No Comments

Context-aware Security – Is it a Buzzword, a Product, or Something Else?

A relatively new concept in the ongoing debate between information security and employee effectiveness is “context-aware security.”  Originating a few years ago as a buzzword for some retailers to socialize in their product offering media and presentations.  Specifically, as tools and technologies defending against Advanced Persistent Threats have become more prevalent.  Lately, it has taken on true substance as these tools have matured.  Unfamiliar with the term ‘context-aware’?  In essence, it is the evolution of policy-based controls to be more situationally aware of an action being performed.   Recognizing a privileged security action is allowed based on variables of situational information such as location, device, time of day, content of data, and so on, with the controls adjusting according the action.  This is a significant step up from actions permitted based on Role Based Access Control (RBAC). But where will automation fit in? Will IT have the bandwidth to do the legwork, and perform constant and real-world, situation-based policy changes necessary to actually implement a fully context-aware, protected, and secure environment? And, how does this differ from the already exhaustive exceptions list most CISO’s are already asked to make work on a daily basis?

Can Context-aware Security Ever Be Fully Automated?

In short, not easily.  By definition, context aware security addresses potential abuse of granted role-based security to dynamic behaviors.  At best, your policy, and the products you implement can only address known, predictable behaviors.  Context aware approaches rely on assumptions. (“We can assume this user will not log in  after hours, based on the usage habits of others who have held his role.”) So, perhaps they address 80% of the users, and allow for X% more productivity?  Until controls can match the level of military efficiency and monitoring of actions, with the appropriate personnel to maintain those controls on a continuous basis, full automation will remain an elusive IT security goal.  This falls back to very basics of IT security prevention where it only takes one new way to compromise a control, followed with a change to close that new exploit.

Is Your Identity Management Policy Ready For Your Company to Really Use a Context-based Approach?

Nod once if this is your company – HR creates user profiles.  Don’t go blaming Active Directory, or your CISO, or even your HR teams. This seemed simpler when initially developed. OK, and yes, I’m over simplifying – HR does not take guesses. Instead, the hiring manager provides semi-extensive profile data, listing each of the roles and rights, all systems, each piece of equipment the new hire shall be granted upon his/her hire. Some companies go a step further, and include this same information gathering for employees who are promoted, demoted, transferred, or who terminate employment. But, is there already another identity review process in place at your company? Do you address how many folks log in from multiple products? Who on each team logs in from home at 10 pm?  When and why Johnny in engineering may need payroll system access? Collecting metrics to help identify patterns can be another rabbit hole to fall down as they only provide the results for known requested elements.  There again shaping a new policy based on what is presently known and factual.  Easily leading to a myopic viewpoint for legitimate exceptions or false positive results for actions.  Or, is that the exception process, and is your system administrator simply giving out access on a case-by-case basis?  Privileged Access Systems (PIIM/PAM) can greatly reduce abuse of power.  Simply from the human aspect alone where Johnny has to ask permission and knows that access is logged and tracked.  However, this isn’t contextual awareness.  It is just another way to skin the known data element protection cat.

Are the Products Ready?

Sort of. Our architects can speak to the countless next-generation firewalls and Intrusion Detection Systems (IDS’s) that can handle virtually any policy-based rule.  But, unless your policy is as granular as a true context-aware security approach requires, technology alone will not get you there.  But, context is not a product.

Why is this so Difficult?

In and of itself, the only way we are going to succeed in creating a true contextual security framework, is if we all share information. Simple, right? We’re all willing to share threats, minor or major data breaches, user habits, vulnerabilities, etc., so as to use that data to develop true context-based assumptions and rules, right? And, of course, sharing with the hackers themselves is always a risk.  Sharing context in the security landscape is anomalistic in that it would require a company to expose its vulnerabilities, and further open itself to breaches.

Compare and contrast security to other worlds in which context-based habits have driven multi-billion dollar industries. Where would we be without Facebook, Google, Caesars and Amazon (among obvious countless others) telling other retailers and casinos the behaviors each can predict. The productization of this information has long since been a valuable commodity, in and of itself.  While any given vertical market can be generally containerized to provide suggested controls such as PCI, HIPAA, etc with a framework to match, it doesn’t provide the appropriate “context” to the details and idiosyncrasies of how a given company functions on-the-wire.

So, how can we use this same approach to prevent security incidents, while allowing productivity? I, for one, will be eagerly watching CheckPoint’s IntelliStore and Palo Alto Networks’ and Fortinet’s to see if they can provide some actual, useable context needed for context-based security.  Perhaps this the dawn of a new service-based “contextual-aware” solution market where every access to data can be bagged and tagged, but not publicly disclosed.  Allowing for the greater masses to create proactive resilience through a combination of people, process, and technology.

No Comments

From Greatest to Even Greater. Is That Even Possible?

In 2015, Vivo had one of its most profitable years in company history.

As recruiters, the success was particularly satisfying. When you break down the numbers, it’s all there. More fills. More starts. More consultants. More clients. More money. Record highs across the board.

Sure, all of that can and should be attributed to a myriad of different factors, but make no mistake – the recruiting department made its mark in a big way. We set lofty goals, and we met them.

Success can be a funny thing, though.

For those who achieve it, it can either push you to new heights, or be a trigger for unrelenting pressure. You can build on it, or let it eat away at you. You could even go so far as to say that success is as much a curse as it is a blessing. If anything, it’s an opportunity to either get better, or get worse.

So the question remains. As recruiters, how do we get better in 2016? Can we get better?

81f8b6b43b014afeacaf92045a55dab2-81f8b6b43b014afeacaf92045a55dab2-0To gain some perspective, let’s take a look at our hometown heroes, the Golden State Warriors, and more notably, reigning NBA MVP and basketball demigod, Stephen Curry.  We’d be hard pressed to find any singular team in sports that had as successful a year as the Warriors in 2015, and no player attributed to, or benefited more from it than Steph.

Let’s take a look at some numbers. Sixty five regular season wins, with forty five by double digits. Thirty nine of those wins came at home, only losing twice, while twenty eight others came on the road. All franchise records. The Warriors amassed 28, 30+ assist games while putting up a 16-game winning streak from mid-November to mid-December. All of this with first-year head coach Steve Kerr amassing a .817 winning percentage (the highest marks ever by a first-year head coach in NBA history), Curry winning his first league MVP, and, of course, Golden State capturing its 4th franchise championship after a 40-year drought.

Speaking of Curry, he capped off the year by being named the Associated Press Male Athlete of the Year for 2015, only the 4th NBA player in history to be given such an honor, winning an ESPY for Best Male Athlete, releasing his own signature shoe with rising giant Under Armour, and, to everyone’s delight, introducing us to the cutest and sassiest 3 year old in Hollywood, Riley Curry. You know. No big deal.

Let’s face it. That’s just a fraction of the accolades I could muster up in what is now etched in NBA lore, but I think you get the picture. No one would bat an eye if the Warriors regressed to the mean for 2016. As a matter of fact, it would be expected.

I mean, they’re practically rewriting history with each 3 pointer made… so how does one improve after making history? Surely there would be at least some drop off, right?

Well, no one told Golden State.

The team is currently on pace to break the record for wins in a regular season at 53 – 5 (73 – 9 being the goal, respectively), and as for Curry? He’s merely having the greatest single season of any player in NBA history up to this point, and if you didn’t see his buzzer beater to beat the Oklahoma City Thunder, then I don’t know what to tell you.

The point is, the Warriors didn’t let success tie them down, but instead, used it as their foundation to work even harder. When something has never been done before, it doesn’t mean that it is impossible, and that’s the approach to success that we have decided to take here at Vivo.

Having a year like we did last year allows us to pick apart our triumphs and expand on them. What worked? What didn’t work? How can we break new ground?

These are all questions that should be asked no matter how well things are going, but it’s a lot easier when you have a platform of success to stand on. We are all inspired by greatness, just like the Golden State Warriors. The way they’ve gone about their business this year is an example that we should all try to emulate.

The players have fun with what they’re doing on the court, and there’s no doubt that we have our fun as recruiters in our office. We laugh, we dance, we celebrate, but most importantly, we get things done.

The Warriors and Stephen Curry are pushing the envelope in regard to what winning basketball looks like, and we want to create the same type of shift in our industry. Break conventional wisdom. So to answer the question “can we get better?” Absolutely. We even plan on turning some heads while we do it.

No Comments

Sometimes you wanna go…

stock-illustration-54894124-beautiful-girl-in-winter[1]I am writing this from Detroit Metro Airport, waiting for my plane back to California. Home. Silicon Valley. But, I must say, this trip really changed me, and my view of visiting sub-arctic Middle American cities.

A few years ago, when my friend and client “R” suggested that we consider Detroit for our next geographic expansion, of course I smiled and nodded. But, behind the rolled eyes I tried to hide, I hid my belief that he was thought he was crazy to suggest any such location.

Fast forward to Fall of 2015, and he calls me as he’s departing Silicon Valley, to let me know he’s taken a role as CIO of a hot, fast-growing Ann Arbor-based company. Now, will I open an office, he asked? I jumped on the next plane (exaggeration or poetic license?).

While the November trip was informative, this week’s trip was life-changing. In November, we toured, we saw, we took in. We were almost too busy to take anything in. Oh, and it was 70 degrees. So, the anomalistic weather made it a non-reality-based experience, as well.

This week, Kevan, my regional director and I went on countless meetings – including meeting R, and his newest Director. I’m not sure words will do justice to how at home I was. The personality from every snarky, fast-paced, quick-witted person I grew up with in New York, was somehow transplanted into the work ethic and mindset of the hard-charging Silicon Valley crowd I love. The “if-they-mated” final output, was the Greater Detroit tech management.

Immediately, I was at home. I would stay forever, but for the high of 27 degrees, and the reality that even the cutest of winter boots are still slipping on black ice, or getting stained by salt. Plus, red (my new nose color) is not my best look. Back to California I go. Richer, and excited for my next trip. You know, in June.

No Comments

“But They Worked Hard” – Reasons to Analyze Your KPIs in January (and Every Month)

stock-illustration-82541387-financial-analystFirst, let’s define KPIs. Key Performance Indicators, or “KPIs” are, by definition, the metrics and measurables a business examines to determine how effectively a company is achieving business objectives. At the department level, it is how the department evaluates its success at reaching targets.

All too often, company and department goals are set – perhaps, annually or quarterly – but no thought is given to the real way in which to analyze performance against those goals. Oddly, many use the term “KPIs” – from project managers through department managers, through executives, board members and analysts. But, did they simply select a measurable unit, without really stopping to determine if the unit itself is a true indicator of how the company is doing in meeting its objectives?

So, my fellow managers, I challenge you: don’t blindly agree to measure your department/division/team based on pre-defined metrics. Read each measurable unit. Ask yourself, “does meeting this goal drive business targets?”, and “do I know the true business objectives as they pertain to these numbers?”

Say What?
OK, let’s start with a simple example – call center KPIs. If you are the call center manager, did you – on behalf of your department—agree to spend less than 60 seconds on all Level 1 calls or something similar? If so, then each week, you log into the phone or ticketing system, and run a simple report showing success or failure against this metric, right?

Now, this may be fine. But, keep in mind what you are measuring. You have agreed that a good indicator of the level of service your team is providing is the number of calls handled, and/or the speed by which calls are handled. When it comes time for your team members’ reviews, this is when managers try to argue that “my team handled some really important issues this quarter”, or perhaps, “we got 4 customer reviews commending us for excellence.” Or maybe even, “we stayed on calls longer, which enabled the Level 2 team to spend their time on more complex issues.”

But again, you agreed to measure time spent on calls, and by doing so (perhaps inadvertently) agreed that this – and not quality of call, not complexity of calls, not level of service given – was important to the business achieving its goals. Conversely, let’s say this is the most important criteria, and that there is a business objective that requires speed of call handling, above all else. Well then, you as manager do not really have the right to change the rules and argue for a different measurement. If your department goal was to reduce time on calls, then it is your job as manager to hit that mark.

So What?
All of this is really to say that it is your job as a manager to know what is being measured, understand the business aims for the specific performance goals, and to educate your team on the same. The time to suggest that a different item is more important to the business and should be measured to determine department success, is when that change occurs. It is not a hindsight test, and will not bode well when the “but they did do well in this other area” argument is made, come raise/bonus time.

No Comments

Laugh! Find Humor Everywhere.

Never afraid to laugh at ourselves, in the spirit of Jimmy Kimmel’s Mean Tweets, we had a few Vivoers read some love notes from our anonymous frenemies. Take a look, get to know us if you don’t already, and judge for yourself.

No Comments

Vivo Expands to Michigan

Detroit, Michigan – December 16, 2015 – Vivo, the Silicon Valley-based company that specializes in IT consulting, staffing and executive search, opened an office this week in Detroit, MI on December 14, 2015, marking the company’s fifth geographic region.

“The greater Metro Detroit area is home to some of the world’s best known companies, making this a great choice for our latest expansion,” according to Marilyn Weinstein, Chief Executive Officer, Vivo. “Southeast Michigan has become a home for numerous technology start ups. We are excited to help our clients grow,” said Kevan June, Regional Director at Vivo.

According to Automation Alley, the Southeast Michigan business accelerator and association of technology professionals, the Metro Detroit area is the fastest growing region for tech jobs in the nation with a diversified and significant high tech talent base.

When compared to the 14 national tech hubs (including San Jose, Seattle, Austin, Chicago and Boston), metro Detroit ranks first in the number of advanced automotive jobs, the number of engineering degrees earned, and the number of engineering and architectural jobs available.

About Vivo:

Vivo was founded in 2006 and initially opened doors as iTalent Solutions—with a primary focus on IT staffing. Today Vivo provides clients with trusted, mid-to-senior-level IT consultants, and uniquely tailored solutions.

Visit Vivo on the web at:


Attn: Sarah Kesher, Marketing Director
7901 Stoneridge Drive, Ste 440
Pleasanton, CA 94588

No Comments

Consultant Corner – Meet Peggy Florence!

f74f2298-0724-4b6b-89ba-14aa8eb25045Peggy lives in San Jose, Ca and is an avid traveler. This year she went to Cuba, Cancun and Switzerland. This Vivoer also enjoys biking from winery to winery in Santa Cruz, Livermore and Mendocino.


Peggy has ventured all over the world, including having raised her children for 4 years in the Netherlands. She notes that kids there have more independence and are not made to learn in a specific manner, as they are in the US.  The best benefit of having lived where kids are taught in this particular manner is seeing her own children, Ashley and Jay, growing up and making better independent decisions themselves.


Peggy has also worked abroad, aside from travel: in the Netherlands for 4 years and Israel for 7 months. She venerates these life experiences, which really taught her how to have a better understanding of cross cultures, work styles, and work ethics.


Now for some fun Q and A. We asked Peggy some very important, life-altering questions:


Q: Who should be cast as you in the movie of your life? 
A: Sophia Loren (when she was my age)


Q: Do you have a theme song? What is it? 
A: What have you done for me lately, by Janet Jackson


Q: Who was your first celebrity crush, when you were a teen or tween? 
A: Markie Mark’s calvin Klein underwear ad. That was HOT!


Q: Which is worse – finding out the chicken you ate wasn’t chicken, or the place you ate at wasn’t a restaurant? 
A: Finding out the chicken wasn’t chicken, I think that would keep me from ever eating chicken!


Q: What do you do when a baby aggressively stares you down in public? 
A: I’d make faces at the baby.


Q: Who is your favorite person at Vivo, other than yourself?
A: I have many favorites, but Harp is the ultimate!!


Thank you for indulging us in this month’s Consultant Corner, Peggy!


Send us your fun interview questions and we will ask them in the next Consultant Corner.
No Comments

Do you Like Loud and Conceited, Over Calm and Understated?

iStock_000000652065_SmallA recent Harvard Business Review article suggests that we don’t know the difference between confidence and competence. Ignoring the gender argument, is there something to be said for this claim? According to the article, common traits associated with leadership are synonymous with those found in personality disorders, such as narcissism and psychopathy personalities.

Is it a male vs. female thing? Is the article suggesting that women should be more psychotic, or celebrate their normalcy in order to become more successful? Perhaps more fascinating to us all, is the thought of why we are so attracted to loud, rude, headstrong, and oftentimes abrasive personalities. Female or male, we really do tend to back the bully and belittle the calm and collected types, as they attempt their rise as leaders.

No Comments

Small Business Management Tips from Marilyn Weinstein, Vivo CEO

dba-small-business-show-logo-300x273Marilyn Weinstein, founder and CEO of Vivo, says “When you’re the owner, you don’t have the confidence that somebody else’s money gives you.” One trick is building a small business management team so that you’re the “other person” with the money, and delegating those decisions to someone else. Having a partner can mitigate that from day one, so long as you start your partnership correctly.

Listen to Marilyn’s lessons and anecdotes on all of this … and more!

Harpreet Singh
No Comments

Did Your Internet Persona Walk In The Door Before You Interviewed?

unnamedMuch has been said on this topic, but it bears repeating: prospective employers with even the slightest interest in hiring you will have looked you up online – sometimes even before your first in-person interview. Many candidates first begin thinking of this and covering their Internet tracks – so to speak – when their active employment search begins. But, did you know that it might be too late?

The online search, to which I am referring here, may be something as simple as:  Entering one’s name into any generic search engine, and simply sifting through the yielded search results.

In a perfect world, the yielded search results should only showcase the candidate’s positive attributes.  Everyone by now is aware that scandalous posts from a misspent weekend in the Sin City or bad-mouthing a previous employer could leave a negative impression of you and may even cost you the job.  And again, many candidates feel like they are covered if they have remembered to set all social media settings to “private” or “friends only”. But in today’s overly-connected world it is growing increasingly difficult for people to keep track of all of their connections, and remember everyone they’ve friended/followed/allowed to follow/etc.

So what should you do? Go Page One Positive!

I am by no means suggesting that one should be a ghost.  But, why not make your first search results your best?  Studies show that people rarely go past the first page when Googling. Most admit to accepting the first few results they uncover, and moving on.  So, instead of only remembering the “social” aspect of social media when posting, spend time building a professional profile. Make sure that when someone Googles your name, they see your employable qualities on page one.

How to have your hireable persona show up on page one:

  • Show off!
    • Build a website that showcases your professional skills and interests.
    • Share relevant business content on LinkedIn
    • Blog your impressive (read: relevant) opinions
    • Tweet your impressive (read: relevant) opinions
  • Respect others with similar career interests.
    • Like relevant content on LinkedIn
    • Retweet others’ impressive blogs
    • Link back to others’ blogs on your website
    • Participate in networking groups, online discussions, etc. (Carefully!)
  • Ensure that all public images are professional
    • Have a great, clear, and professional LinkedIn profile picture
    • Consider that most default profile pictures are set to “public”, so keep yours neutral at worst, professional at best.

Other things to keep in mind:
For some employers, a social media presence or an Internet footprint of an employee is a must – not having any online presence leads some employers to believe that the candidate may be hiding something.

Remember that not everyone uses a search engine. Many employers will go straight to the source, and more than likely look up potential candidates on sites like Facebook, Twitter, LinkedIn and Google+, so that they can get an indication of the candidate as a person.

No matter what platform you choose to expose your personal skills/interests, keep in mind…
1. Do not post anything that you would not want a future employer seeing. You’re working for a super “cool” company now, but when times change, is anything you’re saying online likely to be a deal-breaker for a future workgroup?

2. DO NOT and I repeat once again, DO NOT depend on your Facebook privacy settings since they are constantly changing. Also, today’s friend can be tomorrow’s future employer’s sister. Do you know all of your friends’ friends?

3. Remove or un-tag yourself from anything that could be seen by an employer as unprofessional. Enjoy the moment. Laugh with your pals. Then, untag.

4. Have a heyday sharing/posting/tweeting content which highlights your accomplishments and qualifications in a positive way!

If you like my blog, feel free to share it. Of course, only after you Google me and tell me what you learned!