Evolving Together: Fostering a Culture of Shared Wisdom

Evolving Together: Fostering a Culture of Shared Wisdom

Our journey into the hidden struggles of customer support and the nuanced dynamics of workplace culture has brought us to a pivotal point: the challenge of sharing knowledge within our teams and organization. This is akin to unveiling the workings behind the “Wizard of Oz” — it’s not just about the individual behind the curtain but the collective effort sustaining the magic of Oz. We’re moving the spotlight from solo victories to the synergy of shared wisdom that lifts the entire team.

 

“Knowledge shared is knowledge squared.”

 

This principle is more than just a clever quip; it’s the cornerstone of fostering an environment where each person’s knowledge and experiences are valued, leading to a workplace where ideas flow freely and teamwork is second nature.

As we turn the page, we’ll tackle the tricky bits of sharing what we know. It might look simple, but it’s full of hurdles. We’ll explain why sharing knowledge is tough and how getting past these barriers can lead us to a place where we win together, not alone.

The Illusion of Infallibility

It’s easy to fall into the trap of seeing certain colleagues as the end-all-be-all for specific knowledge or skills within our workplace. Picture a person whose skill set appears to place them on a pedestal, almost untouchable. This sense of unquestioned authority isn’t merely about the esteem they hold; it often acts as a barrier, inadvertently keeping others at a distance. These patterns can interfere with the easy flow of ideas and learning, turning a team effort into a lone mission.

Acknowledging the importance of shared insights is critical in a successful workplace. We all gain when knowledge is seen as a shared asset, not personal property. Moving past the belief that asking questions shows weakness, we unlock personal and team development chances.

In our knowledge garden, success isn’t just one flower’s scent. It’s a mix of many, grown from the simple question, ‘What if I don’t know?’ That’s what truly freshens up our innovative ideas.

 

The notion of an ‘untouchable expert‘ can create unseen barriers, not just isolating those with specialized knowledge but also deterring the rest from seeking guidance or proposing new ideas. This reluctance often stems not from a lack of capability but from the intimidating aura that the ‘illusion of infallibility‘ projects.

Tackling these obstacles begins with recognizing that we all learn as we go. By being open and admitting we don’t know everything, we encourage sharing, teamwork, and input from everyone. Actual progress and new ideas come from this kind of collaboration. The best teams are made up of individuals who all feel free to contribute their thoughts and questions.

Ultimately, the goal is cultivating a workspace where the ‘illusion of infallibility‘ is replaced with a collective curiosity and mutual growth culture. It’s about creating an environment where ‘I don’t know‘ is the beginning of a conversation, not the end. In this space, we’re more than just colleagues; we’re fellow explorers diving into the depths of our collective knowledge.

Power Dynamics and Knowledge Hoarding

Within the quiet halls of our daily grind, a subtle game is played — one where knowledge is guarded like a treasure, not shared like a common resource. It’s treated more like a bargaining chip, a means to maintain or gain an edge in the invisible hierarchies that exist within our organizations. This approach doesn’t just cap what we can achieve together; it strikes the heart of being a team.

Phil Jackson once said, “The strength of the team is each individual member. The strength of each member is the team.” This wisdom rings especially true here. When knowledge is hoarded, it’s not just the team’s potential that’s stifled; each person’s chance to grow, contribute, and shine is dimmed. The very fabric of our teamwork and collective growth is undermined.

Breaking free from this cycle requires a shift in perspective — from seeing knowledge as a personal asset to viewing it as a communal one. It’s about recognizing that our true power lies not in what we hold onto but in what we give away. When we share our knowledge freely, we empower everyone, lifting the entire team and enhancing our collective capabilities.

In this light, knowledge hoarding isn’t just a personal choice; it’s a cultural challenge we must address together. By fostering an environment where sharing is valued over hoarding, we can begin to dismantle the power dynamics that keep us from reaching our full potential as a team.

The Cult of Personality and Its Impact

In every organization, there are individuals whose presence is larger than life. They’re the ones who shape much of our workplace’s rhythm and tone through charisma or sheer force of personality. While their influence can be a beacon of motivation, it can also inadvertently cast a shadow so wide that it stifles the emergence of new ideas and muffles other voices. This isn’t about the intentions behind their actions but the unintended consequences that follow.

Tom Peters succinctly stated, Great leaders don’t create followers; they create more leaders. This perspective is crucial when considering the impact of strong personalities in our work environment. The accurate measure of leadership lies not in the breadth of one’s shadow but in the ability to illuminate paths for others to inspire a diversity of voices and ideas to flourish.

This cult of personality can inadvertently erect walls around open dialogue and mentorship, two pillars vital for a thriving and inclusive culture. Innovation and collaboration genuinely take root in the spaces where everyone feels empowered to speak, contribute, and lead.

Addressing this doesn’t mean dimming anyone’s light but rather ensuring that our workplace is a constellation of stars, each with the opportunity to shine and guide. We can transform these long shadows into a collective brightness that lights up every corner of our organization by fostering an environment that values diverse leadership and encourages individuals to step into their potential.

Communication Barriers and Organizational Culture

Getting through our daily work can feel like walking through a maze where transparent and open talks are hard to come by. This struggle with communication isn’t just about individual issues; it points to a bigger problem in our workplace culture. Too often, we end up working in silos, cut off from each other, which holds back the chance for open conversations and shared ideas.

Jim Rohn’s insight, Effective communication is 20% what you know and 80% how you feel about what you know, casts a light on our predicament. It’s not merely the transfer of information at stake but the underlying relationships and trust that give weight to our words. When visible and invisible barriers hinder our interactions, the essence of what we share is lost, diluted in the shadows of misinterpretation and missed connections.

These communication barriers within our culture lower morale and hinder our ability to innovate, work together, and grow as a team. The silos we unintentionally build around what we know don’t just hold back information; they limit what we can achieve together.

Breaking through these barriers and fostering a culture filled with open forums, engaging discussions, and collective learning is more than just a goal—it’s essential. By creating a space where everyone’s input is respected and considered, we can shift our organizational culture from being divided by obstacles to being united by connections, linking ideas, individuals, and opportunities in a lively network of cooperation.

Strategies for Overcoming Knowledge Silos

The journey to break down the walls around knowledge silos begins with sowing the seeds of a more collaborative mindset. It’s about transforming our workspace into a fertile ground where ideas aren’t just sprouting but thriving, reaching for the sun without the chokehold of rigid structures and turf wars. This transformation demands more than just a change in policy or procedure; it calls for a cultural shift towards openness, where the exchange of knowledge is as natural as conversation.

Helen Keller’s words, Alone we can do so little; together we can do so much,” echo the essence of this shift. The power of collective effort can move mountains, but it starts with reaching out and sharing a thought, a finding, or a solution. In these moments of exchange, the real magic happens, where the sum becomes more significant than its parts.

Implementing this change requires actionable strategies that go beyond mere intention. It could start with regular knowledge-sharing sessions, where team members showcase their work, not for accolades but for feedback and learning. Or it might involve creating ‘knowledge maps‘ that help navigate the expertise within the organization, making it easier for everyone to find the guidance or insight they need.

Crucially, this process involves valuing contributions not by their volume but by their impact. It means recognizing the quiet insights as much as the loud victories and understanding that every piece of shared knowledge enriches our collective wisdom.

By nurturing this garden of shared knowledge, we not only dismantle the silos that limit us but also cultivate a culture where learning and collaboration are the roots of our success. In this garden, every idea has the space to grow, and every voice has the power to inspire.

Personal Responsibility and Self-Reflection

The journey to turn our workplace into a center of teamwork and shared knowledge begins with each of us, not in meetings or planning sessions. It’s about looking inward, holding up a mirror to examine our actions and mindset, and understanding how we contribute to either cooperation or division. This self-reflection is critical to real change, linking our shared goals with personal responsibility.

Mahatma Gandhi’s wise words, “Be the change you wish to see in the world,” hold true here. The dynamics and hurdles we face at work allow us to make a difference, beginning with the small things we do daily. Sharing knowledge, welcoming different viewpoints, or just listening to a teammate can create a ripple effect, building a culture where working together is standard practice.

Taking personal responsibility on this path means owning up to how we might contribute to the problem of knowledge silos, intentionally or not, and actively working to break them down. It’s about shifting from just going through the motions to getting involved, understanding that our combined smarts are only as strong as our readiness to exchange ideas, listen, and evolve together.

This journey of introspection and accountability doesn’t just improve how we work together; it also helps us grow personally. It pushes us to expand our boundaries and accept that it’s okay not to have all the answers. This makes us better team members and more well-rounded, empathetic individuals.

As we all undertake this journey of reflection, the goal of creating a workplace where ideas flow freely, and teamwork thrives becomes more reachable. It’s a process that changes our office environment and each of us, bringing us closer in a shared pursuit of knowledge and joint success.

Conclusion

Our shared journey, exploring the hidden challenges and complex dynamics of our workplace, has brought us to an essential realization: our real advancement stems from the knowledge we share together. This represents a significant shift from working in isolated pockets of expertise to embracing a more cohesive and collaborative approach, where every interaction offers growth and contribution opportunities.

Henry Ford captured this idea brilliantly with his words, “Coming together is a beginning, staying together is progress, and working together is success.” This quote highlights our way forward, stressing that the success we achieve together profoundly depends on how effectively we join our forces, share our knowledge, and align our goals.

Standing at the brink of this significant cultural shift in our work environment, let’s commit to being the catalysts, not just spectators. Picture creating a culture where collaboration and openness are so ingrained that keeping knowledge to oneself feels archaic. In doing so, we enhance our day-to-day interactions and set the groundwork for a future where innovation, growth, and success are the cornerstones of our organizational identity.

United, we can transform our work environment from the ground up. With open minds and spirited dedication, let’s begin shaping a legacy characterized by mutual understanding and shared achievements.

Mimicking Malice: Exploring Malicious Traffic Distributors

Mimicking Malice: Exploring Malicious Traffic Distributors

My journey into the depths of this blog began unexpectedly during a routine online exploration, where I stumbled upon a cyber threat. This scenario is common in our field, and other detailed analyses have been ongoing on groups like ‘Parrot TDS‘ and ‘Vextrio.’ as they continue shifting the tactics and techniques around these campaigns.

These blog explorations often lead to discoveries that resonate with those of other researchers, given the vast data points they have to analyze, with resources I don’t have, like teams of keen analysts, to help crunch it over weeks or months. When I come across comparable research, I make it a point to integrate these into my articles by linking or referencing them, thus providing a comprehensive and informed view of the threat.

Moving forward, my hands-on experimentation with an actively exploited website in this campaign and the unique evidence I’ve gathered offer a current and fresh perspective of the ‘front-end’ experience that a victim follows surfing into these Malicious Traffic Distribution Systems. I’m here to share practical tactics, techniques, and procedures (TTPs) derived from real-world experience interacting with the threat. These TTPs could help you or others identify and neutralize these environmental threats. Unfortunately, some aspects still need to be looked at because of time constraints, leaving room for you, the reader or fellow researcher, to contribute and dig deeper.

My story began when I accessed a company, Sunridge Systems‘ website (Warning: Not Remediated), from my home machine, following a Google search for product information and training resources. Initially, this experience was a routine follow-up to topics discussed during regular business hours. Still, it suddenly became a firsthand encounter with a cyber threat that I went on to investigate for the next few hours:

While following a Google link, I arrived at a product page that unexpectedly opened another window. I instinctively closed it upon noticing a suspicious ‘.live’ top-level domain. My phone’s BitDefender app immediately alerted me to a phishing threat at the gateway of my office network. It had blocked a URL, linkbluehang[.]live, and the connection was promptly reset.

It caught my attention. I was visiting a website that supplied law enforcement organizations and, at the same time, had no other browsers open because I’d just started up the computer. It came from the website I was visiting, but the same scripts did not trigger upon further visits. Thus, I began to dig deeper into what was behind this attack against my machine.

First stop, I checked my DNSFilter logs to find out what was happening on my gateway at the time, absent any equivalent logs coming out of the ‘Netgear Armor‘ to line up what happened around the time I loaded this site:

My visit to the vendor website is apparent, along with the usual noise from analytics and trackers, and two other things stand out in the outputs:

l.js-assets[.]cloud CloudFlare GET https://l.js-assets[.]cloud/min.t.1706310000.js?v=65b43bc8
js.abc-cdn[.]online 162.0.228.112 https://js.abc-cdn[.]online/?dT1odHRwcyUzQSUyRiUyRnN1bnJp….. (Base64 Encoded: 185 Characters)

Immediately, I dug up a few more of these domains that would be interesting to research:

cdn.jsdevlvr[.]info, cdn.wt-api[.]top, spf.js-min[.]site

These CDN sides redirect you with a simple piece of code to the next hop based on looking in Fiddler:

At a glance, the landing sites *.live seemed like the ephemeral layer that typically gets rotated like a crop as vendors mow down the domains with red flags. Lots of them were to be hovering around this subnet 185.155.184.0/22 as per the VirusTotal passive DNS records for the current lookups:

Some have ‘Mimecast‘ in them, likely for a particular campaign they’re running against its users.

When you first land on these pages, source code on PasteBin, a waiting message tells you to hang on, more like 5 seconds, while it figures out how best to screw you over.

‘Loading…
Please bear with us. This will be brief.’

Massive obfuscated script embedded into the page and available in its entirety using the paste link above:

Next, we hit a CAPTCHA at http://re-capta-version-3-55[.]top/ms/robot4/?c=372a2392-4dbb-4fed-bd2f-1f9f846a34ef&a=l143904 page is titled ‘Click “Allow,” which I happily do:

(Pastebin)

My machine reports out to another .live address, ‘midmovenews[.]live,‘ with information about me shown here on PasteBin that includes some ISP info and IP address data:

GET /jmjrkxqn/article2611.doc?utm_campaign=INccHxHRWrew3TQsLBbfNnbGFYUZobMqxXT9Zrw5FhI1&t=main9ljs2&f=1&sid=t1~gomaa1uwypbu3nendhdxw1z4&fp=vi%2FwUTGEF2e5RznRBwr78Q%3D%3D

GET /web/?sid=t1~gomaa3uwypbu3nendhdxw1z5

A familiar scareware landing site emerges, ‘us.secureonlinecontrol[.]com‘, asking permission to send notifications through Chrome. Up in the browser is a tab that popped for ‘thebest-prize[.]life‘:

(It was one of many probable payloads, including malware, that I didn’t go out of my way to collect. It’s mainly dependent on your network (residential/commercial), language, location, etc.)

My machine also hit a long URL from a site https://pshmetrk[.]com/ that I should mention. The URL was in this format 20240126?k=[1198 characters]&n=19&d=1d86391c-57c0-4a1d-868e-d767d69765a3&v=17&sv=17&dn=re-captha-version-3-55.top&dmi=1418265&s=h06&btn=1 containing the next hop for me on a .top domain.

See also: pshmtrack[.]com, pshmtrks[.]com, pshmtrackerk[.]com, pshmtrk[.]com, pushnotificationsprototype[.]com and evttrkapi[.]top via being hosted at 136.243.216.244.)

A final connection was made to rdrdrdr[.]com with this URL: POST /click.php?event4=1&event8=1&uclick=xr4kft16

Other connections to suspicious domains: tracker-2[.com], nxtpsh[.]com, universal-total[.]com, uidsync[.]net, and that was all for my initial session with this page. I still hadn’t figured out the exact code on the site that was doing it, so I had to circle to that once I analyzed all of the pages.

Backdoor:

So, what was the backdoor? Well, it was tough to detect since it seemed to attack an IP only once, and there were a ton of plug-ins on this site. After syncing the files locally and checking Fiddler caps, I was able to finally locate the malicious script and pull out some kind of variable that was not unique to the obfuscation and consistent:

(PasteBin)

Two strings in the script were unique and made it easy to find across other files, both ‘bC5qcy1hc3‘ and ‘NldHMuY2xv‘; in this case, I searched other files synced from the site looking for more code:

Get-ChildItem -Recurse -Filter *.html | Select-String -Pattern 'bC5qcy1hc3' -SimpleMatch | Select-Object Path, LineNumber, Line

Many plug-ins had been backdoored by calling on the functions from these Javascripts converted to (.html) pages. Which one was the entry point needs to be clarified, but there were 5+ script entries on a single page in many cases. I pulled the site down using HTTrack to examine it locally.

From here, I borrowed a useful tactic from Randy Mceoin using a public source code search engine. Based on this database, 3,165 websites have been observed to have this code running on them by that tool. There were a total of 18,770 internal pages with the code, meaning there’s an average of about 6 backdoored scripts per site, and multiple entries per-page, likely from drive by injections. (‘N‘ =’447,409,294‘) [PublicWWW DB]

Feel free to let me know if you have any insights or things to add, and I’ll try to get them in the blog. If you like security research and protecting others from bad actors, follow on LinkedIn.

(If you’d like a list of all the TTPs, Fiddler, and PasteBin links from this article, reach out to me, and I’ll provide it to you in a password-protected file)

Related Links:

Cybercrime Central: VexTrio Operates Massive Criminal Affiliate Program

https://unit42.paloaltonetworks.com/parrot-tds-javascript-evolution-analysis/

https://infosec.exchange/@rmceoin/111688556423448763

https://www.bleepingcomputer.com/news/security/vextrio-tds-inside-a-massive-70-000-domain-cybercrime-operation/

https://www.bleepingcomputer.com/news/security/malicious-web-redirect-scripts-stealth-up-to-hide-on-hacked-sites/

Internal Battles: Unsung Heroes of Customer Support

Internal Battles: Unsung Heroes of Customer Support

In customer support, the true challenge often lies within: a constant battle for necessary internal help. These struggles have deepened my understanding of effective support throughout my career and driven me to develop better systems. They’ve empowered me to support colleagues who face similar internal obstacles and to be a voice holding others accountable for providing the necessary assistance. This journey has been about more than just overcoming hurdles; it’s been about improving the entire support structure for everyone who relies on it.

The most profound battles in customer support are often internal, hidden from customers, a constant struggle between needing and getting help.

External vs. Internal Support

Many companies have a clear divide between how external and internal support functions. On the outside, there’s a facade of efficiency – customer issues are addressed swiftly and professionally. But internally, the picture is often different. The promptness and smoothness seen by customers starkly contrast to the internal struggles for support.

I’ve seen this firsthand. While we strive to provide top-notch customer service, getting the same level of response internally can be a challenge. Requests for help or information within the team can go unanswered, creating bottlenecks and frustration. This inconsistency isn’t just an internal problem; it eventually impacts the teams ability to serve our customers effectively.

The stark contrast between a company’s external efficiency in customer service and internal struggles highlights a fundamental flaw in support structures.

This gap between external promises and internal realities is more than just a workflow issue; it’s a critical flaw in how support structures operate. When internal support is lacking, it’s not just the employees who suffer – the customer service quality takes a hit.

A Culture of Evasion

This culture of evasion is a common undercurrent in many workplaces. It’s a pattern where avoidance and minimal effort become the default response to requests for help, especially when the issue falls outside someone’s direct responsibilities.

In this environment, I’ve seen how even straightforward requests for assistance get met with delays or are outright ignored. It’s a mindset where the path of least resistance takes precedence, often at the cost of effective problem-solving. This reluctance impacts not just the support team but it extends to customer experiences as well, leading to avoidable delays and dissatisfaction.

A pervasive culture of evasion in organizations creates a disconnect between the support needed and the support given, hindering effective problem resolution and team collaboration.

I’ve experienced how this attitude can turn minor issues into major hurdles. Without timely and cooperative internal support, frontline workers are often left to fend for themselves, exacerbating the situation and adding unnecessary stress. This evasion disrupts workflow and stifles the potential for collaborative problem-solving and learning.

The Reluctant Hero Syndrome

Take, for instance, a scenario I’ve encountered repeatedly: I’m handling a complex client issue and need urgent help. I turn to someone who’s supposed to be the expert, the ‘go-to‘ person. But instead of proactive support, I get the bare minimum. They hand out information sparingly; often, it’s too little or too late. Their reluctance left me scrambling to catch up and frequently put me in embarrassing situations with clients. I found myself constantly under stress, trying to buy time and scrounge for answers that should have been readily available.

In a critical incident involving an attack against a major bank, with over 125 callers on the line, I experienced this syndrome firsthand. My role as the frontline in Security Operations meant I often had to deal with a group of well-funded Engineers who sometimes seemed idle and uninterested in supporting us.

The ‘Reluctant Hero Syndrome’ in support roles leads to a cycle of minimal assistance followed by last-minute heroics, impacting team dynamics and client relations.

I urgently needed specific firewall data to assess the attack’s scope on this occasion. When I contacted this team via internal chat, expecting immediate assistance because of the situation’s severity, I was flatly told that the data couldn’t be gathered. Their reluctance wasn’t just unhelpful; it was detrimental.

The situation escalated when, after much pleading and prolonged silences, an engineer from the internal team finally joined the call. Surprisingly, and to the frustration of the call organizer, they effortlessly retrieved the needed data.

This incident was emblematic of a more significant issue: a divide between teams. In the frontline, we were often left to navigate challenges with minimal support, relying on a team that only stepped in when the situation reached a boiling point.

Learning from Adversity

These frustrating experiences were, in fact, invaluable lessons in disguise. Reliance on my skills became necessary due to the lack of dependable internal support. Handling issues independently was not a choice but a survival skill, pushing me to expand my technical knowledge and problem-solving abilities.

Each challenge was a lesson in self-reliance and adaptability. Facing repeated obstacles forced me to dive deeper into systems, understanding how to fix issues and why they occurred in the first place. This deeper understanding was crucial in training my colleagues on the frontline and reducing dependence on these other reluctant teams.

I also learned to communicate effectively under pressure. Being the primary contact for hundreds of critical issues taught me to balance clarity with calmness, even when solutions were not immediately apparent. This skill in managing expectations became invaluable, especially in high-pressure situations.

Adversity in support roles teaches valuable lessons in self-reliance, effective communication, and creative problem-solving, shaping more resilient professionals.

Resourcefulness became another key takeaway. With limited internal support, I often had to find alternative solutions, leading to innovative and sometimes unconventional problem-solving approaches. This enhanced my technical skills and my ability to think creatively under pressure.

Through these experiences, I also developed a greater sense of empathy. Understanding that everyone faces their own challenges, I learned to approach internal teamwork with more patience and supportiveness, fostering a better collaborative environment despite initial reluctance.

Towards a Solution: A Vision for Better Support Dynamics

The journey through these internal battles has highlighted the problems and illuminated the path toward meaningful solutions. These solutions aren’t just about applying band-aids to existing issues; they’re about reimagining how support functions within organizations.

  1. Empowering with Interactive Guides and Tools: The first step is empowering support staff with interactive guides and tools that are intuitive and informative. This isn’t just about having a manual to refer to; it’s about having a dynamic, interactive system that guides through complex processes and offers real-time solutions. It’s about turning the knowledge trapped in the minds of a few into accessible wisdom for many.
  2. Building Comprehensive Documentation from Requirements: The difference between a good support experience and a great one often lies in the details. Comprehensive, contextual documentation beyond standard customer-facing guides can be a game-changer. This documentation should explain how and why things work that way, providing deeper insights into products and processes.
  3. Utilizing Rich Dashboards for Context: Access to context around troubleshooting is crucial. Resources that provide a wealth of information at a glance can transform how support staff interact with the problem at hand and the tools available to solve it. This is about moving away from the endless searches and inquiries and towards a more streamlined, informed approach.
  4. Creating a Culture of Knowledge Sharing and Collaboration: The ultimate goal is to foster a culture where knowledge sharing and collaboration are the norms, not the exceptions. This means breaking down the silos that often exist within organizations and encouraging a more open, cooperative environment. When information flows freely, support becomes more than just a function; it becomes a well-oiled machine, driving the entire organization forward.

Addressing internal support challenges requires a holistic approach, including empowering tools, comprehensive documentation, and fostering a culture of knowledge sharing and collaboration.

These solutions, born from the trenches of real-world experience, form the cornerstone of my vision. They are theoretical ideas and practical, actionable strategies that can revolutionize support teams’ operations. This vision is about creating an ecosystem where support staff are not just workers but empowered, informed, and integral parts of the customer service experience.

Conclusion

Balancing internal and external support is essential. We cannot let our internal challenges overshadow our commitment to customers. Being honest, transparent, and proactive about improving our internal support is key. It’s crucial to create a work environment where the support team receives as much support as they are expected to provide to others.

Balancing internal and external support is crucial for organizational success; it involves creating a supportive environment for the support team and enhancing overall service quality.

It’s not just about fixing immediate problems; it’s about building a culture where support flows freely in all directions. When internal teams are well-supported, they’re better equipped to serve customers effectively. This approach doesn’t just benefit the support staff or the customers; it strengthens the entire organization.

The Call-First Conundrum: Rethinking Tech Support Efficiency

The Call-First Conundrum: Rethinking Tech Support Efficiency

 


It’s a familiar scene for many of us dealing with tech support: you hit a snag with a service, you put in the effort to explain it all in a support ticket, and then you wait, expecting that someone will take it from there. Instead, you get asked to set up a phone call. Aligning schedules for this call can stretch the whole process by days or weeks.

When you finally get on the line, you often repeat the information you’ve already given. If your ticket gets stuck with someone out of the office, it just sits there, leaving you wondering if there’s a better way to handle things. Couldn’t the next available person take a look instead of waiting?

I get that the personal touch of a phone call can be nice, but when you’re after quick solutions, it can feel like a step backward. So, what’s the balance here? How do we keep the human element but ensure it doesn’t slow us down?

A-Side: Engineering the Support Experience

In the trenches of product support, the reality is that most issues don’t need a back-and-forth marathon; a couple of emails will do the trick. That’s held true for about 85% of the tickets in my queue, at least. My approach? I don’t just skim the problem; I dive into it. I take every word and attachment and piece together the puzzle with knowledge sources; if possible, I replicate the issue myself. A bit of diligence goes a long way to ensure any responses are pointed and purposeful when I reach out.

Most tech support issues are a puzzle that can be solved with careful analysis and targeted communication, often bypassing the need for lengthy calls.

But here’s the twist in the narrative: my role with a well-known cybersecurity company frequently pushed me to take calls for what many would consider straightforward tasks, like setting up a virtual machine or deploying our software across networks. These sessions were eye-opening, revealing a surprising truth: many clients, even those at the helm of large corporations, grapple with the fundamentals of their own tech infrastructure.

Such gaps necessitated a guided, step-by-step approach from us, transforming what should be simple fixes into extended screen-sharing tutorials. And it’s not just a handful of cases—this is a widespread scenario. Walking the giants of the industry through basic procedures is sobering; it serves as a reminder that the obstacles often attributed to smaller entities are just as entrenched in the upper echelons of business.

This pattern isn’t merely about providing support; it’s a glimpse into the symbiotic relationship between customer and technician, demonstrating an essential truth: the complexity of issues doesn’t correlate with the size of a company. Whether they’re navigating small ventures or steering large enterprises, the need for clear, accessible support remains a constant.

B-Side: Navigating the Maze of Vendor Support as an IT Provider

The cycle is almost comical in its predictability: you submit a support ticket on behalf of your client, and like clockwork, you receive a prompt acknowledgment—a tick in the box for the vendor’s SLA compliance—and then, the waiting game ensues. My encounters with vendors like Okta, Microsoft, Salesforce, and others tend to follow a script: ignore the written detailsopt for voicemails that pile up, and orchestrate a ballet of schedule coordination, even when scheduling tools like Calendly are at our fingertips.

Then there’s the single-engineer bottleneck. Case in point: my recent run-in with an Okta engineer on the brink of vacation, leaving our urgent matters hanging until his return—no handover, no delegation. Their out-of-office message might as well read, “Your IT crisis will have to wait.” The irony is that we don’t have a dedicated engineer at Okta; we’d gladly work with anyone willing to take the reins. This disconnect between our need for swift resolution and their individual capacity constraints is stark.

In vendor support, efficiency is often sacrificed on the altar of process, where delays follow swift acknowledgments, and the promise of help becomes a waiting game.

And what about the support process itself? There’s an overreliance on ‘live‘ troubleshooting over calls, a strategy that seems designed more for the convenience of the support team than for efficiency or efficacy. It’s as if they’re navigating the product alongside the customer for the first time, employing a “Human Information Gatherer” role where clarifying questions, data capture tools, and decision trees could expedite the process.

In this bizarre world of support, a ticket can become a victim of the support structure itself, floating aimlessly through a system that prioritizes calls over closure, causing days of delays—days where no actual support work gets done. The result? A mounting backlog, frustration on all fronts, and a glaring question: when will these vendors realize that the measure of good support isn’t how quickly they respond but how effectively they resolve?

The Premier Support Curtain

There’s an open secret in the tech support world: what’s often sold as ‘Premium‘ might be standard service in a shinier package. You might pay top dollar for the promise of a rapid response from companies like Okta, only to be redirected to the same third-party support teams that have notoriously been linked to security mishaps. So, what are you really buying? A quicker greeting, perhaps, but not necessarily the swift resolution you were hoping for.

Beneath the veneer of ‘Premier Support’ lies a stark reality: a quicker acknowledgment from support teams doesn’t guarantee a faster resolution to your technical woes.

When you’re shelling out for premier support, you expect—and deserve—a dedicated team of specialists, not the same crew with a stopwatch. The real measure of premium isn’t just how fast they pick up the phone; it’s about how effectively they can get you back on track without the run-around. Ensure your support investment is an upgrade, not just a faster ticket to the same old process.

Looking Ahead: The Future of Support Fusion

The road ahead is paved with Actual and Artificial Intelligence, seamlessly integrated with empowering Automation. As these elements evolve, we focus on crafting a future where technology augments human capabilities rather than replaces them. It’s about equipping clients and teams with synergistic tools, ensuring our strategies are driven by success and centered on the user experience.

The road ahead is paved with Actual and Artificial Intelligence, seamlessly integrated with empowering Automation.

Consider the transformative impact of automation in the onboarding and offboarding processes: by automatically creating accounts and setting up computers, we not only streamline these critical first steps but also liberate human resources to focus on a more personal welcome—shifting away from the repetitive digital labor of enrolling new employees into the network.

Finding the right balance between automated tools and human support is key. We’re not looking to replace people with AI – we’re integrating it to enhance teamwork.

Envision a support system where:

  1. Device data is automatically collected when errors occur, streamlining integration with our support and technology management platforms.
  2. Users self-resolve frequent issues without an admin’s intervention, using a platform that grants them on-demand access to trusted software and maintenance tools.
  3. A step-by-step interactive guide aids users in diagnosing and learning from common problems, with automation simulating the assistance of a live technician.

It’s not about AI dominating the support role; it’s about identifying trends, such as a rise in similar user issues or recurring unsolved problems. The right tool doesn’t just wait for detailed tickets –it helps create them by asking the right questions and calming users down so we can get to the heart of the issue faster.

Streamlining Support: A Practical Vision

The ultimate goal in the evolving tech support landscape is to harmonize AI sophistication with the human element to streamline the support experience. The aim is not merely to respond but to resolve efficiently and empathetically. As we chart the course forward, the emphasis must be on enhancing the synergy between technology and technicians, ensuring premium support transcends mere promptness to deliver swift, effective solutions.

The future of support lies not just in quicker responses but in smarter resolutions and a steadfast commitment to excellence that truly embodies the ‘premium’ in premier support packages.

Let’s embrace the tools and tactics that preempt problems, expedite fixes, and, above all, treat every interaction not just as a ticket to be closed but as an opportunity to excel in service. The future of support is not just about quicker responses but smarter resolutions and a commitment to excellence that genuinely reflects the ‘premium’ in premier support packages.

Beyond Assumptions: Sailing Toward Customer-Centricity

Beyond Assumptions: Sailing Toward Customer-Centricity

In a world where assumptions can often steer us off course, mastering the art of navigating customer-centric strategies with clarity and insight becomes essential.

Have you ever encountered a situation where a consultant, designer, or developer confidently asserted, ‘Looks good to me,’ while making decisions about your project? It’s a phrase that rings with a mix of assurance and concern. After all, their expertise is meant to bridge the gap between your vision and reality.

This blog sets sail into the uncharted waters of using intuition and guesswork to shape customer-centric strategies. From crafting websites that dazzle the eyes but miss the mark to creating software that falls flat, the ‘Feels right in my opinion‘ mentality can lead to costly missteps.

What happens when their confidence embarks on a journey guided by assumptions about what you and your customers truly need for a triumphant voyage?

Visualize two people in a boat, each rowing in opposite directions. Similarly, consulting endeavors can drift aimlessly without a unified and customer-focused approach, like ships at sea without a guiding rudder burning precious fuel and yielding wasted or counterproductive results.

Join us as we embark on an odyssey to uncover stories and lessons that expose the inherent risks when your collaborators fail to grasp the intricacies of the target market and the needs of its customers.

Navigating the Web of Assumptions

When crafting a website, the age-old adage ‘looks can be deceiving‘ takes on a whole new significance. The trap is easy to fall into—prioritizing a design that appeals visually to the agency or designer creating it rather than focusing on what truly matters: how your customers respond.

Imagine this scenario: You’ve invested time, effort, and resources into a stunning website, complete with eye-catching visuals and intricate animations. The agency congratulates itself on a masterpiece. However, an alarming trend emerges once launched—visitors arrive, take a quick look, and vanish within seconds. Your carefully curated design becomes a revolving door for digital passersby.

It’s not just about meeting specifications; it’s about steering growth opportunities for your business through strategic and customer-focused design.

The disconnect stems from the gap between design that ‘looks good‘ and innovation that drives action. The latter demands an intimate understanding of your customers—what resonates, what motivates engagement. It calls for a user-centric approach that probes beyond aesthetics to delve into the psychology of user interaction.

This disparity in results often arises from differing perspectives. While the agency might prioritize checking items off a design specification, your ultimate goal as a business owner is to collaborate with professionals known for repeatedly and successfully creating websites that captivate and convert.

A website may charm the agency’s eyes, but if it fails to resonate with your target audience, it’s like dressing up a mannequin in haute couture and expecting it to make sales.

Software Development: Beyond Guesswork

Similar challenges extend beyond website design and delve deep into software development.

If immersed in this business, you’ve undoubtedly encountered individuals and agencies who assert they understand precisely what customers want, even without direct interactions or sales involvement. Their well-intentioned feedback emerges from the realm of the unknown, unanchored from the bedrock of concrete research or genuine engagement.

Ironically, their unwavering confidence in assumptions often leads to fruitless outcomes.

These scenarios have become all too familiar within the realm of product innovation. Assumptions, however well-intentioned, can be like sailing a vessel adrift without proper navigation. Even the most well-crafted code might miss the mark without a firm grasp on customer demands.

Like adept mariners navigating uncharted waters, business owners shoulder a responsibility that stretches well beyond the horizon of product envisioning. It’s about orchestrating a symphony that connects the waves of customer desires with the currents of your collaborators’ expertise.

A Modern Approach: Validation and Engagement

In the past, we cast away with the assumption that customers would flock to our product if we built it. However, just as ships can veer off course in turbulent waters, assumptions could lead us astray—a scenario akin to the ‘Field of Dreams’ concept. Building it doesn’t guarantee players on the field nor ensure you’ll navigate the open sea successfully.

Like Tom Hanks in ‘Cast Away,’ marooned on a market island without competitors or customers, his attempts to draw attention prove futile, lost in a dialogue with imagination due to misguided direction.

Enter the modern approach focusing on validation and customer engagement before building. Prototypes are shared, feedback is actively sought, and commitment is solidified with letters of intent for emerging ideas. This approach resembles a ‘rowing together‘ strategy, ensuring customers desire what you create and will genuinely benefit from the experience.

Sailing through the waters of exploration, it’s acknowledged that the initial version may represent a partial masterpiece. The rhythm of progress features iterative enhancement, propelled by attentive listening, constant learning, and adaptive fine-tuning anchored in practical observations.

Within this maritime narrative, the true navigators of success are those who steer not by assumptions but by the wisdom of the ocean itself. Just as a seasoned sailor corrects their course in response to changing winds, this approach realigns your journey in the market’s currents, ensuring you don’t drift off course like a marooned castaway.

Setting Sail on the Sea of Understanding: Navigating the Future

As we navigate the realm of assumptions and their impact on customer-centric strategies, a clear theme emerges: success hinges on understanding, engagement, and evolution.

Within this context, ‘Looks good to me‘ emphasizes the need to bridge the vision-reality gap with more than a confident nod. It requires a commitment to delve into the intricacies of diverse markets, sometimes even exploring your clients’ clientele.

Empowered by newfound insights, we sail on a voyage into an era where steering toward success entails crafting experiences that genuinely harmonize with customers’ desires, evoking their delight.

Success is determined by the impact of our offerings, not assumptions.

Through steadfast learning, fine-tuning, and advancement, we emerge as the protagonists in a narrative sculpted by the market’s collective wisdom.

In this saga, the very soul of customer-centric success sails far beyond mere assumptions. ⛵

The Enigmatic World of Kevin Mitnick: Stories of Hacking and Redemption

Kevin Mitnick aka Condor

The Enigmatic World of Kevin Mitnick: Stories of Hacking and Redemption

 

Once upon a time, in the mid-90s, I was drawn into a world of hackers and cybersecurity experts, seeking knowledge and inspiration. Among the names that echoed through our circles was that of Kevin Mitnick, a legendary figure revered for his audacious exploits and unmatched hacking prowess.

Kevin’s stories were the stuff of legends, like how he managed to hack into the source code of cellphone towers, a feat that left us all in awe. But what truly amazed me was his daring act of monitoring the FBI’s phones, pinging in and out undetected like a modern-day phantom. His reputation soared, but it also led to dire consequences.

For a long time, Kevin was imprisoned and treated as a domestic terrorist, a dark chapter in his journey that many of us remember vividly. However, Kevin’s resilience was undeniable, and he emerged from his struggles, soaring to new heights with his consulting business, Mitnick Security, and collaboration with KnowBe4. His transformation from a hacker on the wrong side of the law to a cybersecurity expert was awe-inspiring.

Our paths intertwined oddly shortly after his release when an organization Kevin had targeted repeatedly was hacked once again. When he hacked them, he traveled incognito in a van; this mobile hacking lab was a marvel of ingenuity, weaponized to break into internet service providers using cell phones—a feat unheard of back then. Someone had breached their systems and was being monitored, likely unaware of the innate paranoia and fortifications from past encounters with Kevin in his prime. If only these attackers knew the dedication and skill required to fend off such attacks, they would have seen the victim as more than just another target.

As fate would have it, suspicion turned toward me during the investigation into the latest breach. I was questioned about my involvement and that of others in my circle, who may or may not have been responsible for the intrusion. Strangely, I did not know the real intruders, yet somehow they had linked me to the caper with hacker-planted evidence. The situation was perplexing and surprising, especially to my parents.

Although my chance to ask Kevin about this incident never came, I can imagine the stories he might have shared about the chase and life on the run. In the vastness of the internet, it’s a small world indeed, especially when you’re constantly scanning for hidden doorways.

I am writing this blog with mixed emotions today as Kevin has passed away. Kevin Mitnick, you were a hacker and a symbol of transformation and redemption. You’ve made significant contributions to cybersecurity, leaving a lasting impact. As we bid you farewell, may your legacy continue to inspire future generations to strive for greatness in the world of security.

Rest in peace, Kevin Mitnick, a digital martyr and rehabilitated hacker who has left an indelible mark on the world.

Phish Gallery & Blog Update

Phish Gallery & Blog Update

Update

Why has the blog been so dry? Well, it’s complicated. There are always people who don’t want to see you expressing yourself in a public way. These invisible haters will try to make connections between your personal activities, i.e., Blogging and work-related things, in any way they desperately can. I win those battles; it’s just tiring to explain to the suits how free speech works. Support the ACLU and EFF. 

Visit my Twitter Feed to see screenshots of various threats that come my way from readers, and my own mailboxes being flooded with threats. Many of them turn into future news articles in the days or weeks to come, so you get a head start. Otherwise, I tend to post the news I’ve been personally reading throughout the day. Maybe you’ll find something interesting. Thanks for reading. I’ll be back as soon as I finish realigning my career goals and getting myself in a good place to write again.

Phishing Gallery

It’s been a CRAZY year for breaches, ransomware, and other cyber terrorism. Truly a daily occurrence all over the world. A collection of phishing screenshots I’ve collected this year from various honeypots and other sources. We’ve worked with many organizations over the years to take down infrastructure related to these attacks. The trend I’ve seen across security products is that they block effectively, but it takes days. Secondly, the sites and email sources tend to go largely unreported.  If you want to make a difference: Protect future victims by sending the abuse emails. It may take hours, but it’ll take days or even weeks as everyone shields themselves without bringing the sites down. Many providers I reach out to will respond quickly to eliminate the artifacts.

Useful Links:

www.joesandbox.com

www.any.run

www.sentinelone.com

www.dnsfilter.io 

Websites:

(Click the right > key to move through the screenshots. I need to fix the jumping around with different sizes)

Emails + Attachments: