if you’ve earned my respect I’m even more interested (that is another topic).

The downside to working at home is that I miss the people interaction.  I often go into the office for that reason alone.  I genuinely like people and find them interesting and I really enjoy face to face interactions much better than phone, instant messaging, and email interactions.  In my last job the office was an hour drive from my home.  I often made the drive into the office even though it was not necessary.  I simply liked the people and enjoyed their company so I’d make the drive.

I like my current working arrangement.  I can work from home.  I can travel to the offices as I need to.   When I do go to the office, I often email a few of my colleagues that have offices and are not using them all the time.  They are usually more than willing to let me use their office.  Someday I may get an office with a door that closes.  Until then I’ll work from home and borrow.  Even if I do eventually get an office, it probably won’t be as nice as the one I have at home.  Although, for those that care about status they might finally think I have some :) .

photo credit

Resumes and your location

October 30, 2010 in Careers, Recruitment with 0 Comments

Like most things today, searching for employment is primarily an on-line task. Job postings, career searches, LinkedIn, applying for positions, are all on-line.  I didn’t use snail mail ever for my last job search.  Nothing new or profound here.  One thing I did learn was how much the job search market has changed over the years due to being on-line.  There are many advantages with technology today for job seekers, employers, and recruiters.  I have found that sometimes these advantages can work to your disadvantage though.  I am going to discuss one example that I encountered, but first a little background  so you will understand the point I am trying to make.

Network security is very scarce to non-existent where I live.  That wasn’t the case when I started in my career after school, but over the years these positions have moved away to other cities.  While I don’t think this is good for my home city and I think it is a sign of a much bigger issue with how our city is run, that is an entirely different topic.  For the last 9 years or so, I have primarily worked outside my home city.  Initially, I traveled internationally.  For the first two years or so, I was away more than I was at home.  Then I took a position that focused more in Ontario with a few trips internationally.  Finally, I took a position with a company that was about an hour from my home.  I had the luxury of working from home a fair bit and  didn’t mind the drive into the office when that was required.  I still traveled around the globe, but it was only two or thee times a year.   Consequently, I have not worked in my home city for over 9 years now.

When I started looking for new opportunities, I had a professional career firm helping me with the search.  They offered many services and were very helpful.  One area they assisted with was with my resume. They transformed it.  When I was ready, I started applying to opportunities which were not in my home city simply because there were no opportunities for network security there.  Part of the on-line process involves setting up a profile where you add your contact information, address, etc.  I went through the process for several opportunities and didn’t give much thought to my location.

After a bit of time, I found it really odd that I had received minimal response for posted positions that were obviously a match.  At least I thought they were a match.  Maybe it was just me being hopeful, but at the very least failed understand how my application would not warrant an interview.  Yet, I either received no response, or a standard “we are not interested” response.  While everyone will get some of these for many reasons I was a little taken back by it.  I chalked it up to the market at the time, recruiters or human resources mis-understanding my resume.  Just as I was starting to get really suspicious, I received an automated response which had a very interesting subject line:

My resume failed a search criteria based on my location.  That was interesting and it made me wonder. Given that I was applying for positions outside my home location, was this a possible reason for the lack of response, especially to opportunities where I would have expected to at least get an interview?

As an experiment, I determined the major areas where I was looking for opportunities and was applying.   A close location to all of these areas was a family members home where I often stayed at when I was doing consulting work over the years.  I switched my address to their address.  Instantly things changed.  I started getting responses and requests for interviews.  I also started researching major software systems for managing job postings, applications etc.  As expected, most have a some sort of ‘proximity search’ feature.

This is one of those things that can have a drastic affect on applicants.  Historically, before todays world of on-line and cloud based job management systems, your resume would often still be reviewed.  While the company offering the position might want someone local, they would still often review your application.  As such, they might make an exception.  If your application seems like a really good match, then they discover that you are further away then they wanted, they might just interview you anyway.  With automation that doesn’t happen.  If they request to only view applications that are in a specific geographical area, the result will only show applications that are in that area.  Someone who is perfect for the position, willing to move, or willing to ‘make it work’ won’t even be looked at or considered.  What is worse is recruiters.  The company may be willing to look at people that are a really good match, but slightly outside of the geographical area they would prefer.  If the company does not indicate this to the recruiter or the recruiter chooses to not show these matches to the company for whatever reason you will never get past the application process.  Your qualifications and experience are irrelevant.

Is this good or bad?  I don’t know.  It is reality and a reality that job seekers should be aware of as they look for opportunities.  What other changes in technology over the years have affected how opportunities are sourced and filled?

photo credit

One time password over SMS

October 25, 2010 in External Services, Security with 0 Comments

A recent article by Seth Godin discusses  a security mechanism to help the end user identify counterfeit medicine.  This methodology is not new, but can be effective.  It uses the idea of a one time password (OTP) over SMS.   The concept of OTP has been around for a while.  SMS has also been around for a while.  Many mobile operators have used OTP over SMS for user authentication to a particular service.  But I think more businesses should use it for user verification.  Financial, insurance, medical or any company who provides a service  where user authentication is critical would benefit from an OTP over SMS deployment.

Here is how it works.  Let’s use on-line banking as an example.  Using their home laptop, the customer connects to their financial institutions on-line banking site.  Customer enters their access card and password.  Upon successful verification of the access card and password, the screen prompts customer to enter a one time password.  That password is sent via SMS to the mobile number previously provided by the customer.  Upon receipt of the SMS message containing the one time password, the customer enters that password into the screen on their laptop.  Assuming it is correct, the customer is permitted to proceed with their banking.

It protects against phishing from a separate system.  When a bot is installed that attempts to grab and extract your access card and password, that is no longer enough.  It also has to figure out a way to capture the next one-time password, much more difficult.  It makes re-sale of customer access card numbers, passwords, credit card numbers and other information practically useless.  Selling this information  to criminals is big business today.

The one time password is only valid for the current session which is already established.  Any new or future session requires a new one time password.  The password is transmitted on a completely separate channel from the session being verified.  The device is separate, the network is separate and the company providing the transmission of the password (in this case the mobile operator) is separate.  For this attack to be repeatable, the attacker would have to compromise the SMS phone system on top of your laptop or bank infrastructure. While this is probably not impossible, it is a lot more difficult.

OTP over SMS is relatively easy to implement today.  Most people have mobile phones today.  The technology to send SMS is common place.  It is easy for a typical end user to understand the security benefits derived from this method and it is not too cumbersome for them.

It is not fool proof mind you.  Malware that is installed on a device accessing the on-line banking such as your laptop, that is intelligent enough wait for you to enter the one time password, then use that session to attack would still be valid but that is a much harder attack accomplish.  As a result this solution minimizes the attack surface available for attackers.

To make it more secure, the interface to turn on this feature or provide the phone number could be done via customer support only. The customer would have to call in to make the change.  Most people today have mobile phones and typically it is a device that is always physically with them. This makes it a great tool to deploy OTP.

photo credit

Encryption can decrease security

October 20, 2010 in Encryption, Security with 0 Comments

There are lots of people that think that encryption always increases security. While encryption is good and necessary, sometimes having it can actually decrease security.  I have been running into this issue enough lately that I feel the need to write about it.   To illustrate lets use a really simple example.


Here we have a web server that sends SQL queries to a back end database server.  In between the two servers is a combination firewall / Intrusion Prevention System (IPS) that is configured to detect malicious SQL injection attacks, block the attack and alert security response teams when necessary.  The IPS/Firewall system is independent of the web server and the database server.  It is a independent system designed to simply detect and respond to attacks by watching the communication between devices.

Eventually, a security consultant is hired to conduct a security review.  One recommendation she makes is that the information being transmitted between the web server and the database server contains confidential information and therefore should be encrypted.   Turning on encryption seems like a good idea, now the data between the web server and database server can not be viewed by anything but the intended servers.  The problem is that includes the IPS system which is designed to protect the database server from SQL injection attacks.   Now an attacker can attack the system feeling secure that their attacks are hidden inside the encryption and undetectable.

Security policies that recommend a particular type of data should be encrypted need to take into account more than just the data.  They also need to take into account the location of the source and destination of the transmission, the physical and other security controls and systems involved in and around the transmission.  No one would argue that a credit card being transmitted on the Internet should be encrypted.  It will pass through networks and devices that are not under the sender or receivers control and therefore has a high risk of interception.  If that same credit card number is being transmitted from a sender to receiver where both are in the same data center, access to devices in the data center are tightly controlled, then adding encryption only increases the complexity, hides attackers, and offers minimal to no value.  Some suggest that  in the data center someone might be able to gain access, and sniff the traffic to obtain the transmitted credit card therefore you have to encrypt the data.  If that is truly the case, I’d suggest they have much bigger security concerns than someone sniffing data.

When making a decision on weather to encrypt data, does your organization take a look at the data, application, network design and other factors when assessing risk, or do they just look at the data?

Resumes are almost useless

October 18, 2010 in Careers, Recruitment with 0 Comments

I was asked  by one of the managers to review resumes and assist with the interview process for vacancies on their team they are attempting to fill.  While I don’t consider myself a resume expert (given the nature of resumes today I don’t believe there can be resume experts), I have had quite a bit of experience with resumes over the years.   You would think that would help me to understand what makes up a good resume and what does not.  When applying for positions myself  last year, I was constantly changing, updating, and tweaking my resume for on-line as well as off-line presentation.  A quick count of my resumes while I was searching shows 55 versions in that time range.   That only includes versions sent as attachments in an email.  Add to that the number of on-line entries for opportunities (I estimate x4) and you get approximately 275 versions.  That is a lot of time and effort.  I vividly remember a statement made during a conference I had attended:

Resumes are the best way for someone to quickly determine you are NOT a candidate for the position.

If resumes are not that useful why do we spend so much time on them?  I think there are a few reasons:

Industry Expectation: It is a generally accepted practice that you must have a resume.  To not have one like everyone else might raise concerns with employers.

Provides justification: A resume  can be used by companies as evidence to justify the decision to hire or not hire you.

Less work for the employer: Hiring costs time and money.  From an employers perspective, using the resume as the first step to filter candidates saves them on time and effort even if it is not the best approach.

Opportunity specific: In my experience, candidates adjust their resume specifically for the opportunity to which they are applying.  While this makes some sense, often recruiters or employers request detailed specifics included in a resume that really should be discovered and discussed during the interview process.  I think this happens because of the cost and time to interview candidates.  I understand the recruiter and employers reasons for  minimizing cost and time,  I feel that minimizing this is a detriment for both the employer and candidate.

Encouraged by recruiters: Recruiters always want you to have a resume and are often the quickest to criticize a resume.  I expect the reasons for this are that their client (the employer) wants a resume in a particular format, therefore the recruiter wants a resume in the format their client wants to make their life easier.

From a previous job seeker perspective, my general thoughts on resumes are:

  • There is minimal value in the time spent creating version upon version of a resume.
  • At times, an email or voice mail has given me more insight and useful information about a candidate than their submitted resume.
  • Many times I have met candidates on a second walk through for a particular opportunity that were discounted on the first walk though from their resume.  Upon meeting them you find that they are perfect for the opportunity.  Had circumstances not dictated a second walk thorough of applicants, they would have not been selected, yet were the best candidate.
  • You need both an on-line and off-line resume.  To be effective, I find these are very different from each other.

Overall I have found that a search on LinkedIn, Google, Facebook, and Twitter is a more valuable use of my time to determine if I want to interview a candidate for a position.  More valuable than the copy of the resume sent with the application.

What are your experiences with resumes?

Photo credits

Back to a notebook for tasks

October 12, 2010 in Information, Task management with 2 Comments

It was a good fight and I really tried, but I actually give up. I have tried to manage my tasks in my new job like I did in my old, but to no avail. It has gotten to the point where I just need to manage my tasks and can no longer deal with technology issues. I have read many blogs on the subject, and I know there are a lot of solutions available, but none of them work for me. Here is why.

Security: I work for a financial institution in Canada. My job is network security and I act as a ‘consultant’ across the Network services teams and other teams. I have some specific projects I am working on and get pulled in as a subject matter expert for networking and security technology and project decisions as required. I like my job. I do. Overall, I like the people I am working with. They are a good bunch. My role has me involved with many teams across the bank and I am constantly exposed to different security initiatives, and concerns. As such, my to-do list will often reflect specifics that need to be kept confidential. That rules out any ‘cloud’ service, or external service that could have access to my tasks.

Blackberry: For many reasons, my employer standardizes on Blackberry.  Finding good task management applications for Blackberry is more difficult.  Many support iPhone and Android. I found very few that support Blackberry.  Those that do, I am unable to appropriately test them prior to making a full purchase.

Outlook: As with most employers we use Exchange and Outlook.  Both are terrible when it comes to their task management function.  It just seems to be a very low priority for Microsoft I guess.

What I need is a solution that fully supports Blackberry and Outlook and does not send my data to any unapproved third party service.    I want it to integrate with my email in Outlook.  I should be able to take a email and easily make it a task, or take an email and attach it to a task.  I want to be able to completely manage my tasks on my laptop and on my Blackberry.

After trying for the last 6 months, I am now using a notebook like everyone else in my organization.   I thought I could figure it out, guess I was wrong.

DPI, Network neutrality, and the future of ISP services

September 13, 2010 in External Services with 0 Comments

A friend of mine was painting his living room a couple of weeks ago.  He asked me to come over and help him move his flat screen TV.  We created a temporary set up in the next room.  For testing, we ended up watching several Youtube videos, admiring the quality of the HD, discussing how Youtube has improved over the last few years. In many cases watching a Youtube video on a 56″ flat screen was no different than watching a movie.

This weekend I was watching a new video on Youtube by an artist in Europe that I enjoy.  It got me thinking.  I did a very quick and simple analysis.  The Video was 3 minutes and 20 seconds in length.  I set it to the highest available definition size 720p.  The frame rate was 25 frames per second.   Using a network analyzer, I also filtered the data stream while playing.

If this was a movie, could my service provider guarantee me a minimum rate of 302 pps and 2.4 Mb/s download throughput for 2 hours?  It really isn’t much by today’s standards.  If this is 1080p or a higher frame rate, the numbers above would be bigger (for those interested in some basic High-Definition technical info go here).  How much would it cost a residential user for an ISP to guarantee simple metrics like this with a penalty if they could not deliver?  If I want to watch a live sporting event, on the technology of my choosing, can an ISP deliver the required throughput regardless of who is using bandwidth in my area?  If not are they figuring out how to?  What technology is involved?  How much it will cost?  Time to deploy?

These are the types of questions I would love to see tier one service providers engage in and provide leadership for discussion.  Unfortunately, all I see all is effort being spent around lobbying to ensure ISPs are not regulated, arguing why the need to use DPI to selectively shape users, why they should not have to share their infrastructure with smaller providers.  Their expressed  lack of leadership is why I feel regulation is required.   Their focus is on protecting their business, removing competition to keep prices high and locking customers into contracts.  Not providing good services to meet the trends in technology.  Is there a service provider out there that will guarantee me rates above in a package?  Doubt it.

I know what you may be thinking.  It is impossible for ISPs to guarantee that.  There are too many variables, too many unknowns.  Data being slow from other networks, customers saturating their wireless links, poor end user equipment and configuration and the list goes on.  Sure there are variables that are out of the ISPs control and I am well aware of them given my work experience.  That being said, ISPs can implement technology and guarantee what is in their control.   As a matter of fact, they do it all the time.  You don’t run successful companies such as Google and Amazon without some guaranteed service level that would include simple metrics as the ones above.   Apple TV has been launched for a while and Google TV is just around the corner.  Large and small service providers are going to have to deal with customers that have these services.  I hope mine is prepared.  Is yours?

Technical testing during an interview: why it does not work

September 7, 2010 in Careers, Recruitment with 1 Comment

If you work in I.T., and are technical be it network, security, programming or the multitude of specialties within the field, have you ever gone in for an interview and been given a test?  I have.  A month or so before accepting my current position, I came in for an interview at a certain consulting firm.  They surprised me with a test.   While I passed the test (I even pointed out how their test was flawed), the entire experience was disheartening and a waste of time, for me, the interviewer, and the consulting firm.  First I’ll explain the test and what happened, then I’ll give my thoughts on why testing in general in these situations does not work.

I had two telephone interviews with a consulting firm over a hour each.  During both interviews the general manager (we will call him Pete) made a statement that my resume did not seem technical enough for the position.   That statement should have been a red flag for me that the company is not very good at reading and hiring people that are technical.  Anyone that knows me, would never make that statement and if you actually read my resume you would easily see that.  Nevertheless, I explained that I was in fact technical, and gave Pete a couple of examples of technical situations I had been involved with previously.  I repeated this during the second interview when he again questioned my technical skill from my resume albeit the response was more curt than previous.  At the end of the second interview, Pete decided that he wanted me to come to their head office to meet face to face with the staff, get a tour, and chat some more.  I agreed.

The following week I drove two and half hours to the head office.  I arrived 5 minutes before my scheduled meeting time.  The receptionist said they were expecting me.  After a quick phone call, she told me Pete would be out shortly.  Pete was ten minutes late (red flag number 2).  Finally Pete came to get me, we shook hands and he brought me into a board room.  He never apologized for being late, didn’t even mention it (red flag number 3).   We sat down and engaged in some small talk conversation.  Then Pete mentioned that we were just waiting for another employee (we will call him Kingsley) to join us momentarily.  There was something in his face when he said that that bothered me.  He seemed guilty (red flag number 4), but I just assumed I mis-read him and we waited for the arrival of Kingsley.

Kingsley arrived with a laptop in hand.  We shook hands and he sat down.  I got the impression he was more nervous than I was.  Pete said that Kingsley was going to ask me some questions and give me a test and he would be back afterwords so we could continue our conversation.  A surprise test, wonderful (Red flag number 5)!  Kingsley was a nice guy.  He was uncomfortable, but that might just have been lack of experience in an interview situation.  He put the laptop in front of me.  On the screen he had three virtual routers and requested that I set up some dynamic routing using weighted variance.  His specifications of what he expected were precise, right down to the protocol I was to use, EIGRP.  Fortunately, I had done a lot of work with EIGRP in my past.  Back then, a colleague of mine who was a Cisco employee had forwarded me papers on the inner workings of EIGRP as I had to set up a rather large network using EIGRP.  I had read and made certain I understood all the details in those papers.  Unfortunately, that was about six years ago.

I configured the routers and got them all talking and routing using EIGRP with Kingsley looking over my shoulder the entire time – that is very nerve racking even if you are comfortable and know what you are doing.  While I managed to get it working for the most part, I was getting an error when I tried to configure one of the interfaces to accept routes from another router.  It struck me as odd because although it was six years ago, I specifically remembered doing this part on live systems and was confident it was correct.  I asked Kingsley and he said that I was missing something. When I asked him what I missed, he said he could not tell me.  The thing was that his face told me he didn’t know and he was lying (red flag number 6).  He also looked somewhat confused by the problem I was encountering.

Kingsley dropped me off in reception and went on his way.  The receptionist then informed me that I was done and could leave as Pete left the office already (red flag number 7).   I drove two and a half hours for a surprise test, didn’t meet the staff, did not speak to Pete or anyone else about the opportunity, and was not given a tour.  I was not asked if I had any questions or concerns and Pete had already left for the day.  I drove two and a half hours back home furious.   At this point I knew I wouldn’t work for this company.  I don’t work for anyone who treats people that way, period.

The test also bothered me.  I was positive I was right with the interface configuration.  That evening, I drove to a friends office who has some real routers and equipment available and set up a quick lab.  The lab was exactly the same setup as I was presented in the surprise test I was given earlier that day.  I had no errors, and the interface configuration that was not working on the virtual test worked in my real lab.  I even found an online document from Cisco that supported my interface configuration.

Normally, I send a thank you email after I have had a face to face interview out of courtesy.   I crafted a thank you to Pete and Kingsley.  First I told Pete I was sorry we were not able to have a chance to talk and he was unable to provide me the tour of the facilities he promised.  I thanked Kingsley for his time and I explained to him that the test he asked me to do bothered me so much that I tried his test with real routers and it worked.  I sent him screen shots,  step by step instructions and the configurations of each router so he could see that it worked and replicate it if he chose to do so.  Finally, I suggested that he might want to check his virtual setup.  If there were other candidates interviewing they may not be able to complete the testing due to a problem with the test setup.  Kingsley responded and said that he was impressed I took it upon myself to figure it out after the fact and acknowledged their was a problem with the test and he would be fixing it.

This entire interview process was awful.  I felt like I was dis-respected, my time was not worth anything.  If companies want to retain dedicated employees that are good at what they do, this is not the way to go about it.  What can I and others learn from this experience?  Here are the key items that stick out in my mind.

Get assistance from someone that is technical if you are not. Many people feel they are ‘technical’ and have what it takes to determine technical skill, yet are not technical themselves.  As such, they resort to looking for specific technical jargon on resumes, often comparing the format and words found on other resumes of employees that were considered good in the past.  This makes no sense.   It is not fair the company hiring, nor the candidates that are selected.  I have a basic understanding of how the human heart works, but I am not a heart surgeon or a doctor.  It is safe to say that having me review resumes of heart surgeons for their understanding of the human heart and how it relates to a position on a hospital surgery team would be silly.  Following the same logic, it makes no sense having a non technically experienced individual attempt to question or assess someones technical skill.  Let a technical person do that part.

Testing is degrading and insulting. Even though I have an excellent understanding of routing, specific large scale experience with EIGRP, and was able to show them their test was flawed, the experience was negative and I felt insulted.   It was as if they were questioning my integrity.  Acting as if I might have mis-represented myself on my resume.  Regardless of the outcome of the test, the interview process was already over in my head. I can’t work for a company that works in that manner.  I have consulted for companies that have that general outlook and it typically proliferates in their day to day processes and dealings with employees and often clients.  If a lawyer with ten years experience was applying for a position in a law firm and they came highly recommended with an impressive resume, do you assume off the bat they are mis-representing themselves and test them?  Getting an understanding of their experience and thoughts is one thing, testing is another.  Most lawyers I know would walk out insulted.  Yet in the technology industry this seems acceptable to some.

If you must test then be please smart about it. I would argue that testing during an interview process is absolutely not necessary if you know how to effectively interview and by testing you reveal your lack of expertise in how to interview.  If you feel you absolutely must test then take the time to at least make the test relevant to the candidates as well as the company.  In the testing experience I described, I assume their goal was to understand how good I was at designing and working with routing.  EIGRP is not the routing protocol I know best.  It would be the one I understand third best.  BGP is by far the first.  Next is OSPF, then EIGRP.  It would have been better for myself and the company if they had not specified a protocol.  Instead, allow me to choose what protocol would be suited best to solve the problem and solve it.   If you are hiring for a consulting position, which they were, that is easily the more valuable skill.  Testing me the way this company did highlighted their lack of experience consulting, interviewing and their lack of expertise as a company.

The interviewer and company are being evaluated as well during the interview. This is probably the most important point.  You need to ask yourself what impression are you giving the potential candidate?  Are you putting your best foot forward and showing them why they want to work for you and your company?  Candidates can go elsewhere and good candidates will.   I personally believe that one of the reasons (not the only one) why many tech companies and start-ups want young people is that the older ones have experience to know what type of company they want to work for, what characteristics and experience of management they will work under and what conditions they will not.  I’ve consulted for many tech companies where their management is in-experienced compared with companies in other industries.

I can compare and contrast this experience to another interview I had for a small consulting firm in the same time frame.  The owner was friendly, technical, treated me with complete respect.  We had a great conversation.  He was able to find out about me, my experiences and my technical abilities.  I was able to learn about him and the company.  Very positive experience for him and myself.  No test, no surprises.  They were an amazing small consulting firm.

If you are a person that interviews for your company or a recruiter representing a company, what impression do you leave with the candidate after an interview?  Is it positive or negative?  Do you care what impression you leave?

photo courtesy of …

Through school and reading I have a basic understanding of how the human heart works, but I am not a heart surgeon or a doctor.  It is safe to say that having me review resumes of heart surgeons for their understanding of the human heart would be silly.  Following the same logic, it makes no sense having a non technically experienced individual attempt to question or assess my technical skill.  Let a technical person do that part.
Page 2 of 22«12345»1020...Last »