The Left Side of Normal Airplanes, The Internet, and Everything Else

One of the things that constantly gets to me is business owners who fail to see the long term benefits of actions they could be taking. Let me give a couple of examples. Recently there has been an exploit going around for WordPress that allows an attacker to gain access to the administrative area and do whatever they want with your WordPress site. Of course, many bloggers are scrambling to update their software to the latest version, but some others, well, aren't. One blogger, Andy Ihnatko, said, "The whole procedure would have been like shampooing a wall-to-wall rug. I want to clean the rug, sure, but do I really want to move out ALL of the furniture? And all of the stuff piled up ON the furniture?" (Link) Sure, moving all of the furniture and the things piled on it is inconvenient and time consuming, but if you don't do it, you're going to spend just as much time, if not more, cleaning up after the mess that will be left behind when an attacker does come knocking. The same applies to database backups. Sure, they're tedious and you have to remember to verify them periodically, but what will you lose if you don't have them when something does go awry.

Another example that keep biting people is PCI compliance on their e-commerce applications. It seems that no matter how many times I consult with businesses on the value of security and putting measures in place to protect their business and their customer's information, they just don't want to hear it. It's too costly, it's too inconvenient, it will take too long, etc. They put a little patch over the things that a basic security scanner can pick up and ignore everything else at their own peril. When an attacker does come knocking, the castle is found defenseless and they climb right over the walls unchallenged. The cleanup from that sort of breach is not pretty and can cost way more than it would have to station some troops just inside the walls to begin with.

One example where a company is getting it right is Wal-Mart. Yes, I know some of you love to hate on Wal-Mart, but they run a tight ship. The Wal-Mart closest to me was originally supposed to be a "supercenter" type store. Due to politics and zoning rules at the time, they were not able to build the supercenter and just made it a regular store instead. Fast forward 12 years, and the store is finally being upgraded to supercenter status. To accomplish this, they are remodeling the entire store. They're extending the building on one side and resetting the entire internal layout of the store. Is it costly? You bet! Is it ugly? Oh heck yeah! Is it confusing the heck out of customers who can't find anything when entire departments get shifted around? You'd better believe it! The thing that Wal-Mart understands is that they are in it for the long haul. Their zoning applications to build a brand new supercenter a few miles away were all rejected, and they know there is nowhere else to build in this area, so their only options were to upgrade the current store, or leave it the way it was. Upgrading is costly and painful on a lot of levels and will no doubt hurt their sales while the remodeling is underway (right through the holiday season no less, they're scheduled to be finished in March 2010). However, they understand that if they don't upgrade the store, they will be giving up tens of millions of dollars in potential sales over the next 15-20 years. They're looking ahead and are willing to take a (relatively) small hit over the next several months in exchange for the potential to make a lot more after the initial period of pain has passed.

When it comes to losses, we see what we have and can't imagine it going away, so we fail to act. We downplay the possibility for loss. Some people I know even consider the insurance industry to be a "scam" because they don't realize the benefits that insurance provides in the short-term. Upgrading software and applying additional security is the same way, it's insurance against a possible future loss. You may never realize the benefits if you apply that security (i.e. you never see a breach because the security prevented it), but if you fail to have that insurance or security in place the damage will be a lot more visible and painful when a loss does occur.

I suppose my point in all of this is to encourage people to look at the long-term implications of what you are doing, or not doing, with your business and with your life. Not having proper security in place is like not having homeowner's insurance. Sure, it's expensive and inconvenient, but when the hurricane comes through you'll be glad it was there.

After much consideration and deliberation, I've decided that change needs to occur. With a heavy heart, I'm putting my dreams of a career in aviation on hold for the time being. Unless something incredible happens or I win the lottery, it just isn't financially feasible to do all of the things that need to be done to get to where I want to be and still be effective at anything else at the same time. I love flying, and I would need to do hundreds more hours of training and flying before I could even consider a decent job as a pilot. Even then, it would be a relatively low paying job that would put a serious dent in my income and leave me in serious debt at a critical time (the time when I'll be buying a home, starting a family, etc.).

I will, however, continue with my university degree program. I'm half way through already, and the attention that I have to put into it is minimal compared with everything else I'm doing (as sad as that sounds, the degree program just isn't difficult for me at all, just time consuming and tedious). The degree program will still be expensive in its own right, and I'll be taking on additional debt to pay for it, but it's not nearly as much as I would be if I were doing both that and continued flight training and time building. Perhaps it would be possible to transfer my general education credits to a computer science program so that the degree can at least be in the field I'm working in.

For the time being I am going to re-focus my attention on my existing career and do whatever I can to make that as successful and effective as possible. I am going to try and bring a renewed energy to my full-time regular job, as well as my contracting work and personal projects. I've already begun to reduce my personal responsibilities for supporting older personal applications and clients so that I can focus and be more attentive to the present. The DtDNS service, while stable and successful, needs some attention and updating. ZonkBoard needs to be sold off or allowed to rest in peace (hardly anything has been done with that since 2003, though there are still people using it). The revenue it generates really no longer justifies keeping it online.

In any case, I still love to fly, and would love to continue on with my flight training and time building. Perhaps after my existing debt is paid down and I have some spare cash to burn, I will take to the skies as a student once more. For the time being I will have to enjoy the benefits of my private pilot certificate as time and finances allow.

It's been a tough decision and a rough couple of months of internal struggle, but for now reality and practicality need to reign over my lofty goals. I learned to fly, and I will have to be satisfied with that much for now.