This Week in Enterprise Tech 570, Transcript

Please be advised this transcript is AI-generated and may not be word for word. Time codes refer to the approximate times in the ad-supported version of the show.

00:00 - Lou Maresca (Host)
On this week, enterprise tech. We have Mr Brian Chief, mr Kersh Franklin back on the show, and this week we have a fascinating segment from actually Brian's former students. We're going to talk about the EU's new cybersecurity game changer, the NIS2 directive, and how it's changing the landscape in Europe Plus. Later on we have Jenna Bellotta. She's SVGA, product and user experience at LaunchDarkly. We're going to dive into the latest DevOps and how it's revolutionizing user experiences. You definitely shouldn't miss it. Quiet on the set, you may be podcasts, you love from people you trust.

00:34 - Jenna Bilotta (Guest)
This is Tweet.

00:43 - Lou Maresca (Host)
This is Twient this week enterprise tech, episode 570, required November 17, 2023, well-placed friction. This episode of this week enterprise tech is brought to you by Miro, the online workspace for innovation, where your team can dream, design and build the future together from any location. Tap into a way to map processes, visualize content, run retrospectives and keep all your documents and data in one place. Get your first three boards for free at Mirocom slash podcast and by look out. Whether on a device or in the cloud, your business data is always on the move. Minimize risk, increase visibility and ensure compliance with Lookout's unified platform. Visit lookoutcom today. And by Noreba. It's a first. Noreba's new pro series the HDL 310 for large rooms and the HDL 410 for extra large rooms gives you uncompromised audio and systems that are incredibly simple to set up, manage and deploy at scale. Learn more at norebacom slash Tweet.

Welcome to Twient this week enterprise tech, the show that is dedicated to you, the enterprise professional, the IT pro and that geek who just wants to know how it's world's connected. I'm your host, lewis Morreski, your guy through the big world of the enterprise. But I can't get it. But I got you by myself. I need to bring in the professionals, so I got a very own, mr Brian Chi. He's network expert, gadget expert. He's all around. Techie Chibrit, you're always busy, you're always doing interesting stuff. What are you doing this week?

02:20 - Brian Chee (Host)
I am working, actually, with a couple of my ex students. There has been a great amount of demand from our viewers asking for us to do deep dives into different types of technology. So Josh Kuhl, one of my students from the University of Hawaii, now works with Infoblox. We're going to go and cover the past, present and future of domain name services and deep dive on that. So the first three Fridays in December is going to be a deep dive on DNS. It is a Legrand experiment. You people asked for it, so spread the word. There should be a big surge in viewership. Hint, hint, hint. But you guys ask. You guys and girls ask for it. So here you go.

03:12 - Lou Maresca (Host)
Thank you. I'm looking forward to that episode for sure. Thank you for doing it Well. We also have to welcome back our very own Mr Kuhl Franklin, his principal analyst at Amdia and man who has the pulse on the enterprise Curtis. Speaking of the pulse, we just had some breaking news.

03:27 - Curt Franklin (Host)
Yeah, things. You know, when we talk about things changing rapidly in the world of generative AI, we're usually talking about technology, but just had a personnel change. Sam Altman, the CEO of OpenAI and, frankly, the person who has been as much as anyone else the face of generative AI for more than a year, is gone. This is one where I don't normally cover those sorts of personnel news, but I'm looking forward to talking to some of my colleagues to try to find out the story behind the story. In the meantime, it's going to be interesting to see if this has any sort of material impact on the way that OpenAI runs and introduces new products, whether it stays with its fairly frantic pace of introducing new products. And it's a reminder that, at the end of the day, while we can all be dazzled by the technology, these are businesses, and if you don't have a business case and business processes, you're not going to have the technology in front of the public very long.

04:52 - Lou Maresca (Host)
Indeed, indeed. When it comes to material impact, we have a fascinating segment coming out. One of Brian's former students brings an exclusive insight into the EU's new cybersecurity game changer, the NAS2 directive. You're going to discover how it's reshaping the digital landscape over there in Europe and we're going to talk about how it can impact us over here as well and later on. You don't want to miss it because we have Jenna Belota she's SVP of product and user experience at Launch Darkly, and we're going to dive into the latest of DevOps and how it's revolutionizing user experiences. So you definitely don't want to miss it because we have lots more to talk about. But you know what. We have to go ahead and jump into this week's news blips. This week, we delve into another groundbreaking development in the world of cybersecurity Seems to be more and more each week of these.

A leading ransomware group known as Alph V has adopted a tactic that's raising the eyebrows in the IT community. They reported a victim company, meridian Link, to the US Securities and Exchange Commission. That's right. A hacker group is reporting to a government agency. Now Alph V's move came to light through a dark web post where they claimed to have infiltrated Meridian Link's network Significantly. Alph V alleges that Meridian Link, a digital lending company, has not complied with the SEC's newly implemented rules on cybersecurity incident disclosure. Now, under these new rules, publicly trading companies must report security incidents with material impact within four business days. Now Alph V contends that Meridian Link failed to disclose such an incident in the stipulated timeframe. Now, this complaint was submitted online, alph V selecting material misstatement or omission in the company's filings option as the violation category. Interestingly, the new rule is yet to be enforced.

Even if Meridian Link's breach is material, they might not be legally at fault. Currently, however, alph V's action seems to exploit the general unease following the SEC's lawsuit against SolarWinds see so, where the SEC allegedly mis alleged misinformation about cybersecurity practices before a major attack. Meridian Link is not compended on the specifics of the breach, but confirmed encountering a cybersecurity incident. They assure that there's been minimal business interruption and no evidence of unauthorized access to their production platforms. In the broader context, alph V active since November 2021, has been noted to use, and it used one of the Black Hat ransomware developed in Rust, targeting both Windows and Linux systems. They've grown to be one of the most active ransomware groups, second only to LockBit, with a focus outside the CAS region. Experts highlight that ransomware groups like Maze have previously threatened to report victims to regulators, but actually follow through has been really rare. Alph V's recent move could signal a new phase of ransomware tactics, blending cybercrime with regulatory pressures.

07:46 - Curt Franklin (Host)
Think you have a handle on what criminal hacking groups look like and where they're based? Think again. According to an article on Dark Reading, a shadowy New Delhi-based group known as APIN no longer exists, at least in its original, former branding, but for several years, starting around 2009, apin's operatives brazenly and not always skillfully hacked into computers belonging to businesses and business executives, politicians, high value individuals, as well as government and military officials on a global scale. Now, journalists at Reuters who investigated APIN's activities collected detailed information on its operations and clients from multiple sources, including logs connected to an APIN site called my Commando. Apin clients would use this criminal commerce site to order services from what Reuters described as a menu of options for breaking into emails, phones and computers of the targeted entity. Now, apin activities included everything from the leakage of private emails that derailed a lucrative casino deal for a small Native American tribe in New York to an intrusion involving a Zurich-based consulting attempting to bring the 2012 soccer World Cup to Australia. In addition, there were numerous campaigns against government officials and political targets scattered around South Asia and around the world. Now, factors like rebranding, employee transitions and the widespread dissemination of skills contribute to APIN being recognized as the pioneering hack for a higher group in India, and the reach of the group was, and remains, amazingly broad.

Sentinel One's review of the Reuters data showed APIN often used a third-party outside contractor to acquire and manage the infrastructure it used in carrying out attacks on behalf of its customers. Apin executives used in-house programmers, and the California-based freelance portal E-Lands now called Upwork to find programmers to code malware and exploits. Apin also sourced its toolkit from others, including those selling private spyware, stalkerware and exploit services. In some cases, apin even became a reseller for those products and services. Now, while APIN itself may be gone, its malicious children have spread far and wide. Many of the organization's former employees have gone on to create similar services that are currently operational and amazingly popular.

10:30 - Brian Chee (Host)
Alright. So first off, I am NOT endorsing this product. However, I recently saw a home improvement show where the electrical contractor added an electrical arc detection device in a renovated home. The gist is that an electrical arc is the harbinger of a full-on short that can cause a fire. While I am NOT specifically endorsing the Ting brand, it was highlighted as a freebie from my homeowner insurance company to reduce the chance of a home fire.

Like the vast majority of Americans, I live in a home that I didn't build and I have an unknown quality of electrical work, tiny mistakes like poorly connected wires, too long wire tails sticking out from switches, plugs and such. During the inspection of my current home, the inspector found a set of wires just sticking up in the attic with loose wire nuts to only protect from the live wire. If the electrical work was that careless, how good a job did they do on the other connections? Devices like these from Ting being sent to me free as part of my homeowner's coverage, or industrial versions like those from Schneider Electric, could potentially save a life by preventing a fire. The bottom line is humans make mistakes and if that human is doing electrical work, that mistake could cost you your home.

Electrical shorts often happen behind the walls or inside devices and by the time the smoke detectors go off you could have a full blown house fire. So I'm deviating from the normal enterprise story in hopes our viewers consider getting proactive about electrical art detection in your home or office and maybe get a nice discount on your fire insurance. One last thing I posted this on Nextdoor recently and have been deluged by some very strongly worded comments that I believe are coming from electricians in the community and they're all saying this is worthless, blah, blah, blah. It's like I'm sorry guy If you've had to go and have something short out in front of you that set a small fire in your garage or in your living room or something you're going to live in fear of house fires, just like I am. And the Ting device isn't that expensive and heck. My homeowner's insurance is giving me one for free and you might want to go and check your homeowner's insurance and rant.

13:14 - Lou Maresca (Host)
So what do you think the worst password of the year is? Well, ironically, the worst ones are also the most common ones. Nordpass, the prominent name in the digital security industry, has released its list of the top 200 most common passwords of 2023. The top of the list? You guessed it. With a little surprise to many of us, it's 123456. And on a classic case of simplicity undermining security, the PIS password can be cracked in less than a second using basic brute force methods. Remarkably, last year's champion of common passwords is, of course, password, but it's now slipped to the seventh spot. This reflects a curious trend in password choices.

People seem to be opting for convenience over security, even in the age where digital threats are escalating. This list showcases a concerning reliance on easily guessable strings. For instance, variations of the sequential numbers, like 12345, so on and so forth, dominate the lot all the way to the top 10. Even attempts are being slightly more complex, like a capital, a lowercase, a 123456 falls short in terms of security. On a more harmonious note, the password capital's unknown ranking 11th ironically takes about 11 minutes to brute force, which is significantly longer than most of the list. And let's not forget the interesting capital, eeliska 81, a peculiar entry in that number 40 spot, used by over 75,000 people. One has to wonder about the story behind that one. For those thinking of upgrading their password game, it's interesting to note that the password the world in your hand, all lowercase, is virtually uncrackable. That's right, taking centuries to guess with brute force. Yet it only ranks 173rd in the common usage patterns. Now, the report also highlights the ease of using password managers like OnePassword or the native keychain app for Apple users. Despite these tools offering secure and convenient solutions for managing credentials, we'll still find a staggering number of people clinging to overly simplistic passwords. So it's a bit disheartening, yet somewhat amusing, to actually consider this. Despite all the advancements in technology and security, they've been out there and I'm hoping that next year's list are still not those repeat performances. What do you think, folks? Maybe time to actually rethink that. One, two, three, four, five password. Well, folks, next up the bytes. But before we get to the bytes, we do have to think.

A really great sponsor of this week, enterprisesec, and that's Miro. Working in the corporate world myself, I know bringing people together, making them productive, is really the key to success in most teams, and that's where Miro shines. It's the online's workspace for innovation. But what does that exactly mean? How can I actually help you?

Miro is one incredible visual place that brings all of your innovative work together, no matter where you're located. It's packed with the right things to be your dream products home base. We're talking six whole compatibility bundles, from product development workflows to content visualization, and it's powered by Miro AI. That means you're generating new ideas or summarizing complex information pretty much instantly. Now Miro can work for any team, but product development teams really get the full experience. It offers teams the richest feature set of any visual workspace, with specific tools to help the strategy or process mapping, facilitating tools to run effective design or agile sprints. Well, you get the picture. Miro connects super seamlessly to platforms you're already using, like Jira, confluence, google, asana, so you centralize work in a way that makes sense for your team. They don't need to leave Miro to update projects or statuses in any of those tools. You can do it all through Miro. It also ends up being a massive time saver. Miro users report saving up to 80 hours per year because they streamline conversations, they cut down on meanings and see all the most up to date information all in one place. Miro also just released a board video recording featured, called TalkTrack, to save even more time, we're talking about pre-recording your thoughts and leaving it on the board instead of scheduling the millionth meeting of the week. Go on, try it for yourself. Get your first three boards for free to start working better. At Mirocom slash podcast. That's Mirocom slash podcast, and we thank Miro for their support of this week in Enterprise Tech.

Well, folks, it is time for the bites of this week. We turn our focus to the European Union's latest stride in cybersecurity. That's the NIS2 directive. Now I'm going to thank Brian here, because his students brought this up and then he sent us the paper and guess what? I had a little bit of a book report here. I got to read a nice long paper, but I think the directive represents a significant overhaul of the EU's approach to cybersecurity. I mean to really elevate the common level of cyber resilience that we're seeing across a lot of the member states that are over there.

The original NIS directive was the EU's first legislation that was targeting cybersecurity. However, it's implemented and it was revealing well certain limitations which prompted the need for more robust framework that they built here. Now enter NIS2, which came into force on January 16th. Now member states have until October 17th till next year to actually transpose its measures into national law. Now the directive is pretty ambitious. It's expanding its scope to obligate more entities and sectors to enhance cybersecurity measures, and it's response to an increasing complexity and scale of those cyber incidents that we hear about every week, which poses a growing economic and social impact.

Now the directive sets out to increase cyber resilience, reduce inconsistencies in resilience across the internal market and improve joint situational awareness and collective response capabilities. So we'll talk about a little bit about what those are in a moment. On a more notable aspect of it, it focuses on the cyber security of supply chains and information and communications technologies, especially relevant in the era of IoT. It also addresses the need for more stringent supervisory measures, stricter enforcement and harmonized sanctions across the EU. Now, moreover, nis2 removes the distinction between operators of essential services and digital service providers, aiming for a more unified approach here.

Now the directive mandates entities to take adequate cybersecurity measures. It emphasizes the importance of incident response, supply chain security, encryption and vulnerability disclosure. So for me, this new directive marks a significant step forward in the EU's cyber security landscape. It addresses current challenges a lot of things that are out there and attempts to anticipate some of the future ones that are coming out. It underscores the EU's commitment to safeguarding its digital environment against evolving cyber threats. Now I want to bring my co-host back in, because this is a very interesting move and I think it can definitely apply to a lot of things we talk about, so you're going to go to you first.

20:14 - Brian Chee (Host)
Well, I'm going to read a comment. I got very early this morning, florida time and I got this from my student. His name is Claudio Bola. He's the group CISO at INEOS. His comment is the EU NIS2 legislation is a good way forward. It says that it is somewhat generic and introduces undefined terms such as cyber hygiene and a big emphasis on third party and supplier risk management, without being clear on what we should do with it. I am hoping that the transcription into law by the various EU countries will remain homogenous, but that it will also add more details and definitions of some of the requirements.

I personally think this is a fantastic step forward and, upon reading the documents, this is dramatically less ambiguous than what I first read in GDPR. It's definitely a lot less ambiguous than things like Starbucks and so forth, which are a train wreck waiting to happen. If you ask me, the reality is, is our Congress, our Congress critters, need to have us as a group, this as an industry? Deluge them with this text? They need to go and play catch up. The United States literally invented the internet. Why are we so behind on security? So I would like to say to our industry a challenge First the heck out of Congress. Get them to get off their seating posterior and to actually do something, because we as an industry need something. Otherwise, we're going to have serious, serious problems in the long run and we should not make ourselves such easy targets and rant.

22:24 - Lou Maresca (Host)
I want to get Curtis's point of view on this as well, especially how it's going to impact the enterprise. But I also want to ask a very specific question. It's the fact around SMB. So obviously, the more these directives, especially in the EU, kind of include more scope, include more entities, clue more things to adapt their cybersecurity strategies, how do you think it's going to impact these small businesses? You think they're going to be able to adjust as quickly as they need to be to be able to follow these policies?

22:53 - Curt Franklin (Host)
Who would you like to answer that?

22:56 - Lou Maresca (Host)
You for sure.

22:57 - Curt Franklin (Host)
Me for sure. Um, I think that small and mid-sized companies are going to have some trouble because, you know the um, the EU defines its jurisdiction as extending to any company that has a European citizen as a customer and, as we all know, there are lots and lots and lots of small US based companies that have European customers. I know of a number, you know. These are companies with two to six employees and they probably do a total of I don't know 20 to $100,000 a year in business with Europe, but unless I missed some specific carveouts, they could very well end up having to comply with these dictates. Now, with that said, I think there are a couple of things that this shows in in stark relief. One of them is that cyber issues are now seen as an issue on par with the most significant financial and um health issues that occur, issues that a company can can face. So you know it's right up there with employee safety, financial issues, all of that. The second is that, from an investor and customer standpoint primarily investor, but also customer transparency is the new order of the day.

Um, one of my least favorite phrases is security through obscurity. Um, I think it's a lazy and generally crap kind of uh way to get security, and what this says is that if you're hoping to remain secure by simply not telling anyone that you've been compromised, that's not going to fly Um. Will there be unintended consequences to this? Absolutely Uh. Some of them are those companies that are sort of on the margins uh being affected. Uh, some of them may be this new type of extortion that we're seeing. Uh, we had the uh. We covered it in one of the bites Um where we talked about I'm sorry, one of the blips where we talked about um, a threat actor going to regulators saying oh, we know that this company has been compromised because we did it Um, so there are things to be worked out, but I think that, overall, this is absolutely a good direction to be going in for everyone concerned for investors, for customers and for the companies themselves, because it will force them to be more regular in how they treat security issues.

26:22 - Lou Maresca (Host)
Right, yeah, I think the I do want to create some, some help with some of the distinctions for this thing, because I think there's there's obviously the papers pretty long. It talks a lot, a lot of things. Like Chipper said, it's pretty specific about some of the things it's talking about, but one thing it does call out is it says that it's distinction between operators of essential services and digital service providers and in order to balance compliance more. Can you guys maybe help me a little bit along of what does that mean? What does that mean for this directive? How does, how is it going to change things?

26:57 - Curt Franklin (Host)
Well, you want to take that. Yeah, I. I think that this is, in some ways, a writing into regulation Some of the concepts of what we call shared responsibility.

Shared responsibility is something that any company that uses cloud services knows about, and basically it's a way of discarding. You know, if you have an application that sits on the cloud, who's responsible for its security, and rather than saying that it's all a you know wibbly, wumbly, cloudy, wouty ball of stuff, it is instead fairly clearly defined where a particular responsibility begins and ends. If you are with a hosting service, for example, they would typically have responsibility for the metal itself and perhaps for the operating system above that at the application. If you write the application, then you have responsibility for the application security, and if you're storing stuff on AWS or Google or Azure or some other place, then they have responsibility for the security of the platform, while you have responsibility for the security of the data and why it's put there. It gets complicated, but it does define where the responsibilities lie, and I think that this is a useful piece of writing that into some regulation.

28:57 - Brian Chee (Host)
Indeed, indeed. My last comment is I told you so. We actually started talking about this probably a good three or four years ago, saying hey, if we don't do it ourselves, someone's gonna do legislation, and lo and behold voila, there it is.

29:17 - Lou Maresca (Host)
There it is Well, thank you, cheebert. Well, I think it does it for the bytes. Next up we have our guests. But before we get to our guests, you have to take another great sponsor of this week in Enterprise Tech, and that's Lookout.

Business has changed forever. You know that's boundaries to where we work or even how we work have literally disappeared. That means your data is always on the move, whether you're on a device or in the cloud, or you're across networks or even at the local coffee shop. Well, that's great for your workforce. It's challenging for IT security. Lookout helps you control your data and free your workforce. With Lookout, you'll gain complete visibility into all your data, so you can minimize risk from external and internal threats, plus ensure compliance by seamlessly securing hybrid work.

Your organization doesn't have to sacrifice productivity or security, and Lookout makes IT security a lot simpler. Working with multiple point solutions and legacy tools in today's environment is just too complex. With its single, unified platform, lookout reduces IT complexity, giving you more time to focus whatever else comes your way. Good data protection isn't a cage. It's a springboard letting you and your organization bounce down toward a future of your making. Visit Lookoutcom today to learn how, safeguard data, secure hybrid work and reduce IT complexity. That's Lookoutcom and we thank Lookout for their support of this week in Enterprise Tech. Well folks, it's my favorite part of the show. We're gonna guess to drop some knowledge on the Dwyeri until we have Jenna Bellata. She's SVP, a product and user experience of launch and a nurse.

I'm so excited, I'm really excited about this conversation because I am not a UX expert but I respect it quite a bit, especially in engineering. But before we get to that, you've had quite their career, especially in design, whether it's places like Google, dropbox. There's so many, many great places in that list and our audience is a really big spectrum of experience, whether they're starting out or their CTO's. Can you maybe take us through a journey through tech, where it brought you to launch through Tech and where it brought you to launch Darkly, sorry, Absolutely.

31:30 - Jenna Bilotta (Guest)
Yeah Well, thank you so much. I got started in Tech about 25 or six years ago, so really the blue is just covering up quite a lot of gray and I went to school for I got my master's degree in computer science, but on the HCI side it's kind of a blend of computer science and behavioral psychology and studying how humans respond to technology. And yeah, so I did this really interesting thesis project in school around how people with brain injuries perceive different types of design and icons and typography and I was trying to see if there was sort of a design approach to improving cognition for folks that have suffered a traumatic brain injury. So that was really interesting, kind of blending the behavioral psychology, science and people with disabilities kind of area. Then I sort of took a normal path through, started in a sort of usability consultancy and then the dream job of all Google back in mid 2000s dropped on me and I packed all my stuff and I moved to San Francisco and honestly, like I was a design director before I got to Google and it was the most humbling experience because I got there and just everybody was brilliant and everybody was like we're changing the world and I was like I don't know how to text. So I landed in Google. I was like, oh, I've ruined my life, I'm not smart enough to be here. And then, thankfully, I stuck it out and about three, three, four months in I was like, okay, I do belong here. But I distinctly remember a phone call on the third day back to my parents, like I've wrecked my life, what have I done? I was at Google for five years. I learned a lot about scale technology at scale. A lot of the kind of open source stuff that we use today. A lot of the developer tooling that we use today was built as homegrown in Google back in the day, so like Borg and all these things. So I just kind of grew up with that and I at Google, especially in the mid 2000s, engineers ruled the world and if you weren't a designer or a product manager who knew how to communicate with engineers and you know translate different requirements and specs to engineers, then you were not successful at Google. So that's kind of like embedded in my DNA.

In the middle part of my career I was an entrepreneur. I raised money. I did the Silicon Valley thing. I did that for a few years, made a product called Avocado, which was a sort of if Google docs and WhatsApp got together and had a baby, but it was just for a family or a couple, like it was kind of a messenger and a to-do list. Stayed in the startup land for a while, worked with some buddies that created Chrome and we worked on some open source database stuff. And then the latter arc of my career has been more in larger companies, helping them scale product and design practices and scale that quality out across hundreds of designers or product managers or even just a massive business unit that had like quite a lot of footprint, if you will. So you know, kind of thrown in the deep end at Google, built up my IC skills In the middle of my career.

It was all about entrepreneurship, tiny startups, making something from nothing, learning the business of things. And then the latter half of, or the latter third of, my career so far has been really scaling up. So kind of how I ended up at LaunchDark. It kind of feels like coming home, like back to the developer as the user. I love you know the idiosyncrasies of like engineering types and I love understanding how their brains work and what they're thinking about. But I also just want to bring some of my approach to building product, which is humanity, back to developer tooling. I kind of want to open the aperture a bit and make it more accessible and make it more, make it a friendlier place to be. So that's kind of my, my mission and why I chose LaunchDarkly.

35:56 - Lou Maresca (Host)
I love that a lot. I love that a lot and, like I said, I have a deep appreciation for UX design and because it can really make or break products, services, usage rates, productivity, you name it especially in the world of dead ops. I live in that world, asian, every day. I want to get your advice on some things. I mean it's an evolving landscape. You know what is some good general practices and principles that companies should do to help prioritize when they're developing software, billing services, tools, that kind of thing to help align with the needs of their user and the expectations.

36:29 - Jenna Bilotta (Guest)
Yeah, I think I think that's evolving. I think that you know the sort of innovation in the dev ops space has been happening pretty rapidly over the last decade or so and the approach at the beginning was you know, engineers are a highly technical audience, they're a highly technical user. They read, they live in docs, they can figure things out, they want ultimate configurability and I think this is part of what I want to change. But this is something that I'm starting to see change with some of the you know, kind of like newer, more scrappier, smaller tools that are entering the landscape. They have way better user experiences because you know what it turns out that engineers happen to also be human beings, so we don't need to expect them to read the manual on every single tiny configuration change. Now, that doesn't mean that they don't need that power and that customizability and that configurability, but there's a way to scaffold that out that the first, you know, the most common experiences can be quite approachable.

Really, what we hear in our customer advisory boards and kind of just talking to customers all the time is, like you know, long story. You created this category, which is like feature management, as a SaaS product and you know you have been working on this for 10 years, you know what the best practices are in releasing and operating software and production. Like. Just tell us what to do, like help us be the best that we can be at feature management by putting those best practices in the product. And so I think the really big shift that I'm seeing in the DevOps space is the shift from being sort of unopinionated basket of configuration capabilities to really opinionated. There are some things that you can do to prevent incidents, to kind of get consistency in your release processes, and those are going into the products, like they're being set free from docs, waste lands and actually being codified directly into the products. And I like I love that for this, for the, for the dev tooling like the DevOps space.

38:35 - Lou Maresca (Host)
Now, since we've established that software engineers and service engineers are humans, that's good I think that we should also figure out and maybe give some advice to you know, maybe, how to bridge the gaps. Just general advice, maybe is you know talking more around, maybe key strategies to help you know, enhance the connection between user experience and user experience and, obviously, development Is there. Is there some good principles to follow there?

39:02 - Jenna Bilotta (Guest)
Yeah, I mean we have a set of product principles that we operate off of internally at LaunchDarkly, you know one of them is keep the trust jar full. You know we kind of operate on a hierarchy of needs and trust is the first one. We always have to keep the trust jar full. There's ways that you can keep the trust jar full and there's big ways and little ways. The little ways are like you don't really want to trust a product if there's a typo in it, right. Like you want to make sure you're paying attention to detail. It's all of that stuff and it accumulates. But also you don't ever want to hide anything. You don't ever want to occlude anything, especially as it approaches something that could be incident causing, right. So if you change or delete a tag that's attached to something in production, you know you could cause an incident without actually knowing you know that it's going to cause an incident because it kind of has downstream effects that you don't see right there. So there's things that you can do in the product to make sure that you're messaging at critical points of either you know, severe risk or risk of work, deletion of some kind, data deletion of some kind, and then there's generally other.

There's a principle that we've been following for our latest launch, which is we are really taking a step in kind of getting way more opinionated about what we think people should do, as the 80% case, and so we have this sort of it's kind of cheeky, but we're calling it Lego kits, not Lego bricks.

So LaunchDarkly in the before times was a big basket of basic Legos, the six pin or the you know nine pin Legos that you can make anything you want, and people have made incredible things from the basic brick. However, it is also really fun to build the Death Star right with like custom pieces and you, when you open the box, you see all the bags and they're all labeled one, two, three. You know and and you know where you're going. You know that you're heading to the Death Star. So I think that that's and then the bridge between those two things because engineers want both is really just the blueprint of where you're headed and just the scaffolding to say you can kind of scaffold it, scaffold the additional complexity and additional configuration capabilities. After the 80%, after you know you show the blueprint, after you show that the map to the destination. So yeah, so we try to, we try to operate that way. It's a kind of a big shift for us, but hopefully, hopefully, other folks follow, you know, follow our lead and create more opinionated experiences in the DevTooling space.

41:39 - Lou Maresca (Host)
So basically just the create being more opinionated. Does that help with? Because obviously companies want to rapidly develop, they want to rapidly deploy a lot faster, but they still obviously want to have that other side of the seesaw, which is maintain really high user experiences, high quality. Do you think that having that opinion helps with that balance?

41:58 - Jenna Bilotta (Guest)
I think it does. You know it gets at LaunchDarkly. We start with the story. We start with the story of user values. So, for instance, we've just released a migration flag manager, right.

And there are all kinds of technology migrations. They are risky, they are big, they are multi-year sometimes. The one I was part of at Gmail we went from single home to dual home backend took 18 months, I think maybe two years, but there's all kinds of smaller ones too. You're updating an API endpoint, you're updating your email provider, whatever. These are things that people need to do, right, if you're not modernizing your tech stack, you're probably not growing as a company.

We consider modernization a healthy sign of a healthy software development organization, but in the before times you could have done that with flags and setting up your variations in your cohorts and everything. The difference now is you go to LaunchDarkly and you see, create a technology migration and it sets up all the variations for you and it creates shadow mode and live mode, all based on best practices, and it helps you set up your cohorts by risk profile and it monitors operational metrics like latency and errors and we've introduced a consistency check if you're doing a database migration. All these things that people need. They were clobbering them together with different pieces of tooling in the DevOps landscape. I don't know. I feel like that should be way easier to do and less stressful and more guided If people really wanted to do a migration, not using our migration flag templates there. Certainly that capability still exists in LaunchDarkly and you can set it up in your fully custom way if you want to.

43:53 - Lou Maresca (Host)
Very cool. We have lots more to talk about and I'm sure my co-host want to jump back in as well, but before we do we do have to thank another great sponsor of this week at Enterprise Tech and that's Nareva. Nareva Meaning Room Technology. Audio Technology has a history of really wowing IT pros. Duquesne University has a hundred Nareva devices installed and one of their senior technologists recently said I can't say enough about how impressed I am. Audio has been my life's work for 30 years and I'm amazed at what Nareva Mike and Speaker Bar will do.

Nareva has made another leap forward with the introduction of their pro series featuring the HDL 310 for large rooms and HDL 410 for extra large rooms. For the first time you get pro audio performance and plug and play simplicity in the same system. Before the Nareva Pro Series, multi-component pro AV systems were the only way to get pro audio performance in a large and extra large room. Nareva continues to amaze IT pros with the pro series. Their online demo highlights the Nareva Audio Expert being heard clearly from under a table or behind a pillar or any other obstruction. It's pickup performance that many conventional systems can't match.

Let's talk coverage. The HDL 410 covers rooms up to 35 feet by 55 feet with just two mics and speaker bars. Imagine equipping an extra large meeting room or a lecture hall with two discrete wall mounted devices. You can even use them individually in a divisible room. The HDL 410 also features a unified coverage map which processes mic pickup from the two devices simultaneously actually create a giant single mic array. The HDL 310 covers spaces up to 30 feet by 30 feet with just one mic and speaker bar.

Nareva is all about simplicity. In fact, the HDL 310 actually takes 30 minutes to install and the 410 takes 60 minutes. Continuous auto calibration Nareva Audio automatically and continuously adapts to the changes in the room's acoustic profile. With Nareva Council, their cloud-based device management platform, it takes the pain of a tasks like firmware updates, checking device status, changing settings and a lot more. Bottom line, with the Pro Series, nareva makes it simple to quickly and cost-effectively equip more of your spaces with remote cooperation. Learn more at narevacom. That's N-U-R-E-V-Acom, and we thank Nareva for their support and thank you for joining us. Welcome to the next episode of this week in Enterprise Tech. Well, folks, we've been talking with Jendon Bilata, sve Product and User Experience at Launch Darkly about user experience and DevApp tools, but I do want to bring my co-host back in, because they have lots of talk about here as well.

46:45 - Curt Franklin (Host)
Who should we go first? Curtis, why Sure? Why not Welcome? And it's wonderful hearing you talk about the user interface, especially the user interface. And here I've got a question as someone who studies user interfaces and how people relate to those is the expectation of a user interface changing over time, or is good design one of these eternal truths on every platform and in every age?

47:26 - Jenna Bilotta (Guest)
Oh, that is such a complicated and good question. There have certainly been products out in the world that were terribly designed, that were wildly successful. I don't know if you used Uber and the very first time it was released, but, holy moly, it was not great. It just turned out that trying to get a cab in San Francisco was way worse. So I think that it's not a fundamental truth, it's not always a and I'm saying this as, like a deep history of design career it's not always table stakes. It really isn't.

If you're creating something that didn't exist before then and it fills a real pain, a real need, and design is not at the top of the list, but the thing works and it fills that need, then design will come. I do think that customers, people, human beings expectations are evolving way faster than the discipline of design and user experience are, so their expectations are being set by the world's best products like Apple, iPhone, all of these things, and it is not a luxury that companies can afford to have poor design. When Apple is out there with the Pace car and Apple does center design right, they have the most beautifully designed hardware. I will reserve my judgments on this show about the software, which I feel quite different about, but the Apple hardware is the best in the world and people's expectations are being set by things like that.

49:16 - Curt Franklin (Host)
Well, one of the things that I'm interested in. You will, of course, be really familiar with the idea of the friction of a transaction, in other words, how much grit the simple process of using something adds to the delay in getting from where you are to what you want the result of the transaction to be. The area that I live in is security, and there are people who seem to believe that secure applications require lots of user friction. There are even security experts who talk about security theater, yeah, where you intentionally add unnecessary friction just to convince people that they're having a more secure experience. Where do you come down on that? As you know, with your tools, do you still try to minimize the friction of the user experience, apart from how secure it is? Do you see a relationship there?

50:33 - Jenna Bilotta (Guest)
There is a thousand percent a relationship there. It's been one of the tools in the toolkit of product folks and user experience folks. You can introduce friction around critical moments to increase the awareness of what action is taking place. You can actually use it as a tool to make sure people are really paying attention. One of the things that we know and love about humans is that most of the time they're not really paying attention. No one reads what the copy is on the page. But you can introduce friction to heighten the awareness and create that attention signal that is necessary for critical action.

My personal bar is if it's going to cause the deletion of work I've set something up and then I lose it or if it's going to cause the deletion of data permanent deletion of data that's also a place to introduce friction. Then in Launch Darkly's world there are things that are higher and lower risk. For instance, setting up permissions on your members. You have a brand new engineer. Maybe they're just out of school. How do you want to talk about what they're able to do in production? Are they going to have full access over production? That process of assigning roles, making sure that the custom roles have the right permissions and the product. That's all stuff.

Where friction feels healthy, friction feels good. Friction increases the attention signal. The time to value of a product should be the lowest friction thing that exists in security software, in dev tooling and consumer software. People need to hit that value moment as soon as humanly possible because that's how they create connections with your product, that's how they stay sticky, that's how they spread your product in an organization. What's the point of using a product if you're not trying to get value from it? It's kind of a balancing act, but I tend to leverage friction in user experience to heighten the attention signal.

52:47 - Curt Franklin (Host)
I like that. Well, I've got one more question. This one is a little bit offbeat, but what the heck I get to ask these. I have heard it said that no one who prefers to drive a straight shift car should be allowed to design a user interface for anything. Are there any of these sort of non-tech related things that you look for as a sign that perhaps someone has an attitude about what a good user experience is that could conflict with the expectations of a lot of people, whether it's using a vehicle with a clutch or deciding that they want to use a fountain pen rather than a keyboard for personal correspondence.

53:44 - Jenna Bilotta (Guest)
That is such an interesting question. I love it. I'm definitely banking that one for later future interviews, but I think the answer is no. The reason why I love my job is that human beings are wild and wonderful creatures that are always surprising you. I think that if, 25 years into my career, if I wasn't still being surprised by the humans that I'm in service of, I would probably have bounced from my career a long time ago. I love the weirdness of humanity and I love the messiness of it. I want to be able to create an open door for the stick shift users and the fountain pen users and those mechanical keyboard engineers. We actually had a person interview at Launch Darkly and they brought their own mechanical engineers and met mechanical keyboard to the interview. I think software, the point of technology, is to create access to information and to services into the world. It shouldn't be exclusive of people who have other questionable design choices in their lives. I don't know. What do you think?

55:06 - Brian Chee (Host)
Actually, I'm going to take off now.

As a project engineer within the US federal government, I had an interesting array of people working for me and I'd go and order different things being built. Devops was one of those things that was always a challenge because I had such a wide variety of personnel working on projects. In my case, some of my people were spread literally across the globe. What I've been looking for is a DevOps tool that will help me get my people to stay in their lanes. It's sounding like Launch Darkly has some of these tools to help me at least get my people I don't know, maybe marching in the same direction, for lack of an analogy.

56:01 - Jenna Bilotta (Guest)
Yeah, absolutely. That's one of the things that I think is one of my personal quests at Launch Darkly, which is in larger organizations, especially federal government, you name it engineers are really opinionated. If they don't have a solution, I see a lot of nodding. If they don't have a solution that immediately solves a need, they all roll their own, they'll find another tool and then you're getting into a patchwork situation. Those opinions fly high and the tools compete and then there's this weird land grab that happens in an organization. Then you end up with 30, 40 DevOps tools that are used by all the different teams or even just an individual engineer. Release processes suffer, consistency suffers, quality goes down. I do think that, first and foremost, the tool has to be amazing so that engineers say this is better and easier than what I was doing, because it has to be quite obvious.

Then, within Launch Darkly, we've created a bunch of guardrails, again going back to Lego kits. We've created those guardrails, those happy paths through the product that help with that consistency, that help with getting people on the literal same page. We're really leaning into that release moment, the moment that the change that's wrapped in a feature is expressed to your end customer, to your end device Releases are scary. We want to make them not scary, but releases are scary because lots of things could go wrong and if everybody's rolling their own thing and not doing the release checklist and not doing all the same processes, you're getting paged. Basically, you could wreck the release.

One of the things that we've launched recently is release pipelines, sort of similar to code deployment pipelines, but more on the release moment of expressing the change in production. Those pipelines can be created by a release manager or a DevOps manager and they have all of those sort of checklists by phase. You can put audiences and environments in certain phases and you have to pass through all the phases in a specific order. Everybody in the organization has to follow the same release pipeline. You can attach all your governance and enforcement and your best practices on soak times, on approvals, on what has to happen before production goes live. All of that's built right into LaunchDarkly so you can take control of your release process.

58:43 - Brian Chee (Host)
Actually, your PR agent threw me some interesting text. He calls it a kill switch for software code. That sounds like a really cool tool, especially because things don't all get done at the same time.

58:58 - Jenna Bilotta (Guest)
Absolutely yeah, releases are complicated. You can release one thing like a new feature or maybe a new homepage or something like that that might have four or five flags in it. You might have a video event and you might need to turn that off in certain locales if the video isn't available. The promise of feature management as a category is the ability to instantly remediate bad code. There is never going to be a world.

59:34 - Ant Pruitt (Co-host)
Well, maybe I don't know, we'll see what happens with AI.

59:39 - Jenna Bilotta (Guest)
I feel like, for the foreseeable future, there's not going to be a world where bad code doesn't get written. If you're not writing bad code, then you're not trying hard enough to create something new. Yeah, we're all human. But the thing that the kill switch does is you can wrap some piece of code in a feature flag and, without another deployment, you can kill it in production instantly. You can do that while you're doing your forensics to figure out what happened and while you're remediating your code. You don't have to do a new push, you don't have to do a new code deployment. That's the foundational promise of feature management as a category. Sometimes people call it kill switches, because, well, kill switches are great, for even if you have a sophisticated code base and you want to introduce a third-party library, for instance, you have no control over that library and they might introduce bugs, they might introduce critical errors, they might introduce vulnerabilities to your code base. If that happens, you want to just get rid of it instantly. That's what feature management can do.

01:00:50 - Lou Maresca (Host)
Dennis, such a great show, such a great segment. I have so many more questions. Unfortunately, we're running low on time. Thank you so much for being here. I did want to give you a chance to tell the folks at home. Maybe they can find out more about LaunchDarkly, where they can get started, where they can start using tooling, that kind of thing.

01:01:06 - Jenna Bilotta (Guest)
Absolutely. Thank you so much for the opportunity. You can find us at LaunchDarklycom. We're pretty easy to find. The website has all of our up-to-date launches from three weeks ago around risk mitigation, around APM, operational metrics protections. We have some new experimentation goodies around funnel analysis. We have a whole new mobile experience for managing your mobile app lifecycle. Each one of those can be found on LaunchDarklycom. I'll also say that we'll have a significant presence at ReInvent next week. We'll have a booth. If y'all are there, stop by the booth, say hi. I'm easy to find. We love to talk about it. You can get your hands on the software at our booth at ReInvent. We can show you some of the magic that we believe in.

01:01:58 - Lou Maresca (Host)
Thank you again. Well, folks, you have done it again. You sat through another of the best thing in a prize an IT podcast in the universe. So definitely tune your podcast here to twy. I want to thank everyone who makes this show possible, especially to my amazing co-host, sine the very own Mr Brian G Cheebert. What's going on for you in the coming weeks? Where can people find you and get a hold of you?

01:02:18 - Brian Chee (Host)
I've been up 30 or 40 feet up in the air in a snorkel lift doing fiber optic stringing and getting rained on. Anyway, if people want to hear more about the wacky things that I'm doing, I still use Twitter. I still kind of a dinosaur on that. Sadly, I also use Facebook. I'm not sure I want to admit to that, but your best way of ranting at me or making suggestions for shows that you would like to see is email. I'm Cheebert, spelled C-H-E-E-B-E-R-T at twittv. You're also welcome to use twy at twittv and that'll hit all the hosts and I will say it is from an email thread and actually some Twitter threads where we came up with the first three shows. The first, well, first three weeks in December we're going to be talking about DNS in some really, really gory detail DNS past, present and future. We're going to have a bunch of folks from Infoblox some of my ex-students talking about that and speculating where we might be able to go and make DNS a better place in the world.

01:03:39 - Lou Maresca (Host)
Thank you, cheebert. I'll have to thank our very own, Mr Curtis Franklin Curtis, thank you so much for being here. Where can people find your work and what's going on for you the coming week?

01:03:48 - Curt Franklin (Host)
Well, for the coming week they can find me sitting around either preparing for or recovering from a Turkey coma, and aside from that, I've got a couple of things that I have published. Getting ready to publish my trends to watch for 2024 is out on omniacom, as is my market tracker, for my practice includes information on both the cybersecurity awareness training market and, for the first time, the cybersecurity professional training market, also looking at a number of different companies. I've got things that I'm looking forward to writing. Actually, I'll show you what kind of a weird guy I am.

While I'm off for the next week, I'm hoping to get a couple of pieces written so that I can think about them and not be busy doing other jobby kind of things while I'm writing. Aside from that, just you know, running enjoying the cool crisp mid-70s here in Orlando in the late fall and looking forward to meeting people who are part of the twilight riot on Mastodon, where I'm KG4GWA at sdfmastodoncom. On Instagram, where I'm Kurt Franklin, threads the same thing. I have moved off of X pretty much onto threads and at this point I'm not regretting that switch. Or, for most of my stuff, best place to find me is on LinkedIn, linkedincom, slash Curtis Franklin. Hope to find you someplace and see you next time here on twilight.

01:05:44 - Lou Maresca (Host)
Thank you, curtis. We'll also have to thank you as well. You're the person who drops into each and every week to watch and to listen to our show, to get your enterprise goodness. I want to make it easy for you to watch and to listen and to catch up on your enterprise, and it continues. You should go to our show page right now twittv, slash, twy it. There it is. You'll find all the amazing back episodes, the show notes, coast information, guest information, of course, but of course, more importantly, there, next to those videos, you'll get those helpful Subscribe and download. Support the show by getting your audio version or video version of your choice. Listen on any one of your application, not devices, or any one of your podcast applications, because we're on all of them Podcasts, your Apple Podcasts, youtube, you name it. Definitely subscribe and support the show, and you can also support the show and the network by joining club twit. But you know what? It's a great thing because it's a members only, ad free podcast service with a bonus twit plus feed that you can't get anywhere else, and it's only $7 a month. And there's a lot of great things that come with it. One of them is exclusive access to the members only discord server. You can chat with hosts, producers. There's lots of separate discussion channels. Plus there's a really amazing special event, so definitely check it out. Lots of fun stuff there.

Join club club twit, be part of that movement. Go to twittv slash club twit. It offers corporate group plans as well. That's right. It's a great way for give your entire team access to our ad free tech podcast and the plans start with five members at a discount rate of $6 each per month. You can add as many seats as you like there and it's a really great way for your IT department, your developers, your sport team, your tech teams to stay up to date with access to all of our podcasts. And it's just like regular memberships. They can join the twit discord server and get that twit plus bonus feed as well. Plus, get what? Get this? There's also family plans. Hey, share the share with the family, share it over the holidays $12 a month. You get two seats with that. What's $6 each per month. So you know what. Lots of great ways to take advantage of club twit. So definitely check it out.

Twittv slash club twit. After you subscribe, you can impress your family members, your coworkers, your friends with the gift of twight Because we have a lot of fun on this show. We talk about a lot of fun tech topics and I guarantee they will find it fun and interesting as well. So have them subscribe and support the show. I would love to have a chat, so definitely send me a message.

I'm still on xxcom slash lume. I'm also Lewis Morrezgawn LinkedIn. I've tried thread. Sorry, curtis, it's kind of dismal over there for me, but I will keep trying as much as I can. If you are interested in what I do during my normal work week at Microsoft, I'm developersmicrosoftcom slash office where I post all. We always post the lowest graceways for you to customize your office experience, to make it more productive for you. And definitely, if you're on Microsoft 365, check out that automate tab, because we are really customizing and helping you customize it the way you have your experience in Excel. Let you automate things, let you create scripts, let them run on the cloud, let them run and power automate, create workflows, orchestrations lots of fun stuff. So definitely check that out and be part of that as well.

I want to thank everyone who makes this show possible, especially to Leo and to Lisa. They continue to support this week at Enterprise Tech. Each and every week we can do this show without them. So thank you for all their support over the years. Of course, I want to thank all the engineers and staff at TWIT. This cannot happen without them.

Of course, thank you to Mr Brian Chi as well. One more time. He's not only our co-host, but he's also our tireless producer as well. He does all the bookings and the playings for the show and we really can do without him. So thank you, jibbert, for all your support, and thank you to the editor for today, because you know what they're going to cut out all my mistakes after all this. So thank you so much for that, of course, and thank you to our TDDA, mr Ant Pruitt. He's not only our TD, but he's also an amazing co-host and a host on one of the shows On TWIT. Sorry, twit called this Week in Google. I had a really great time listening to that show this week. Anything you want to plug this weekend?

01:09:23 - Ant Pruitt (Co-host)
Yeah, actually go check out. This Week in Google we had Mr Alex Stamos on there. People know him from the InfoSec world. He's such a great dude. A really good episode with him. But also I want to plug my hard. Head got selected for an All-Star game and if you follow me on threads, I have a link there. The people that do the All-Star game they don't take tickets ticket money. When you get to the game they ask that you bring backpacks so you can get in for free. But they ask that you bring backpacks because they give them out to foster children here in the Tri-County area or if you don't live in this area and you would just like to donate some money to them. It really does help them out. I put a link there in my thread, so shout out to the Tri-County folks there.

And that is all from me.

01:10:19 - Lou Maresca (Host)
Thank you, hip. Until next time. I'm Lewis Borreska, just reminding you. If you want to know what's going on in the Enterprise, just keep TWIT.

01:10:28 - Scott Wilkinson (Other)
Hey there, scott Wilkinson here. In case you hadn't heard, Home Theater Geeks is back. Each week I bring you the latest audio video news, tips and tricks to get the most out of your AV system, product reviews and more. You can enjoy Home Theater Geeks only if you're a member of Club TWIT, which costs $7 a month, or you can subscribe to Home Theater Geeks by itself for only $2.99 a month. I hope you'll join me for a weekly dose of Home Theater Geek-a-boo.

All Transcripts posts