Intelligent Contraptions

Introducing: Enterprise Architecture Strategy for SOA...

2009-08-20T12:42:00Z

What is it? Oh, you have to wait… At the moment, I writing an article for next issue of The Architecture Journal titled Enterprise Architecture Strategy for SOA…

I will discuss key concepts and methods that CIOs, CTOs, architects, and IT leaders can put into action pragmatically to help their organizations evolve their IT architecture and solutions, so as to meet ever-changing business needs and demands through service-oriented architecture (SOA). I will present a robust architecture foundation—built on proven and already successful methods and practices—to implement tangible service orientation in a consistent and repeatable fashion, with a focus on business priorities and alignment, to deliver predictable and measurable business value while maximizing value of IT investments.

I will also introduce and discuss concepts, principals and methods such as Capability Architecture (also known as Business Architecture or Business Capability Architecture) and Service Oriented Modelling. I have already put these methods in to work to deliver SOA - read about the success story at Recruitment Firm Speeds IT Revolution by Aligning IT with Core Business Capabilities at Microsoft Case Studies just released on 7 August 2009.

Note: I am going to talk more about on these topics once the journal is published. I don’t want to spoil it:)

Cheers,

Hatay.

Back? Yes. I hope so anyway…

2009-08-20T12:17:39Z

It has been a while since I posted. A lot of good things happened between now and my son’s birth. I couldn’t find any time to write even tough my head is full. Here is a brief summary of events…

I released Microsoft Services – Services Oriented Modelling (SOM) in 2007. More on this later…

During 2007/2008, I helped leading Public/Health institute (world’s #2 or #3 largest employer with around 1.6m+ users) deliver architectures for their new Microsoft platform based solutions… You know who :) The project took 8+ months… Then

Finally, I helped leading global recruitment consultancy firm deliver an end-to-end SOA implementation between 2008 and 2009… The project took around 9+ months. More on this later.

Also, I’ve presented at the following events:

Microsoft TechReady 7
Microsoft SOA & Business Process Conference 2008
Microsoft Architect Insight Conference 2009

I have also release a Case Study on SOA to MS.com and now in the process of writing an article for the next edition of The Architecture Journal!!!

Well, a lot has happened within 27 months!!!! Anyways, I am hoping to write more regularly and frequently from now on…

Cheers,

Hatay

Hello World!!!

2007-04-06T11:27:00Z

After an exhausting 2 days, we had our first son, he is 3770 grams, 53 cm and he is called Ata. His mom and him are doing fine...

Ata Hatay Tuna, 2 April 2007 04:44am...

Service Oriented Architecture, Service Factories and Modelling

2007-03-05T18:25:00Z

As there some organisations are trying to find their way into SOA, some are still struggling. What I want to do here is to provide some guidance information and some answers to fundamental questions companies should answer to jump-start onto SOA.

And I am not going to bore you neither with yet another description of SOA nor explanation of the SOA tenets but look at SOA from a more real-life perspective, real questions and possible answers.

Please note that I assume you have some kind of an understanding about Capability Modelling. If not, have a look at this great article on Microsoft Services Business Architecure (MSBA aka Motion) before you continue.

First of all, organisations still need to answer the following questions in their domain to realise SOA's potential and what it can deliver for them.

What is a Service? This is a critical question and despite the fact there are virtually unlimited number of answers in the industry, companies should answer the question within their own domain considering their organisational structure and enterprise architecture and it should also reflect their expectations from a service.
How and Where to start SOA? This question is about finding the first service in your organisation to move onto SOA platform. Even with companies which justify the move onto SOA conceptually and commercially, it is a very common struggle finding the first service to implement. What are the characteristics of this first service? What makes of good service candidate?
How to Develop and Integrate a Service? Another challenge for organisations as developing SOA service different from traditional development approaches. While methods such as OOAD support development of service components, they are not sufficient to identify, define, develop and deliver a service in SOA.
How to Manage SOA (and its Services)? Operating, managing and governing services are one of the fundamental challenges with services and SOA environment. Because each and every company has different structures, different ownerships, it is very difficult to find a single solution and adapt it. When organisations answer the first question and there should be enough information to shape and management approach to SOA.

I will try to address all of the questions above and will try to provide high level solutions. Then I will look at Microsoft technology stack and map those solutions onto these technologies and products by also looking at patterns and best practices around them.

Service Factory is a unified set of integrated tools and processes to enable identification, definition, development and delivery of services in a consistent, repeatable and predictable way. Let's have a look at my proposed factory design which empowers modelling at its heart:

Modelling is a process of capturing information using model templates and schemas identified below. Combining with the automation capabilities of your service factory, it enables creation of templates for you from the previous model. For example, depending on the Service Model, right Source Templates are created for you, orchestration files, class files, XML schemas. Besides, automation also enables you to partially complete these templates.

Let's start with an example: if you want to create an agenda, you open up Word and choose agenda as your template, and then you capture your agenda items and save it. Or if you want to create a purchase order XML file, you use purchase order schema to do that. Same as here, to capture the models in your process, you need templates or schemas if you like to capture required information.

In your Service Factory, you can use the following templates to capture model information:

Capability Model Templates: These templates are required to capture information about and related to the business capability you want to develop. For example, you capture information such as how owns the capability, how it works, what are the relations to other capabilities etc. Capability Model Templates help you capture more high level information, or metadata of the capability. This information will be used to create Service Model Templates which will capture more detailed information.
Service Model Templates: These are required to capture service level information such as what is the function of the service, how it is secured, where is it hosted, how does it integrate to other services, how it is managed etc. This information is captured in a very detailed way to enable automation of source code and template generation.
Source Code Templates: Source Code templates are used to capture the implementation details of the service and its related components. Today, we already use them, for example, we have templates for C# classes and BizTalk orchestrations. However, this time these templates are partially completed based the requirements you captured in your Service Model.

You can view models as detailed requirements captured as both human and software readable artefacts which ideally can represented visually and templates as tools to capture this information.

From the templates I identified above, you can produce:

Capability Models: represent high level characteristics of the Business Capability you want to develop. Based on the information captured in this model, Service Model Templates are created.
Service Models: represent the low level requirements of the Service, eventually the Business Capability you want to develop. Based on the information captured in this model, Source Code Templates are created.
Source Code Models: represent the implementation details of the Service in an executable form.

Models also enable following core capabilities:

Traceability: Because models represent the particular domain at different granularity, they are traceable; in other words you can trace information on model to information captured in another model. This provides high level visibility of the service being developed. When you are modelling particular feature of the service, you know how it relates back to the capability being developed.
Forward Engineering: Models also enables us to automation of source code generation. For example, if I model a business process, my factory auto-generates a BizTalk orchestration file (Source Code Template) for me.

As you can imagine, because the Service Models capture very detailed information about the service, they can be very complicated and can be very difficult to manage, therefore it is wise to divide them into other models, sub-models if you like. In my proposal I use the following models to represent a Service Model:

Functional Model: This model represents functionality of the service such as the service interface, business logic, database schemas etc. It captures sufficient information to ultimate provide the Business Capability in terms of a service.

Security Model: It captures the security related information of your service, such as who can access what. You can also embed security Models into different models. For example, you can capture security information in a Functional Model to define identities, resources and permissions etc. or you can capture it in Hosting Model to define how the hosts will be secured or how in the information storage will be secures.

Hosting Model: This model captures information how and where the service will be hosted and forces you to plan/design your hosting platform. You must have an idea of how the service will be deployed so that within you Service Factory you can automate the creation of deployment units etc. for this platform.

Here is an example of a Service Hosting Platform: here our service is deployed onto different hosts, such as Business Process and Integration components can be hosted on BizTalk, database components on SQL 2005, Collaboration and Workflow components can be host on SharePoint, Business Services and User Interfaces can be hosted IIS/ASP.NET/WCF platform.

It is important to understand the Service Hosting Platform so that you can capture sufficient information in your Service Model (Hosting Model) to enable creation of partially-completed Source Code Templates, in our case, these could be WCF contracts, SharePoint Web-Parts, BizTalk Orchestrations or database schemas.

Furthering our example, my hosting platform will be using MOM and SMS technologies to operate and manage the platform; therefore, I need to make sure my service provides performance counters and event logs to enable administrators and operators to monitor my services. I can capture this information in my Service Model so that during automation, Source Code Templates can be produced which will have right hooks in the code to provide performance counter information and even a EventLogHelper class to help developer reuse to send event information to logs.

I may go further than that and I can capture alerts and tasks (because I know what the hosting platform look like) in my Service Model and automate the creation of a MOM Management Pack for my service.

Integration Model: This model captures your integration requirements, how the service will integrate with other services, what is the integration mechanism etc.

Here is an example of a Service Integration Platform:

In my example, I know that I am going to be using (Enterprise) Service Bus architecture to integrate with other services within and across my organisational boundaries. To do that my Service needs to be registered and provisioned so that it will be visible to other services and enable communication with them. I can capture this information within my Service Model so that during deployment, I can automate the creation of, for example, users and groups. I can also capture metadata information in my service model so that it can be used during the registration of the system.

Or in true service bus architecture, I can automate the creation of Service Bus Client in my service which can be used as an API to built-in Service Bus features such as dynamic address resolution, dynamic mapping (transformation and translation) etc. and create the links to Service Bus enable reporting.

Reporting Model: This model captures service reporting and analysis requirements to enable applications to produce reports and metrics on the service.

Here is an example of Service Reporting Platform:

In my example, because I captured reporting requirements in my Service Model such as service interfaces should log incoming and outgoing messages, during automation my WCF service decorated with extenders that capture and forward the information to a store leaving developers concentrate on the function of service. Because the information is captured in a consistent way, it is easy to build a reporting platform to provide different views on the captured information; from audit to Key Performance Indicators.

As a summary, Models help you capture requirements of the service you want to develop. As well as capturing high level information about the service such as name and description of the service, it also capture low level details so that it can be used to develop source code. Let's have a look at the high level process one more time: First you do Capability Modelling using Capability Model Templates to produce Capability Models which in turn you use to produces Service Model Templates to capture service information in order to create Service Models and sub-models in Service Modelling exercise. Finally, you use Service Models to create partially-complete Source Code Templates for you to fill in the rest of the implementation details such business logic of your service during Service Development process.

Now let's have a look at what is available to you today:

Visual Studio Team System and Team Foundation
Domain Specific Languages (DSL): http://msdn2.microsoft.com/en-au/library/bb245773.aspx
Software Factories: http://msdn2.microsoft.com/en-au/library/bb245778.aspx
o Web Service Factory: http://msdn2.microsoft.com/en-au/library/bb245778.aspx
Guidance Automation Toolkit: http://msdn.microsoft.com/vstudio/teamsystem/Workshop/gat/intro.aspx
And not mentioning the mighty XML..

Complimentary resources on Microsoft Services Business Architecture (aka Motion)

Motion Lite: http://msdn2.microsoft.com/en-us/library/aa479343.aspx
Service-Oriented Modelling for Connected Systems: Part 1: http://msdn2.microsoft.com/en-au/library/bb245662.aspx
Service-Oriented Modelling for Connected Systems: Part 1: http://msdn2.microsoft.com/en-au/library/bb245673.aspx

I hope you got the idea, see you soon...

Notes from the Field - Managing and Operating BizTalk Solutions

2007-01-31T22:19:00Z

Hi,

I am delighted to announce that I will present two more important sessions at Notes from the Field event on "Managing and Operating BizTalk Solutions", please find the agenda below:

Session 1: Managing and Operating BizTalk Solutions

BizTalk Architecture Revisited!
Challenges in Managing and operating BizTalk Solutions
BizTalk Management and Operations Tools
Scripting
BizTalk Monitoring
Availability, Health and Performance
BizTalk Maintenance
Housekeeping
BizTalk Best Practices: “Design for Operations”

Session 2: BizTalk Process Monitoring and Tracking

Business Activity Monitoring (BAM)
BAM Architecture
BAM API
BAM Portal
Key Performance Indicators and Service Level Agreements
MOM

I will deliver both of the sessions twice on:

12th of February at Microsoft Campus, Thames Valley Park, Reading, RG6 1WG, UK
14th of February at Regus Office, Manchester Business Park, 3000 Aviator Way, Manchester, M22 5TG

You can find the detailed agenda attached. I hope to see you there...

The Soft Grid: The Future of Software

2007-01-29T20:22:00Z

Any application, on any machine, at any time... This is the promise of Microsoft SoftGrid v4.In SoftGrid's merging of software and utility, applications are de-coupled from operating systems to make them mobile and stateless, so they can be deployed where they need to be – in real-time. But how it works? Let's have a brief look....

Step 1 - Virtualise your application

First launch SoftGrid Sequencer, install your application in the same way it would be installed on your users' computers. Sequencer inspects the processes and builds its asset configuration such as files, registry settings for SystemGuard environment. Then run your application, during the the execution of your application sequencer ensures the integrity of the virtualisation process and verifies how your application interacts with the operating system.

Then use SoftGrid Sequencer to produce a SoftGrid (SFT) file containing the compressed data files of the sequenced application and the SystemGuard configuration for that application. The Sequencer also outputs an XML descriptor file used to manage, distribute and activate the application.

Finally publish your application to the SoftGrid Virtual Application Server. From there, it is delivered on-demand to your end users who are granted access rights to that application. The efficiency of the random-access file transport ensures the application launches with minimal network traffic.

Step 2 - Stream your applications On-demand

First assign end users access to an application. A shortcut icon to the application then automatically appears on the SoftGrid client desktop of each end user. When your users click the shortcut, the user issues a request from the SoftGrid client to the SoftGrid Server, which authenticates and authorizes the user to run the application based on license assignment and access rights.

After authentication is successful, the SoftGrid client "pulls" components of the application to the Windows desktop or Terminal Services server. Once enough code has been cached, the application will launch and the user can begin interaction. The application runs locally within SystemGuard, protecting the host OS and other applications.

Finally when a session ends, SystemGuard locally caches application code, settings and profiles. The SoftGrid Server records usage data, including application, user, time and length of use, to an ODBC data store.

Step 3 - Operate and Manage your virtual platform

SoftGrid provides all tools to operate and manage your environment smoothly. You can remotely control SoftGrid Clients, enforce policies, monitor and report real-time on users and applications.

Interested? You should be...

Watch the movie "The Soft Grid: The Future of Software" and check out the SoftGrid website for more details...

Notes from the Field - Architecture Days

2007-01-28T21:52:00Z

Hi folks

I have been quiet for a while as some life changing events (in a good way!) were happing recently... However, here is some fresh information and hopefully return blogging...

I recently gave 2 sessions on the 23rd and 2 sessions on 24th of January on Notes from the Field (NftF)- Architecture Days in Reading and Manchester. NftF is a series of events (including Workshops for some hands-on experience) where we share our field experience, highs and lows, to-dos and not to-dos gained from various engagements across UK.

Both went really well and found chance to dive into the following topics around BizTalk Server 2006:

Session 1: Detailed BizTalk Server 2006 Architecture

BizTalk Runtime Architecture: What are fundamental principals and components under the hood, common issues that our customers face day to day and how to avoid them?
Operations and Management Architecture: What are the common deployment patterns for scalability, performance and high availability, and best practices to operate and monitor BizTalk

Session 2: Designing BizTalk Server 2006 Solutions

Enterprise Application Integration (EAI): Common scenarios how BizTalk plays its part in EAI space?
Service Orientation Architectures (SOA): How BizTalk can "enable" service orientation and support it?
(Enterprise) Service Bus Architectures: What is Service Bus Architecture, how does it relate to Event Driven Architectures (EDA) and how SB architectures can be delivered using BizTalk today?
Existing/Common Problems and Solutions: Solutions to common issues such as "Where's my message gone?"

Next time, I am hoping to provide more information on upcoming events actually before the event :)

Web Service Subscription Models

2006-05-30T00:27:00Z

I'll publish a post soon on Web Service Subscription Models and associated business models that can be realized in web space. I'll be also covering security issues related to variety of architectural patterns to support different subscription models.

If you are interested please drop me your comments. Watch this space…

Threat Analysis and Modeling Tool

2006-05-25T13:06:00Z

Microsoft Threat Analysis & Modeling v2.0 RC1 is out. Tool allows non-security subject matter experts to enter already known information including business requirements and application architecture which is then used to produce a feature-rich threat model. Along with automatically identifying threats, the tool can produce valuable security artifacts such as:

- Data access control matrix
- Component access control matrix
- Subject-object matrix
- Data Flow
- Call Flow
- Trust Flow
- Attack Surface
- Focused reports

I have been using for the last couple of days, I am impressed with its capabilities and on-the-fly modelling support. There are few bugs tough but I hope they will be fixed in its final release. I am also looking forward to a framework to customize it such as adding more technologies and server software etc. Please see attachments for more screenshoots:

Threat Trees

Data Access Control Matrix

A must have for every architect!!!

Microsoft Shared Computer Toolkit for Windows XP

2006-05-21T22:58:00Z

The Microsoft Shared Computer Toolkit for Windows® XP. Version 1.1 software update is now available. The new version still offers the same powerful software tools for shared computers in classrooms, school computer labs, libraries, and other public places as the previous version, and also includes software updates that resolve a few known issues.

Get it here.

Shopping with Enterprise Service Trolley

2006-05-19T15:45:00Z

A few days ago my wife made me go for shopping with £5; shop for meat and shop for drinks. I took my Enterprise Service Trolley with me and began shopping. Here is the story and a question for you:

First I looked at local DIRECTORY to FIND a super market close to my home. I selected Safeway as it is 2 minutes away rather than Sainsbury’s which is 15 minutes away. This was my LOGIC. It was easy to BIND to Safeway because I've already been there a few times. As soon as I arrived there, I INVOKED them for steaks.

I found the steaks I was looking for and checked the expiry date on them, unfortunately they were expired. So, I asked for chicken breasts, I checked expiry date them which was fine. Then I looked at the price, and confirmed that it was within my budget - £4.99.

So I purchased the delicious chicken breasts and I did not forget to collect my RECIEPT just in case I might need to COMPENSATE. Meanwhile I did not force them to LOCK the chicken breasts for me and wait until I finish shop for drinks PROCESS.

Then I followed the same steps to FIND, BIND and INVOKE Oddbins for white wine as I bought chicken rather than steaks and white wine would go better. However there wasn’t any white wine left. I had to buy some beer.

I checked the price tags on different beer cans and checked the STATE of my shopping PROCESS by looking at my pocket where I found a receipt for £4.99 and my remaining budget. At this moment, I realised that I could not continue shopping and had to cancel shopping.

I left Oddbins and headed back to Safeway for refund. Thanks to the RECIEPT in my STATE I collected earlier, I got my money back and headed home…

By keeping the shopping PROCESS and its STATE with me, I did not have to rely on my wife and direction coming from her to complete the PROCESS; calling her mobile every time I did not know what to do: “No steaks left, what to do now?”, “Do I have to buy red or white wine?” etc. What if something happened to her during the shopping PROCESS? What if she fell asleep? Who would tell me to buy white wine if I already bought chicken? I would have also gone to a butcher as well to buy some steaks; I might have even ordered some steaks and collected them later on if it was defined in my PROCESS...

The Trustworthy Computing Security Development Lifecycle

2006-05-18T15:40:00Z

I am not sure if you have seen this before but it is an excellent article on trustworthy computing. This paper discusses the Trustworthy Computing Security Development Lifecycle (or SDL), a process that Microsoft has adopted for the development of software that needs to withstand malicious attack. The process encompasses the addition of a series of security-focused activities and deliverables to each of the phases of Microsoft's software development process. These activities and deliverables include the development of threat models during software design, the use of static analysis code-scanning tools during implementation, and the conduct of code reviews and security testing during a focused "security push". Before software subject to the SDL can be released, it must undergo a Final Security Review by a team independent from its development group. When compared to software that has not been subject to the SDL, software that has undergone the SDL has experienced a significantly reduced rate of external discovery of security vulnerabilities. This paper describes the SDL and discusses experience with its implementation across Microsoft software.

Read it here.

Typosquatting

2006-05-18T15:24:00Z

Typosquatting, also called URL hijacking, is a form of cybersquatting which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to an alternative address owned by a cybersquatter.

When a user visits a website, her browser may be instructed to visit other third-party domains without her knowledge. Some of these third-party domains raise security, privacy, and safety concerns. The Strider URL Tracer, available for download, is a tool that reveals these third-party domains and includes a Typo-Patrol feature that generates and scans sites that capitalize on inadvertent URL misspellings, a process known as typo-squatting. The tool also enables parents to block typo-squatting domains that serve adult ads on typos of children's websites. Visit the Microsoft Research website for more information.

Excellent tool.

Solutions Architecture Framework

2006-05-18T14:32:00Z

Journey from Business Vision to Business Value

Here is a high level framework I used over the years to propose solutions (RFP) to win contracts and sometimes to deliver the solutions. It is nothing like a formal method; the main reason for this framework is to design, develop and deploy solutions in a repeatable and consistent way to deliver constant business value.

I’d like to share it because I know that there are methodologies which are at OOD level, just focus on development, or other complicated ones for enterprise architects but it’s always a challenge to find some thing in the middle one level higher that SDLC, one level lower than Enterprise Architecture.

Top-Down

Understand that business is an organization established for generating profit. It is a commercial organization. And it is driven by “Business Drivers” such as internal and external forces and pressures that have significant influence on how the business performs and operates.

Understand Business Architecture: it describes the functions a business performs and the information it uses. Business architectures realises the business in an organised manner. Business architecture consists of the following key elements:

Business Organisation by Location
Business Organisation by People
Business Knowledge and Experience
Business Needs and Priorities
Business Schedules and Plans

Understand Technical Architecture: It is the implementation of business architecture realized by technical components such as software applications, databases, infrastructure, and communication between those. Technical architecture defines information and application technology architecture in terms of:

Application Architecture
Service Architecture
Database Architecture
Infrastructure Architecture
Integration Architecture

Bottom-Up

Understand Solution Foundation: it is the technical basis of every system to be built on and with. These foundations are:

Tools
Technologies
Standards

Understand Solution Patterns: solution pattern is a "solution to a problem in context"; that is, it represents a high-quality solution to a recurring problem. Solutions patterns are not limited to “Design Patterns” but extend to the following patterns:

Application Patterns
Service Patterns
Data Patterns
Infrastructure Patterns
Integration Patterns

Alignment – Meet in the Middle

Solution architecture is the detailed description of the solution designed to solve business and technical problems; it provides such architecture that when implemented, it delivers value.

Alignment of Business Architecture, Technical Architecture and Solution Architecture is vital to delivering business value. Complying with business requirements and vision as well as following IT strategy for short term and long terms commitments is fundamental characteristic of a winning solution.

After verifying the solution architecture aligned with the business, the solution is developed by using a proven SDLC such as MSF Agile or SCRUM. It is recommended to employ an iterative/incremental development and deployment process to deliver Business Value as early as possible within a consistent and stable environment.

Better Security

2006-04-23T12:20:00Z

Security is a complex issue and still a challenge for developers and designers. Security is one of those practices that “must be there at the beginning”. It is extremely difficult and costly to secure an application while it’s in “testing” stage, not mentioning the risks.

Writing secure code in not easy if you have limited resources, tools and guidelines. I am regularly receiving questions from my clients, friends and old colleagues about security; majority of those questions are around guidelines and practices. That’s why I am posting this article as a starting-point which covers the fundamental topics around security.

Use the following guidelines in your design and development stages to help you.

.NET Framework 2.0 Security Guidelines
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0003.asp

ADO.NET 2.0 Security Guidelines
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0002.asp

ASP.NET 2.0 Security Guidelines
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagguidelines0001.asp

One of the practices I found very useful over the years is making “Security Review” one of the fundamental practices in your development methodology; it doesn’t matter which one it is, MSF, RUP, Scrum, XP etc. And try to use the following checklist as quality criteria for your code. Trust me it works!

.NET Framework 2.0 Security Checklist
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0003.asp

ADO.NET 2.0 Security Checklist
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0002.asp

ASP.NET 2.0 Security Checklist
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/pagck0001.asp

If you are interested in integrating security into your development lifecycle as I mentioned earlier, and looking for a one-stop reference on security then download Developer Highway Code here: http://go.microsoft.com/?linkid=4509402 extremely useful one-stop-reference:

And lastly, raise “Security Awareness”; do talk about it, do ask questions about it, do tell stories about it, do encourage your colleagues and managers and don’t afraid of it. There is no “Best” in security space but there is always “Better”.