Jul 10 2012
Leave a comment
By aggftw Uncategorized

On Personal Branding

I am in the middle of my second internship at Microsoft and wanted to write this first post on some things that I have learned or realized recently.

It turns out, much to the shock of an engineer like me, that out there in the real world sometimes hard numbers are not used as metrics! I write about Microsoft as an example because it is what I know, but I am sure that it is the case for a lot of big and small companies out there.

Our security group, for example, secures applications that come out of Microsoft. The analysts are top notch, and I can tell you that the process has been designed and re-designed to make it of value to our customers, both internal and external ones. Now, this question of value really interested me: how are we making sure that we add it to the applications that go through our program?

Surely, I thought, there must be sensors along the way that statistically tell us how much more or less successful are attacks against the applications we secure than to the applications we do not. Well, I went around asking the team about these metrics, and to my surprise, I found out that we do not have the numbers, for a variety of reasons.

You see, the practice of making software secure, or ‘trustworthy’ as Microsoft would say, has everything to do with how we measure risk and how we desire to cope with it. The combination of impact, probability of attack, and efficacy of response is what determines the inherent risk of an application, according to our team. These three values are inherently difficult to quantify –how would you measure the probability of an attack?–, so experts got together and determined a score for different attributes of an application. That is all warm and fuzzy for trying to decide what to do when we receive a new application, but it does not tell us what the value of our actions is.

How, then, are our customers coming back and are all of our engineers at ease? The answer, it turns out, is that we humans are really bad at calculating risk. We fear much from small risks and avoid any thought of big ones; all the cognitive heuristics and biases that we use, coupled with our risk averse personalities, make us crave for reassurance that our actions are as risk free as possible. That is where trustworthy computing groups come in; that is where we satisfy that craving. It does not matter that we do not know for sure if our actions are adding value or not; our customers do not care, at least not that much. Management certainly does care, it is only logical that we do make things better by checking software than by not checking it, but our customers value more the feeling we provide, the familiarity of the experience, the consistency of the service, the distribution of responsibility, and the visibility of our process.

Anyway, I digress. I will probably write more about securing software some other time, but I did want to arrive to that part about the metrics that the industry values. Of them, visibility is very important, as I found out on my own and as it has been discussed recently because of the stack ranking used at Microsoft. In the tech industry, visibility is king. In the end, visibility is what Jeff Atwood suggested, as many others have, to become awesome: create things and do it in public!

In recent days I contacted Tess Rinearson because a friend of mine told me she had met her over the weekend. I had read some of her posts thanks to Hacker News, and had not realized that she was also interning at Microsoft. I went to her blog, read some posts, and took a look at her resume. I was impressed to see everything she has accomplished for her (slightly) young(er) age.

I suggested that we should meet for lunch and talk about personal branding, something that I think she is good at, even if she does not realize it. I liked her answer. The conversation was something like:

Me: I basically wanted to talk about career dev, personal branding and tech in general 🙂 I like your blog posts.

Tess: Thanks. I honestly haven’t done a ton of that, at least not intentionally. I’m a freshman >.> so mostly I just have been writing and thinking.

She has just been writing and thinking. Well, that is a helluva an answer. I had been thinking of starting a blog for a while, carefully selecting my topics, deciding on what I would be writing in advance. I had it all wrong. Your persona is not something you design and showcase. Sure, you can try to engineer it, but you will only be cheating other people and possibly making a fool of yourself in the future. No, your persona is something that shows every day and that is inherent to all the things that interest you. You do not have to choose what you write about; you do not even have to think too much about what you work on. If your brand is interesting and worthwhile, it will show and other people will enjoy it and find value in it.

So here. This is my first post and this is how I have chosen to showcase it. I had been doing a lot of thinking, but not a lot of writing. I’ll follow Tess’s simple response and hope that the conversation I have with all of you is worthwhile and that it makes for a coherent picture of who I am.

With that said, I leave for lunch. Blue cheese burger anyone?

If you like this, considering following me on Twitter @aggFTW.

Tagged , , , , , , ,

Share your thoughts with us : )