@neirajones

CAN YOU HANDLE THE CRISIS? (or how to win at incident response...)

2017-05-30T09:08:00.000+01:00

As they have all been recent headline fodder, I'm sure you'll be familiar with the most recent incidents and data breaches... Most recently, we’ve had Chipotle restaurants, in 2016, we saw that famously mishandled TalkTalk hack, and only a few days ago, the IT incident at British Airways that left hundreds of people in the lurch over the bank holiday weekend... And these are only a few... Invariably, the fallout of a breach means that individuals will be affected, to varying degrees, depending of the severity of the event. 

What always amazes me is the wide disparity in business attitudes when faced with such a crisis, and how organisations will handle communications, internal or external, if at all... 

So let’s look at the real victims here: the customers, the partners, the employees and potentially anyone that has a connection with the organisation. They may have had their business or personal information stolen and were potentially the targets (at best) or victims (at worst) of scams, fraud, or disruption. Or they might be at some point in the future. What will be done for them and what advice and help will be given? Time always tells.And even if information is not at risk or stolen, the potential reputational damage to a breached organisation can be vast and have serious business implications... 

In the meantime, let’s look again on the positive aspects of fully and effectively communicating important information to the public in the event of a crisis (and that’s for any crisis, not just data breaches). 

 THE NEED FOR SPEED...

In the 21st Century, social media brings a new dimension to crisis communications: SPEED.

One of my older posts highlighted how to prepare for traditional media (training, mock interviews and press conferences, prepared statement structure, do's and don'ts, etc.). 

With social media and modern working practices, time is of the essence in crisis management: the first 24 hours are crucial. This is when people will cast out their digital nets and frantically search for information, whatever the sources. At this stage, the reliability of the sources is less important than their ability to disclose information at speed and many will speculate widely, until the authorised/ official/ recognised/ trusted/ influential sources have performed their validation activity and issued balanced statements. This usually happens within 24 hours and twitter is usually the means of disclosure and everyone will jump on the bandwagon with whatever axe they have to grind against the particular topic, organisation or industry sector... 

Let’s face it: it is not Sky News’s job (or any media outlet’s) to handle YOUR customer communications... Customers won’t thank you for that. NEVER EVER. In fact, if you’re not on top of it, they will be very willing to talk to the press and tell them how bad you have been at communicating. 

And that my friends, is a failure of your own, at best non-rehearsed, at worst non-existent, INCIDENT RESPONSE PLAN. 

But let’s assume for a second, whilst we all know this is rarely true, that an established and a tested incident response plan and adequate processes are in place (if not, see my previous posts on the subject, here and here). 

Therefore, the first thing to realise is that you need to be prepared: THE INTERNET DOES NOT WAIT FOR YOUR CEO TO RESPOND, the news will spread with or without your involvement, but you still have a chance to take control of the conversation. 

So assuming incident response is already well established in your organisation and that you have the right team in place (e.g. Legal, HR, PR, Communications, IT, etc.), you are in good shape as you have most of the technical and procedural building blocks in place. 

One easy block to add (now!) is a web page dedicated to a potential crisis/ incident/ breach. Having this prepared with an easy structure to follow will enable you to control the flow of information very quickly. Since I wrote my original post five years ago, I have noticed that many organisations have tried to implement this. The structure of your crisis communication web page should follow what I call THE THREE “As” OF SPEED and it should include the following sections: 

 ACKNOWLEDGMENT

RULE NUMBER 1: IT’S YOUR FAULT, SO DON’T BEAT ABOUT THE BUSH!

This early, you may not know much, but you could look at: 

What happened? What’s involved? Who attacked you?

Why did it happen? 

When did it happen? 

How did it happen? 

How widespread? 

What/ who does it affect? 

Was personal/ sensitive information exposed? 

How did you find out? 

How are you going to compensate those affected?

BUT FIRST AND FOREMOST, TAKE OWNERSHIP: PASSING THE BUCK OR BLAMING OTHERS IS NOT AN ACCEPTABLE RESPONSE.

Of course, there will be instances where you cannot divulge much of the details (e.g. in the case of a hack. if law enforcement is involved and investigations are on-going), but don't let this distract you from the fact that you have to acknowledge something, even if you cannot share details. The result of no acknowledgement will be inflated speculation, which must be avoided or at least minimised.

And in fact, it reminds me of this very well known quote from Winston Churchill:

"A lie gets half way around the world before the truth has a chance to get its pants on".

And let's not forget, it's not just speculation you have to worry about, but also, depending on what type of organisation you are, controversy, misinformation and disinformation (and we can talk about fake news at length, but that would make this post far too long...).

 APOLOGY 

RULE NUMBER 2: SAY SORRY!

All too often, organisations do not acknowledge that their customers/ partners/ stakeholders/ etc. may be worried/ could be inconvenienced/ need to be reassured (see that text book example of well executed acknowledgement at Stratfor). 

Even if you don't know much at this stage, show you feel the pain and that you are trying to make it go away... Saying you're sorry and that you are listening and seeking answers buys a lot of time and more importantly can quell anger and resentment. See The Power of an Apology. 

ACTION

RULE NUMBER 3: HAVE A PLAN & DO SOMETHING ABOUT IT.

Again, at this stage, you may not know a lot, but you need to share what steps you propose to take/ have already taken to: 

determine what happened, 

prevent it from re-occurring and

maintain the trust of your customers/ stakeholders/ partners/ etc.

You also need to reassure your customers/ partners/ stakeholders and show them you understand the situation. For example, we all know that criminals will piggy-back on any type of newsworthy event or crisis (see here for Target breach), and we also know that this is an excellent opportunity for criminals to start social engineering attacks, especially if the crisis involves the loss of customer/employee credentials, which are always launched very quickly. I’m pretty sure that as a result of the British Airways incident, we’ll start seeing all sorts of free flight ticket scams emerging...

Take this opportunity to warn everyone that this could happen and how you will communicate (e.g. "we will always..." or "we will never...") and make sure everything is consistent (e.g. if you send an email out, make sure the text of the email is included on your website so your customers can clearly see it is not a phishing scam, and avoid including links in emails – also, if the crisis involves the loss of credentials, you may want to seek communication means alternative to email).

When data breaches happen in the US, this is usually when one year free credit monitoring is offered to affected individuals (but only because breached organisations are compelled to do so by law – this has yet to happen in Europe). 

Design your web page with this structure in mind so content can easily be dropped in when needed. Keep the webpage uncluttered and easy to use.

HEAD FOR SPREAD

RULE NUMBER 4: SHOUT IT FROM THE ROOF TOPS!

With your web page, you now have a single, simple, point of referral. But having a web page doesn't necessarily mean people seeking information will listen to you or indeed find it... You need to become the central hub for information on YOUR crisis. As with everything in life, you can't do this on your own.

Again, I offer another set of As: THE THREE “As” OF SPREAD

AMPLIFICATION

Use all the social media avenues available to you: twitter, Facebook, YouTube, Google+, LinkedIn, blogs, etc. Use these to direct information seekers to your crisis communication web pages (see here how Heineken diffused a dog fighting disaster). Do this often (at least two or three times a day to cater for the different time zones, and be under no illusion: the world is watching you even if you only operate in one country or time zone). Keep your web page updated as and when you know more and amplify it by using all the tools at your disposal (e.g. create your own hashtag on twitter first). Offer advice when you can but be careful not to be patronising.

ADVOCACY

RULE NUMBER 5: YOU CAN’T DO IT ALONE!

It is not new that in any kind of crisis communication, third party experts (these can be industry commentators, journalists, experts in your field, etc.) will be the most trusted group: seek out the influencers and give them the information. Also seek out your allies and partners and keep them informed. 

And finally - take a deep breath - trust your employees to be your advocates. There is limitless untapped value in personal social networks... If you want your employees to be your advocates, don’t treat them as a communications risk and be sure they know first (i.e. before the media and external parties) what messages are going to be delivered, and where possible, draft messages that they can use if they so wish. They can not only alert you to opportunities but also to crisis issues via their own networks. The key words here are trust and enablement (see What Can Employees Do to Help Their Company During a PR Crisis? and also what a Miami college did with a mobile app). And it's also a good idea to offer training - after all, even the NYPD is sending its officers to twitter school... 

ADHESION 

Facing a crisis situation does not mean you have to surrender your corporate values and governance processes. Be sure your messages are constructed within the framework of your corporate brand image and company policies. Now is not the time to surrender caution and governance. 

In addition, be clear about your limits: you cannot solve every problem for everyone, so you'll have to think of way of pacifying part of your (unhappy) audience when solutions cannot be found quickly. 

In addition, now is not the time to lapse on customer service: you can be speedy and achieve spread successfully, if you don't follow through with good customer service and deliver on your promises, all this would be in vain... 

STACK THE ODDS

RULE NUMBER 6: KNOW YOURSELF AND BE OPEN!

So now that you've achieved speed and spread, you've got a couple more things to do before you achieve the aim of becoming the de facto information hub for the crisis at hand. 

This is perhaps the scariest step because this is where you have to open up... Yet again, I have Three More As for you and these are about stacking the odds in your favour:  

ANALYSIS

You have to monitor real time content on the various social networks in order to categorise and prepare the type of content needed on your web page. I found a useful infographic giving some statistics for the education sector in terms of social media crisis management (this easily applies to other sectors in my opinion). 

ANSWER 

Invite comments and answer them (on your web page) but also reply appropriately to comments on the various social media channels that you monitor (see above) and again redirect people to your web page. 

Yes, very scary, but bear in mind that not inviting comments will have a negative impact on your brand. It is however possible to manage comments very successfully by remembering a few things: 

not every comment requires a reply and you must know when to disengage;

if a hostile ring leader emerges, it is sometimes best to take the discussion out of the social media sphere and engage directly;

there is never any harm in specifying your rules of engagement (e.g. no foul language allowed); 

keep up with the Joneses: if a negative blog entry is posted, respond with a positive entry from your CEO, etc. 

An excellent example will be the way Shell dealt with the Greenpeace campaign against arctic drilling. As far as I know, Shell decided not to engage, but in the article mentioned, they issued a very dignified reply. They even overlooked the fact that Greenpeace used the Shell logo without permission. Greenpeace also affected the public at large by forcing the closure of 74 UK Shell petrol stations. Whichever way you feel on a subject, public opinion always decides which brand comes out on top...
AGGREGATION 
As you're getting the hang of it, you are now ready to become the de facto information hub for your crisis by posting all related stories on your web page (positive or negative). You will rapidly realise that you only have some amount of control over the conversation. 
You are however in complete control of where the conversation appears on your web page: make sure your opinion and your content have prominent and favourable placement. 

Here we go, a successful social media crisis response strategy in 9 steps:
1) THE NEED FOR SPEED 
ACKNOWLEDGMENT 
APOLOGY
ACTION
2) HEAD FOR SPREAD
AMPLIFICATION 
ADVOCACY
ADHESION  
3) STACK THE ODDS...
ANALYSIS
ANSWER
AGGREGATION
And don't forget, suffering a crisis is not the end of the world, you might just be able to turn it to your advantage... After all, Rahm Emanuel once said "You never let a serious crisis go to waste. And what I mean by that it's an opportunity to do things you think you could not do before."
For the infographic associated with this post, see here. 
As ever, the best line of defence is being prepared... (and maybe I can help you prepare for the inevitable crisis or raise awareness in your organisation, I do love a good workshop and I run masterclasses on the topic!...)
I first wrote on this subject in May 2012. Today, it is still the most popular entry on my personal blog. I am at once flattered and amazed that some musings derived from the good, bad and ugly of how businesses have tackled crisis communications in the past few years still very much resonate with a lot of you. I hope you enjoyed the 2017 edition...
Until next time,

neirajones

COMPLIANCE vs SECURITY: MUSINGS ON THE VERIZON PCI COMPLIANCE REPORT 2015

2015-03-13T11:27:00.000+00:00

Well, it’s the start of all those analytical reports for 2015 and I'm glad that this one is out to give us an account on PCI across the world…
In this year’s report, for an account of breaches in 2014, we have a new addition on the analysis of usage of compensating controls and compliance sustainability… Interestingly, whilst compliance across the case load showed an increase of 80% for companies that validated compliance, it still represented only 20% of organisations assessed, and unfortunately, many fall out of compliance rather rapidly with nearly a third of organisations falling out of compliance less than a year after successful validation… It’s the old potato again: those organisations that haven’t embedded security in their DNA will only ever treat it as a compliance exercise and forget about it until the next time an assessment is due...

One encouraging trend however is the fact that compliance across all 12 requirements went up for all but one of the 12 DSS controls:

In other words, this is where companies have been mostly spending their efforts:

This left me pondering for a minute or two, given that 2014 gave us very substantial breaches that involved lost credentials, and that those very same breaches had in common the fact that they took a long time to discover and all organisations were notified of those breaches by third parties…

I was therefore forced to deduce the following:

Whilst organisations spent more on identity and access management (36% increase) and restricting access to cardholder data (29%) they have spent very little (6%) on restricting physical access to cardholder data (which partly cancels out some of the improvements). In addition, it proves something I have long believed: Role-Based Access Control (RBAC) (and static access control lists, and identity based access control) is no longer sufficient in our increasingly changing technology landscape with a proliferation of end-point that cannot always be trusted. The report recognises this on page 9. It is also a fact that RBAC is difficult to implement properly and no longer fit for purpose in the increasingly connected world as allowing user access to systems or applications depends ultimately on line management decision… If you’re a manager, wouldn't you allow your staff as much access as you think they need, just in case?...
Moving to Attribute-Based Access Control (ABAC) and other newer methods as well as reviewing processes will be a long and arduous road that we all need to start travelling now…
Again, on the subject of access, we must remember that the most publicised breaches of 2014 started with successful phishing attacks… So regardless how sophisticated access management is within a given organisation, if criminals can gain access to your systems by obtaining legitimate credentials through social engineering, that’s game over isn't it? No surprise there give that hardly any money was spent on staff awareness and policies and third party due diligence (4% for Requirement 12, and I remind you of the importance of 12.6 and 12.8 – and on that last one, remember that the Target breach started at a refrigeration company…)
One final point before I leave that well trodden subject alone: whilst companies spent the most on requirement 8, I can’t help thinking, given what we know, that they didn't spend that much on 12.3 (two-factor authentication), which could have prevented a lot of heartache...
The second highest spend was on tracking and monitoring access (32% increase), that’s good news. This means that organisations have spent more on logging and monitoring of the logs. But logging and monitoring is about having the intelligence that enables the discovery that something has gone askew. So once we know something’s not right, what do we do with that information? Of course, we escalate it through our incident response process...
Cue requirement 11 for testing of security systems and processes (7% decrease in spend), and 12 (Policy/ Awareness) with the 2nd lowest spend at 4%, most particularly 12.5.2-3 (staff allocation to incident monitoring duties) and my favourite 12.10 (Incident Response). Conclusion: we may be gathering the data more efficiently, but we haven’t got a clue what to do with it! Don’t believe me? Remember that security personnel at Target knew of their data breach months before it happened… I rest my case.

All in all, we can deduce the following points:

Increased spending has been mostly in security technology.
Limited spending took place in some process related areas but decreased on many and there is still a long way to go.
Very little was spent on people (including awareness) and in some cases spend decreased substantially.

Unfortunately, this means that good efforts were cancelled out and businesses continue to think that information security is a technology matter.... Let's remind ourselves of that oldie but goodie:

PEOPLE, PROCESS, TECHNOLOGY:
AN INFORMATION SECURITY STRATEGY MUST BE TRILATERAL.

Until next time,

neirajones

THE SOCIAL MEDIA SIDE OF PERSONAL BRANDING (and how it helps your business...)

2014-10-14T07:29:00.001+01:00

OK, here’s the thing. Many senior executives I know don’t like social media or don’t understand it. Some are from the corporate species and think that company policies won’t allow them, that the risk would be too high, the cost unjustifiable, that they’ll have to learn too many things and waste rare and precious time for non-existent or unquantifiable returns. Or they may be founders of young organisations that get the tech but just don’t know where to start to derive real benefits quickly.

I get it. In the end, the question is the same: how can it possibly work for me? (because I have no time/ am not allowed/ have no budget/ can’t take the risk/ don’t know the tech/ think it’s irrelevant to my industry or my personal situation – delete as appropriate...), But the very fact that the question is being asked is a good thing.

The young embrace social media because they have grown up with the technology and it fulfils the basic human need to share. Easily and at no (or very little) cost.

The less young, or more established in business, have a sneaky suspicion that social media could potentially fulfill a need, personal or organisational, but many can’t quite put their finger on it.

Let’s examine a few executive profiles:

The corporate executive with many years in large businesses wanting to transform the brand of their organisation or business area into one that is trusted and engaging; and a variant of this which is the start-up founder wanting to make a name for themselves and their new venture.

The same corporate executive, ready to diversify their own career, explore new areas of interest or perhaps even start their own business;

The executive wanting to establish themselves as a thought leader in their chosen area;

The time-poor executive wanting to become more accessible, be it to their teams, colleagues, partners and customers.

These four types of profile have one objective in common: “OUTREACH” to customers, partners, new markets, new sources of information, new people, employees, etc.
In traditional terms, “Outreach”, in its broadest sense, is expensive. It takes the form of marketing, business development, market research, internal communications, partnership development, public relations, competitor analysis, etc. (I’m sure I’ve forgotten a few, but you get the gist...). In traditional terms also, “Outreach” takes time and can be limited, because it has to follow a business governance and organisational framework which may be more or less stringent depending on the size of the organisation.

Answer Number One: Why are CXOs scared of social media? COST.

Because everyone needs a yardstick to assess ideas and concepts. CXOs will automatically compare social media to traditional methods of outreach (e.g. they know the cost of a marketing campaign or a sales campaign or an internal communication event).

Because traditional methods of costing outreach activities do not, on the main, apply to social media outreach, those trying to convince CXOs will need to develop scenarios in each of the pertinent cases and clearly compare costs against traditional activities and outcomes. It’s all about metrics at this stage, and competitor comparisons also help a great deal.

Still on the subject of outreach, and in general, many stakeholders are involved. And they will have different views of the risks involved when deploying new technologies or ways of working. CXOs may find it difficult to reconcile the various policies and governance frameworks within an organisation and may find it constraining, and ultimately time consuming.
Evidently, those trying to understand CXOs will need to be cognisant of this fact and develop relevant scenarios. I wrote about Crisis PR a little while ago, which is one such scenario.

Some stats to help you out (source: brandfog, The Global Social CEO Survey 2014):

83% of US respondents and 73% of UK respondents believe that CEO participation in social media can build better connections with customers, employees and investors.

61% of US respondents and 50% of UK respondents are more likely to purchase from a company whose values and leadership are clearly communicated through executive leadership participation on social media.

Answer Number Two: Why are CXOs scared of social media? RISK.

Ultimately, an organisation may or may not have a social media policy, but they will all have a risk governance framework of some sort. Those trying to convince CXOs must understand the risk framework and associated processes. They must give CXOs the knowledge of how they can work within those risk and governance frameworks, but also enable them to shape the way those frameworks evolve with well constructed scenarios that address their concerns.

These concerns may be loss of employee productivity, damage to company or personal reputation or loss of control over brand and image or even privacy and security risks.
Ultimately, social media is only as risky as the use you make of it, but what is the risk of not being involved? Having answers to those objections is key.

Some more stats to help you out (source: brandfog, The Global Social CEO Survey 2014):

71% of US respondents and 61% of UK respondents agree that a company whose C-Suite executives and leadership team use social media as a public relations channel to openly communicate about its core mission, values and purpose is more trustworthy.
79% of US respondents and 68% of UK respondents believe that having a socially active C-Suite leadership team can mitigate risk before a brand reputation crisis occurs.

Looking back at our four executive profiles, we can see another objective in common: “DIALOGUE”. Whilst social media enables outbound activities (outreach), it’s a double edged sword as it also facilitates feedback. And dealing with feedback is a complex matter. It traditionally takes the form of customer support, relationship management, complaints operations, investor relations, HR operations, etc. Because of the numerous stakeholders involved, it takes organisational and personal commitment to deal with feedback effectively.

Answer Number Three: Why are CXOs scared of social media? TIME.

Senior executives are time poor. Anything that can drive real benefits (tangible or intangible) without consuming too much precious time will be welcome. The objections you may find here can be information overload, resistance to transparency and complex organisational structures.
Again here, those trying to convince CXOs should develop bite size chunks of activities that can drive real benefit and not try to solve company-wide problems at the outset. Developing focused scenarios, within the brand values, targeting areas that would be most productive for the CXO, personally or organisationally, is key.

Social media is only as time-consuming as you make it, but it needs a clear focus.

Some numbers again (source: brandfog, The Global Social CEO Survey 2014):

80% of US respondents and 67% of UK respondents agree that social media enhances the image and reputation of executives.

77% of US respondents and 68% of UK respondents believe that social media is a powerful tool for building thought leadership and enhancing the credibility of C-Suite executives with stakeholders, including the press.

Until next time,
neirajones

DOES YOUR LINKEDIN PROFILE WORK FOR YOU?...

2014-08-26T23:44:00.001+01:00

For those who know me well enough, they will be aware that I mentor people from various walks of life... For the others, this is my small way of giving back to the industries that have served me well throughout my career by sharing tips and techniques I have learned and tried over the years, such as they are... As I can only effectively mentor four people personally at any given time, I thought I’d write this post which I hope some of you might find useful...

Many have approached me with the same question:

“How do I break into [Infosec/ Payments/ Risk] (delete as appropriate),
as I am stuck in the catch 22 situation of requiring experience or certifications to be considered for the jobs I’m interested in, but cannot obtain said experience/ qualifications without a job in that field?...”

Ah yes. The conundrum.

Well, first of all, rejoice: IT IS POSSIBLE.
I have tried, tested and used (and still use) all the techniques mentioned in this post, and they seem to work OK :)))
I always like to be my own guinea pig...

Secondly, you have to be prepared for three months of consistent effort with no obviously visible result.

You’re still reading. Good.

Now that you’re committed and that I have set expectations, this is what I suggest you should do in that three month period:

YOUR LINKEDIN PROFILE IS YOUR FRIEND – MAKE IT WORK FOR YOU.

Make sure there is a decent photo of you
(people like to see people, not some anonymous entity, logo or favourite pet...)

Make sure your profile is up-to-date: I personally do not keep a separate Word CV. Each time someone requests a Word CV, I just extract my LinkedIn profile (you have the facility to export to PDF from the Edit view).
(people like to see very quickly what you’re about, if they're hooked in the first 6 - Yes, SIX - seconds, they'll look at the rest of your story, otherwise you're a "No Fit")

Make sure your summary is written in the First Person: Be interesting. Be personal. Be human.
(people like to talk to people, not to a third party PR agency writing about you)

Make sure your summary is engaging and factual, and avoid using jargon bingo words such as “best of breed”, “synergy”, “team player”, “results-driven”, “self-motivated”, “dynamic”, “hard worker” and my personal pet hate “strategic thinker”...
Do, however, use words such as “achieved/ improved/ won“, “managed/ trained/mentored/ influenced/ volunteered”, “created/ launched/ resolved/ increased/ decreased”, “idea/ innovation” and something related to “revenue/ profit/ budget/ income" never goes amiss. You don't have to use all of these, but you get the gist...
(people like facts and more facts, and numbers)

And if you don't believe me, can you think of anything more pukingly cringeworthy than this buzzword riddled profile that says nothing?...

Make sure your LinkedIn profile reflects what you want to be (not what you are right now) and make sure the skills listed (those that people endorse you for) actually are not only those that you have, but those that you want to be known for (you will get endorsements for what you're known for and as your skills develop, you will start getting endorsements for what you'd like to be known for - LinkedIn even allows you to re-order your skills). And don't forget to endorse connections for what you think they're good at (I personally set aside some time every month to do just that).
(use keywords, list current and desired skills. Look at my profile for an example)

Learn from others: make a point (at least once a week) to send LinkedIn connection invites to about 10 people you would want to emulate. Make sure the connection message is written in an engaging way and personal.
You'll be surprised how much people are willing to help.
I personally do this several times a week.

(connect personally, NEVER rely on the LinkedIn standard message)

Be part of your chosen community: (or communities) Whilst you make new connections, observe which LinkedIn groups they belong to. Try to belong to the maximum number of LinkedIn groups for your areas of interest (I think it's about 50) and choose groups with large numbers of members. Observe discussions and start contributing to them if you can. If anything, it's an excellent news and opinions source. I personally do this everyday.
(be found where those that inspire you are)
Share interesting content: whilst you grow you network, you also want to be known for what you're interested in. The first step here is to post public updates of news articles that you find interesting and relevant. It's an excellent way of getting used to sharing information without actually having to create it. If you have other social profiles for use in a professional capacity (e.g. twitter, Google+), share on these simultaneously to maximise coverage.
Be consistent: if you have social media profiles other than your LinkedIn profile and you intend to use these professionally (e.g twitter, Google+, about.me, etc.), make sure they are consistent. There is nothing more off-putting than inconsistent and out-of-sync digital profiles...
Create interesting content: In the 3rd month (not before), start writing articles. Small at first, 500 words is enough (to give you an idea, this post has 1,168 words), and it should be easy if you write about something that really interests you. You don't even have to write regularly, only when you have something to say. You could use LinkedIn posts for that, or try guest blogging.
Set yourself realistic goals: I know you have a day job, but as with any change endeavours, you need to be able to measure success. Here are a few pointers as to what you should measure: number of LinkedIn connections you have initiated, number of relevant LinkedIn groups you belong to, number of twitter followers, number of people/ businesses you follow on twitter, number of articles you share, number of posts you've written, number of people that have requested to connect with you on LinkedIn, number of people that have added you to circles on Google+, etc. Whatever you choose to measure, make sure you establish your baseline at the start of the period, set your targets and measure your increase over the 3 months.

At the end of the 3 months, you should have grown your network, so people will start noticing you, and then they will start endorsing you, and then recruiters will start approaching you.
But remember, the key to all this is sustained effort, so it needs your absolute commitment... (and it doesn't cost any money, only your time, so spend it well)

As one of my mentors said to me many years ago:

"If you can't change the people, change the people.
Sometimes it's yourself"

There you are. Thanks for reading and I hope you found this of help.
Let me know how it goes for you, and give me a shout if you need any help...

Until next time,
neirajones

UNDERSTANDING THE CLOUD WITH CUPCAKES...

2014-08-06T08:51:00.000+01:00

I love cupcakes. I love baking them and I love eating them...
I also love finding analogies trying to explain relatively complex (or simple but little understood) concepts using everyday situations. And today was my cupcake day, and a few friends last week asked me to explain how "The Cloud" works, so I just put two and two together and came up with a simple picture...

For the purists, I have used the Cloud Reference Model developed by the Cloud Security Alliance. I have also added the Human Resources layer even though that is not strictly speaking part of the reference model, but I thought it useful when looking at responsibilities. The rest simply comes from my own cupcake baking knowledge, such as it is... (and yes, before you ask, I do take my own cake baking implements when on self-catering holidays, you just never know, do you?...).

There you are. Hope you like it. And if you're interested in how to secure the cloud, have a look at this earlier post of mine...

I think I could even be tempted to look at Cloud Deployment Models (community, public, hybrid, private) in the same way (but somebody else already did that)...

Until next time,
neirajones