Give the ‘Thing’ a Subnet of Its Own!

To my surprise, the most clicked post ever on this blog is this:

Network Sniffing for Everyone:
Getting to Know Your Things (As in Internet of Things)

… a step-by-step guide to sniff the network traffic of your ‘things’ contacting their mothership, plus a brief introduction to networking. I wanted to show how you can trace your networked devices’ traffic without any specialized equipment but being creative with what many users might already have, by turning a Windows PC into a router with Internet Connection Sharing.

Recently, an army of captured things took down part of the internet, and this reminded me of this post. No, this is not one more gloomy article about the Internet of Things. I just needed to use this Internet Sharing feature for the very purpose it was actually invented.

The Chief Engineer had finally set up the perfect test lab for programming and testing freely programmable UVR16x2 control systems (successor of UVR1611). But this test lab was a spot not equipped with wired ethernet, and the control unit’s data logger and ethernet gateway, so-called CMI (Control and Monitoring Interface), only has a LAN interface and no WLAN.

So an ages-old test laptop was revived to serve as a router (improving its ecological footprint in passing): This notebook connects to the standard ‘office’ network via WLAN: This wireless connection is thus the internet connection that can be shared with a device connected to the notebook’s LAN interface, e.g. via a cross-over cable. As explained in detail in the older article the router-laptop then allows for sniffing the traffic, – but above all it allows the ‘thing’ to connect to the internet at all.

This is the setup:

Using a notebook with Internet Connection Sharing enabled as a router to connect CMI (UVR16x2's ethernet gatway) to the internet

The router laptop is automatically configured with IP address 192.168.137.1 and hands out addresses in the 192.168.137.x network as a DHCP server, while using an IP address provided by the internet router for its WLAN adapter (indicated here as commonly used 192.168.0.x addresses). If Windows 10 is used on the router-notebook, you might need to re-enable ICS after a reboot.

The control unit is connected to the CMI via CAN bus – so the combination of test laptop, CMI, and UVR16x2 control unit is similar to the setup used for investigating CAN monitoring recently.

The CMI ‘thing’ is tucked away in a private subnet dedicated to it, and it cannot be accessed directly from any ‘Office PC’ – except the router PC itself. A standard office PC (green) effectively has to access the CMI via the same ‘cloud’ route as an Internet User (red). This makes the setup a realistic test for future remote support – when the CMI plus control unit has been shipped to its proud owner and is configured on the final local network.

The private subnet setup is also a simple workaround in case several things can not get along well with each other: For example, an internet TV service flooded CMI’s predecessor BL-NET with packets that were hard to digest – so BL-NET refused to work without a further reboot. Putting the sensitive device in a private subnet – using a ‘spare part’ router, solved the problem.

The Chief Engineer's quiet test lab for testing and programming control units

Internet of Things. Yet Another Gloomy Post.

Technically, I work with Things, as in the Internet of Things.

As outlined in Everything as a Service many formerly ‘dumb’ products – such as heating systems – become part of service offerings. A vital component of the new services is the technical connection of the Thing in your home to that Big Cloud. It seems every energy-related system has got its own Internet Gateway now: Our photovoltaic generator has one, our control unit has one, and the successor of our heat pump would have one, too. If vendors don’t bundle their offerings soon, we’ll end up with substantial electricity costs for powering a lot of separate gateways.

Experts have warned for years that the Internet of Things (IoT) comes with security challenges. Many Things’ owners still keep default or blank passwords, but the most impressive threat is my opinion is not hacking individual systems: Easily hacked things can be hijacked to serve as zombie clients in a botnet and lauch a joint Distributed Denial of Service attack against a single target. Recently the blog of renowned security reporter Brian Krebs has been taken down, most likely as an act of revenge by DDoSers (Crime is now offered as a service as well.). The attack – a tsunami of more than 600 Gbps – was described as one of the largest the internet had seen so far. Hosting provider OVH was subject to a record-breaking Tbps attack – launched via captured … [cue: hacker movie cliché] … cameras and digital video recorders on the internet.

I am about the millionth blogger ‘reporting’ on this, nothing new here. But the social media news about the DDoS attacks collided with another social media micro outrage  in my mind – about seemingly unrelated IT news: HP had to deal with not-so-positive reporting about its latest printer firmware changes and related policies –  when printers started to refuse to work with third-party cartridges. This seems to be a legal issue or has been presented as such, and I am not interested in that aspect here. What I find interesting is the clash of requirements: After the DDoS attacks many commentators said IoT vendors should be held accountable. They should be forced to update their stuff. On the other hand, end users should remain owners of the IT gadgets they have bought, so the vendor has no right to inflict any policies on them and restrict the usage of devices.

I can relate to both arguments. One of my main motivations ‘in renewable energy’ or ‘in home automation’ is to make users powerful and knowledgable owners of their systems. On the other hand I have been ‘in security’ for a long time. And chasing firmware for IoT devices can be tough for end users.

It is a challenge to walk the tightrope really gracefully here: A printer may be traditionally considered an item we own whereas the internet router provided by the telco is theirs. So we can tinker with the printer’s inner workings as much as we want but we must not touch the router and let the telco do their firmware updates. But old-school devices are given more ‘intelligence’ and need to be connected to the internet to provide additional services – like that printer that allows to print from your smartphone easily (Yes, but only if your register it at the printer manufacturer’s website before.). In addition, our home is not really our castle anymore. Our computers aren’t protected by the telco’s router / firmware all the time, but we work in different networks or in public places. All the Things we carry with us, someday smart wearable technology, will check in to different wireless and mobile networks – so their security bugs should better be fixed in time.

If IoT vendors should be held accountable and update their gadgets, they have to be given the option to do so. But if the device’s host tinkers with it, firmware upgrades might stall. In order to protect themselves from legal persecution, vendors need to state in contracts that they are determined to push security updates and you cannot interfere with it. Security can never be enforced by technology only – for a device located at the end user’s premises.

It is horrible scenario – and I am not sure if I refer to hacking or to proliferation of even more bureaucracy and over-regulation which should protect us from hacking but will add more hurdles for would-be start-ups that dare to sell hardware.

Theoretically a vendor should be able to separate the security-relevant features from nice-to-have updates. For example, in a similar way, in smart meters the functions used for metering (subject to metering law) should be separated from ‘features’ – the latter being subject to remote updates while the former must not. Sources told me that this is not an easy thing to achieve, at least not as easy as presented in the meters’ marketing brochure.

Linksys's Iconic Router

That iconic Linksys router – sold since more than 10 years (and a beloved test devices of mine). Still popular because you could use open source firmware. Something that new security policies might seek to prevent.

If hardware security cannot be regulated, there might be more regulation of internet traffic. Internet Service Providers could be held accountable to remove compromised devices from their networks, for example after having noticed the end user several times. Or smaller ISPs might be cut off by upstream providers. Somewhere in the chain of service providers we will have to deal with more monitoring and regulation, and in one way or other the playful days of the earlier internet (romanticized with hindsight, maybe) are over.

When I saw Krebs’ site going offline, I wondered what small business should do in general: His site is now DDoS-protected by Google’s Project Shield, a service offered to independent journalists and activists after his former pro-bono host could not deal with the load without affecting paying clients. So one of the Siren Servers I commented on critically so often came to rescue! A small provider will not be able to deal with such attacks.

WordPress.com should be well-protected, I guess. I wonder if we will all end up hosting our websites at such major providers only, or ‘blog’ directly to Facebook, Google, or LinkedIn (now part of Microsoft) to be safe. I had advised against self-hosting WordPress myself: If you miss security updates you might jeopardize not only your website, but also others using the same shared web host. If you live on a platform like WordPress or Google, you will complain from time to time about limited options or feature updates you don’t like – but you don’t have to care about security. I compare this to avoiding legal issues as an artisan selling hand-made items via Amazon or the like, in contrast to having to update your own shop’s business logic after every change in international tax law.

I have no conclusion to offer. Whenever I read news these days – on technology, energy, IT, anything in between, The Future in general – I feel reminded of this tension: Between being an independent neutral netizen and being plugged in to an inescapable matrix, maybe beneficial but Borg-like nonetheless.

Social Debt (Tech Professional’s Anecdotes)

I have enjoyed Ben Horowitz’ book The Hard Thing About Hard Things. Farnamstreet’s review is perfect so I will not attempt at writing one. I will focus on one idea I found most intriguing.

I read Horowitz’ book as an account of dealing with hard decisions in general, about having to decide alone, about personal accountability, about having to pick the lesser of two evils.

The idea that stuck with me in particular is Management Debt, and Horowitz also blogged about this.

… management debt is incurred when you make an expedient, short-term management decision with an expensive, long-term consequence.

You accumulate Management Debt if you try to fix an organizational issue quickly by acting inconsistently. Horowitz’ example: You might give an employee a raise in order to stop her from leaving the company. But she had discussed her plans with another employee who then wonders why she stayed; so she feels pressed to explain the reason to him. Then others learn how to blackmail you in order to get a raise, etc..

From my short stint as a manager I am familiar with such situations but I rather like to extend the concept to Social or Political Debt. I believe that we, as human social animals, tend to focus on resolving the conflict right in front of you, rather than considering seemingly abstract consequences in the future.

I am thinking of the expert bombarded with all kinds of requests. As a professional it is hard to avoid them: People who to want to pick your brain and just like to have 5 minutes so you can glance over their problems. For free. Trying to help all of them – on top of working with paying clients – would be the equivalent of trying to copy a full book at the photocopier but yielding to anybody who wants to copy just a single page.

As a fallible human you might give in to the most intrusive requester just to get rid of him or her. You think that explaining your seemingly cold-hearted rationale would take more time and would be more emotionally taxing than just fulfilling the request.

But those people will return with more problems, and their acquaintances will, too. You have incurred debt, and there is interest rate. The moment of refusal might be difficult though, in particular with requests in the blurry area between business and private. How to say No to that alleged or self-declared old friend?

I am a believer in 1) Stating clearly what you don’t want and don’t do (rather than focusing on the positive) without feeling the need to explain yourself and 2) “Principles” – a short list of your values, or guiding principles you always follow. Both need need to be ingrained in your mind so that you react accordingly in case you receive those e-mails and calls out of the blue.

The paradoxical or sad thing is that explanations are most often futile. There are many good reasons – both ethical and business-wise – for not jumping onto such requests. The obvious one being limited time and treating all clients equal, but the best one in my point of view being the value of true expertise: Based on years of experience you might only need five minutes to solve a problem that requires somebody else doing days of research. That’s exactly why those first minutes might be the most valuable.

I am speaking from experience although such things fortunately did happen to me rarely. But when they did, it was freaking me out. I once got a call from an unknown lawyer who was in the middle of installing his very own Public Key Infrastructure; he started asking technical questions before introducing himself. I tried to explain that I was actually charging people for such services, and that I assumed he did not do legal counselling for free either. His response was that he was maintaining all his IT stuff by himself – just this topic was too complicated for him so he needed advice. So services should be free if a professional solves a particularly tricky problem. This defies common sense.

I also thought I had a killer argument, non-refutable. I am actually providing technical information on ‘the internet’ – the same sort of answers or materials I would charge clients for. The difference is that I am not obligated to do this, so I pick this case by case. I believe in open-source-style sharing in a community of like-minded members. I am a believer in demonstrating skills in real time instead of showing off certificates – it goes without saying this might include giving away some valuable advice for demo purposes at the start of a business relationship.

Unfortunately, this demo-for-business argument that is used too often by people who want to milk your know-how forever – just testing how far they can go – without ever really considering a ‘business relationship’. As soon as you tell them the answer to the next question will not be free of charge anymore, they suddenly stop asking.

Fortunately, I get enough feedback by providing so much detailed information for free!!. A few people who don’t get it would not shatter my confidence. Interestingly, people who still challenge me (But then you don’t have time for me??) are those whom I would not consider part of any ‘sharing’ communities or get their spirit in the slightest. I think all those issues belong in the category: Either you get it immediately and communication is based on tacit understanding what is normal and appropriate – or all explanations are in vain.

Many years ago I had been asked literally if I would like to work for free. Corporations send out request for proposals and ask for lots of free concepts and presentations – until they have gathered enough know-how from all the potential vendors invited so that finally they have learned enough from the ‘pitches’ and can do the whole project on their own. Finally I had my antennas finely tuned to all your typical manipulations methods (I have already told X you will do [unpaid honorable engagement] Y – if you don’t, this will get me into serious troubles!). Many people are driven by short-term impulses, not by malice (I have to solve this problem or my boss will kill me!) and they respond to logical arguments: What would you say if you were a paying client and find out that I do free consulting for other people at random? Some manipulators are hopeless cases though, especially if they think they provide something in return that is actually less than useless to you.

Horowitz’ war stories resonated with me more than I expected. He emphasizes dealing with organizationally or psychologically difficult issues head-on. I read his advice as: Better act sooner than later, better state the ugly truth upfront. Better take some decision at all, even if it is just 55% versus 45%. Communicate clearly, don’t use fluffy phrases. Sometimes people explicitly appreciated my way of saying No immediately and unambiguously, instead of endless dithering and not trying to hurt anybody which seems to have become fashionable in times of Networking and You Will Always Meet Two Times.

wine-clarity

Searching my own images for own that would represent both mental clarity as well as difficult decisions – I zoomed in this one immediately. (Vineyards close to my home village, evening at the beginning of May.)

Although this is tagged with ‘rant’ it should not be interpreted as what I actually consider pointless and energy-draining – endless rants about common practices in your industry sector that you cannot change but have to live with. I am in the Love It, Change It, Or Leave It camp. I have also been writing about the past, and often a single annoying event of that sort had made me shift gears.

I believe the best – and most productive – way to cope with weird requests is to either: Respond clearly and immediately using a standardized I-don’t-do reply, then ignore them as an accidental, misguided question that just happened to end up in your inbox; or: to analyze if an aspect of your previous communication might have invited such inquiries, and improve your future communications. And don’t aim at being liked by anybody, anytime.

On Social Media and Networking (Should Have Been a Serious Post, Turned out Otherwise)

It has been nearly a month since my satirical post on LinkedIn and bot-like HR professionals has stirred interesting discussions and unexpected reblogs. I have promised to come up with related posts regularly.

To all my new followers who were probably attracted by the Liebster-award-related nonsense: Compared to those posts this one is unfortunately a rather serious one. Compared to default social media expertise show-off it is nonsense, though.

Every opinion piece is based on the author’s secret assumptions about what makes this universe move in spacetime. For full disclosure I lay mine before you upfront:

Thinking about the blurred area where the corporate world and a subversive online universe meet I am reminded of The Cluetrain Manifesto, so this is my personal

Networking Manifesto.

Regular readers might have guessed at the following axioms:

  1. Sense of humor is the definitive  criterion that determines how well you will get along with other human beings. This also holds for future coworkers or employers.
  2. The harder corporations try to morph into social beings as per their PR stories, the weirder they appear when viewed from the inside. Corporate culture is very subtle.
  3. The tension between 1 and 2 catalyzes sparkling works in art (mainly comics and satire) as well as peculiar networking opportunities.

I did zero research for this post and I will not add outbound links – other than my own – this is ‘vanity linking’. If you are really interested in if and how I am following my own advice about social media you can stalk me on the pages and profiles listed at my Gravatar profile or my personal website.

In addition, I have no idea about a plot or structure for this post so I call this

The Top 10 +/- 5 Things I Learned from Networking on Social Media

1) Titles and taglines do matter:

If I would be a real social media expert I would have made the header of this post similar to your typical

Top Ten Self-Evident Things Anybody In His Right Mind Who Knows How to Use Google Can Come up with him/Herself Immediately

are shared like crazy on Twitter.

As a serious aside, I feel that titles of posts are important as many of my search terms are based on titles. Since I need those for Search Term Poetry, I cannot help but pick strange ones.

The same goes for your professional tagline, but it is walking a tightrope: If you want to make a change in your career you could add your aspirations to the title. E.g. if I am a historian for building intergalaxy cargo ships but I want to switch to doing strategy consulting for the cargo companies at Alpha Centauri, you might change your tagline to historian and consultant in intergalaxy shipping.

2) The mere existence of profiles does matter.

I believe we (the earth’ population) are changing our average attitude from

The internet – what a strange virtual place… and you really have a page about yourself?

to

Why in hell don’t you have an XY profile? You also have a telephone!

This is not a post on why and if this is something to be worried about, so I skip my postmodern commentary on culture. But I catch myself on being bewildered why I can’t find people on popular networks.

I don’t expect them to be active, have a lot of friends / followers (see 3) or providing a lof of details, but I wonder what’s the obstacle that would keep somebody from adding basic CV data on LinkedIn. I don’t claim my expectancy is rational.

What matters most to me as a reader is the temporal completeness as we time-travel experts say, that is
For all items it holds that [Year of finishing this = Year of starting something else]

3) There is no agreement on the importance of different networks, which ones to pick, and what it means to be a friend, contact, follower or connection.

There is a slight contradiction with 2) and I know it. But we cannot sort that out. I have received tons of invites to obscure networks I never heard of before. Other may feel the same about Google+.

I had endless discussions with people who wanted to add me on the first professional network I was a member of, actually the first network I ever signed up to in 2004 – XING, the German LinkedIn, so to say.

I have gone to great lengths in explaining that I will only accept contact requests from people I know in person or with whom I had substantial conversations online before. Others do consider these networks an option to find new contacts. I have over 600 contacts on XING despite my rigorous policies, simply for the fact I had added contacts over the years, in parallel to archiving business cards. But this large number of contacts make me appear as one of those contact collectors.

On the other hand, I entered Facebook by the end of 2012, and still I look like a networking loser with my less than 200 friends. Facebook will even block your account if you add too many friends in a short time. This is done by software in a Kafkaesque way, so there is no point complaining. This is another reason to follow my advice 2) and start out populating your list of contacts via organic growth early.

There will never be agreement with most of your contacts and friends on what a contact actually is. I believe this is the reason for the asymmetric relationships Twitter and Google+ had introduced: You can follow back, but you do not need to confirm a contact. Facebook has adopted this thinking by adding the subscriber option – now called followers, too.

I have given up and I do not take all that befriending and contacting too serious – so please go ahead and add me on all my networks if you like.

4) The internet is a public place.

This is stating the obvious. From day 1 of my existence as a web avatar – publishing my first embarrassing FrontPage generated site in 1997 – I have written every single post with a public audience in mind – even in so-called closed groups. Today I publish all my Facebook and Google+ stuff to ‘Public’.

I do not see the point of closed groups: not so much because of the risk of changing security settings in the future, triggered by a new group owner, new privacy policies, new security bugs, or careless friends publishing your friends-only stuff to the public. But I do not want waste a second on considering confidentiality issues when writing and aligning my style of writing with a specific audience. After all this should be fun, creative and weird (see 5).

I noticed – to my own surprise – that I started dreading any sort of private messages. If you want to tell me how great my postings are – please for heaven’s sake don’t send me a private Facebook message or an e-mail, but comment on them. I don’t even want to be tempted to add something ‘confidential’ in the reply and I don’t want to miss a chance to make my clever, witty reply available to the public. Zuckerberg said something about the end of privacy, and this is my interpretation of that.

As a consequence I have written about so-called personal stuff in open discussion groups and on my websites a few years ago. I have written about my lingering on the edge of burnout and have been applauded for my honesty. Today I feel my posts are not that personal even though I did not change my style. I am not into photography, so I hardly add any photos depicting something related to my private sphere. I don’t upload a photo of myself (a selfie) in a funny setting every day to Facebook. But just as my definition of ‘friend’ has changed, this might change as well.

5) The internet is a weird place, fortunately!

I was tempted to add the following to my networking manifesto:

Human beings connect with human beings, not with ‘businesses’. Members of the collective want you to remove their Borg implants.

I hope you get the picture without requiring me to go into a scholarly dissection of that great metaphor.

I mentioned the burnout confessions deliberately in 4) as they confirmed a secret theory of mine: If you present yourself as a human being, even within a so-called competitive environment, you motivate others to do the same. You lower the bar – it has the opposite effect of writing business-related e-mails at 2:00 AM that makes everybody else reply Do you ever sleep?

You might say this is off-topic and not strictly rooted in anything online – as most of these confessions happened offline actually.

I disagree as I believe that  the internet is a trigger and a catalyzer that has transformed our ways of thinking about public and private sphere. Today you often read you should take care of your online reputation and not publish your ‘drunk at a party pictures’ to Facebook. I don’t object to that, but I believe the solution is rather not to get drunk at parties.

20 years from now all people in charge of hiring others will belong to the generation whose lives have been documented online from day 1 – due to their baby-photo-Facebooking parents. Generation Y+ did not even have a chance to opt-out. I feel that they would rather consider somebody suspicious whose online utterances are all professional and sleek looking.

Since this is speculation, I add a link to a great article on Wired about the generation born 1993: “…She is casual about what some might consider the risks of oversharing. In the future, she says, it won’t matter if you did post a picture of yourself covered in chocolate, because “the people who care will all retire and the world will be run by my generation, which doesn’t give a shit…”

I owe the link and the pointer to this quote to my Google+ friends … which is the perfect bridge to a caveat that needs to be mentioned: Even if the internet is a weird place there is one important rule: Give fair credit! To other authors but also to other sharers and finders.

6) Finally I need to mention metrics.

I have a very special relationship with ‘meeting the numbers’ as readers of my articles about the corporate sphere do know. So I was delighted to have been invited to Klout. If you believe blog award nominations are like silly chain letters, consider this:

You earn scores based on your interactions and engagement on social media – that is: likes, followers, reshares, posts on your Facebook page … Unfortunately WordPress.com has not been factored in yet. Currently my score based on Twitter, Facebook, LinkedIn, Google+ and the Klout network itself is 57 which is of course above average.

This is called gamification. I won’t reiterate my usual lame jokes on AI software and failing the Turing test.

But there might be more it than providing a game for procrastinating office workers: This is the future of grading in education – and judging job applicants maybe:
Bizarre Trend: Journalism Professors Using Klout Scores As Part Of Students’ Grades

I had already run some experiments on how to increase the score by heavy tweeting – I am open to more experiments and I would appreciate if you add me as your influencer on Klout.

Klout’s mission is to empower every person by unlocking their influence.

For centuries, influence had been in the hands of a few. Social media has allowed anyone to drive action to those around them, democratizing influence.

— Quote from the Klout website: What is Klout?

Borg dockingstation

Borg Dockingstation (Wikimedia). Sorry, I know I am coasting on those clichés way too often.

So what are your thoughts – Generation Xers, Yers and Zers? (Borgs and other aliens may comment as well)

Edit – further reading: In a Twitter conversation related to this post this blog has been recommended to me – and I want to recommend it to all of you: thedigitalattitude.com. In contrast to my blog this one is really focussed on social media and how to present yourself and your skills online. 

 

Professional Online Persona or: What Are Your Skills?

My previous post has triggered intriguing discussions – about writing, identity and what I called an ‘online persona’. As far as I remember I borrowed this term from David Weinberger’s book Small Pieces Loosely Joined – sublime reflections on the way the web has impacted culture and communication.

I have asked myself sometimes: How should I describe and portray myself on so-called professional social networks given the fact I have tried to re-invent myself but / and / or fo not want to raise any false expectations or come across as Dr. Know It All Jack of All Trades Master of None Interested in Too Many Irrelevant Things.

Websites and profiles are not so much my home on the internet, but tools that supports the ongoing experiment of uncovering my unique voice. Yet professional social networks as LinkedIn are rather intended to provide an online CV or a skill matrix.

This article is a comprehensive review of the  Linkedin skills feature. In particular I like this quote: I too have been receiving endorsements from people I’m out of touch with, who are endorsing me for skills I didn’t even know I had’, like “food writing” and “celebrity” (whatever that means).

The list of my skills on my LinkedIn profile and its evolution is a great experiment in social dynamics (…plus game theory, plus artificial intelligence software testing…) although the skills not correctly attributed to myself were not as intriguing. I have experienced the following effects:

LinkedIn tries to extract – generic – skills from your profile that neither you or your contacts have yet added to your profile and asks your connections to confirm them. So the set of skills is impacted by LinkedIn’s bias.

I developed tools related to managing digital certificates – these are cryptography-based digital counterparts of national IDs – and the related management systems, Public Key Infrastructures. My main role in a project was PKI Consultant, and I never tried to sell myself as a developer. So the exact term should rather be Programming for PKI. But nobody uses that specific terms in his/her profiles so I did not object to add programming. Yet such generic terms can raise false expectations (which was actually the trigger to write this blog post).

Endorsements could make it harder or easier to change your focus and specialty due to the amplification fostered by LinkedIn.

You add skills to your profile or LinkedIn guesses at your skills and suggests them to others. Thus some connections will endorse you, and other members of the same community will notice as per the LinkedIn activity stream and endorse you as well. This might put emphasis on certain skills that you do not leverage that much on a daily basis or you do not want to use in the long run. On the other hand your network might endorse you for a very ‘old’ or ‘new’ skill and the self-enforcement of endorsements could help with changing fields of expertise.

But I strongly believe your most important skills cannot be represented in a ‘profile’ anyway. I dare say I did make some projects a success by using skills that have never been part of any skill matrix. These skills are attributed to you in private 1:1 feedback only.

Today’s hiring processes are often based on pre-screening applications for key words and three-letter acronyms. In discussion group I recently read: I hope the selection is not done by machines. Unfortunately, it nearly is. You might replace machine by HR people following some checklist.

Based on my experience I think there is a hierarchy of skills. I am aware of the vagueness in terminology I am going to introduce here.

  • Technical skills are a must. Replace ‘technical’ with whatever specific skills your education or experience has provided you with.
  • Top technical ‘guru’ skills – ideally communicated by an endorser, not by yourself – are the reasons customers might favor you over other applicants.
  • But social skills are the reasons they remember you. Probably these should be called general skills, including e.g.: perseverance to meet deadlines, writing flawless and precise e-mails, acting as an abritrator between people hostile to each other.
    Also Verbal / quant skills – as depicted in diagram in my recent reblog of Dan Mullin’s post Philosophy Degrees Are Undervalued all belong to the general skills category in my point of view.

Employers or clients will admire you for general skills after they have worked with you, but I am sceptical if such skills can be communicated in a way that helps in passing the barrier set up by the HR bots.

HR experts do not want to know that you have a proven track record on working with very different techniques in measuring physical properties of advanced materials and related data analysis – although you rightly believe that your most valuable skill is your ability to learn about new technologies quickly – based on your experience with related technologies. (Insert clichéd but true statement about the fast pace of evolving technologies.)

They rather want to see that you are capable of working with the Improbable Hyperspace Microscope analyzing samples of the recently detected rare earth metal Zaphodium, and analysing data using Most Buggy Scientific Software Tool, Version 42.42. You need to have more than 4.2 years of experience – it might not be sufficient to have worked with version 42.41 even if you have 4.3 experience with that one.

I am not making this stuff up, expect for the product names. You might be asked for 4.2 years of experience with a product that has been available on the market for 2.4 years only.

I had been lucky so far in circumventing such selection processes because I knew the person or department who was really looking for resources. In Austria, we have a strong tradition in bypassing processes in an informal – probably non-compliant – way. (But international corporations gradually  manage to add our distinctiveness to the collective.)

As this should not be your typical nerds ranting about clueless managers post, I try to distill some advice from my experience:

Some communities or industry sectors are more open to reasonable assessments of skills. For example, I learned from the IT security ‘hacker’ community to value skills demonstrated right in front of me. Hackers detest bragging with certificates or degrees.

Squeeze your ‘technical’ skills into very few key words, even if that hurts the generalist in you. I believe you need to be super specific:  PKI worked better than IT Security, Heat Pumps works better than Renewable Energy. It is like picking a tag line for a blog.

Don’t follow any advice, including guidelines about well-crafted social media profiles. My alter ego, the Subversive Element started writing the bloggy weird website subversiv.at at night when I was a serious IT consultant by day. I did not promote the site at all. Yet in a kick-off meeting in a new project a new colleague greeted me enthusiastically like that in front of all the other suits:

You are the Subversive Element, aren’t you? 🙂

Weird – or generally: unusual, outstanding – features in your profile constitute a filter – you filter potential clients by sense of humor for better or for worse.

Don’t speak about yourself in your professional profile in third person – in ‘speaker bio style’, such as: Elkement is a seasoned expert in hunting aliens, well-versed in intergalactic diplomacy with a proven track-record of efficiently destroyed foreign planets. 

Don’t panic.

Adam Pope Zaphod Beeblebrox

Zaphod Beeblebrox in an Amateur Production of The Hitchhikers Guide To The Galaxy (Wikimedia) – in case you are looking for a weird avatar. Don’t be too original – allow for some cliché to strike a chord with others.

Don’t write walls of text.