Insights For Success

Strategy, Innovation, Leadership and Security

It's time to evaluate your company

GeneralEdward Kiledjian

As we pass to the second half of the year, many companies start their annual merit review cycle. It is an opportunity for your leaders to evaluate the corpus of your work and determine how much value you delivered to the company (thus deserving a salary adjustment).

What employees often forget is that they too should use this period as an opportunity to determine if they are doing the right job, in the right company & at the right compensation level.

Read my blog entry The “You” Brand

The 4 power questions

  1. Do you like what you are doing?

  2. Do you like who you are doing it with and where you are doing it?

  3. Does your company offer a path your desired future job?

  4. Are you fairly compensated

As we walk through each of these questions, it is important to remember that there is no "perfect" life partner and there is no "perfect" company. What we are trying to determine is: "Is this company the right one for your at this moment in time".

It is important to evaluate the questions in the order I have presented them.

Do you like what you are doing?

Ask yourself if you (honestly) are excited about the work you are doing. When Friday comes along, do you turn off “work mode” until Monday morning? If you do then you have a job, not a career. It means you are not passionate about your chosen profession and it may be time to figure out “what you want to be when you grow up”.

Do you like who you are doing it with and where you are doing it?

Many leaders would probably break this question down into 2 separate ones (one for people and one for the company) but I believe they work better together.

You may like your job but do you like the people you are doing it with? There is no perfect environment but overall, do you enjoy collaborating and working with most of your co-workers? Are you surrounded by like-minded people who challenge you and respect you? Do the people you work with care as much about you, as you do for them?

In the same vein, do you like working for your company? Do you share the vision, mission and core values of your company? A 2017 MetLife survey found employees (9/10) would rather work for a company that shared their values than one that offered higher pay. The survey also found that employees were willing to take a 21% pay cut to work for that better-aligned company (jumped to 34% for millennials).

This is also the category I include work-life alignment in. Does the ratio of work-life balance the company expects to, align with what you are looking for?

Obviously, every employee’s requirements are different but the importance of this alignment is undeniable.

If you love your job (question 1) and you love who you work with (where), then work doesn’t feel like work. You can enjoy going to work and living your best life.

Does your company offer a path your desired future job?

Not everyone is looking for career advancement but most of you probably are. Does your company offer a supportive, nurturing environment where you can learn and grow? Are executives willing to take a chance with less experienced employees, allowing them to develop? Are executives willing to coach and guide employees to develop their skills in preparation for future promotion? Last, but not least, does the company promote from within or do they hire most leaders from the outside?

Are you fairly compensated

The question about compensation was purposefully left until the end. Every other question we have examined will feed into this one.

The old 1980's corporate mantra was :

"Employees work just enough not to get fired. Employers pay just enough so employees don't quit".

As stupid as this mantra sounds today, some older leaders still espouse this as a "nugget of wisdom" (do the companies values align with yours?).

The modern strategy of salary management dictates that companies must pay enough so employees aren't stressed about money and spend their mental energy on doing what they do best.

The real-world equation is more complicated and is a subjective evaluation of fair pay within the company (often difficult to judge because the information is not readily available), and compare to other organizations offerings for similar roles.

It is easy to understand why a company that compensates you properly, probably also values your skills and expertise properly.

Remember the MetLife survey, where employees were willing to work for less if the company's values aligned with their own? This is also true about the other 3 questions we previously discussed.

If you feel that the company's values don't align with yours and/or that the company doesn't offer career advancement and/or you dislike the people you work with, you may decide to stay but may demand a higher premium for the extra "suffering".

Conclusion

Ultimately this is a deeply personal introspection and one you must do honestly (regardless if you are a new graduate or a seasoned executive).

Your company evaluates you annually to decide if you are worth keeping, you should do the same and decide if the company is worth staying at.

The Phoozy spacesuit for your smartphone

GeneralEdward Kiledjian

What is a Phoozy?

The Phoozy is a NASA space-suit inspired jacket for your phone that protects it from the searing rays of the sun or the frigid battery killing cold of winter.

Have you ever gone to the beach and noticed your phone refusing to start with a temperature warning message (even though it was "protected" from the sun by a sun-umbrella?) The same happens at the other temperature extreme where the phone refuses to start because the components are too cold and the phone tries to protect itself.

The Phoozy is a well-insulated purpose-built capsule (made out of space material used to protect astronauts). The Chromium Thermal Barrier can reflex up to 90% of the sun's heating rays.

This is an important distinction some online testers didn't remember. These geniuses cooked their phones in the oven or left it in their locked cars, then complained the Phoozy didn't work. The Phoozy is not air conditioning, and work's by reflecting the sun's harmless rays but won't help if the ambient temperature is oven-like (a car under the direct sun can reach 170 degrees within an hour).

During the summer, I tested the Phoozy while at the beach, hiking or the amusement park. I used an old iPhone as my unprotected test "victim" and my Pixel 2 XL as my protected device. My Phoozy protected device never shut down because of heat, while the control iPhone regularly displayed that dreaded temperature warning message and refused to start until I cooled it down.

Water protection

The Phoozy case is buoyant and will float but the top isn't waterproof sealed (it's velcro). The Phoozy shouldn't be your go-to water protection solution. The fact it will float is a nice to have feature just in case.

Compare the Phoozy Apollo and XP3

I bought and tested the newer XP3. The Apollo & XP3 offer the same sun and cold protection, but the XP3 has slightly more padding (which is better for drop protection), it has attachment points (so you can hook it to the outside of a backpack) and an internal stash pocket (to store cards or cash).

The XP3 easily accommodated 5 credit cards and an iPhone XR, Pixel 2/3XL, or Samsung Galaxy S10.

Conclusion

I love my Phoozy and it has found a permanent place in my everyday carry backpack (which is high praise coming from me). Many colleagues and friends have also bought Phoozys and every one of them is extremely satisfied.

The Phoozy performs as advertised and is well made.

The Apollo XL retails for $29 which is a very fair price for the protection being offered. I believe most customers should opt for the newer XP3, but this retails for $49. I still recommend it, but think they should cut $10 from the price.

Watch Netflix safely in the office

GeneralEdward Kiledjian

A new Chrome extension (called Netflix Hangouts) will make your Netflix stream look like a 4 person video conference by adding 3 additional video boxes onscreen. The Netflix show is housed in the bottom right hand box. You engage the extension by clicking on it and you stop it by clicking on it again (or closing the Netflix tab).

This will not trick network based traffic inspection devices. It just makes the screen look more business like. If your company employs network base traffic analysis, you may want to VPN out first.

Operational security tips to safeguard your privacy when crossing a border

GeneralEdward Kiledjian

Every week I read about another traveller that is hassled at the border to turn over his laptop, tablet or smartphone and their associated passwords. Knowing that a stranger has gone through your personal “stuff” feels dirty (similar to being robbed).

A question I get asked often by readers, friends and colleagues is “How do I travel through international borders without worrying that my life will be put on show for some stranger with a badge?”. You don’t believe that this can happen; here are some interesting articles:

Operational Security 101

The work of physical security and digital (cyber) security are merging fast and you cannot have one without the other. So what is a traveler to do?

  1. Identify your sensitive data. Before travelling, conduct an extensive analysis of the data you will be crossing the border with. This doesn’t just include intellectual property or employee information but remember that once authorities have access to your email, without you present, they can figure out what social media accounts you have, they can reset your password for any site, they can build a social graph of all your contacts (using your email, instant messages and contacts), etc.

  2. Prepare a lists of vulnerabilities you are subject to? You should consider everything from device theft to authorities riffling through your personal data with no regard for privacy.

  3. Determine your risk level for each vulnerability. As long as you back up your data and your device is encrypted, then your risk after a theft is limited to the cost of replacing your device or scrambling to buy a new one while in transit. You will realize your risk level quickly rises when you consider the exponentially increasing risk of having your device analyzed at the border.

  4. Design your countermeasure plan. For each vulnerability, design a mitigation or risk minimization plan. This is what the rest of the article will talk about.

Countermeasures

Like a broken record, I will now extol the virtues of the Chromebooks and why many security professionals rely solely on these devices when security is essential. I know many of you will email me to explain why Google is evil and shouldn’t be trusted. I respect everyone’s opinion, and if you believe using Google products and services doesn’t meet your security requirements, then, by all means, choose something else.

A Chromebook is designed to be reinitialized anytime and to restore its state very quickly. Log into a device connected to a respectable network, and within minutes, you are back up and running with your apps, extensions, bookmarks and settings. Your data is stored in the cloud, and local device storage is encrypted.

Theft

If some numskull steals your device, you will have to buy a new one but at least your data is safely stored in the cloud, and there is no unencrypted data locally to expose you. I have had my device stolen on a train in Europe (on my way to speak at a conference). At my destination, I bought a Chromebook, used the store's WIFI to restore my device, and I was up and running within 30 minutes.

Border inspection

Border inspection is a different beast because they have the authority to force you to turn over your passwords. In this case, the only protection strategy is trickery.

For people crossing the border with sensitive information, I recommend that you use a Chromebook and sync everything to the cloud. Before travelling, you Powerwash the Chromebook (aka set it back to factory default) and then log into it with a dummy Google account.

This Google account should have some emails, contacts, favourites, files stored on your Google drive, etc. It should look like it is an authentic and genuine account. When your device is inspected, it will have nothing of interest, and you will not endanger your “real” data.

Once you cross the border, find a WIFI network, Powerwash your device and log in with your “real” account.

What about your smartphone

I trust the Chromebook Powerwash process enough to reuse a Chromebook that was inspected by border security but not a smartphone. Smartphones (iPhone or Android) do not have the excellent backup and recovery properties of the Chromebook. In most cases, I travel with a real fully loaded smartphone and will destroy it if it is ever taken from me. I will immediately change all my passwords and implement honeypot style detection tools to see if they attempt to exploit me.

What are these detection techniques I am talking about? Well one example is to use the Free Canary Tokens to generate different honeypots in your work environment.

As an example, you create an easy to find (weaponized) Word or PDF file (stored in your Google drive) and phone that sends out a beacon when it is opened. Think of these tools as motion sensors warning you that your digital being is at risk and that you need to take extraordinary measures to protect yourself.

Conclusion

An article about traveller airport border crossing security (OPSEC) can be very long, but I wanted to give you a gentle introduction. If you are a journalist, politician or senior executive at risk, hire a good security consultant to guide you. The most expensive advice is free advice.

If you are a journalist with a reputable organization working on high-risk reporting and need security advice, I am always available to provide free guidance. I believe free and open journalism is a pillar of our modern democracy.


Review of the Asus C434 Chrombook

GeneralEdward Kiledjian

I am lucky enough to have the chance to test a tone of devices every year. Chromebook testing is an interesting endeavour because the higher end units usually are fantastic to use, while the cheaper products are slow and clunky. Chromebooks that live in the middle ($500-600) typically inherit the bad characteristics from both categories.

The mid-priced ($600) Asus C434 doesn't fall into this typical model.

Build quality

Most (non-premium) Chromebooks feel cheap and flimsy. They creek and crack when you grab them from an edge.

The Asus C434 is an all-aluminum design that looks and feel premium. The design includes chamfered edges that give it a more premium feel. Even the hinges are chrome covered, which adds to the premium look and feel.

When used in laptop mode, the hinges slightly raise the screen end of the keyboard which makes typing slightly more pleasurable.

It feels like Asus has crammed a 14-inch device in the body of a 13-inch device without sacrificing usability.

If you haven’t figured it out yet, the design of the Asus C434 is wonderfully tough-out and makes using the device a joy.

The screen

My everyday personal use device is a Pixelbook. I love my Pixelbook, but it's enormous bezels make it feel dated. Although the Asus C434 isn't breaking any new bezel records, its design is noticeably modern (87% screen to body ratio). It has a very good 14-inch Full-HD screen (1920x1080) IPS panel that has good viewing angles, good colour reproduction and respectable (300 nits) brightness.

The Asus C434 screen isn't class leading like the Pixelbook or Samsung Pro but isn't a slouch either. Most users will find the screen amazing and a pleasure to use.

The keyboard

Keyboards can make or break a device. Look at the thousands of vocal Macbook fans on Reddit that have jumped ship to Windows because they can no longer deal with the horrible butterfly keyboards included in most new MacBooks.

So a lousy keyboard can kill even the best most thoughtfully designed laptop. Luckily the Asus C434 does reasonably well in the keyboard category. For users coming from an HP x360 or a Pixelbook, the keyboard doesn't feel as good, but for most users, this thing will be a joy.

Asus chose a non-glass trackpad which makes using it a bit more of a chore. The included trackpad is acceptable, but the device does suffer a bit from a less usable trackpad. Remember that I am comparing the Asus to the premium end of the market. If you compare this to a $500 windows laptop or other similarly priced Chromebooks, you will not be disappointed by the trackpad’s performance.

The ports

I regularly curse at my Pixelbook for not including at least one USBA port. Sure I love all things USBC, but I still have a tone of useful accessories that are USBA, and I seem to forget my dongles when I need them most.

This is where the Asus C434 beats my Pixelbook; it has a tone of ports. The Asus C434 has USBC ports on either side but also a USBA port, a headphone/microphone port and a microSD card slot.

The Asus C434 has the ports you need to get your job done without worrying about dongles or adapters.

The Internals

Most reviewers based their tests on the Core m3 (m3-8100Y) device with 4GB of RAM. While 4GB is good enough for the casual web user, it isn't enough to load a tone of Android apps and to comfortably run Linux apps.

The Asus C434 comes in the m3, i5 and i7 varieties and power users will probably opt for the mid-tier i5 processor with 8GB of RAM and 128GB of internal storage.

As I write this review, most sites still don't offer the 8GB/128GB version of the unit (Amazon, B&H, etc.) but it is coming. Unless you need a device right away (then get the 4GB/64GB), I would wait a couple of weeks to pick up the more powerful model.