I would like to share a ticket to CeBIT 2013 which will be held in Germany and to which I have no chance to attend this time due to heavy workload. I won this ticket by participating in hacking-lab.com CeBIT
challenge so it’s legal, sweet and free. Just one ticket on a first come – first serve basis, please be responsible.

http://www.cebit.de/ticketregistrierung?Rfe2xcyd7b4szc

–
Kind regards
-Nikki McCavee aka nMC

A guest post by Len Isham (@LenIsham):

This June the Social Engineering Penetration Testers is coming to Detroit and offers the unique ability to take this class without incurring additional travel costs. The class scheduled adjacent to BSides Detroit.

First lets do a cost breakdown of a typical week long technical training class with travel costs included using my costs from taking the training in Seattle earlier this year:

$3,500 Typical cost for week of technical training
$2,000 My costs for the flight, rental car and hotel
———-
$5,500 Typical total costs

Taking the class locally removes the typical travel expenses and since the class only costs $3,500 is actually cheaper than a typical class with travel expenses. There is also a discount* if a company sends more than one person to the class.

Also if you can afford to pay for part of the class will your employer cover the rest of the cost? If you are considering paying for part or all of the class consider paying before December 31st and it becomes an 2012 expense that may reduce the money you pay to Uncle Sam.

Remember taking this class helps you protect your company from social engineering attacks, and has the added benefit of increasing your soft skills. How may other technical classes can offer that?

Len

*3-5 $250 per person off
6+ $500 per person off

Here is Jen Fox’s recommended reading list from her Moscow Rules talk:

Advanced Interviewing Techniques: Proven Strategies for Law Enforcement, Military, and Security Personnel. John R. Schafer and Joe Navarro. 2010, Charles C. Thomas. [I got a lot out of this book. It approaches from a different angle than most of us will in our jobs, and because of that covers some different territory than other books.]

Confidential: Uncover your competitors’ top business secrets legally and quickly—and protect your own. John Nolan. 1999, Harper Collins Publishers [This book is out of print, unfortunately. A very informative read about information elicitation techniques.]

It’s Not All About “Me”: The Top Ten Techniques for Building Quick Rapport with Anyone. Robin Dreeke. 2011, Robin K. Dreeke. [Straightforward book about ten techniques for building rapport. I would say this book is a great starting point on this reading list.]

Learning From Strangers: The Art and Method of Qualitative Interview Studies. Robert S. Weiss. 1994, The Free Press. [A book from the sociology discipline, where there is extensive experience in interviewing/observing for information gathering.]

Please Understand Me II. David Keirsey. 1998, Prometheus Nemesis Books. [As a Myers-Briggs nerd, this is my go-to reference for MBTI personality typing info. I’ve been using this as a reference for years. Excellent for dealing with bosses, coworkers, significant others, kids.]

The Definitive Book of Body Language. Allan and Barbara Pease. 2006, Bantam Books. [Good book; there are also a number of others to choose from on the topic of body language. I understand Joe Navarro’s books are good.]

This is a guest post by Jennifer Fox following her presentation in August 2012.

In a 2006 IBM Global CEO Study, 765 CEOs, executives and public sector leaders were interviewed on the subject of innovation.  Of those participants:

“Nearly 80 percent of CEOs studied rated business and technology integration of “great importance,” while less than half felt that their organizations were “integrated to a large extent.” Most have simply been unable to integrate business and technology to the desired extent. These CEOs find the lack of integration to be a real source of frustration. Though they would like to improve the current situation, they feel unable to do so.”

If you’re the CIO, these numbers should concern you.  Where does the problem—and solution—lie?  According to the IBM whitepaper one of the three fundamental issues is language and communication:

While there are undoubtedly many causal factors responsible for the separation of business and IT, one fundamental reason is language. Quite simply, many IT leaders don’t speak “business”; they speak technology. Business leaders, on the other hand, speak the language of the business. The combination leads to ineffective communication and can be a root cause of the less-than-optimal returns that many companies realize on their IT investments. Moreover, recent surveys by Gartner and McKinsey & Co. highlight the communication gap as a major reason for CEOs’ dissatisfaction with IT.2”

The shortcoming of Business/IT alignment is that it continues to view IT as separate from the business rather than an interested and vital partner.  The only way to mitigate the Us-Them mentality is if technology staff learns about the business, understand its life and language, and work as an interested and proactive partner rather than a disconnected service.

It is the CIO’s role to begin the fusion of business and IT, starting with conversations to genuinely understand the business, its market, needs, etc.  Not simply from a data perspective but from a holistic IT-is-really-part-of-the-business perspective.  And then have another conversation, and another, and another.

There are some concepts used in the competitive intelligence community that you can use to get critical conversations started.

The first concept is suspension of ego.  You’re from the IT department; other staff from your company will already know that you’re smart, so you don’t need to spend the conversation proving it to them.  Listen, learn about the person you’re talking to, and don’t worry about impressing them with being right, clever, connected, etc.  While this is a simple idea, it can be difficult to put into practice.

Direct questions. ”OK,” you think, “I’ll go ask!”  The difficulty with using direct questions is twofold.  First, a direct question is only useful if it’s the right question.  How hard can that be?  By asking a direct question instead of an open-ended question, you’ll find out the answer to your question, and nothing more.  You may even miss the exact information you need to inspire a great value-added idea.  Think of it this way: if you’re looking into a room through a window that has been covered with paper, a direct, pointed question is like poking a pinhole into the paper.  Yes, you have a view into the room now, but it’s limited.  Asking an open-ended question is like cutting a hole into that paper; you have much greater visibility into the room, allowing you to notice things that would have gone unseen through the pinholes.

Second, direct questions have a tendency to put people on guard, even if you thought the question wasn’t particularly contentious.  Social Engineering 101 tells us that if people are put on guard by questions, they aren’t going to supply good information.

Data response questions.  The other type of question that most people are very comfortable asking is a close relative of the direct question – it’s the question that asks for a simple data response (“What’s your sales goal for this quarter?”)  While this may be an interesting data point, a point is all that it is.  This style of question is appropriate in other types of fact-finding interactions, but it won’t get you closer to learning about business goals and concerns.

Open-ended questions.  These take more patience to work with, but yield more interesting results.  It may take more time to get the information you are looking for, but this type of question also opens the door for you to find out other information you may not have been aware of.

One technique commonly used in information elicitation is called backward chaining.  This technique has the information seeker ask a series of questions, starting three or four steps removed from the specific information you’re interested in.  For example, if you want to find out the true goals of your C-level counterparts, rather than directly asking about their goals for the company—the official ones of which should be well known—you could start by talking about a relevant current event and work in from there.

1. Discussion of a related current event or economic issue
2. Discussion of the industry
3. Discussion of competitors in your space
4. Discussion of company strategy
5. Your objective: Discussion of your CXO counterpart’s “what I would really love to see” list

This develops a ‘natural’ progression of conversation, during which you are developing a rapport with your counterpart and focusing the thought and discussion more and more specifically toward your goal of finding out what’s really important to them.

Using technology to propel your company’s growth is a win-win for all involved—business people who want to achieve their goals and technologists who want to leverage the best that the computing world has to offer.  Communication is the first step onto the path to winning.  These concepts and techniques can help you get started today.

References:

“Igniting innovation through business and IT fusion.” (Part of the CIO Implications series)  IBM Global Services whitepaper, October 2006.

Nolan, John.  Confidential: Uncover your competitors’ top business secrets legally and quickly—and protect your own.  1999, Harper Collins Publishers.