Friday, 16 May 2008

SMART Goals

SMART

  • Specific
  • Measurable
  • Attainable
  • Realistic
  • Timely
Specific
A specific goal has a likelihood of being success than a general goal. The questions used to create a specific goal require that you answer the six "W" questions:
· Who Who is involved?
· What What do you want to accomplish?
· Where Identify a location.
· When Establish the time frame.
· Which Identify requirements and constraints.
· Why Specific reasons, purpose or benefits of accomplishing the goal.

Measurable
Establish concrete criteria and metrics to measures progress toward the attainment of the goal. Measuring progress helps ensure that you stay on target, reach your defined dates, and achieve the goal.

To determine if a goal is measurable, ask
· How much?
· How many?
· How will I know when the goal has been successfully accomplished?

Attainable
When you recognize the goals that are most important, you begin to make them come true. You develop the attitudes, abilities, skills, and financial capacity to reach them. You start considering previously overlooked opportunities to ensure the achievement of your goals.

It is possible to attain nearly all any goals that are set when you plan each step and establish a time frame that allows the completion of those steps. Goals that seem far away and out of reach eventually end up closer and turn out to be attainable. This is not because the goal has shrunk, but due to growth.

Realistic
To be realistic, a goal must represent an objective toward which you are capable of achieving. A goal may be both lofty and realistic. Every goal must represent progress. A lofty goal is frequently easier to achieve than a low one as a low goals apply low motivational force. Some of the most difficult tasks to accomplish seem easy due to passion - they become a labor of love.
A goal is almost certainly realistic if you truly believe that it can be accomplished. Further means to knowing if a goal is realistic is to determine if you have accomplished a similar task previously. Alternately, ask what conditions would have to exist to achieve this goal.

Timely
A goal needs to be able to be completed in a set time frame. Without a time frame, no sense of urgency can be created.

T can also mean Tangible. A goal is tangible when it can be experienced with at least one of the senses. These can be, taste, touch, smell, sight or hearing. A tangible goal results in a greater prospect of making it specific and measurable and thus achievable.

Sunday, 11 May 2008

Just call me Gilbert...

We had a work function where we had to pick a theme on Friday. Myself and my team just decided to go as the IT guys being that is what we are and did not put all the effort into it.
As you can see we are just going for sex appeal. I decided that the vinal vest having the fo-crome buckles was just it.
Above is Anna and Ignatious. Anna is an IT auditor and Ignatious is a data analyst.

We make a great team don't we....

Hacker Ethnography

I have had the comment that hackers are by nature creative [1] as a defense of the anti-hero mythos of the hacker.

Research by a number of psychologists [2] will be used in this post. Also some statistical calculations will also be included.

Even the web [3] derived image held by much of the hacker underground is a determination of a defined type. This is a strong correlation to the statistical likelihood of the “hacker” being an INT[J or P] with a minority of ENT[JP] Myer Briggs personality type. I myself am an INTJ bordering on the [EI]NTJ being borderline Extrovert/Introvert on the scale. I am however well off the chart for NTJ.

What is an INTJ?
We are the rarest of the lot [4], [5]. Us INTJ’s account for less than 1% of the population.
David Keirsey (http://www.keirsey.com/), links INTJs as the "Mastermind Rational" [6], placing us as the natural strategists. We are creative; this is not always based on following a task we do not like as we are strategists.

What is an INTP?
Also rare at just over 1% of the population [4],[5], these are Keirsey’s Architects [7]. They work on interests from the drawing of blueprints for buildings or roads or bridges to code.

Where is the issue with the argument?
There are a few flaws with the argument that hackers (in any derivation of the term) are creative developers of society.

First, arguing on the assumption that the stereotype is true we have the flaw that hackers being creative are also inventive based on the perceived INT[JP] stereotype. The flaw is that it is the ENTP type who is the inventor. Us INT[JP]’s are the strategists but not the inventors (we do try).

In fact, when on the right side of the fence, INTJ’s have correlated extremely well to the field of Law. There is creativity in the formulation of a deal strategy, but it is not artistic. It is not going to build the world.

So there is a minority of ENTP’s or inventor types who are hackers. This takes us to the next point, statistical distributions of populations.

In all large populations there are outliers. These are those who, in forming the group, are removed from the more generalized distributions. This is the problem with an argument from analogy.

If for instance I was to ask if a person in a tweed coat, with glasses and with a tie was most likely:
[A] A Farmer
[B] An Accountant
[C] An Engineer

Many would say either B or C, but the reality is that this is based on making false assumptions. There is no data being presented on the location or population distributions. In fact, if the community was mostly rural, the likely answer is A.

The biggest problem with the argument and use of analogy is in the issue of causation vs correlation.

Our minds have evolved for an environment in which we are not a part of. Common sense was a good guide 10,000 years ago. It is a poor guide now. We see causal effects in mere correlation.

This allows us to make statements as to the nature of a group based on a few individuals, the problem is that we are wrong more times than not. We see a few people who are anti-hero’s who have also done something right. This does not demonstrate a causal link. It is mere associative brain chemistry.

The issue is that we allow those who are doing no good, the majority to be seen as not being all that bad.

Cowboys in the west were leaders in settling new areas, but they did not built them. Hackers are the leaders in the web, but they did not build it. Sometimes the people are one and the same, but like the founders of many western US towns having been former cowboys, the internet has former hackers.

The former cowboys built by no longer being cowboys. Cowboys are the drovers. They move on. The ranchers displaced them even when some are one and the same.

I say this as one who did many things wrong in my youth and would have (and was) seen as a hacker, but being tainted with a past does not make a future.

The difference is that people grow. This means that we drop our childish ways and ideas and take on new ones. Being a hacker in ones youth does not make one always so.

The real issue.
Creative personality types are higher in “hacker types” – which is the same type who make good lawyers – think on it. The issue here is that it is not that high.

INT[JP] personality types account for 1.9% of the overall population. There is a skew in those who become computer programmers and hackers with research demonstrating that INTJ and INTP types account for 18.2% and 17.5% of the overall population of computing professionals [8]. This is 35.7% or about a third.

Even making the assumption that INTJ/P types who are computing professionals are hackers on the wrong side of the fence, we still have the issue that they are not in a majority (in contradiction to the popular hacker press).

Back to the real issue. Does the status of an anti-hero aid in the creation of anything other than its own mythos?

Here I have to state no. It is a destructive factor. INTJ’s make good lawyers/judges and good criminals all at the same time. How one spends ones time is an issue.

It was stated that “I'd start by pointing out that almost every major category of security software is derived from hacker tools.” Here the only way this can be true is in an assumption that all programmers are also hackers. This is far from truth.

Let us investigate,

  • Firewalls, not from hacker tools
  • Snort, not from “hacker tools”, but in response to them

I would argue this statistically, but I can not find enough tools that are derived from hacker tools. If I take a random sample of tools, I keep coming up with the following:

Hypothesis:
Most security tools are derived from hacker tools

The idea being to reject this at the alpha = 5 level

Taking a sample from 500 tools pulled from a Google search, the 100 from sectools.org and classifying these I did a multivariate analysis. I took a sample (blind) of 50 tools and checked the classification distribution to test the hypothesis. This sampling was run 10 times [9].


summary (Hacker_tools())
5.769 9.032 10.500 10.440 11.860 13.290




summary (Not_Hacker_tools())
29.78 36.32 39.29 39.05 42.15 47.26

When we compare these two results in a simple boxplot - there is no overlap at all.


It is simple to state that the hypothesis fails even with visual inspection. But to be through, we get a p-value of 0.000000000000000000...

We have strong evidence from this that we can reject the hypothesis that "Most security tools are derived from hacker tools".

So a little statistics - or also known as "assumption be gone" - and we see that hackers are not the foundation of secure coding tools (rather they would appear to account for about 21% of such tools).

References
[1] http://gse-compliance.blogspot.com/2008/05/taming-wild-wild-web.html (comments)
[2] Myers, I. B., & McCaulley, M. H. (1985). Manual: A guide to the development and use of the Myers-Briggs Type Indicator. Palo Alto, CA: Consulting Psychologists Press.
[3] http://www.catb.org/jargon/html/appendixb.html
[4] Jacobson, C. M. (1993). Cognitive styles of creativity: Relations of scores on the Kirton Adaption-Innovation Inventory and the Myers-Briggs Type Indicator among managers in the USA. Psychological Reports, 72, 1131-1138.
[5]Gryskiewicz, S. S. (1982, January). Creative leadership development and the Kirton Adaption-Innovation Inventory. Paper presented at the 1982 Occupational Psychology conference of the British Psychological Society, Brighton, England.
[6] http://www.keirsey.com/handler.aspx?s=keirsey&f=fourtemps&tab=5&c=mastermind
[7] http://www.keirsey.com/handler.aspx?s=keirsey&f=fourtemps&tab=5&c=architect
[8] Capretz, L. F., (2003) Personality types in software engineering, International Journal of Human-Computer Studies, Vol 58 , Issue 2, February, 2003. pp. 207 – 214. Chang, T., and Chang, D., (2000) The role of Myers Briggs type indicator in electrical engineering education, International Conference on Engineering Education (ICEE), 2000.Retrieved on August 2, 2006 from http://www.ineer.org/Events/ICEE2000/Proceedings/papers/MD6-2.pdfDeMarco, T., and Lister, T., (1999) Peopleware: Productive Projects and Teams. 2nd ed. New York, NY: Dorset House Publishing, 1999. Hunter, M. G., (1994) “Excellent” systems analysts: key audience perceptions, ACM SIGCPR Computer Personnel, Vol. 15(1). pp. 15-31

[9] Test Method

The 10 Google searches are:

  1. security tools firewall
  2. security tools authentication
  3. security tools confidential
  4. security tools malware
  5. security tools host
  6. security tools server
  7. security tools internet
  8. security tools government
  9. security tools finance
  10. security tools network

Sectools.org came up so many times that it was added and another 500 selected.

A site like http://www.windowsecurity.com/software/Misc.-Network-Security-Tools/ (the security tools network search) returned multiple tools. In this case 60. I started from the top of the Google search and added tools to the 500 was achieved.

This process was run 10 times for each of the aforementioned searches.

The list of 600 tools was added into R in an array. A random 50 tools was selected. These where classified into the hacker/not_hacker classification.