Joe Capote

April 16, 2019 • 5:51 pm 0

Not Business as Usual: The Four Components of a Business Continuity Management System

Maintaining business as usual in the face of disruption requires resources for your business continuity program. While you can’t predict nor schedule disasters, you can plan to mitigate their effects.

Business continuity (BC) is defined as the capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. (Source: ISO 22301:2012). However, BCMS (Business Continuity Management System) and BCP (Business Continuity Plans) are not the same. I’ll explain the difference at a high level here.

A successful BCMS is built on four main components:

Management Support. This is a key component and a critical success factor for a successful BCMS. The foundation starts with senior management commitment. Without executive management support, problems will occur whend developing policies, resources allocation will be cloudy and integration with current business processes will be loosely defined.

Business Impact Analysis (BIA). After obtaining management buy-in, the BIA is a natural first step in developing the gap analysis and roadmap to a successful BCMS. This analysis identifies the activities that support the provision of services, assesses the impact of not performing these services over time, identifies dependencies and sets prioritized timelines. The BIA helps define the level of risk being assumed and the level of resiliency required by your business.

Risk Assessment. The risk assessment follows the impact assessment. Identify risks of disruption to prioritized activities and supporting people, processes, technology and resources, systematically analyze risk (threats, vulnerabilities, likelihood), evaluate which disruption related risk requires treatment (controls) and identify treatments commensurate with the business continuity objectives and based on risk appetite.

Business Continuity Plans. Business Continuity Plans (BCP) are a subset of Business Continuity Management. The BCP is the output of the BCMS in document form and consists of strategy, resource requirements, procedures, documentation, testing, performance monitoring/evaluation and more. These plans can be deeply detailed and complex, including crisis management, disaster recovery and business resumption components.

Business continuity is a living process and requires constant performance measurement and alteration. The heart of business continuity management is an ongoing cycle of analysis, design, implementation and validation. A business continuity plan is detailed and is part of an overall Business Continuity Management System. A successful BCMS requires management support, begins with an impact assessment, and results in ongoing plans that define the strategy for an organisations’ business continuity.

Filed under: Technology

April 9, 2019 • 5:33 pm 0

Online Investigation Software Platforms Matter to Your Business

While online investigations have been around for years, online investigation platforms are rising to meet unique business need for online investigations. There are several use cases in which an online investigation may be warranted by business need. However, since a search engine only accesses 4% of the internet, the days of “just Google it” have ceased being effective way to provide organizations with the investigative results they require.

Hence the rise of online investigation software platforms. Now, more than ever, being able to conduct an online investigations using the surface web, the deep web and dark web as well as social media is critical to protecting brand reputation, intellectual property and VIPs while stopping insider threats and more.

What are the business use cases that would warrant an online investigation, and how can software platforms unlock the secrets of the web beyond internet search engines?

Brand Protection: The public’s perception of you brand is a fragile thing. Negative or erroneous posts can gain traction if ignored, while counterfeit items can cause brand and legal harm. With investigation platforms, you can follow negative sentiment and false news, investigate the digital footprint of any presence harming your brand and anonymously monitor the dark web for mentions of your brand.

Intellectual Property: Your company’s IP is extremely valuable. Mentions of your IP on surface, deep and dark web can make you aware of leaks and help investigate other sources of known breaches. With investigation platforms, you can set searches and alerts, investigate known data breaches to identify the source of leaks and search dark web markets for mentions of your IP.

Insider Threats: Your employees can be in a unique position to case immense security threats to your organization. Inadvertent exposure of confidential information, negative or threatening posts or selling stolen merchandise can harm your brand and put you at risk. Online investigation platforms offer a way to easily search blogs, forum and social media while safely searching dark web markets where illegal goods and credentials are sold.

VIP Protection: Physical protection is no longer enough for VIP’s, great harm can come from the digital world. Issues like online impersonations, negative comments or threats or social posts revealing sensitive information are issues you need to be aware of. Online investigation platforms help by building custom searches and alerts to ensure information is not available to the public, protect against digital impersonations and search the dark web to learn of malicious activities.

Online investigations are covering a broad range of business use cases. Brand protection, IP protection and more are driving the need for more advance investigation tools. These tools offer a single pane of glass view into the surface web, deep web, dark web and social media allowing organizations to safely, securely and accurately perform online investigations, making this platforms a key component of your investigative toolkit.

Filed under: Uncategorized

April 4, 2019 • 7:57 am 0

IT Executive Forum: IT Talent and the Workplace

At a recent executive forum in New York City, a number of IT leaders got together for a wide ranging discussion on what matters to executive IT management today.

One of the key topics that came up for a robust discussion was the “War for Talent”. This has been a topic in IT circles for a while, but with companies like Amazon, Google and MS making big plays in the technology markets, the consensus was that this war is escalating and leaders need to takes steps to address talent gaps.

Revisiting your talent strategy was identified as the first step. There are a few things that IT leaders are doing to make sure they are hiring and retaining top talent.

Enhance HR Practices: Once thing I’ve learned is that different organizations view the HR function differently, and the spectrum is fairly broad. HR should be viewed as an opportunity driver, not a cost center. In today’s job market, job seekers will not tolerate mistakes. There are plenty of technologies to help with this, invest in the tools to make HR successful at hiring/retaining top talent.

Employ New Talent Tools: There are a plethora of tools available to find the right candidates. Services like SmartRecruiter, Onboarder and Linkedin are especially effective at located talented younger employees.

Understand the dollar value of each employee: Why is letting a valued employee quite rather than giving them a raise a better option? This seems like a bad business decision geared to support a rigid policy instead of stimulating a talented workforce. When an employee walks out the door, all the money on training that employee is gone. Add in the on boarding costs of a replacement employee and one begins to wonder why a $5000 raise wasn’t a better option.

Support “Third Bucket” Projects: What are your employees passionate about that could be utilized as a personal project of their own choice while at work. AI? Digital Brand Protection? These projects support growth and efficiency. Let them choose their focus and empower them to make a contribution.

Embrace Remote Teams: Allowing team members to work remotely has been instrumental in hiring and retaining talent. Although this is not a new concept (I was writing about telecommuting in the mid 2000’s), it’s acceptance has ebbed and flowed. Work-life balance is important, and working remotely supports that balance.

Recognize that work doesn’t take as long as it used to: New technology has changed the game, time wise. Recognize that what used to take us 12 hours, now takes 8.

Finding and retaining top talent is critical in today’s digital age. This is a first part in a 3 part series summarizing executive views of the “war on talent”.

Stay tuned for part 2!

Filed under: Uncategorized

March 29, 2019 • 10:52 am 0

SD WAN Solves Unique DevOps Challenges

I’ve written lately about IT leaders embracing DevOps to accelerate their digital transformations. Faster, more secure and agile software development means faster releases and better agility for the business. As IT leaders embrace robust DevOps processes in order to support these business initiatives, NetOps functions are starting to make their way into the DevOps process. DevOps teams are seeking agile, flexible network designs to keep pace with digital business demands.

One of the ways DevOps teams are keeping pace with digital business demands is by leaning on NetOps to deliver agile, flexible network designs. As a result, NetOps teams are embracing SD WAN as a replacement to traditional network architectures. SD WAN, or software defined networking, decouples networking hardware and simplifies the management and operation of a WAN.

Why are IT leaders talking about SD-WAN, and how does SD WAN solve unique DevOps challenges?

Speed of releases: A hallmark of a good DevOps practice is the speed and agility at which releases can be pushed through the pipeline. The rise of SD WAN is eliminating inefficiencies in the development cycle. By providing a simple way to design, deploy and support networks, IT teams are finding that adopting SD WAN allows them to play an equal part in DevOps and continuous delivery pipelines. Just as DevSecOps is being integrated into the DevOps process, SD WAN allows NetOps to be included in the DevOps process, thanks to the automation inherent in an SD-WAN solution.

Improved service quality: Software features have always been part of a release, but enhanced service quality and better end user experience is now equally important. End users are more exacting than ever, and service delivery must undergo a process of continual improvement. SD WAN makes solid contributions to the goals of service quality through application and network performance improvements, increased availability and better visibility into QoS metrics.

Increased agility: SD WAN offers the power of automation and orchestration. Policies governing access, security, and performance are managed centrally and automatically pushed out to all devices and sites across the network as IT makes changes. Existing policies can be reused across applications without needing to make changes to the underlying infrastructure and manage additional configuration items. These policies can even follow users in a BYOD scenario, granting them access to applications without compromising security.

With the proliferation of DevSecOps and it’s integration into the DevOps process, NetOps is now being asked to align with DevOps as well. Traditional network architectures prove incapable of allowing for the speed and agility the business requires, SD WAN is being tapped as a solution that allows DevOps the ability to increase agility and speed throughout the release pipeline, while increasing service quality.

Filed under: Uncategorized

March 29, 2019 • 10:51 am 0

DevSecOps – Creating a ‘Security as Code’​ Culture

It should come as no surprise (or maybe it does!) to learn I’m really excited about DevSecOps and the potential role it plays in development application.

DevOps combines engineering and operations as part of the overall development lifecycle. It’s goal is to shortening the development timeline and increase the dependability of releases.

DevSecOps seeks to insert security in the DevOps pipeline without slowing it down. With faster release cycles, security operations can quickly slow down the release pipeline. In order to maintain release speed and consistency, DevSecOps can be integrated into the DevOps process to reduce slowdowns (manual process, bottlenecks, etc).

DevSecOps requires a shift from from just coding to creating a ‘security as code’ culture. By understanding where the application is vulnerable, better understanding of how it should be protected is achieved. Digital security platforms and production analytics can be used to diagnose an applications vulnerabilities (even third party integrations) while allowing for proper prioritization of vulnerability remediation.

Ultimately, ‘security as code’ culture is a concept where everyone in the development organization responsible for the application’s security. This may require a shift in your organizations current culture. Buy-in from key stakeholders, proper implementation of processes, increased automation and expanding testing scope are just a few things that may be required to transition your organization’s culture.

What are some high-level ways CTO’s and development management can begin a movement to a security as code culture?

  • Steering Committees. This is an old school option. Create a team that is focused on changing the culture and implementing DevSecOps. Leaders can gather requirements, discuss automation strategies and vulnerability assessment tools and develop a roadmap for implementation and adoption.
  • Training. DevSecOps goals and scope will differ between environments. Developers can be giving non-traditional skills like penetration and vulnerability testing. Cross training developers within the security team can help foster collaborating between development and security moving forward.
  • Implement Best Practices. Best practices as a discipline and enforce them. Code analysis, change management, and ongoing security training for developers are a few. Routine cadence between security and development leaders in order to discuss best practices, and share ideas for improvement.
  • Organizational Alignment. Depending on the lay of the land in your organization, this may make sense if security and development functions reside in the office of the CTO. If not, foster executive buy in between CISO and CTO. This can help ensure collaboration, communication and avoid the dreaded “us vs. them” scenario we have seen from application development and support teams in the past.

Creating a security as a code culture will not be easy. However, given the recent visible breaches as a result of vulnerabilities in the application, DevSecOps is necessary and not going anywhere. Moving towards a path of integrated DevSecOps with a culture ‘security as code’ will help avoid the loss of customers and revenue loss as a result of cybercrime.

Filed under: Uncategorized

November 2, 2012 • 11:59 am 0

Seller’s Market!

24 offers on a South San Francisco home – price point was $450,000. Lots of buyers, not enough sellers. This market needs balance – appraisers can’t appraise, many buyers left out.

This market should be recovering slowly – but are we seeing the emergence of another mini-bubble in the Bay Area?

Filed under: Uncategorized, , ,

February 2, 2011 • 6:03 pm 0

What My Realtor Did Right

When it comes to overall satisfaction of their real estate agent, 49% of traditional buyers and 69% of internet buyers reported a ‘so-so’ level of satisfaction, according to the California Association of REALTORS 2010 Survey of California Home Buyers. The same survey reported that  36% of those surveyed would ever use their agent again. That is a pretty horrific success rate, particularly in a business where client referrals and repeat business are some important.

So what did the survey indicate that home buyers thought were important traits in their real estate agent? Here is the skinny:

  • 69% of buyers indicated that an agent’s response time had an extremely important impact on their agent-selection process.
  • 38% of internet expected their agent to respond instantly to any communication, included submitted forms.
  • 31% of regular buyers had the same expectation of immediate response to any communication.
  • 74% of buyers listed ‘always quick to respond’ as the top reason for their satisfaction with their agent.

It’s clear that quick response is highly valued by today’s savvy homebuyers. What other traits were highly valued?

  • One who makes themselves available to their clients after the sale.
  • Knowledgeable
  • Aggressive negotiation skills
  • Attentiveness
  • Setting of proper expectations

What do you think? Do you have any real estate agent horror stories?

Filed under: Buyer's Blog, , , , ,

January 26, 2011 • 5:38 pm 0

Condominiums, Townhouse and PUD’s Defined

A client recently asked the question, “What is the difference between a condo and a townhouse?”. A great question that is not always clear to most folks.

I find most clients tend to think of condos as a building or a complex. Condos are often mistakenly referred to as a type of construction or development. In reality, a condominium is really a type of ownership in real property. In a condominium, all of the owners own the property, common areas and buildings together, with the exception of the interior of the unit to which they have title.

For example, say I own a corner unit at one of San Bruno’s condominiums complexes, such as Shelter Creek. I would have an ownership in the interior of the unit to which I have title. I would also have an ownership (along with all of the other owners) of the property, common areas and buildings. I would be part owner of the land, but would not have an individual ownership of the land.

Townhouses are often thought of as an architectural style. For the most part, a townhouse is one row of homes sharing common walls. Differing from condominiums, townhouse ownership does include individual ownership of the land. Depending on the townhouse, there can be common areas, such as a central courtyard, which can be shared.

So then, what is a planned unit development (PUD)?. Most folks have heard of a PUD, but don’t associate it with an architectural or building style. It is, like a condominium, a type of ownership. In a PUD, individuals actually own the building or unit they live in, but common areas are owned jointly with the other members of the association or development.

Clear as mud? Here’s a quick cheat sheet.

  • Condominium –  Owners own the airspace inside the unit, but share the ownership of the buildings and common areas.
  • Townhouse – A row of homes sharing common walls. Owners have individual ownership of the land. May have shared ownership of common areas.
  • Planned Unit Development (PUD) Owners have individual ownership of the building they live in. Owner’s share the ownership of the common areas.

I hope this helps.

Have any Real Estate questions? Contact me at www.JosephCapote.com or email me at JCapote@apr.com.

Filed under: Buyer's Blog, Seller's Blog, , , , , ,

January 18, 2011 • 3:24 pm 0

HAFA’s Short Sale Changes

The Treasury Department has recently changed the rules regarding a short sale and the HAFA program.  You can read complete details on the HAFA program on our HAFA resource page.

Currently short sales are taking many months with many of them not being approved or loosing buyers that finally wander off.  No one would call them short. The HAFA program has attempted to put timelines and accountability on the short sale process, with some success.

Short-sales still make up a large percentage of the north San Mateo County real estate market. In San Bruno, Daly City and South San Francisco short sales account for nearly 40% of the available market, including multi-unit investments.

In a nutshell here are some of the changes:

  • Those seeking a short sale must get an answer within 30 days.
  • Servicers will no longer be required to verify a borrower’s financial information.
  • Servicers are no longer required to determine if the debt-to-ratio incomes exceeds 31%.
  • Second lein holders no longer must accept 6% of the unpaid balance.

The Government is clearly focused on making short sales a viable option.  However, the question is whether or not the lenders follow suit. Certain banks are much easier to work with on a short sale transaction. Others not so much.

Below are some of the basics of the HAFA program for short sales.

HAFA Basic Eligibility Requirements For Short Sales

The home must be owner-occupied principle residence.

  • It must have a first trust deed mortgage(loan) in place prior to January 1, 2009.
  • The mortgage must be delinquent or delinquency is likely.
  • The unpaid loan balance is no more than $729,750 for a single family home.
  • Your monthly payment is more than 31 percent of your gross income.

HAFA short sale advantages.

  • Buyer’s will know where they stand in the purchase.
  • Seller’s will walk away from the property more dignity.
  • Fewer deals with fall through at the last minute.
  • Uniformity of forms used in the process.
  • 10 day business response from lender upon presentation of executed offer.
  • If Seller not approved for HAFA may be considered for deed-in-lieu of foreclosure.
  • Mandatory deficiency release.
  • $3,000 in moving expenses.

Short sales continue to make up a large chunk of the real estate market. Though the federal government is attempting to make them a viable option to save borrower credit and avoid foreclosure, lenders vary with regards to short sale negotiation.

Stay tuned for more updates as they become available.

For more information regarding short sales, please visit me on the web at www.JosephCapote.com or contact me directly.

Filed under: Buyer's Blog, Seller's Blog, , ,

January 13, 2011 • 5:25 pm 0

5 Feng Shui Concepts to Help a Home Sell

To put the best face on a listing and appeal to buyers who follow feng shui principles, keep these tips in mind.

1. Pay special attention to the front door, which is considered the “mouth of chi” (chi is the “life force” of all things) and one of the most powerful aspects of the entire property. Abundance, blessings, opportunities, and good fortune enter through the front door. It’s also the first impression buyers have of how well the sellers have taken care of the rest of the property. Make sure the area around the front door is swept clean, free of cobwebs and clutter. Make sure all lighting is straight and properly hung. Better yet, light the path leading up to the front door to create an inviting atmosphere.

2. Chi energy can be flushed away wherever there are drains in the home. To keep the good forces of a home in, always keep the toilet seats down and close the doors to bathrooms.

3. The master bed should be in a place of honor, power, and protection, which is farthest from and facing toward the entryway of the room. It’s even better if you can place the bed diagonally in the farthest corner. Paint the room in colors that promote serenity, relaxation, and romance, such as soft tones of green, blue, and lavender.

4. The dining room symbolizes the energy and power of family togetherness. Make sure the table is clear and uncluttered during showings. Use an attractive tablecloth to enhance the look of the table while also softening sharp corners.

5. The windows are considered to be the eyes of the home. Getting the windows professionally cleaned will make the home sparkle and ensure that the view will be optimally displayed.

Source: Sell Your Home Faster With Feng Shui by Holly Ziegler (Dragon Chi Publications, 2001)

Filed under: Seller's Blog,

How to Cost a Solution in Azure

Manage Cloud Costs with Resource Tagging

Pages

Follow me on Twitter