Sunday, October 30, 2016

Rebuilding The News: ARM Resource Group Deployment

One of my side projects, for a long time I guess, has been an RSS news aggregator. One of the project I have currently is to rebuild the news, and add a ton of features.  I'm hoping to blog about all the different steps I'm taking as I journey through using different Azure features and services.

The first thing we are going to do today, is discuss the setup of a resource group to hold all of the news components.  Here are the tasks I want to accomplish:

1) Create a Service Principal (with password) for managing the Sleepy Security News resource group
2) Create an ARM template to host all the resources
3) Assign the contributor permission to the service principal for this resource group

Creating a Service Principal

Creating a service principal is actually quite easy with the new powershell commandlets.  You can find instructions here.  I opted to create a service principal with password rather than certificate.  Your decision here will strictly depend on your security needs and what fits best with your organization.

The following code snippit outlines the key steps:

PS C:\WINDOWS\system32> $ssnAppCredentials = (Get-Credential)
PS C:\WINDOWS\system32> $ssnApp = New-AzureRMADApplication -DisplayName "ssnApp" -HomePage "http://news.sleepysecurity.ninja" -IdentifierUris "http://news.sleepysecurity.ninja" -Password $ssnAppCredentials.Password
PS C:\WINDOWS\system32> New-AzureRmADServicePrincipal -ApplicationId $ssnApp.ApplicationId

Essentially this creates a service principal in AAD, but does not assign it any roles or permissions.

Create a base Resource Group and Assign the Role

Being a developer, I've opted to use Visual Studio as my engine for creating ARM templates.  You can see the setup steps for this here.  In my case, the only resource that I will be adding is the permissions for the service principal.  Therefore, my template that I started with is blank.

Role permissions can be assigned via ARM templates, but it is a little tricky.  The github example can be found here.

A couple of notes about this template:
- The API version has changed, so you will be prompted to update it.  It should be "2014-10-01-preview"
- The name of this resource needs to be a GUID.  There is currently no way to make a guid in ARM templates, so you will need to assign one
- You will need the application object ID, which can be found when you create the new service principal, or by simply running the equivalent get command.
- The role types are also GUIDs and are hard coded.  I haven't experimented how to make this work with custom roles, but the examples in github repo works.

When all is said and done, and you have deployed the template, you should see the following permissions/roles assigned:


Access = Assigned means that it was assigned at this level (as opposed to inherited).  Contributor was the role I had selected.

Now that the base has been created, I can start adding and securing resources within this resource group.


Sunday, October 23, 2016

Some thoughts on planning for a potential hire

I am currently half-way through a great book on management, The Art of Managing Professional Services, and I am constantly reminded of the challenge faced when trying to decided who to select as a next hire. According to chapter 2, titled People, 98% of the respondents ranked talent management as a critical issue for their organization.  While this book is solely focused on professional services, where the employee is in fact the product, I'd like to think that this issue holds true for most industries and organizations. 

In the book, the author(s) talk about the seven essentials of talent management, number three being the idea that you should be recruiting the right people from the start.  This is sage advice, and the book expands on this by talking about various recruiting issues at different companies. 

I think that, ultimately, there are a lot of frameworks out there for helping companies recruit the right individuals.  There are many techniques, and while not all of them will work in any situation, it is important to have tools in your tool belt. This post, however, is more about planning for a potential hire, rather than techniques on how to hire the right individual.  I think that it is important, at the outset, that you define what you are looking for in an employee and that goes beyond the traditional job description.  Have a look at the chart below.  

Capability Breakdown 
What they contribute 
What they learn 
What they teach 
What they do What they teach 
What they learn 
What they do 
What they contribute 
meta-chart.com

What they do 

To me, this is still the number one criteria for hiring a new employee.  Ultimately, you still need someone to perform the task at hand.  There are numerous techniques here, and, depending on your industry, may include the following: 
  • Numerous interviews with different members of the team 
  • On-the-interview quizzes and puzzles
  • Reference checks 
  • Internships / trials 
  • Reviewing prior work (public or private) 
  • And so on 

I would argue that it isn't solely what they do that is the point of this section, but also HOW they do it.  One good reference would be Netflix with their stance on "brilliant jerks".  You will probably care about a lot more than simply what they do.   

The last thing that I include on what they do is cultural fit.  While a bit of a stretch, I feel it fits in here (no pun intended).  In the graphic above, I put this at 50%.  I think that depending on the role you are hiring for, this will probably vary between 40% and 80%. 

What they teach 

Depending on the role and the circumstances in which you are bringing someone on board, you may care about what they are able to teach the rest of the team.  One example of this is  hiring a new delivery resource for a professional services firm.  You care about their core skill set, but you may look for a supporting skill set that this resource could add to the team.  For example, lets say a delivery resource that has strong project management skills.  It doesn't matter why or how they acquired them, only that they have demonstrated proficiency in it, and that they are willing and able to teach the rest of the team. 

In the graphic above, I've put this at 20 percent.  I'd see this ranging anywhere from 10% to 30%. 

What they can learn 

I am a firm believer that innovation only occurs when someone takes ideas from one field of practice and applies it to another.  You can see evidence of this in practice when people develop cross-functional teams to solve problems.  I think a key component of deciding who the next hire is, is understanding what they can learn.  Maybe you are hiring a new potential leader, and want to ensure that this person can grow into that role.  Maybe you are taking a chance on an outsider to your industry, hoping they can learn the ropes, but infuse the knowledge they do have to realize competitive gains. 

In the graphic above, I've put this at 20 percent.  Like teaching, I see this ranging from 10% to 30%. 

What they contribute 

Building a culture and a community around where you work is key to success.  For many businesses, it is important and critical that employees contribute to areas outside what they've been "hired to do".  Maybe you are getting a good resource who has a hobby in marketing, or design.  Aiming to hire people that are multi-functional is a great strategy and important to long term growth.  This is especially true in the small/medium business space.   

In the above graphic, I've put this at 10%.  This may vary, but I'm honestly not sure what the range or values should be. 

I think that the above framework could be used to help plan for potential hires.  Once you know what the weightings of the above are, you can start to tailor job descriptions, interview questions, and candidate pools accordingly.   I feel like weightings are going to change drastically depending on the circumstances of the hire, and the requirements of the role itself.  What are some of the aspects you think of when making decisions on the capabilities of the next hire?