Experiences while in Cuba

In an earlier post, I wrote about some of the things to know before and during a trip to Cuba. It was a unique experience for my three travel companions and I. Everyone has a different experience, depending on their expectations going in. We expected a bit more “touristy” stuff, given that Europeans and Canadians have been going to Cuba for many years. But we also expected it would not be like any other experience and were not disappointed. The following is a summary of my experience there. The ratings of the experiences are my own and may not be shared by my travel companions.

The Very Good

I’d classify this category as I’d be happy to do it again and at any time. Each of these offers a good reason to return.

Meeting The People of Cuba

In general, we found all the people that we had conversations with to be extremely pleasant and courteous to us. Hotel employees, restaurant servers, people we asked directions of, including police, farmers and small town residents. This is a very poor country. Education is free and good, going right through to graduate and medical school. There are many talented people in the country. But those jobs don’t pay well. An engineer or optometrist might make 30 CUC a month. (1 CUC = 1 us $). A doctor might make 40 CUC a month….a month….It’s not a mistake. And they might only work 2 days a week at those jobs. So they take tourist related jobs where they can get additional income and tips. We met an optometrist that cleans apartments. Engineers and doctors that drive taxi’s. It was heart breaking to see this and hear their stories. They were genuinely nice people. Food there is expensive. Many live day to day on rice and beans. They work in hotels and restaurants so they can get better meals and maybe even bring food home.

There were many beggars in Havana. There were also people that would be extremely nice, only on the hope that they could receive a tip from you or a commission from the person that they brought new business too. However, the good far outweighed the bad here. We generally felt very comfortable, regardless of where we were traveling.

I mistakenly left the B&B with one of the two sets of keys. There were three keys to the apartment. I was in Varadero when I realized the error. I texted our host and she told me to leave the keys are the rental car stand at the airport. Honestly, I’d have a hard time doing this in the US. My prejudice would say to never do that in Cuba. At the counter, which is more like a glorified lemonade stand with a main person and several others hanging out to move cars, the counter person took the keys, put a label on them, stapled them to a rental car brochure. I wrote the host name and phone number down. He told me his name and said to pass it on to her. Four hours later, she stopped at the airport and got her keys. A wonderful example of the kindness of the people of Cuba.

Airbnb – Casa Colon in Vieja Habana

There are three parts of this review. 1. Apartment. 2. Location and 3. Host. The Apartment was wonderful. Two queen size beds, a lovely living room, patio and kitchen. It was very clean, well stocked with snacks and drinks with a mini-bar hotel quality that made us very comfortable to be there.  It was located on the fringe of Vieja Habana (Old Havana) and allowed us to walk throughout this area. We could also easily find cabs to and from the apartment. Cab drivers can easily find the apartment as it is next to the Parkview Hotel, which we used as our reference point.
Our host, Ana Travieso, and her staff of cooks and cleaners were phenomenal. Ana picked us up at the airport on our arrival and then took us back to the airport and our next hotels on this trip. The breakfasts were very large and wonderfully prepared. There was something, or better said, a lot of things available for any type of breakfast that someone can imagine. Ana also provided us with local tourist and restaurant recommendations that were extremely valuable and spot-on to what we were looking for on this trip. Havana is a great experience but not a paradise. Ana provided us with the knowledge to make it an excellent experience. Note: Leave your computers behind when traveling to Cuba. Wifi is a paid utility via cards that you pre-purchase. Price varies from $1.50 -$3 per hour. That’s everywhere and not unique to Casa Colon. We were able to use the wifi here when we wanted.

ChaChaCha’ Restaurant in Vieja Habana

At Ana’s recommendation, our first meal, a late lunch, was here, just two blocks from the apartment. It was tremendous. The Shrimp in Garlic was delicious. Another winner was the Lobster salad. A huge and delicious portion. This was our second favorite restaurant.

El Del Frente Restaurant in Vieja Habana

We were trying to get to the restaurant known as 304 O’Reilly or O’Reilly 304. It’s #304 on Calle O’Reilly.   As American’s this looks to be a good Irish name. However, to locals, it is pronounced closer to Orelia. Thank goodness for the hard copy map. Well, we couldn’t get in. But the server suggested the restaurant across the street at #303 and owned by the same company. The server there said if we were willing to eat fast and be done before their reservation in 50 minutes, we could stay. He agreed to serve us quickly and then did just that. It was a phenomenal dinner. There was a watermelon mojito that was fantastic and ordered by two of us. The others got Pina Colada’s. In a second round the Colada drinkers ordered the mojito’s. They came without Rum. When we notified the server, he came with the bottle and gave it to us. Three of us got three different varieties of delicious Taco’s. The menu only says Taco’s. However, when asked, there were Lobster, mixed seafood and meat Taco’s. We got one of each and shared. All great.img_0085

Mojito’s – the drink

When in Cuba, the Mojito is king. We had them everywhere of the basic variety, with one exception for a Watermelon flavored one. All were good. We generally had no problem ordering four mojito’s at a time, other than breakfast. They take a bit more time to prepare, but it’s worth it.

Bridge at Mirador de Bacunayagua

This is a rest area overlooking a bridge that spans a very large valley. It is on Via Blanca, the main road between Havana and Matanza’s along the shore, en-route to Varadero. The real attraction was the Pina Colada’s they serve at the stop. They give you the bottle of rum to mix to your own consistency….Excellent!  We acquired some souvenirs here as well. Parking was 1 CUC, but worth it.

At the scenic vista, there were a number of large birds, probably vultures, riding the air waves. They were above and below us. It was a spectacular vista.

the bridge at Mirador de Bacunayagua

Beach in Varadero

I’m no beach expert, but this was the nicest beach I’ve ever experienced. I was told that this is true of the North shore of Varadero, so other hotels would be like this too. And I’m not talking about bars and sailboats and the extras a hotel might offer. This is pure sand: no rocks, no shells. It’s got a gentle slope into the water where you can walk out quite a bit. There was some surf for occasional body surfing, but nothing scary. There was a wind that blew this fine sand along the beach. We were told that’s abnormal for the area. You’d better cover any food and drink to avoid chewing sand. The air temp was 85 F. The sun was out. But the sand wasn’t blistering hot. It was very comfortable. The downside? We brought a lot of that fine sand into our hotel room.

Buying Rum to bring home

There was a Rum store in Varadero close to our hotel. It was a substantial discount to the rum and cigar store at the hotel. We got 5  half shots of rum to taste test. I never knew there was chocolate and coffee rum…well, I guess if you can do that with Vodka, you can do it with anything. Needless to say, we bought several bottles for the trip home. Don’t forget you’ll need extra time, and maybe money, to check the bag with the bottles and then wait 30 minutes at the carousel at your destination.

Rum store in Varadero

Our other experiences – the Good

I guess I’d have to say that these were good enough to do again, but not necessarily the reason to do it all again.

Museo de Bella Artes in Vieja Habana

Interesting museum across 3 levels. Very large spaces. Most of the art was post 1959. Many of the styles mimicked those of the US during the same period. There was also some “ancient” art from the 18th century on. Works similar to Gilbert Stuart, so matching that timeframe as well. A lot of pro-Castro and Che Guevara in this collection. It was a reasonable cost and interesting viewing. It was conveniently located one block from our Airbnb.

Museo de la Revolucion

This was more of a military museum. Missile launchers, tanks, helicopters, Jeeps (Willys) and other instruments of destruction outside. Inside a glass enclosed building was Fidel Castro’s yacht. Supposedly, for 8 CUC, you can walk into this park/museum to see it. If you walk around the park, you’ll see it all for free. Note: at night, there are soldiers on each of the four sides of the park to protect the museum. Interesting. After reading the weblink I added, I see there was a palace next door that we could have visited as well. That would have been more interesting than the military equipment.

Plaza Vieja for the Cuerdo Vive concert

It’s a nice old plaza, in a European mold. A nice restaurant, Factoria Plaza Vieja on one side. Street vendors in the corners. I love the Maiz – corn on the cob nicely seasoned and on a skewer to eat. Didn’t get one this trip, but I was drooling for one…The lines were too long. While there, they were setting up for a concert: Cuerda Vive 15th Anniversary. It translates to Cord lives, but featured acoustic guitars. That was on Thursday. On Friday afternoon, we saw them broadcasting on TV. Each performer got two songs. We arrived four hours later and the plaza was packed and the music continued.

Plaza Viaja being set up before the concert in panoramic view. Factoria Plaza Viaja restaurant on the left.


Churro vendor outside Plaza Viaja.

Hotel Nacional – Malecon Havana

The treat here was to see the sunset on the Malecon and have a mojito from one of several outdoor bars on the property. This is the most famous hotel in Cuba. Celebrities and dignitaries stay here. It was very well maintained as it has never gone out of favor. The drinks were good, but pricier than elsewhere. We arrived 5 minutes late as it is not a trivial place to drive into. However, two drinks later and we were well prepared for dinner.

Paladar Vistamar in Miramar Havana

This was highly recommended. A Paladar is typically a family owned restaurant in a home. This was a traditional restaurant with three floors. It was attached to what appeared to be a defunct hotel. One level surrounded the empty hotel pool. We ate on the top floor, outside. This is situated just above the north shore of Cuba. It was a beautiful evening and a decent  meal. We had to make a reservation here. It was packed.

Barcelo Solymar  hotel in Varadero

We originally booked our trip, via GalaHotels at Be Live Experience Las Morlas. In early February, we were informed, via a cryptic note,  that we’d been moved to Barcelo Arenas Blancas which adjoined the Solymar. We decided to stop at Las Morlas to see why we’d moved. It seems someone had cancelled the reservation in December. I’m guessing GalaHotels scrambled to get us a new place in early February. We showed up at Arenas Blancas and were told we were booked next door. Well, we lucked out. The quality of the pool, bars and facilities of Solymar were superior to Arenas Blancas.

Like the rest of Cuba, this hotel was aged and needed some repairs. However, it did seem to be getting some attention, though not soon enough to cover all the blemishes it had. The lobby had vines growing that were five floors long and provided wall to wall covering. That must have required a lot of maintenance. However, the hallway lights going to our room were out for the entire corridor. I could imagine a single woman getting a bit nervous going through there themselves.

The room had two queen beds. Our shower needed three door panels to keep water out. It only had two of the three and the missing one was closest to the shower head, so unless you removed the head and stood behind the second panel, water went all over the floor. There were three pools between the two Barcelo hotels. The pool directly by Solymar was the best and the only one we used. It was nice and comfortable. The beach was a short hike from our room. The beach itself: sand and water, was one of the best tropical beaches we have ever been at. The sand is fine, there are no rocks or shells. There is a gentle slope in the water and you can walk out quite a way. While there, we had a decent surf and fairly strong wind. This was wonderful. The beach has a number of “palm umbrellas” known as palapas. These were pretty old and poorly maintained. They weren’t much of a sun blocker due to the number of missing palms. The beach bar was terrific and there were a number of recreational activities to take advantage of at the beach. The hotel is all inclusive. There is a large buffet restaurant, with plenty of seating,  in each hotel and five separate restaurants that require reservations. Book reservations early, if you want to go to one. We went to the Seafood restaurant once. There were three main courses to choose from, a soup, salad buffet and dessert. Honestly, when we left, we all agreed that the buffet would probably have been better. The buffet covered three meals a day. There were many, many choices. The servers were terrific. The hot food stations, were food was cooked to order, was probably the best, as the food was hot. Other stations, where the food was in pans, was not so hot. And you’d recognize some of the food from the evening before. Fruit, breads and drinks were very good. All of the hotel employees provided fantastic service to us and answered any questions we had. We greatly appreciated their efforts.

Pina Colada’s – the drink

We figured this is a tropical island, so Pina Colada’s would be native. Cuban’s consider this an international drink. So they charge a little more. The important thing to note is how they are made. Several use powder mixes. Ugh. Some didn’t use creme de coco, so it was just Pineapple juice and rum. Not bad, but not too sweet. Others were fantastic. And a variety of places split an cored a pineapple, put the drink in the core, cut and notch in the top and provided the whole thing to you. In one case, they gave you the rum bottle to “season to taste”. That meant drinking the virgin Colada enough to add room for the rum. If all of them were as good as those, this would be in the Very Good category.

Pina Colada in the fruit

Buying Art

While I didn’t participate in this activity, those that I was with did quite effectively. No hidden Picasso’s but there are plenty of prints to acquire in Cuba. Just make sure they aren’t the factory models that are mass produced by forgers/copiers of the realm thing. img_0021

Buying Cigars

Again, I didn’t participate, but we got tremendous advice from some large cigar shops to some small ones. There were always people on the street trying to sell us “local varieties” that were rummage sale carryovers/forgeries of name brands. Ultimately, we acquired some premium brands, but they were not cheap. As much as 25CUC per cigar.

Walking along Paseo di Marti (aka Prado)

This is the main drag that separates Old Havana from central Havana. The Capitol is there, a number of museums, restaurants and other tourist attractions. It’s a divided boulevard.

Easy to walk, wide open and lots of picture opportunities.

National Capitol (Capitolio). To reopen June 2017

Pedestrian Traffic

In Cuba, automobiles have the right of way. If you plan on crossing a street, beware. The drivers seem out to get you. If the light is green ahead of you and you feel it is safe to cross a side street, you’d be wrong. A turning vehicle could hit you. This is a sharp contrast to NYC where the pedestrian has the right of way. It takes a bit to get used to.

Our other experiences – the not so Good

Not the sole reason for not returning to Cuba, but these are things that catch you attention in a negative way.


Through out the cities and country side are billboards claiming, in large print, that Castro will forever be with us. Long Live the Revolution. Che (Guevara) and Fidel.My guess is Fidel was beloved when the revolution occurred. But given the income and environment today, most people weren’t too pleased with the results.

Police presence

One local told us there were 2 million people in Havana. 1 million residents and 1 million policemen. Everywhere we went, there were National, City, local and military personnel. One the highway, there was a motorcycle policeman about every 10 kilometers. It was both intimidating (we didn’t speed) and reassuring in large crowds. But it did give us pause as we saw so many of them.

Sloppy Joe’s Restaurant

This is a tourist trap that’s very well done and close to the National Capitol (Capitolio). It was also close to our apartment. The drinks were okay and the food was passable. But it was also more expensive. It wasn’t worth a second visit. But lots of celebrities have been there.

San Jose Market – Vieja Habana

This is a huge market with many cubicles, similar to some of the open air markets of NYC. However, you could classify the cubicles. Wooden toys. Clothing. Cuban memorabilia. And the contents of each were the same as a dozen other cubes. This merchandise was all mass produced. It was the same stuff that we saw in markets and private home stairwells throughout the city. None of it was worth it.

Walking along Calle Muralla to Plaza Vieja

One of our party got very nervous walking down the street. It’s a run down street. Many private homes selling wares and begging you to come inside. A mass of people going up and down the street with the majority being locals and not tourists. It’s easy to see how intimidating such a place can be, given concerns going into the trip. However, as stated earlier, it was a very safe area. Locals are punished heavily if they do anything negative to tourists. So the reality is, it’s a tolerance. But if large crowds of locals concern you, head down the parallel streets of Obispo (large market dedicated to tourists) and O’Reilly instead. More tourists than locals there. Maybe even less crowded.

Hotel Copacabana – Miramar Havana

This was a functional hotel. Kind of like Hotel 6. Not a lot of frills. It is located on the Malecon, with direct access to the shoreline. It was very different from what we expected. The hotel itself, was similar to much of what we found in Havana: time has passed and there were a lot of cosmetic updates that could be made. The rooms themselves were large enough and beds comfortable. The bathroom worked well. Overall, the interior of the building looked dirty and paint was peeling and doors were rusty. There are two pools. The fresh water, in-ground pool is large enough and comfortable while in it. However, it’s old, you need to be careful around the edges and the cement statues in the center of the pool have worn down, with age, to the point they are no longer recognizable.

The “natural pool” is a seaside salt water pool. It is aged and somewhat difficult to enter, due to a sharp drop off and slippery algae. You’ll need to use the attached rope to lower yourself into it. However, once in it, it was actually warmer than the fresh water pool. This really looked like a Roman ruin. However, it was still enjoyable to the people that took advantage of it.
The breakfast buffet was passable. Much of the food had been sitting awhile and was cool. This is something we found “typical” at other hotels we visited. I’d look for something else before staying there again. However, I would stay there again, if necessary, as at least I’d have a proper expectation for next time.

Pool at Hotel Copacabana in panoramic view
Natural (sea water) pool at Copacabana in panoramic view. Wall is actually straight.


I was going to put this and car rentals under a category of bad – something you never want to do again. However, the reality is, if you ever want to travel in Cuba, you need to be able to navigate. Do not under estimate the value of detailed paper maps. Reality is, you need multiple maps of the same area. One with a high level view to show street navigation. And then multiple levels smaller that show the details of shops, restaurants and tourist destinations so that there is a frame of reference to easily find them. When driving a distance, you must come up with turn by turn directions that are better than the text of Google Maps. Even their mini maps don’t show the details necessary to navigate. So plot out some basic things you want to do. Once behind the wheel, you’ll need a good navigator or plan to stop often to check if you are traveling in the correct direction.

Car rentals

Can’t live with them, can’t live without them. As such, this can’t be bad, but it doesn’t have to be good either!

The problem here was the wait time to get the car and the quality of the transmission. Otherwise, we had a pretty big car, compared to what I thought we’d get. We got where we needed to get to, eventually. With the alternative being buses for long distance driving, the car rental was terrific. Know in advance that the wait can be terrible.



Traveling to Cuba

This is remarkably different than my usual IT related entries. Back in October 2016, I received an email announcing travel from NY to Havana will begin in December for $99 each way. I bought 4 tickets for February and informed my travel mates. Those dates weren’t good, but re-booking within 24 hours, without penalty,  and we had the start of a trip.

While American’s haven’t been traveling easily into Cuba since 1959, Europeans and Canadians have been. As such, there is a tourism industry that we can leverage to find hotels and Bed and Breakfasts, as well as rental cars and tourism spots.

An interesting place to visit, but….

The net, from my travel companions and my visit was that Cuba is an experience. It is far from a tropical paradise. It’s a third world country that requires a tremendous amount of improvements and cleaning to come up to what we’ve become used to in the US. It’s something we are very glad that we did, but there will be no rush to go back. Maybe in 10 years after they’ve completed some of the planned updates. I can say that we felt pretty safe there. It was easy to get in and out of both countries but there were a lot of “lessons learned” from our experience.


Through friends, we found some great resources. One of the best was this blog: cuba-travel-guide-for-americans. I don’t want to repeat everything they said. Take a look at that for yourself. Here’s an update to some of that info:

Fly directly

We booked our round trip to Havana. However, we ended our trip in Varadero. In hindsight, we should have flown home from the Varadero airport, a 20 minute ride vs. the 2 hour trip we took back to Havana. There are many airline choices now, but not all go to the same cities. JetBlue, for example, doesn’t fly into Varadero. However, had I waited two weeks, I could have gotten the same price from American Airlines or Delta.

At JFK, there was a separate line, downstairs from the JetBlue normal counters exclusively for the Cuba flight check-ins. You buy the VISA there. It’s a pretty long line, so get there at least 45 minutes earlier than you would a normal international flight. There was no online check-in for either to or from Havana, because of this.

Customs into Cuba

Pretty simple. On the plane, you receive two forms to fill out. 1. About the trip and where you’ll stay in Cuba. One per family.  2. Medical facts about you. Each person fills this out.  On the trip form, there is the Reason for Trip. We checked off Other, as Tourism is not yet a legal reason for entering Cuba. We were there in Support of the Cuban People. That is one of the 12 allowable reasons to enter the country.

One person at a time can see the customs agent. Do not go up as a family, though one person can take child(ren). They stamped the Visa, took half and stamped the passport. Your picture is taken. Receive the other half of the Visa. DON’T LOSE the second side of the visa that is stamped on entry to Cuba. You’ll need that to get out.

As you exit the terminal, you hand the medical form to someone in a white medical looking coat. They didn’t look at it. Just added it to a pile.

They then Xray your belongs upon entering the country. You are in.

Customs out of Cuba (Emigracion)

They take you picture leaving. Again, one person at a time to the Customs agent….why say this? One in our party waited ahead of the “Wait Here” line. They moved that person to two different lines and an extra five minute wait. We have no other reason for them being moved, other than being “too anxious”. It wasn’t a problem. There was no extra scrutiny, but a longer wait. As we waited for the x-ray of our belongings after that, they were able to cut the line to us, so it really wasn’t terrible.

Customs into the US

This is where we expected extra scrutiny. However, it was no different that any other international trip that I’ve been on. I’m GOES eligible and used the expedited lines as I normally would. My travel companions were not, and were only five minutes behind me. Same questions you’d get on any international flight.


Internet Service

We found cards at the b&b and hotels to range from 1.50 to 3 CUC for an hour. Once you use them, don’t forget to turn off wifi in case you want to sign in again later. They have no problem letting you stay on longer and having the time expire. Also note that they don’t allow you to finish the left over time on another device. Card is good for one device only. We also tried to set up a Personal Hotspot to allow multiple computers to share, but that didn’t work. It’s “the standard” system, though out Cuba. We found there were times that it wouldn’t get to the sign on page. We opened Safari up and tried that. We re-booted iPhones. Sometimes, it was due to too many people signed on at once and others was that even though you appeared to be successful on the wifi, you weren’t close enough to the hotspot  to allow the user sign on screen, which comes after wifi connect,  to occur.


US Credit cards still do not work. We pre-paid for all rooms and rental cars to reduce our cash outlay. We converted US dollars to Euro’s prior to the trip. Then Euro’s to CUC in Cuba. Net – we lost $100 through the two transactions. That was way more than the 10% penalty to convert US $’s to CUC in Cuba. We converted directly  on the way home.


We used Airbnb for a full apartment for two nights. FANTASTIC. We saw many, many Casa Particular (the sign with the T logo) though out Vieja Habana (Old Havana). Not a chance we would have stayed at any of those or the many, many we saw throughout the country side. Run down terrible looking places. If you don’t know someone that’s stayed there, already, beware. More on our B&B experience in my next entry.

As for the hotels, don’t be looking for a US hotel experience. The hotels we stayed at were older and needed major cosmetic improvements. For the price, I can’t really complain. But buffet meals might have a wide selection, but isn’t always very hot, unless it’s made to order. Rooms were adequate, but in need of repairs. Pools were okay, but also in need of repair. Some of the hotels were abandoned for many years and then “restored” for usage. The level of restoration might be as little as a coat of paint. One of our hotels had signs inside for the original hotel name.

We used GalaHotels to rent hotels in Havana and Varadero. Both looked reputable. Photos and amenities were okay. US credit card processing was good. Price was good. However, they changed one hotel on us two weeks before the trip. A very poor explanation and the email I received didn’t look credible, although the email addresses all pointed to their website vs some bogus site. It was too late for us to argue or re-book elsewhere. It might actually have been given a better hotel, but it didn’t have the same reviews as our original. In hindsight, I might use TripAdvisor next time for the booking. Oh wait, will there be a next time? 🙂

Transportation and Navigation

Lot’s of topics to update here.

Taxi’s in Havana and Varadero

There are many taxi’s from horse drawn carts, Coco cars, 1950’s era cars and modern “yellow cabs”. We found the rates to be reasonable. Ask for the cost to your destination before you get in the vehicle. Also make sure they agree that they know the destination as well. They typically didn’t know our street name, but knew the hotel next to our apartment. We didn’t use any of the Collective Taxi’s as there were always four of us traveling.


Within Havana, the buses are way over crowded and dozen’s of people were waiting to get on board an overly crowed bus. Some people waited hours for buses that seemed to go by regularly, because of the crowding. We didn’t do that.

Rental Cars

We rented a car for four days, to get us from Havana to Varadero and back. I wish we could have rented for three days, but there were no vehicles available on a Sunday (they are open 24 hours at the airport), so we got it on Sunday. This is NOT gold service of a US rental car facility. We checked in at 10AM for our car. We got it at 1:30PM. We had to switch airline terminals (Havana 3 to Havana 1), which took over an hour. We rented from Cubanacar, which, like Havanauto, is owned by the government. They shared an office at Terminal 1. There were 4 closed doors and a lot of people waiting. Well, after an hour wait, we were re-directed to the office next door, which was Cubanacar alone. In any case, if you are waiting in line, anywhere, show a native why you are waiting and have them ensure you are in the right place. There is also a 200CUC security deposit and another 95CUC deposit for gas and insurance that you must have cash for at pickup. Several people ahead of us didn’t have that and went to an ATM to Cambio de Moneda to exchange money. 5 to 10 minutes. They wouldn’t wait on another customer until the prior transaction completed. Get some water before you get in line!

The car itself, was nice enough looking. It was an EMGRAND vehicle with 5 speed manual transmission and AC. Other than comfortable seats, the AC was terrible. Plenty of scratches on the car. They had spray painted over some of it. No worries. They did a good job of marking the problem areas so we wouldn’t get charged later. The cigarette lighter didn’t work. We had hoped to use that as a phone charging location. And the transmission was okay, as it shifted easily and correctly,  but the car had no power. Most of the speed limit to Varadero was 100 kph/62 mph. The car was lucky to get to 105 kph. On hills, it dropped down to 80 kph/50 mph. We were getting passed by mopeds. It was ridiculous.

We didn’t leave ourselves much time to get to the airport, due to getting lost. (see below). We were able to leave the car at Terminal 3, at the counter we originally waited an hour to get a ride to Terminal 1. They processed the car in less than 5 minutes. We lost the 95CUC deposit because we didn’t take time to fill the gas. But we quickly got the 200CUC security deposit back. We were quite thankful for that. It could have been an additional 1/2 hour to drop off at Terminal 1 and pay for a taxi to get us back to Terminal 3. We didn’t have the time for that.


There are very few street signs. There are very few one way signs. There are no automated railroad crossings. You better stop, look and listen before crossing, as everyone else will. This is even though our B&B host said they’d only seen one train in the last three months.

We had some great maps. Small, laminated tri- or four-fold ones, that were easy to carry. We couldn’t have survived without them. We never could have driven in Havana if we hadn’t walked through it for two days. What looks like an interstate on a map may only be a two lane road, with horse carts, mopeds and pedestrians along the edge, taking up space and going slow.

GPS’ don’t work, as there is no over the air internet through cell phone signal. Download directions onto your phone, prior to using Google Maps. We printed Google Map directions, but it didn’t give you any reference points, other than distance and “turn right”. Not that it mattered as less than 50% of the streets had street signs so you’d know the name.

Example, we were leaving Varadero to go back to Havana. We had driven along the coast on  Via Blanca, which was good, but the map implied a southern route was more “interstate like”. We saw a blue directional sign to La Habana, which directed us on a southerly route and a good road. When that road became closer to dirt and in a very congested farm town, we asked for directions. Net: 1:45 hours of driving in the wrong direction. We went almost back to Varadero and went back on Via Blanca. We asked a policeman and he suggested that was 2 lanes in each direction and far faster than the southern route we were looking for.

There are two routes into Jose Marti airport. The shorter one is not marked. We were fortunate that our Airbnb host had picked us up at the airport and driven us back to get the rental car. When we left with the rental car from Terminal 1, we “followed the signs” that got us to the longer route to Habana. As such, when we took the longer route back in, we were familiar with the back roads between the terminals, which again, aren’t well marked. Terminal 3 is for Internationale flights and Terminal 1 is for Nacional flights. Big yellow signs.

Asking People for Directions

We were fortunate to have a person fluent in Spanish and another that had some basic understanding. While driving, we met some wonderful people that were willing to give us directions to the “next major place” and then told us to ask directions to keep going.

While walking, however, we had a different experience. If asking for a restaurant location, multiple times, we were told that that restaurant wasn’t good, but they knew of a better one. Then they’d proceed to go out of their way to walk us there and talk to us about the US and Cuba, along the way. All while being extremely friendly and knowledgable. We learned that they’d get a commission if they took someone to a restaurant or other money making endeavor. We began to stick to our route pretty quickly, as a result.


There are plenty of inexpensive ones to buy. However, we were warned that they were counterfeit. We ended up spending close to 25CUC for very good cigars at a retail shop. Hotel was more expensive for the same thing.


We bought several bottles of Havana Club Reserve at a “Rum store”. So many samples, it was a great experience. This is not the Bacardi Havana Club. Here’s a link to learn about the difference.

Phone Usage

Good news, your US cellphone will work there. Bad news, there is no pre-paid plan. For Verizon, it’s $2.99 per minute to all, about $2.09 a MB (not GB) for data, 50 cents to send an SMS text and 5 cents to receive one. After one day, one in our party got a text that they’d already used $50 in data. A quick call to Verizon to avoid future costs. Their recommendation:

  1. Settings –> Cellular –> Data=off
  2. Settings –> Messages –> iMessage = off
  3. Settings –> Messages –> Send as SMS = On (if you want some contact)

These settings get you to minimal phone usage, in case someone needs to contact you. If you really want to avoid all contact and charges, turn on Airplane Mode.

When on wifi, you might want to change the iMessage back to on. But don’t forget to change it back. For iMessage users that use Email address as the primary contact point, you might be surprised when you open a window to communicate with someone that it won’t go through. Don’t forget to use their mobile phone number, instead, so it goes as an SMS text instead.

We also received 2 to 4 copies of each inbound text. It will be interesting to see if we got billed for each.

Helpful Hint – Shared Notes

Using the Apple Notes iCloud feature that allows sharing of notes across multiple users, we pre-loaded a number of things so we would have them on our iPhones. I am sure there are other mechanisms, like Dropbox or Google Drive that could do the same things.

We loaded notes on Restaurants, Maps, Shopping, Nightlife, Things to do. On each item, ensure it includes an address and phone number. Web links are not helpful at all for additional info. We had to go to those links and cut and paste the content into the notes. Also make sure that you test the sharing on another device before shutting down the source. We created the notes via a Mac computer, but on one note, closed the computer before the sharing completed. That particular note wasn’t accessible on the trip. We just had the title as a tease of our (my)  stupidity.

Cutting and pasting a picture of a map (screen shots) including the restaurant or attraction was also extremely valuable. We used some of our paid wifi time to do this once we got into Cuba.Very helpful as we walked around Havana.


What to Do in Cuba

I’ve written a separate entry on what we liked and disliked. If still interested, click here.



Closing the gap on technology evolution

I recently saw a blog post by one of the Federal CIO’s. I can’t argue with their observations, though I think we may disagree on how to tackle the problem. That CIO is going to post their direction in future posts. I’m going to take a shot at my own direction in this post.

The following graph demonstrates that the US Government IT is falling behind Fortune 500 firms and way behind internet startups.
IT Curve acceptance
Federal CIO study graph

I remember having this debate with an IBM General Manager years ago when he was considering outsourcing some operating system components thinking that all programmers are created equal. There is a huge difference in maintaining a legacy of millions of lines of code vs. starting from scratch with something new. As important, starting over AND maintaining all the rules and regulations of the legacy, is also a very difficult proposition. It takes pre-existing knowledge for success.

This CIO faces a problem that is similar to many other businesses. It’s true for mainframes as it will be for Microsoft Windows and Linux systems in the future. There are millions of lines of “legacy code” in languages that are less popular today than they will be in the future. The inference is to move away from the legacy code toward a modern language where there are more skills available. As a factoid, there are more ARM chips in the market today than Intel chips. There are more applications being developed for iOS and Android than for Microsoft Windows and that’s way more than being developed for mainframes. So that might lead someone to believe that’s the programming model of this generation.  And as I’ve said in an earlier post, if your IT career began in the 1990’s and you hated mainframes, you were right….at that time….

But like everything, time changes things. IBM and vendor partners have dramatically changed what the mainframe was into a more modern computing environment. IBM spends over $1B in R&D for each generation of the mainframe that comes out about every two years now. I’m going to park that, for a moment, to go to another topic, that is more relevant to the skills discussion.


Programming is about patterns. Patterns occur at a process level, in languages and in behaviors. There are three broader patterns at work here. Systems of Record, Engagement and Insight. I’ve written about that before, but Record deals with transaction processing, Engagement deals with the end user interface and Insight is about analytics. Most programming being done today is around systems of engagement – taking advantage of enhancements in smart phone, wearable tech (e.g. watches and fitness) and other devices that are the Internet of Things. GPS, accelerometer, touch, voice and biometrics are just a few of the advances that improve the human computer interface. The mainframe has avoided this programming area completely as a native interface. That makes complete sense. Ignored by many, though, is the fact that the mainframe has fully embraced leveraging those capabilities through interoperability and standard formats and protocols. They enable hybrid programming to reach out to those interfaces to simplify the deployment of systems of Record. In addition, they’ve integrated with Systems of Insight to enable real time analytics to be applied to traditional systems of Record to reduce risk.

This link will take you to a tremendous video about the z13 server and its ability to satisfy these new capabilities. Warning – it’s 30+ minutes long.

Where will the skills come from?

Another fear raised is that schools no longer teach “mainframe”. Perish the thought. While there are fewer “mainframe” schools than teach commodity system programming, there are a wealth of schools across the world that are part of IBM’s System z Academic Initiative. Checking their website, there are three in Maryland, close to the Federal government and very close to the agency head writing the blog. But you know, “you can’t trust the marketing” materials put out by a vendor. So I went to the Loyola College of Maryland, University of Maryland Eastern Shore (UMES) and Prince George County Community College web sites to see what they said about the IBM Academic Initiative. Honestly, the info I found was from 2011-13, other than Prince George which was up to date. So I reached out to the schools. UMES responded quickly.
“First and foremost, I would like to inform you that we are actively involved in the IBM Academic Initiative. Dr. Robert Johnson is the Chair of the Department of Mathematics and Computer Science is the lead person in the initiative. Further, they are currently in the process in moving into our new $100 million Engineering and Aviation Science Building which will significantly enhance our capabilities to support the initiative.”
Here’s a brochure for their program.

Most importantly, success is not a two-way street between IBM and the schools. It’s four way, including businesses/agencies and the students. The best schools will work with businesses to provide internships with students PRIOR to graduation. There is generally a very high (close to 50%) success rate in those students choosing full-time employment at the business they did an internship. I strongly encourage any business or agency concerned about future skills deployment to reach out to these schools and work directly with them. Experience shows that you’ll be very pleased with the results. UMES gave me their cell numbers if you’d like to reach out to me for a direct introduction.

Adopt New Technologies and dump the old?

The collective wisdom of the Federal CIO’s seems to point to new technologies as the “future” of programming. The referenced blog points to Uber, Siri and Facebook as examples of such applications and suggests they may be irrelevant in five years. (See Myspace as an example). New technologies grow up in a vacuum. There is no maintenance legacy. It doesn’t mean the legacy can’t work with them, though. A prior blog entry looks at 22 emerging technologies and their relationship to the mainframe and how hybrid computing can solve new business problems.

Let’s consider one of the new, cool tech referenced: Uber. I happen to have a chauffeur’s license (a story for another time) and am very familiar and active with Livery legislation. The Uber mobile application is actually very simple and easy to recreate. What makes them successful is their business model and practices. They hire drivers as contractors, therefore no tax consequences for Uber. They avoid the bureaucracy of Livery laws.

There is a state law that enables the New York City Taxi and Livery Commission (T&LC) to regulate who and what can be operated within the boroughs. This is for the “safety and comfort of passengers”. However, it’s big money. Medallions, per cab, have cost up to $750,000 just to put a car on the street and the T&LC limits the number of medallions. Cars from outside the T&LC are not allowed to make more than one stop in the city. They cannot pick up a passenger at an airport if they dropped them off more than 24 hours ago. The T&LC have 250+ officers in unmarked vehicles that follow and intimidate non-T&LC livery vehicles in the city. I witnessed a stretch limo being impounded by the T&LC when an upstate Livery firm dropped off the passengers returning from a NYC funeral at a NYC restaurant before traveling north. The second stop was illegal. In any event, other states (CT and NJ) got upset with this bureaucracy. They lobbied and a Federal law resulted to allow reciprocal rights to other states to operate without joining the T&LC. But upstate Livery can’t participate. The NY Assembly and Senate have had to modify laws to create T&LC’s in neighboring jurisdictions to allow reciprocal rights in NYC locations. Rockland, Nassau and Westchester counties have T&LC’s now. This is the third year that Dutchess and Ulster have legislation to enable reciprocal rights up for a vote. The NY Assembly has passed their legislation, but the NY Senate hasn’t. Last year, they decided to wait on Dutchess and Ulster until they figured out how to allow Uber  and Lyft to operate in NYC exempt from the T&LC bureaucracy. That legislation has now been created and will be voted on soon.

T&LC makes revenue on selling taxi medallions and collecting tax on fares. Uber & Lyft disrupt those economics. The livery vehicles pay $3000 per year for insurance. Uber/Lyft cut deals with insurance companies to lower that to $600/year to make them more competitive. The drivers must also have personal insurance on the cars when a fare isn’t present.  Laws are now being enacted to allow “Transportation Network Companies”  (TNC as they generically refer to Uber and Lyft) to get “fair access” to markets in NY without this bureaucracy. I’ve developed an app which will qualify the “local” livery company to operate as a TNC to reduce their costs and in turn, reduce the cost to consumers…will the government allow that? Will the Dutchess and Ulster laws pass? This is more about big money, venture capital and paid lobbyist getting to the legislative leaders, than the small livery companies trying to stay in business. We’ll see if the legislation and the bureaucracy will enable the small livery services to morph into a mini-Uber. The legislation enables the Commissioners of Insurance and Motor Vehicles to regulate the “TNC” businesses. The legislation doesn’t prescribe how that will be managed nor how much it will cost. By the way, did you notice that the legislation for Uber includes a lighted icon in the front and rear of the car to identify it? That’s as much for passenger safety as it is to make it easier for the T&LC police to pull over the cars if the legislation doesn’t pass. Not much likelihood of that, though, given the amount of money changing hands in Albany.

Long story short – Uber is more about business processes than it is about new applications.

Past Technology Evolution Examples

Going back to the graph, there is much to learn from prior experiences of the Fortune 500 and government agencies introducing new technology.

Learn from the Fortune 500 – the good:

Benefits processing: Hewitt Assoc and Fidelity continuously advance their capabilities. They provide integration with employer payroll systems. They have up to the minute accuracy of consumer records. They provide immediate access to Accruals and eligibility. They’ve adopted web and mobile technologies as Systems of Engagement, including biometric security authentication.

Claims processing: Travelers Insurance has historically reduced IT and people expense 10% annually while improving response times. Claims agents leverage mobile technology for accidents and disasters as input to “legacy” systems.

Learn from the government – the good:

The FBI and VA leverage mainframe virtualization to avoid IT costs of millions of dollars over commodity systems, while improving security, resilience and service level agreements. They run the same code in a different container with a superior operations model and lower costs.

All of the above use Hybrid technology which includes the mainframe.

Learn from the government – the bad:

Marine Corps – hosted by an IT supplier that gouges them on mainframe costs – three times the amount if they hosted it themselves. The IT supplier takes floor space, energy and cooling costs for an entire data center and only bills to the mainframe users. The IT group claims: Commodity systems wouldn’t be affordable if they were “taxed” with those costs. That’s why understanding the Total Cost of Ownership is a critical success factor when considering mainframe vs. commodity system costs. Unfortunately, regulations are in place that mandate that the Marine Corps use that particular IT Supplier. Other groups have bucked that policy to save money.

US Postal Service was not competitive with package tracking vs UPS and FedEx. They realized they needed to add new applications and wanted modern programming to do it. It included new engagement systems at the delivery vehicles via mobile technology. ….that’s the good. The bad – they spent $100’s of millions on redundant “commodity” IT infrastructure and copied key data and applications from the mainframe in order to host the new applications, while leaving the mainframe running. Testing and benchmarking have demonstrated that adding the new applications to the existing mainframes would have avoided millions in costs and operations complexity, while simplifying the architecture and improving SLA’s. With package shipping volumes increasing annually, they’ve continued to upgrade the mainframe each year. They are just spending too much overall. While they collaborate between the systems by moving data, they could save more if they shared the data in real-time.

Prescription for change

While a prescription for change is forth coming in the CIO’s future blogs, let’s hypothesize some changes for their benefit.

Modernization of the development environment

Rational tools – They move the mainframe application development to commodity systems. This moves 80% of the development off the mainframe to reduce IT costs. They provide tools to modernize and document the “legacy” applications and simplify their maintenance. They provide seamless test to the mainframe and other platforms of deployment choice. One large business has 1000 Java developers for commodity systems, 400 Cobol programmers for the mainframe and 50 developers familiar with Java and Cobol to enable hybrid programming and integration. All use the same Rational development front end. From a skills perspective, the mainframe development can now look and feel exactly the same as development on commodity systems. This eases the skills and knowledge requirements to start.

Language modernization:

Cobol Copybooks – the means to define data structures – are now sharable with web services and those services  can launch from Cobol. More on that in a moment.

Chip Speed

The System z13 server runs dual core 5GHz processors. Benchmarks show that Java runs faster here than any other platform. The video referenced earlier provides specifics. With direct access to databases and files, business applications can have better performance than other architectures. With fault tolerance and an improved hardware and software security architecture, the result is a very price competitive hosting environment for new workloads.

Risk and Fraud analytics

Financial services businesses are doing real-time analytics in the middle of their System of Record transaction programs to assess risk and avoid fraud. Leveraging the Copybook capability, they can call out to leverage the 1000+ processors in the IBM Data Analytics Accelerator (IDAA – formerly Netezza) that have been tied into the mainframe to speed time to resolve.

Callsign – a biometric authentication and fraud prevention technology, can leverage a modern smart phone to identify the owner/user of the device before they actually answer a challenge – which could be a finger print, facial recognition or voice. Using the accelerometer in the phone, the GPS and pressure points on the touch pad, along with historic behavior patterns, Callsign can tell by the way a person is holding a phone if it’s the original user or someone else before offering them the authentication challenge. This type of technology can be used at kiosks in regional/branch offices to enroll users and make sure they are the real person requesting later service. No need for a card. A unique user id is sufficient to provide authentication. True, many low-income users/beneficiaries may not have smart phone capability. Alternative mechanisms can be deployed for challenge/response authentication. But, maybe providing a low-cost device to beneficiaries for this purpose, a more modern version of the “RSA token devices”,  might reduce overall costs for low-income users. Watch this space. One of the Callsign customers, a large credit card processing bank, is calling out to Callsign from a “legacy” mainframe transaction program to authenticate that the real customer is at the point of sale or ATM device requesting service. Compare that to an experience I had recently. Visiting 500 miles from home, I went to a big box department store and paid with a valid credit card. Everything was good, but the transaction was denied. I then used a debit card, same bank, same credit card service, but used my pin code. The transaction was approved. As I walked out of the store, I got a call from the credit card provider asking me if I just attempted to use the card. They restored my card to service immediately. Use of the Callsign capability eliminates the human intervention, lowers my embarrassment and speeds transaction processing.

Going a step further, Callsign runs on Amazon Web Services (AWS) or a private cloud today. This is a distributed connection to the transaction systems calling out to it. There are about 15 “risk tests” that can be done, but typically just three can be done and the results fed back to make a risk decision in the time allowed for a transaction to complete. We’ve hypothesized that if Callsign was running on a mainframe, with a memory connection to the transaction programs, that 10 risk tests could be done on the mainframe and maintain the service level agreement of the “legacy” transaction programs. Stay tuned for future updates in this pace.

The NSA has proven that leveraging a Google like search capability can help stop attacks. Why not use web crawling software to look for fraud and overpayments? Leveraging online obituary information, an insurance company or benefits providers could determine if a person has died and no longer eligible for services. In addition, it can predict the services that may be available to the survivors of that person. This can speed up time to deploy payments to their survivors. These web crawlers can feed a data warehouse searching for fraud but also feed real-time systems to avoid fraud for new transactions.

Collaboration is necessary to move forward:

Education: partnerships between vendors, businesses/agencies and schools is necessary to create the next generation of IT professionals (programmers and operations) as well as to update the skills of existing personnel.

Operations: Today, fiefdoms around individual architectures or administrative domains exist that create/foster conflict and drive up IT costs. Not everyone is going to get along. Organizational politics and budgets have as much to do with fiefdoms as anything. Leveraging the Rational developer example, where a small group of people have some hybrid responsibility, can lead to breakthroughs in processing schemes.

Legislation: Where necessary, this can be valuable to enable a leap toward something new that will provide value and reduce costs.


There is no right or perfect answer to any IT decision. As the saying goes and leading to an unintended consequence: “Throwing the baby out with the bathwater” isn’t necessarily a good approach. Leveraging a hybrid computing, operational and development environment can make a large shift toward leveraging “modern” application models. Happy programming!

What happens after a breach? The vultures descend

There have been so many breaches. In every case, the business or agency affected realizes that they must spend money to fix the breach. That’s when the vendor sales teams come out of the woodwork. Everyone has something to sell. New analytics, new detection mechanisms and new management offerings are just some of the products. However, in almost every case, a quick decision on a new product would be like putting lipstick on a pig. At the heart of a breach is a fundamental problem with people, process and technology associated with security. While a witch hunt for the base problem may be happening, it’s important to take a step back, take stock of what’s good and bad about what is already in place. Re-look at processes and find the gaps that need to be considered. But most important, what is the scope of the processes?

Too many systems to manage securely

Too often, a business will have multiple domains that are independently managed. For example, there may be separate domains for management of desktops, web servers, application servers, data warehouses, transaction servers and database servers. My experience has shown that when a breach is found in one area, the other areas breathe a sigh of relief as it is not their problem. That’s a bad attitude. Business problems are end to end solutions that cross several of these domains. As such, a business should be looking to collaborate their security and harden processes across domains rather than manage them individually.

Create an Enterprise Security Hub

The IBM mainframe is an ideal hub for centralization of security focus. For the same reasons that IBM calls the mainframe the System z, z being for zero down time, it could have been  System s for fail safe security. IBM has spent years in hardware and software R&D to harden the mainframe for business resilience and security and include that level of functionality in the basic hardware and software systems. The bulk of the built-in security services meet industry standards for interoperability and programming interfaces. As a result, these services can be executed on behalf of any other system or server that is interconnected with them. This includes usage as an authentication server, managing logs, providing real-time analytics to prevent loss and a central site for audit management. Unfortunately, no sales person is going to run to a business to brag about these capabilities. The unintended consequence by IBM and for its customers is that with all this capability “inside the box” they don’t have a commissioned sales force pushing these functions. IBM has a wide variety of software solutions that they are selling for distributed domains. They have software to manage the mainframe better. However, there is no end to end play that focuses on the mainframe as the central hub for enterprise security.

Wealth of Documentation

All is not lost, however. IBM and their Business Partners have a wealth of documentation and capabilities to demonstrate the strength of the mainframe for enterprise security. European customers can attend an excellent security conference in Montpellier, France from September 29 to October 2. The IBM Design Centers provide briefing centers and proof of concept capability tailored to an organization’s needs. There are IBM Redbooks describing the security functionality, including cryptography, analytics and Digital Certificate management for global authentication.

Shared Credentials to sign on via Biometrics and Multi-Factor authentication

There are also a wealth of up and coming vendors that can contribute to end to end security. Two that I’ve been working with are Callsign and Cyberfy that can leverage a mobile device for multi-factor biometric authentication in a consistent way across platforms. Throw away your userids and passwords that could be key logged and stolen and move to something that is truly unique to an individual. With these tools, a common authentication is used and managed across a wide range of servers and applications. Common authentication is the center of cross domain security management. Without a consistent authentication mechanisms, it becomes extremely difficult to correlate security activities across domains.

Operational Collaboration

I started this about breaches. A mainframe can provide and collect a wealth of forensic information across systems. As the host server for a tremendous amount of financial and personnel transaction processing, this information is used in real-time to prevent fraud because of the mainframe’s ability to run multiple transactions and database servers simultaneously, with integrity, while satisfying a service level agreement. This combination of functionality can work well with network attached applications and user devices.

These are the tenants that provide the foundation for hardening an environment. If a business or agency looks at what they have already and they find a mainframe, they’ll find a wealth of capabilities to lock down their end to end systems. The most important element is collaboration across organizations. Through collaboration, organizations can find weakness and inconsistency.  Once these efforts are undertaken, then the gaps can be identified and the acquisition of new products can be done intelligently.

Start Locking down systems before it’s too late

If anyone needs assistance getting started in locking down their systems, give me a call. Don’t wait until you’ve been breached, it will only cost more to solve the problem. As has been said, an ounce of prevention is better than a pound of cure.

Webinar April 15th: Mainframe Security – How good is it? Unfortunately – only as good as the End User device accessing it


hosts a Lunch ‘n’ Learn Webinar presented by


April 15, 2015 12-1PM EDT

Call in: 888-245-8770 passcode 206580

Presentation Slides will be posted here prior to the call

Presentation Abstract:

For years, the IBM mainframe has been the benchmark for secure transaction and data base processing. It’s considered hacker resistant, via a hardware and software architecture that inhibits buffer overflows, which are the bane of Trojan Horses, viruses and worms.

The modern PC, smart phones and tablets are rife with malware and identity spoofing. As long as an end user is the systems programmer for these devices, there will continue to be problems. If a userid can be spoofed on the end user device, there isn’t much to prevent them from accessing back end servers of all types that these devices may be connected. Businesses spend enormous sums looking to detect problems and attempt to better manage these devices.

Raytheon Cyber products takes a different approach. They compartmentalize infrastructure to create a more secure computing environment. E.g., separating Internet traffic from internal business systems. They’ve simplified operations so that the end user behaviors and server access barely change. The result is an environment that prevents malware intrusions and data theft. Detection products are nice, but how much will a business spend on unplanned forensic efforts and brand loss marketing should a theft occur? Raytheon’s approach simplifies the hybrid deployment model and reduces the risk at back end servers, such as the mainframe, and can help to lower overall security deployment costs.

This session will introduce the “battle tested” Raytheon Cyber products to commercial customers. It will demonstrate how compartmentalization of networks, data and applications can simplify end-to-end operations while preventing attacks. It will show how their technology is complimentary to existing Hybrid infrastructure. They’ll also introduce some of the future deployment models they are considering to further prevent attacks on electronic business.

Presenters’ Bios:

Jim Porell is a retired IBM Distinguished Engineer. His IBM roles included: Chief Architect of Mainframe Software (10 years), led Business Development for the mainframe (3 years), Security and Application Development marketing lead (3 years), Chief Business Architect for IBM Federal Sales (2 years). He’s presently a partner at Empennage, developing its marketing and investment possibilities. Jim is also on the Advisory Board of startups: Callsign and Malcovery. He’s a sales consultant to Vicom Infinity. In each of these roles, Jim is focused on the secure and resilient deployment of Hybrid Computing solutions across server architectures and end user devices (e.g. smart phones, tablets, PC’s).

Jeremy A. Wilson, is a member of Raytheon’s CTO Council & the Director of Customer Advocacy. Mr. Wilson works closely with Raytheon’s Executive Leadership Team focused on solving information sharing challenges for their extensive portfolio of customers including the Department of Defense, Intelligence Community, as well as Civilian and Commercial agencies. Mr. Wilson has over 15 years’ experience in Multi-Level Security and Cross-Domain Solutions. Prior to joining Raytheon in 2005, he served as the Chief Technology Advisor and Architect for both SAIC and General Dynamics. In these roles, Mr. Wilson held a vast number of responsibilities such as System Design, Technical Assessments, Security & Policy Auditing, Strategic Planning, Proposal Generation, & Certification & Accreditation. Mr. Wilson has spoken at number of technical events and sessions and is a member of the Armed Forces Communications and Electronics Association (AFCEA), National Defense Industrial Association (NDIA), Association of Information Technology Professionals (AITP), and the Information Systems Security Association (ISSA).

STEM Education – Gotta be in it to win it

As a mainframe programmer and business executive, I’ve learned all about the necessity of educating the next generation of systems programmers and application developers. But how soon is soon enough to influence these people?

My dad was one of the first programmers at his insurance company. He took me under his wing as a 12 year old and kept me excited about programming. My junior high school had teletype HP 2000 computers, punch card machines and a variety of wire on board IBM systems. I took typing in 9th grade to reduce my punch card error decks. Nerd, yes, but thinking of a career already.

National Engineer’s Week beginnings

Years later, attending a seminar hosted by the National Reconnaissance Office, I heard an elderly (70-ish) engineer explain how he and his peers had formed the basis of National Engineers Week to attract the next generation. Based on national pride and a common goal set by President Kennedy to get a man on the moon, he and his peers had gone into engineering to meet those goals. He questioned where today’s call to arms was. Where was the national pride to make a difference? A good question, that I don’t know the answer to either. His goal was to continue to make a difference in his own way.

Business Internships

Likewise, I’ve attempted to make that one of my career goals. No, make it a life goal: mentoring a new generation. When my son graduated high school, I offered internships at IBM to anyone that desired them. One student took me up on the offer after a year of college. Five the next year and a couple more after that. But the result was one high school class of 90 students resulted in five students with full-time jobs at IBM. This is the same school that has the only Future Farmers of America chapter in the county. My job was to open doors and pave a path. The students had to convince hiring managers (internship and full-time) of their value and did.

Elementary School After School Programs

I’m beginning a four-week after school program for grades 3 to 5 in my school district. It started by trying to recruit people at IBM to come to the district for National Engineer’s Week. It didn’t take long for me to decide to do it myself. With the assistance of a local teacher and the school principal, we decided to make this an after school club, once a week, for the month of February. It’s “math” centric, but the reality is, it’s about patterns. Patterns are everywhere in math, science, art, music, programming and business solutions. I had the pleasure to go into the school and give each class a tutorial on patterns in business and the evolution of programming. That was the teaser to getting them to attend the after school program. I don’t know how many will attend the program, but there was a tremendous amount of interest shown in the class. Some immediately grasped the discussion and could predict what I would say next. Several told me that they already wanted to become engineers. This was great news.

Become a coach. Pay it Forward.

We’ve developed a syllabus based on six topic areas and then gathered a large number of websites to aid the kids on their own. There are some terrific resources out there available to anyone that wants to do this themselves. Kids need a challenge, but they could also use a coach. I encourage anyone reading this to volunteer to make a difference in someone else’s career. Pay it forward and you, as well as your students, will reap the benefits in the future.

Mainframe Security – How good is it?

Two things about security that have been true for a long time:

  1. The Mainframe is the most secure platform in the industry
  2. Security is about People, Process and Technology

These are not mutually exclusive concepts. What’s important to realize, though, is the mainframe shouldn’t get a “Pass” on security processes because of its reputation. Unfortunately, I have encountered some really poor security management practices associated with mainframes at a wide variety of customers. These poor practices have put those businesses at risk. Mainframe technology and architecture can inhibit a number of security issues that other platforms regularly encounter, such as buffer overflows that enable viruses and Trojan Horses. However, poor management of data access, protection and audit can lead to data loss, theft and network attacks.

The Mainframe is NOT Hacker proof

There, I’ve said it and I’ve said it before. Mainframe systems have been hacked. There is one obscure case where some very old open source code was running on a mainframe. That open source code had been successfully hacked on other platforms. The attackers used a similar technique to get “inside” a business. Network attacks that drive a denial of service have also been successfully initiated. Both of these types of attacks were clearly avoidable. The worst attacks have come from insiders. Sometimes by accident, but unfortunately, sometimes on purpose. Not unlike Edward Snowden and Wikileaks, insiders have released confidential information stored on mainframes. In each of these cases, better security practices and the use of additional products and monitoring could have inhibited these data thefts.

Who is responsible for Mainframe Security?

Another problem that I’ve seen is lack of diligence by a business over the people managing the mainframe. The worst case scenario dealt with an outsourcer. The outsourcer mistakenly assumed that the mainframe was “hacker proof”. The owning business assumed the outsourcer knew what they were doing and didn’t audit the security of the systems nor the outsourcers running the systems. It turns out, the outsourcer wasn’t auditing the security either. In this instance, network ports were left open that enabled attackers a way into the system. Data sent over the network wasn’t encrypted, allowing attackers to sniff for critical data. Perhaps worst of all, many of the systems programmers had operational access to modify all system datasets without going through change management.

It doesn’t mean that anything negative happened at this customer. But it certainly could have happened. And even within that particular outsourcer’s business, they had other customers that were properly protected. This seemed to be a local anomaly. The lesson learned, however, is that the owning business should own audit responsibilities and the analytics associated with their security operations and data protection. Simple tools could be deployed and routinely run to “health check” their operation. Either the outsourcer or the business can run those tools, but the business should check the results as a normal part of grading their outsourcer.

“Knowledgeable” People may be your worst enemy and largest risk

Social engineering is a terrific mechanism to get access to restricted data. I’m not going to give examples, other than to say that asking the right questions of the right people can result in acquiring data or privileges that someone isn’t supposed to have. Again, the human element at work in circumventing security. One of my favorite “social engineering” episodes was visiting the security director at a large bank. Physical security was tight. The team there asked if I could break into the building. My normal response is never on the first time, but usually on a second pass, it is possible. As I left the cold building in December, I realized I left my jacket in the Director’s office. The security guard told me to go back up to the third floor unescorted. I was in the Director’s desk chair when he returned from the rest room. Isolated incident? Unfortunately not. That’s just my favorite example, without the details.

Replicated data doesn’t mean that security control is replicated

It doesn’t matter what platform or server you are using for a database. Far too many businesses make a copy of production data so that the Quality Assurance team can do system modifications and stress test before making updates to a production system. Application developers might also have access to this production data to test the next iteration of a business application. QA and development may be outsourced to another business. That business could be in another country. Without audit or security management of the test and development copies of the data, there is the very large possibility of data theft or leakage.

The weakest link is the End user interface – PC’s, Smartphones, Tablets

Plenty is known about the security problems associated with end-user devices.  Management of those devices falls on the owner of the device. Where Bring Your Own Device or BYOD is allowed, then the management practices for the devices will differ by the number of devices. Unfortunately, users save the userid and passwords of back-end servers on these devices. As a result, any server that these devices access is at risk of mismanagement or spoofing of credentials of the end-user if that device is stolen or hacked.

There is hope. Collaborative security should be the norm.

Earlier posts of mine discuss collaborative and hybrid computing. This is as important with security as it is for business resilience, storage management and application development. By looking across the IT infrastructure, a business can identify risk more clearly than a business that has fiefdoms protecting their smaller domains. Analytics, audits, identity management and data protection done across the IT infrastructure will help a business reduce risk and save on overall costs.

Don’t let security by obscurity result in the unintended consequence of data loss. Stay vigil. Keep an eye on your systems, your system administrators and your users.

%d bloggers like this: