Writing Samples

"Hey! You can actually write!" were the words yelled at me by my friend and colleague Sara, while she took the 500 words worth of copy I wrote for her to the stat camera at the Boston Phoenix newspaper.

The Phoenix was Boston's "Village Voice", and it was the go-to newspaper for entertainment listings. Sara managed the lifestyle content, while I spent a lot of time in the WFNX Radio van, driving around Boston collecting advertising, artwork, ad copy, and checks from area nightclubs, eateries and the occasional escort service.

It started as a simple favor. Sara needed something to fill a column that was probably supposed to have an ad in it, but it was too late. We went to press every Thursday night and if we didn't have that camera ready ad by end of day, a very noticeable empty spot on that page would be delivered to the printer. I know, because I also drove the finished newspaper to the printer every Thursday night. And it was already Thursday.

So when Sara asked me if I could quickly write some record reviews for her, I said yes. I was also a club DJ on Saturday nights, so I simply wrote reviews of the last three records I purchased that instantly filled the dance floor that previous weekend. And Sara filled that empty column with my work. I didn't think much of it. Sara was a good friend. And I enjoyed it.

A few days later, Sara's boss found me and left a bunch of cassettes and CDs on my desk. One was a white cassette with a crooked Geffen Records sticker on it. The hand-written text on it said "Nirvana - Smells like Teen Spirit". He said "feel free to keep the ones that you write about" and then showed me where the mail guys stashed all the promos we got. It was not so much an ask as it was an assumption that I would now be contributing to the music section every week.

Picking through this weekly pile and writing about the music I liked worked out great. As my personal record collection grew, reps from new indie labels started leaving me voicemails "encouraging" me to write about the promos they sent me. I also got a very cool jacket from Strictly Rhythm records in NYC.

This dovetailed nicely with my weekend DJ job. Until then, I had to buy those records, and keeping your set current and fresh was expensive. This was WAY before Beatport.com and $1.99 MP3s. This was during the age of real vinyl - $7 domestic and $20 for imports. So trading text for records was perfect for me.

And that is how a young Gen X'er became a weekly music columnist for a real newspaper. And leveraged it part of his marketing and technical writing skills.

Click for Whole Story

User Empathy via Data-First Thinking
Freelancing Deep Dive
OMG H@ckerz
Belle and Sebastian's Stevie Jackson – Can't Get No?

Case Study: UX User Empathy via Data-First Thinking

Case Study: Product Design
Industry: Healthcare, Financial
Author: Michael G Byrne

Goals and Drivers

At the highest level, the goal was for a healthcare system to roll out a brand new, standardized, organization-wide overhaul of their clinical billing system and processes. This particular healthcare organization was quite large, and included a number of facilities, providing all manner of traditional medical services, as well as medical research and clinical trials.

The desired outcome of this new process, and the business rules that supported it were clearly documented. A schema for the data required was defined, and the expectation for the types of reporting and a naming convention were all mapped out. Read, write and view-only rules were well thought out and permissions based on the org chart heirarchy were also clear. But as neatly conceived as it was, everything was all still concept on paper. There was no actual software or tools in place to help users adopt this new process and workflow. No chosen vendor that could meet these needs had been selected. So creating a single tool for the many different finance teams was the big task at hand. One tool that allowed them all to perform clinical billing tasks using these new rules, gather data in the manner required, and run reporting against the data collected needed to be built from the ground up.

If rolled out correctly, this new standardized model would benefit the organization as a whole, inform leadership with accurate financial reporting, and allow for heirachical transparency into each department and it's subdivision's finances, clarify benchmarks for all healthcare providers, and simplify the workflow for all financial analysts across the board. It was certainly a very ambitious endeavor, being the first attempt at a standard financial system roll-out at every level, from small clinics to large hospitals, and the many administrative groups they required.

Challenges

The primary challenge was allowing for a smooth migration to the new process. Metaphorically speaking, one cannot stop an airplane mid-flight to fix a problem. So a transition plan from the old to new was required to avoid quite a number of possible billing and financial inaccuracies, data corruption, and problems yet unseen. This was made even more complicated by the fact that each medical practice, clinic, hospital, and lab had their own separate finance teams in place, and they all had different processes and workflows.

Prior to this overdue standardization of all things related to clinical billing, each entity within this same organization had been using different workflows, billing processes, supporting software, vendors, home-grown applications, or any combination of the above to manage their individual finances. This included the business of billing for services, calculating the cost of health care, defining the cost of each healthcare provider, and providing accurate reporting of their financial data to analysts up the chain to inform the organization at the highest level. Since their inception, each health care entity had full autonomy in this area, and already had working systems in place to satisfy their existing needs.

Other challenges included the need to preserve and access historical data once this new Clinical Income Model was implemented, and any transition to any new system or process required many unique "workarounds" for almost every healthcare entity.

A predictable push-back from many people within these departments was expected, and would required managing. Especially for those large departments who had invested years in building and refining their own, customized organizational structure, workflows, and time spent learning and training staff on the tools they'd chosen and currently used. Not to mention that in general, most finance departments and their existing processes were already tightly knit to other internal and external departments, including human resources, recruitment, payroll, information services and many third party vendors. And many of these departments were not directly connected, because the same autonomy seen in their finance departments allowed them to build out other redundant departmental systems as well.

The Strategy: Leverage an Existing Data Reporting Solution

As we touched on above, finance was not the only non-centralized group within the organization. In fact, most of the organization's departments and entities ran their business using arguably redundant systems. And in solving this age-old reporting problem for leadership, an organizational-level data warehouse had already been created to address all of these parallel billing, financial and human resource systems. This purpose of this data warehouse was to reconcile all manner of data into a custom SQL Server solution that required a team of DBOs to maintain it. By either manually importing data, working with .NET programmers to connect to vendor APIs, or oversee nightly jobs that would perform any necessary calculations on the data it collected and provide a data structure where the finances of all the disarate entities could be directly queried.

This system was used primarily for reporting purposes, and reporting to leadership was achieved using a number of reports displayed in a legible Tableau format. But having an existing SQL Server that was already compiling much of data we needed to satisfy many new Clinical Income Model business rules was an enormous resource. Be it internal data, vendor data, excel files, or raw input from different healthcare locations, much of the data sought to implement the new Clinical Income schema was in fact already being calculated, mapped, converted, aggregated and organized daily using various SQL Server jobs, home-grown data layer applications, secure vendor APIs and other methods. Meaning much of the data required to support the new clinical billing model and it's effect on the pre-woven entities like payroll, recruiting and other currently "rouge" players was not only available to us, a naming convention was in place that could map to the new system's requirements. Metaphorically, we would not have to defy gravity. We could fix the plane in flight.

So the core strategy was fairly simple: when it came to designing a single product that all entities were required to use, we decided on the "less is more" approach. Any data that we could mine from the organization's existing data warehouse would be taken from there and used for our purposes. Any read only data was identified that could possibly inform the user of the new Clinical Income Tool to act in any way would appear in the tool for reference. All data entry fields that representent anything that was possibly known (based on any calculations from the SQL Server) would appear to the user as pre-populated, allowing them to simply confirm accuracy (or change if need be).

Once we identified all the data we could not attain, or could not calculate ourselves in the background using raw data, we were left with only a handful of inputs that required an end user to work with. While the unseen tiers of the application worked overtime using the data warehouse, the user interface required much less data entry than we ever expected from a change of this scope.

Much of the the UX and general product design centered on user empathy, and used well known, intuitive mobile and web controls. Users could ideally use it with almost no training. Help and tips were cleverly built into the front end in an elegant way, again using intuitive controls such as the unbiquitous information and question icons, to clarify new Clinical Income terminology and processes.

The fact that the data warehouse continued to perform as intended, while this new Clinical Income Model product could be conceived and built alongside it was ideal when it came to testing data integrity.

The User Experience

With the SQL Server database relying heavily on a monthly data import from a separate People Soft human resources solution, the decision was made to focus not on daily input, but on monthly input. A time window was defined in which users could complete any work within a reasonable deadline.

This gave apprehensive users the time they needed to incorporate use of the tool into their own schedules. And it allowed them to "play" with it for a month without any fear of making mistakes that they could not fix themselves. Giving them less options gave them confidence in both the app and their understanding of the new Clinical Income system.

The User Interface

What was originally envisioned as a daunting array of dynamic conditional-driven data entry screens became a single, easily digestible confirmation screen, with only a few input fields to adjust any data if required. Users also had the ability to quickly swipe through read-only historical months, and view input from these historical months. A feature allowing them to transfer historical data to their "working" month when appropriate made particularly quick work of the task at hand.

A full Tableau formatted report was included in the tool to allow users to look at the results of all the new clinical income data in the new standard format. They did not have to spend days entering, or worse, calculating input values themselves by referring to their legacy systems. The report contained all the "unseen" data that was mined and/or recalculated for them, using the new income model terminology, and it allowed them to see running totals that reprersented whether or not provider benchmarks were being met, NET income goals for their division or department were within expected ranges, and the cost of each healthcare provider versus the revenue they brought in was also displayed and could be drilled into for more details. If any data in a given working month seemed off, the user could simply correct whatever data that was either imported mistakenly, mistyped by another analyst or easily see that the data displayed was in fact correct and what exactly factored into the issue.

The Outcome

Users at the organizational level had access to the same tool, and the same detailed report. The difference being their access: department heads could see and modify any data as need be within their own department or subdivisions, while the leadership team could view the same running totals and benchmark data for every department and subdivision in the organization.

It's not often that a "data-first" approach to a software development project results in something elegant or easy to use. But by leveraging what may have been seen as a solution to existing problems reconciling data with other departments and many redundant systems (i.e. the a data warehouse for reporting), we were in fact able to deliver an intuitive application that considered the user's time, as well as affect their mind-set about the change itself.

More importantly, it made adherence to the new clinical income model easy and quick. It made users feel like it was a relatively non-disruptive change to their existing workflow. User adoption fears were put to rest, and the users themselves are now more open to the benefits of this much needed change within the organization.

The Next Iteration

While the initial tool and it's built-in reporting solved the problem of adherance to the new business model, the data itself still comes largely from assorted "rougue" players, outdated processes and legacy systems that are still very much in use. Future stragies for either replacing individual departmental legacy systems with an new features available in the version 1.0 of the the tool - built using the business logic strictly defined in the Clinical Income model, or a separate tool that does the same.

A best case scenario may look a bit like the following: As users adopt the new Clinical Income Model, and begin using the new terminology, new references to old benchmark types, and even the reporting labels, a common vocabulary should permeate the entire organization allowing financial analysts to more easily communicate across departments and entities. Hopefully this will serve to convert the autonomy they enjoyed in the past into a spirit of collaboration, as they are now stakeholders in the exact same system, and while their needs may vary, these details should not prevent them from consolidating efforts and contributing to the the UE of any futre development.

How to Freelance and Stay Sane

So if you're a full time worker bee, and you're thinking about slicing off "just a bit" of your free time to make some extra money, you're certainly not alone. Having a "side-hustle" of some kind has become fairly common for many people. If you're a single income household in California, it might even be necessary. But ideally this extra revenue stream should make your life better, versus turning you into a workaholic zombie.

So here are a few tips that will keep you from losing your friends, your real job, forgetting your kid's birthday, getting a divorce, and generally staying happy and sane.

You likely have various skills in order to do your current job. That doesn't mean you have to do the same thing when you freelance. My primary advice is DO NOT simply do the SAME JOB for someone else. Pull from a subset of your skills, but don't use all of them. And if you DO choose to leverage your "professional" skills, definitely don't do any of it on the "down low". If you are a career employee (not a contractor or temp) make sure your primary employer is okay with it. Be honest. You may not remember what you signed when you took your job, but they do, so you might want to dig up that folder and read it to see what you can and can't do legally.

So how do you choose your "side-hustle"? You could try that thing you never did before but might be good at, like that Karaoke DJ gig you turned down 5 years ago. Or very easily jump into a "gig-economy" job (if you don't mind risking a sushi delivery to your own friends). But honestly, the real money is in the "professional" side hustle. Also known as freelancing. You paid good money for that degree in art history to land your current project manager job, so why not milk it?

Here's an example for a full stack software developer, but I think you guys are smart enough to apply the idea to your area of expertise: You likely have some graphic design skills, which get put to use in the form of your UX and UI skills. You can build wire frames, prototypes, build Data Objects, set up an EDMX, create APIs, micro-services, and build Web Services. You can write stored procedures, create reporting queries, and so much more - including simply consulting on these technologies. So focus on the things you're really good at. Preferably the ones that you can do very quickly, and truly enjoy doing. Now choose ONE of those things. Viola! THAT'S your side-hustle. My point here is, don't sell your ENTIRE skill-set to a second party. You're just setting yourself up for failure. Possibly at both your jobs.

If you can, find a side-hustle employer that offers you a real contract. Open-ended is fine, but one that you (or they) can terminate with reasonable notice. And one that limits you to, say, 20 to 30 hours a month at a rate you feel comfortable with. Remember - you gotta pay taxes on this. So don't sell yourself short. Your hourly rate may be quite a bit more than your than your full time job pays you. Because freelancers are on their own as far as insurance, liability and administration goes. And this rate and limit on billable hours keep both your freelance employer and you yourself on point. Both you and your second employer will use your time much more wisely when limits and parameters are predefined, and you will likely get better requirements that won't change on a whim.

This is VERY important. DO NOT get "precious" about about what is asked of you. If your deliverable is an API that does X, but you see opportunities for it to be SO much more - STOP. First off, you probably haven't been told enough about the project as a whole to make these decisions, so stick to what you've been asked to do. Even if the requirements are to do it in VB.NET like it was 2005. Just do the job, do it well, and do it to spec. It might hurt, and you might even have to Google translate that C# code you can write on autopilot into VB because you haven't used VB since your college days. But just do it as asked. It only hurts the first time, and you will spare yourself a future of wasted time.

Here's another example of not getting precious about things: If you are leveraging your graphic design skills to do a print piece (print is actually still a thing, UI people - and it's actually kind of nice not worrying about UI concerns and moving parts), DO NOT debate the finer points of color theory with your side hustle, or why their brand book needs an overhaul because their logo doesn't "pop" in your brilliant layout. Don't agonize over the changes you're asked to make during the approval process. Just deliver the deliverable. If you love what you do, and take pride in your work, you'll figure out a way. Although this can be very hard for people who sit on the opposite end of the table at their full time jobs. But remember why you're doing this. I know too many people who freelance, spend double the hours working on "what if" versions, and just end up under-billing because they agonized over things that they ultimately did not control. So unless you want to join their team full time, DON'T GET PRECIOUS about your side-hustle. You will definitely forget your anniversary, and that certainly won't make your life better.

Most corporate contract freelance contracts are monthly, so schedule it that way. Invoice on the same day. Use Quick Books (or a good alternative) and use real invoices with dates, hours, and line items that clearly document your time and use of it. I like my terms NET 15, although it's likely that even your side hustle employer is at the mercy of a vendor who processes payments at their own pace. I also breakdown my total hours invoiced into actual dates worked and include descriptions for each line item. And as far as the work itself goes, I reserve every other weekday night (deadlines allowing), and if needed, weekend mornings. I don't save everything for Saturday morning. Because suddenly you realize that it's 9:00pm Sunday and you haven't eaten in 36 hours. And you missed that Greta Van Fleet concert because your phone was on vibrate. Again, remember why you're doing this! To make your life better, not miss out on it.

Marketing pro Eileen Silva reminded me of an important option: Working and getting paid under your own name, or creating a Fictitious Business Name, aka a DBA (like "Eye See Editorial Services", versus Eileen Silva). Creating a DBA (aka "doing business as") takes a fairly easy trip to your County Clerk's office to register your name of choice (assuming nobody else thought of it first), and having a proper company name gives your endeavor a professional touch. It also allows you to open bank accounts under that name, keeps your side-hustle earnings separate, and you can even keep a second account for the taxes you'll need to pay. You should also check with your city clerk (or ask the DBA people) about any business license requirements you may or may not be subject to. You might have to pay $300 or more annually just for the privilege of MAYBE making some extra money.

If your side-hustle ends up being something technical, or you have access to private documents, consider getting liability insurance. Actually, DEFINITELY get liability insurance. Many of the clients you work with may require it anyway, especially if you have direct access to ANY of their databases - be it sensitive data or not. Getting insured may sound daunting, but obtaining said insurance is about as easy as switching car insurance providers online. It's not as expensive as you think, and it may literally save your family's financial situation as you know it when say, you're feeling loopy at 2am trying to make a deadline (haven broken all the rules above, of course). You type "drop star" into a SQL window. And then accidentally hit return instead of backspace. That's what liability insurance is for. When your client sues you for damages that you caused. And it's very easy to cause damage. Especially at 2am.

This one is HUGE: Do NOT do your side-hustle while you are at your full time job. Even if you're on your own computer. You already sold that time to someone else, even if you're working flex hours, taking a break, or you think they won't notice (they will totally notice). Even if only out of respect for your employer and yourself. Don't become that person. It's a slippery slope, and your primary job is not worth losing over a side-hustle. And if you get a call at 9:00 am from your side-hustle employer and they need something urgent by 2pm, the right thing to do is to drive to Starbucks with your personal laptop and do the work there on your lunch break.

The point to all of this is, the pitfalls of freelancing can easily outweigh the benefits, and said pits are very easy to fall into. Remember, you also have to do all your own finance and admin work, and those can eat into a lot of your time. So don't freelance lightly. Think long and hard about what you can handle, and make sure you are gaining - in every sense of the word.

If you DO resort to a "gig-economy" side hustle, do your homework. And then do it again. Many of those jobs are total time-sucks that aren't nearly as lucrative as promised. And it's not just the ride-sharing and the food delivery guys. There are many local companies that rotate through temps to deliver furniture or other goods to their client's customers (using you and your own truck or car). IKEA partners with a number of these types of companies. But many have bad reputations. Check them out first. Yelp is your friend. And if the the though of doing something outside of any office environment is attractive to you, you may be able to incorporate a side-hustle into something you already do. One that might be much easier than leveraging your professional skill-set, and minimizes the risk of burn-out. The Waze app now lets you make money by accepting carpoolers while driving to and from the full time job you already have. That might be ideal if your current commute is long, assuming you and your riders all enjoy the same podcasts. But if they don't like Marc Maron or Song Exploder, you probably don't want them in your car anyway.

You can have a fun life and freelance, or you can destroy your life for not that much more money. And the thing about money is, the more you have, the more you seem to need. So if you're doing it to pay down debt, maybe you figure out the numbers, stick to a plan, and set a deadline to stop your side-hustle when you're goal is reached. If you're doing it to pay your mortgage or feed you family, maybe you need to re-assess your full time job while you work at your side hustle. On the upside, a good corporate side-hustle can potentially create lots of new connections, and often makes your professional network larger.

But seriously, don't bite off more than you can chew. Shooting for slightly less gives you room for emergencies, and those WILL happen, believe me. Ideally you want to hold on to any existing work-life balance you have, or allow your side-hustle to finance a nicer vacation, car, or educate your kids. Make sure your side-hustle is making life better, not worse. And if you can make that extra cash doing that one special thing that you're already really good at (perhaps something that you've already done free of charge for family and friends) that's the ideal choice.

We all "sell our time" to other people in one form or another to make a living. But if you think a bit deeper about that concept, you will realize that you're selling the most valuable thing you have - and it's not renewable. We all have X amount of time left in our lives, and sadly, we don't even know how much. Makes you rethink what your life as a human being is worth per hour, eh?

So choose something that you enjoy. If your freelance gig isn't satisfying to the mind or soul, and it just takes over your precious personal life, is the money really worth it?

Originally published on LinkedIn

OMG H@ckerz

Happy New Year! Welcome to 2020! It's an exciting new decade.

As the 5G roll-out ushers in the age of Sky Net, and Social Media platforms continue to prove themselves to be the best global surveillance and distributors of misinformation ever created, it's also that time of year where employers everywhere are making employees watch those fascinating annual training videos.

The one everyone loves is the one that stars a dark and faceless hooded figure: "The Hacker". He or she could be anybody - and they have the omnipotent power to steal all your data, money, and possibly even read your mind for your passwords.

You know this video, yes? Ours is called the "Internet Security Training Module", but I feel like every employer I've had uses the same three training video vendors. And this one uses the clip-art "hacker" in the background of almost every scene. Who wouldn't be scared of him? Of course I'm going to change my passwords and not open random emails with that scary guy looking at me.

But the fear doesn't stop at work. Considering the many high profile data breaches being reported by large banks and retailers, and all these new "dark web scanning" products now being bundled with your credit report, virus scanning software, and even your bank - the threat of "the hacker" is now in our homes. Especially with the news in general telling us how every government (ours included) can hack, have hacked, or will hack each other if they find out they're being hacked. Watching just two Netflix documentaries about "hacking" is certainly enough to frighten most people into asking Alexa what to do to protect themselves.

Or can Alexa even be trusted? Has Alexa been hacked too? Your smart TV? Surely not your Sonos speakers. Sure, speakers and microphones are essentially the same thing - depending on what direction the electricity is flowing - but... no... not my beautiful Sonos speakers!

Oh the fear! The paranoia! Hackers eventually ruin technology for all humans, and eventually our society crumbles without spell check and skills like texting while driving. Meanwhile, Siri, Alexa and Watson join all the green-eyed androids from Humans Season 1-3 (Netflix binge-watch recommendation) all move to an asteroid sized server where they can live a life of quiet quantum reflection.

Yes, that's my trademark snarky sarcasm telling you not to panic. Of course identity theft and stolen data is a very serious issue, and "hackers" can and do play a role in these crimes, but you don't have to "go off the grid" to be safe. And you don't have to panic after every data breach, even if your new dark web scanning service tells you that they found your email address on the super evil "Dark Web".

For the record, my own dark web scanner (provided by Experian), notified me that my email address was found on the Dark Web. Am I terrified? No. Did I delete the email account? No, I did not. Why not? Because that email address is the one I'm okay with being compromised. It's the one I give to social media and Amazon. It gets more spam than real messages. It's the one I use when I don't care who sells it or steals it. Yes, it's the one that "knows" what I buy and what I "heart" on Instagram, but I try to keep the data inconsistent by not providing social media site my real info, and "guest checkout" while shopping using a one-time use "virtual" credit card (most banks offer this service) is my friend. Amazon on the other hand, already knows everything about everyone, so you can't beat them all. Which brings me to tip number one:

You should have at least two email accounts!

Ideally you should have one "public" email address for online shopping, and all the eventual mailing lists it will end up on, thanks to the places you shop. Use this address for any change of address with USPS, because they are notorious for sharing it with everyone from All Saints to Wayfair.com. This is your "throw away" email that you basically use for tracking info and shopping receipts. Definitely keep it secure as possible, and use dual authentication if available (that's when you have to enter a password AND get a text or email in order to log in). I'm pretty sure they cover dual authentication in the scary training video at work. But it's legit advice (albeit a pain in the butt sometimes). Not only are you more secure, you will be notified if someone is in fact trying to access your email. To make this "throw away" account easier to use, those folders and filtering rules it offers will help to separate your shopping receipts from the spam.

Use a second email - from a separate email provider - for people you know. Human people, not corporate people. Keep this email address off of social media, and do your best to only share it with humans you know and love (or trust enough with your "real" email address). I use Proton Mail for it's encryption and VPN features. It allows you to create "alias" emails (different names that all go to the same email box) and I also like it because it's a totally separate app on my iPhone (not lumped into the default email app that groups Gmail, Exchange, iCloud and the like together).

This secure, dual authenticated and encrypted email account can be used for banking, car insurance, and anything else truly sensitive, as long as you make sure they don't "partner" with other companies and eventually leak it. If that happens, you end up with another spam collector. Or you can do what I do (which some may think is extreme) and use a third email account that is ONLY used for matters of personal finance and things that are for my eyes only. It's very important that Dual Authentication and encryption (on top of the usual SSL encryption) is set up on these email accounts, so choose your email provider accordingly. It's not hard. My own super-encrypted email account simply makes me type in two passwords instead of one.

But my info is already on the Dark Web! How did that happen?

It's only a matter of time before everyone ends up getting a positive dark web scan. In all probability, it's only a matter of time before you get hacked in some way. For every past and future data breach, personal information from said breach gets posted to "Dark Web" sites and forums all the time. And yes, depending on WHAT they got, it can be very damaging. If they got your social security number, security questions, and your real phone number and the email you use to bank with, a savvy hacker can do some real damage. Breaches that contain "auto pay" info - usually a person's checking account number - can be especially damaging. Luckily most data this sensitive is almost always encrypted (or should be), so the breach may just be a list of names, email addresses and gibberish. That's not to say it can't still be useful. It's still a list of current and valid emails ripe for scams and phishing attempts.

Credit card numbers are probably the most easily stolen, by both data breaches and by low tech methods. Like someone in a restaurant simply taking a photo of your card when you pay your bill. It's not hard to cross reference all this data to steal someone's identity. All one really needs is to get a hold of your billing zip code and that card can be used until it's shut down. And zip codes can be found in other breaches, including social media data breaches.

So some simple cross referencing between these data sets from assorted breaches can be put together to create a profile of an actual identity that is worth selling. To multiple buyers. Not to mention that if one breach contained some non-encrypted passwords, and another had alternate email addresses, those people who tend to use the same login for everything are very exposed. And while the tech-savvy can create these profiles fairly easily, it's usually people with zero programming skills but plenty of criminal skills who purchase these profiles and take it to the next level: from a one time case of fraud, to full on, life-destroying identity theft.

So when you get a positive dark web scan, look at what was found and judge the risk for for yourself. Finding one email address that you know is linked to nothing important is fairly low risk. And typically, that's the case. But if your dark web scan found multiple and accurate pieces of your personal information, that is an immediate call to action on your part. Lock down your credit cards and go to your bank immediately.

Yes it's a pain in the butt, but banks and credit card issuers will be very quick to help you change account numbers and issue new cards. Do it in person at a branch that knows you, in your home town, armed with as much ID as you have. It's easier than waiting until something bad happens. The bank might have to eat all the fraud charges after the fact, but dealing with fraud (ire... proving it) after the fact is always harder than being proactive. And after you make these changes, that "profile" of you being sold on the Dark Web becomes worthless.

So I'll probably get hacked eventually. What do I do?

Assuming you have been, or will be "hacked" is smart thinking. So what do you do when you know that at some point your car will be broken into? You make sure there's nothing worth stealing in it. What's the digital version of that? Think of the obvious stuff. Like, don't put all your passwords in an Excel file called MyPasswords.xlsx. Password protect PDF files or MS Office docs that contain private info. Don't save your passwords in your browsers - use a reputable Password Manager instead.

Choose carefully what you store in your oh-so-very convenient Cloud account. Do you REALLY need access to every file you've ever created on all your devices? Perhaps a portable and separate USB or lightning drive is a good idea to store the stuff worth stealing on. And eject it when you're done using it.

If your computer's hard drive can be encrypted, and you know how to do it without "bricking" your machine, you should do so. And what about all the little text notes and stickies you may create on the fly when recording transaction numbers or taking notes that you quickly forget about? If you're guilty of this behavior (I definitely am), consider learning about PGP encryption. And make it a point to spend every sleepy Saturday AM to encrypt the random files you created over the past week. It's actually easy. Depending on the encryption software you choose (many are free), it's as easy as highlighting your text, right-clicking on it, and selecting "encrypt" or "decrypt" using complex keys that you create yourself. And said keys can be password protected in order to use them. So you have two layers of security. Just don't forget the password for the key like I did when I first learned PGP. That first file I encrypted is still unreadable.

I'm not afraid of no hackers! What's the worst case scenario?

I personally know someone who's bank account was accessed in broad daylight by a human being who walked into their bank branch in another state. And a human bank teller processed a very large withdrawal for this identity thief who actually had a fake ID with the real account holder's name on it. That's approaching the upper end of sophisticated identity theft. Upper end meaning the real account holder was lucky that they didn't get a mortgage using this person's information, and then quickly obfuscate ownership with shell company transfers and the like.

Yes, people can purchase realistic fake IDs on the dark web. And it doesn't take a "hacker" (in the computer code writing sense) to carry something like this out. It takes the skills of an average business analyst with a 3 digit IQ, basic knowledge of the dark web (found on any number of sub reddits), and of course, zero moral center. And the person they targeted likely had a very complete "profile" for sale.

In this real life example, this victim did a LOT of business travel. They ate, shopped and used hotels in half the states in the country over the course of a year. Their job and the lifestyle associated with it likely factored into why they were so brazenly targeted.

Oh Crap. I'm a VP of Sales sitting in a United Airlines lounge right now. Am I safe?

Well, you're definitely the type that thieves like. You're probably too busy to change your passwords - and you log into a lot of stuff in public places - even though you have a password manager on your phone (that is likely open in the background right now). You probably have all your bills on auto-pay, and you travel enough that a gas station charge in Tulsa won't red flag any of your credit card companies, even if you're in San Francisco at the moment. Your real name is Google-able and a search will return real information about you. You own your home, so much of your personal info is public knowledge on the "normal web" anyway. And you throw different credit cards around all the time, because you "never have cash". Yeah, maybe you can benefit from the following:

The Tin Foil Hat Guide to Thwarting "Black Hat Hackers" and "People That Suck"

  1. Go purchase yourself two presents: a new wallet and a new passport wallet. The kind that block RFID signals. These are not super ugly Faraday Cages for your stuff. There are many super slim and elegantly designed wallets that use thin, RFID blocking fabric in them, so you will be hella fashionable, plus all your credit cards with those convenient chips in them will stop broadcasting your personal info to the world. I'll bet you didn't know they were doing that, did you? How did you think those tap-to-pay machines work? And Apple Pay? Did you know that your passport also broadcasts who you are? So I'm guessing you didn't know that people can use these things - https://amzn.to/37RMrtO - to "read you" as you walk by them. Yeah, that's an Amazon link. Legitimately they are used by parking garages and toll booths, but they are easily re-purposed by actual "hackers" to read anything. I won't EVEN show you the tiny version that plugs into any laptop's USB port and can gather everyone's personal info at any given Starbucks.
  2. Remove your DEBIT cards from your PayPal account. Lots of digital crime revolves around compromised PayPal accounts. Access to these accounts is bought and sold on the dark web regularly. Why PayPal? I'm not at liberty to presume, but I can tell you that it's a thing. A BIG thing. If you're a PayPal user, or even a Google Pay or Apple Pay user, don't attach any card or account that contains ALL your money. Attach a low limit card that you pay off every month instead. "Hacking" in the digital sense has always been about finding tunnels in systems and exploiting them. PayPal and the like are akin to giant gateways into your more secure finances. No secret tunnel needed.
  3. Auto-Pay is risky. Is there a smart way to auto-pay? It's become the standard in all bill payment, and in many cases, you are required to use a checking or savings account. No "throw away" credit cards allowed. So what should you do?
    • Don't use auto-pay at all. This option requires some REAL tin-foil-hat dedication. Go old school and actually sit down every month and manually pay your bills with checks. Alternately, you can do the same thing online every month, just without the auto-pay part. No saving any of your payment info. But that's a lot of work. Especially for people who grew up doing everything on their phones. Note that I didn't call out "millennial" and make a lame joke. We're all phone addicts - and I want points for that acknowledging that over taking an easy shot at the people I pretend to have so much disdain for. Plus half my friends are millennial ( obviously the *good* kind ;-> ) and my heart goes out to most of them because they're all having babies now. But I digress yet again...
    • Personally, I'm still an auto-pay guy. Despite the tin foil hat, I'm inherently lazy when it comes to paying bills. Because life is busy, and thanks to my job, I usually don't even know what day it is. Which makes me an easy mark for late fees. Which are a tool of "the man" to keep us hard working people down (insert incendiary chant here). So if you're like me, perhaps you might dedicate a separate checking account specifically for bill payment and use it for auto-pay only. Most people know roughly how much they pay out in bills every month. So I have my direct deposit set up to go into multiple accounts. One is for auto pay, containing a "safe" but relatively small amount that covers all my auto-pay needs. The other account is my own personal account. Any "too big to fail" bank (and even many friendly credit unions) can easily set you up with multiple accounts and even automatically transfer from one account to another to avoid unexpected overdrafts. Like when you totally space out and put a 5 day work conference on your personal Amex instead of the company Amex. And then forget (possibly a real life example). Point is, everyone structures their finances differently, but you'd be surprised how many people with above average wealth still keep all their money in one spot. And sure, banks will cover fraud - up to a point. That doesn't mean being a fraud target is fun.
  4. LIE to Social Media! And no, that does not mean creating an "I'm single" Match.com or Grindr profile if you're married or anything. Continue to use social media to share pictures and quips and laugh with IRL friends. But also dirty up your accounts with fake info. It might be too late for Face Book users. We were all so naive back then, and they likely have a history of every time you changed your info. But still, change any real information about you and your family anyway. Information they don't need. Like former schools, employers, street addresses, your children's full names, etc., but do it in a way where your friends still know it's you. You're smart. You'll figure it out.
  5. Weed out people you don't actually know. You may have acquired some "web friends" over the years. But do you talk to all of them? Especially those friend requests you accepted 6 years ago from some impossibly hot guy or gorgeous runway model type who is living overseas? If they never post anything but memes, they're probably bots. Remember: "friending" equals handing over your information to someone (or something). Your photos, thoughts, rants, and info about your family. Your real friends already know you. So don't give social media your "real" email. Give them the spam account. Don't post your real physical address. Don't answer those quizzes that end up looking a LOT like they're collecting potential security questions for other sites. Or DO fill them out, but LIE. That's my kind of fun. The point is, don't give social media any extra information that can be easily be cross referenced in a data breach. Spell your name slightly wrong. Your real friends know who and where you are, and that your name isn't actually "Jerrf", but you can still post those cool custom guitar videos.
  6. I REALLY want to tell you not to give up your location when posting pictures. However, every phone picture you post already has the GPS location embedded in it, along with a LOT of unique info about you and your phone.
  7. There's a trick to scrubbing photos before posting them, but using social media without giving up *something* is impossible. Photo's with no EXIF data in them are still telling.
  8. Any text and faces in your pictures already get run through OCR and facial recognition, so Instagram and Tik-Tok Tok and the rest already have more info that they really should about you via your own posts or your friend's posts.
  9. You have to ask yourself how much you (personally) care if a photo becomes part of our digital planet's permanent record or not. For me, it's the principle of the matter. But think about a single mother who successfully got away from her unstable ex-husband. One innocent selfie post containing her daughter but posted by her new best friend, tagged with their new town AND school and her name may put this family in very real danger. There are legitimate reasons to avoid giving social media your information.
  10. For me, that kind of darkness is not an issue, so I use Instagram, but I don't have to make it easy for them to productize my life. This little trick supposedly still works if you're an iPhone user:
    • Take all your "sharing" photos with your camera instead of Instagram (or whatever) and post them later. It's so much faster. And this has the added bonus of allowing you to enjoy your night out instead of constantly documenting it in real time, which sucks up WAY more time than you think. Ever wonder how many people decided NOT to flirt with you because you were in a phone hole, totally giving off a vibe saying "do not disturb" to the room, while ironically posting "I SO need to meet someone tonight"? Yeah, THAT kind of irony. So go dance instead. Take pictures. Just don't type. #dancenowpostlater
    • When you're slightly hung over the next day, and ready to share your night of debauchery, browse the photos from last night and take screenshots of the ones you want to post. Push the home button and the power button simultaneously on your iPhone, listen for the "shutter click". That little mini version of the pic in the lower left corner is your "copy" of the photo you were looking at. Tap it, save it to your photos, and repeat for any other pics you want to post.
    • Not only does this clear most of the meta data, it's actually a nice way to sort through the 50 bad pictures you took. Let's say you end up with only twelve good pictures and take screenshots. Then when you open Instagram, those are the first twelve pictures you see, which makes posting them way easier. #lastnightinweho #dancing
    • Note how the sad irony above becomes a positive one now: How NOT being on your phone all night made it more fun, and posting about it was even easier the next day?
    • If you have lots of "followers" or you're an "influencer", your account is probably not your personal account anyway. And you probably don't care about any of this. Instagram converted you to a professional account to match your social media personality accordingly, and your private life probably isn't as important to you as getting those fat paychecks from KFC for eating their food publicly in your private jet and posting it on Instagram. Nice work if you can get it.
    • But enough social media stuff. This is about staying safe on the Interwebs, not partying with a bunch of west side wannabe's.
    • Never click an unknown text link. And never click an unknown email link. This is almost always an attempt to tunnel into your phone. Many people still think browsing the web is harmless as long as you don't download and click on an .EXE file. Newsflash: Websites are essentially giant .EXE files, and by visiting them, you're downloading a bunch of files. If your dark web scan tells you that your email or phone number was found - DEFINITELY beware of odd texts and emails with links in them. If you already know your cell phone number was found in a dark web scan, then ASSUME YOU WILL BE TARGETED via text message. But don't go nuts and change your number. Just be careful. The texts will die down eventually. Every new breach provides new contact info that gets used quickly - until it gets old. Let yours get old.

    I could go on and on, but luckily your employer already makes you watch that Cyber Security video every year. There's a lot it doesn't cover (like how most malware scanners fail at finding malware), but if you've been phoning that video in, I suggest you don't. It's cheesy, yes, but it does contain good information and best practices for work and home.

    UPDATE: This year's Internet Security Video video did not feature the Hooded Hacker! Not sure how I feel about that. Because instead it featured many smiling happy business people in the role of breaking security policy and the hacker itself was an invisible player (visually). I was left MUCH less fearful. And that's not a good thing. As far as fear-motivation goes, this is the one topic that really should use it. I've been hacked. I've learned to hack. It's so much easier than one may think. Go search You Tube on "how to hack" and you'll see how little coding skill you need to hack a friend's phone. Or be hacked by a coworker or acquaintance. Be careful.

    Originally published on LinkedIn

(Belle and Sebastian's) Stevie Jackson – Can't Get No?

Belle and Sebastian fans are used to surprises by now. "Dear Catastrophe Waitress" and "Tigermilk" may sound like different bands to people who are not hip to the ever changing sonic road trip that the band have taken us on for so many years. This evolution in sound is largely due to lead guitarist, vocalist, and songwriter Stevie Jackson, whose contribution to the band has been an injection of 60's style pop, and catchy riffs – a foot-tapping contrast to the more introspective, folksy sound of the band's earlier recordings. Jackson is definitely the rocker in the bunch.

Hearing Jackson fly solo for the first time on "(I Can't Get No) Stevie Jackson" is not only a fun ride, it also gives you a bit of insight and appreciation for his role in Belle and Sebastian. A comfortable mix of what you may and may not expect, at times the production swells with orchestral elements and reverberated vocal harmonies, reminding one of bands like The Association or The Byrds, while at other times songs cling to the familiar storytelling against a backdrop of good old fashioned rock and roll.

On the track "Kurosawa", Stevie sings "Honor thy music, honor thy love" and on this album he absolutely does. The track "Just, Just So To The Point" is a composition of sexy baselines and mellow vocal alliteration that will have you dancing in your chair – and possibly updating your Netflix queue with gems like Shaft, Jackie Brown, or maybe some Mod Squad episodes. In contrast, the tracks "Try Me", the humorous "Press Send", and "Where Do All The Good Girls Go" sound more familiar and expected of a Belle and Sebastian member, but are harder sounding with Stevie running the show. He injects some Sergeant Pepper into the latter, sprinkles others with rockabilly, and adds extremely well-integrated guitar solos to all – making all of these tracks ROCK.

Jackson is clearly not afraid of production – and that lack of fear translates into perfectly produced songs, for instance on "Man of God" where he sounds like he started channeling Mike Nesmith and Phil Spector, but eventually he re-entered his own body to compile his creation with his ever clever lyrics and distinct guitar style. There are plenty of personal, introspective, singer-songwriter tracks on the album too, but even crooners like "Telephone Song" use well placed cellos to back up the acoustic guitar and vocals, and the chorus swells with a crescendo of strings that take you higher.

Jackson's point of view is clear, but his range is extremely wide, and he certainly shows us that in this album. Yes, it may be a showcase of sorts, but this being his first solo release, he has a lot to say. Still, it's a solid album of work. Twelve tracks, and I still can't get enough Stevie Jackson.

Originally published on Rockerzine