Author Archives: Dawei Jiang

Cost Visualization: The most effective display

Pie View
Planet View
Spike View
Block View

Cloud cost as an example, this can be applied to any finance. This is about turning a list of SKUs or a long spreadsheet into something better organized with more visualization. In many occasions, a leadership decision is not based on decimal details, but percentage, relativity, comparison, composition, or other coarse grained information.

I pulled a project’s monthly cloud cost from AWS. I first grouped the cost based on their technology purpose, this step can be automated and customized based on your specific need. You will have to decide a zero cost a show or no show on each type of picture.

Block view: This is probably the most effective general purpose visualization. Different parts are depicted in territory size, therefore, it is best for grasp the overall picture. It also gives strong contrast on ranking and comparison.

Donut view: Donut view can be difficult to view if there are many smaller percentage items. The char becomes too busy, and labels are harder to read.

Planet view: This is best for relative sizing, and focus on top ranked items. It is similar as we list planets from our solar system by their size. This is great if you don’t want to review all the items, but just a few of them.

Spike view: This is my favorite. Number one, it lists all items, and give every item an equal space on a wheel, and good for you to see those zero cost items. Number two, as the name speak, the spike on top ranked items are stunning and hard to miss. That spike is particularly useful for abnormally detection. Lastly spike view is best for composition view, or category memberships, since other views focus on value.

Block, donut and planet are value based, good for sizing, ranking, and top ones. Spike is member based, good for total accountable, abnormally, however, limited with its spoke space, it is hard to differentiate if you have some similar valued top items.

Hope you find your favorite chart, for the best use on the occasion.

When model overtakes make in name space

Back view of four generations of Toyota Tacoma

What’s the message from back vie of each generation?

  • A light Toyota truck (pre 1994)
  • Toyota Tacoma (1995-2004)
  • Tacoma by Toyota (2005-2014)
  • Tacoma (2015 and later)

This is an example that model overtakes more name space (visible) than the make as the model matures and lead the market. Even most market players follow this trend in recent years,

Toyota Tacoma’s case shows that when model was in early infant phase, it requires the make the boost its identity. Once the product stabilize, grow, and prosper in its segment, the popularity of the name starts shift. This is the same case with major cloud service provider such as AWS and Azure. They no longer need Amazon or Microsoft to be on the background, rather, they return awesome reputation dividend to the parent organization.

Cloud Infrastructure Support – Step by Step

Cloud Infrastructure Support – Dawei Jiang

This is an example of how to set up and support cloud computing from an infrastructure standpoint. I am using a hybrid cloud case to illustrate the end to end handover from a cloud account request to a ready to develop state.

This animation uses AWS services and symbols to tell the story. It focuses on what is requested and what a standard account is delivered, with guardrails, connections, basic services associated with that environment. It is based on single VPC, one region for simplification purpose. In the future post, I will demo how workloads are added to the picture and cloud computing takes off.

I wish this successfully replaces hundreds of words on the same subject.

Word Cloud: A glimpse of what your read is about

Word cloud of U.S. Constitution

You can visualize what a book or an article is about by generating a word cloud like this. Simply paste the content in, and filter out the words that do not count (“in”, “of”, “it” etc.). Now you have a visual on the frequencies of words.

This is amazing.

Tell me about yourself – What a full stacker says

Show this to your next employer, with the ones you can check

Are you not sure what you should say? Maybe not say anything at all, but present a picture about yourself, like this sample one.

Usually, people can not check all the boxes. The company and your future project do not need you check all the boxes, or they know if you are good enough, you can add boxes instead.

This is a super way to summarize your skillsets and emphasize what values you bring to the table. This is a generic version because everyone wants to see results, regardless your level of industry experiences. You can result any facet with your own information and highlight.

Please note, technology professionals usually build up skills from programming languages or detail level of skills. You evolve once you gain more project experience by using collaboration tools, service tickets, and newer generation of technologies. You are likely in the design and architecture field once you have more experience.

Please let me know how you feel about this. This can be a useful template.

Methodology matters from simple math 004

Solving a problem without knowing the exact detail of each component. Yes you can. This example is opposite to my previous posts, which advise the normal three steps of overall strategy, zoning in, and get the detail and aggregate back. Simple math 003.

While there is a full blown prove of the answer, the exciting part of this example is about get the job done without it. How many times you are facing a situation that a quick turnaround requiring only result, not how. It is based on the fact of: n = n + 0 or n = n * 1. And thanks we are not asking n2024.

Does this apply to real world problem solving? Absolutely. You will run into many cases where “one of them means all of them”.

Site Reliability Engineer Maze: Pathfinder’s Strategy

Spend the first 1% of energy to reduce the complexity of a problem 10 times. This is what a successful pathfinder does.

Effective problem solving requires methods and precision from experience. Observability can give you clarity and facts, it is not a replacement of the big picture. Let’s see what a big picture might look like:

Maze for A Site Reliability Engineer

In my recent blogs, I use simple math to illustrate this pathfinding strategy:

A lesson learned from simple math 001 is zoning in and then pinpointing. It teaches how we do not deal with mega size numbers, but come to reduced size. In the 2nd and more advanced solutions, it lock the end number of correct answer as 4, so it reduce the problem 10 times immediately.

A lesson learned from simple math 003 mentioned a similar approach. In that case, the key of success is by observing the pattern of a number and scale it down 9 times to start. In real life events, when you a facing a hazy, nasty, cloudy, and urgent incident, that zoning in approach is an absolute must.

Today’s technology incident is complicate. It could be anywhere of buggy code, bad data, unexpected traffic, or anything on my maze. A blackout situation is usually easier to trouble shoot than an intermittent problem.

I will explain a few selected labels in brief:

  • Eliminate the obvious first. This is the first step of incident intake, where false positive, users errors, client device, client service provider, geolocation and other similar factors to confirmed before the official establishment of an incident. A strong tier one support and procedure can effectively control the intake.
  • Expirations usually leads to a dark out situation, so it is your first 1% effort to either eliminate or confirm. They are subscription expiration (unpaid account), certificate expiration, password expiration, support expiration, and contract expiration. This is usually a case of high severity, but easy to fix. Check expiration before everything else.
  • Permission can be in many places. It can be a complete deny of service or a partial one, where only a portion of users and resources are blocked, such as identity and access management (IAM) issues. Permission usually leaves strong clues from log, so it is not hard to trace down. Once confirmed, this is also an easy case to restore.
  • Cloud services. This means anything cloud service provider owns, from availability zones to access, network, compute, storage and other supporting services. It is unusual to encounter a massive cloud blackout, but there are sparse cases that certain portion of the services are down. The system status page, RSS, and your account support are usually best source of information.

Iterating all items is not needed for a short post. So I will stay on the surface of this discussion and leave more for you to think. Early in One Page Press, there are a few other posts worth your read:

Incident pyramid concept: Do not ignore those minor ones, they might be the start of a major disaster.

Read the full post here:

Uptime concept: 100% – Union of all downs. The hybrid architecture today is making more pieces in our IT ecosystem.

Read the full post here.

Cloud connect design: Use performance metrics to design for maximum response time.

Read the full post here.

Firefighting in general, such as incident resolution, disaster recovery, cyber forensics, and any kind of truth finding and peace restoring are my favorite part of work. It tests your experience, knowledge, calmness, methodology, judgement, and leadership. It is where result saves, team matures, trust built, and lessons learned.

Methodology matters from simple math 003

This is a little more complicate than 001, but still within the possibility of staring the answer out with the help of a pen and a piece of scratch paper.

  • You are dealing with a set of answers. Get the full score by finding out all answer sets.
  • 1305 is not too large to brute force, however, once you notice the uniqueness of the number, bringing it down 9 times makes the hunting much easier, and it is now easy to find out the 2nd set. Simplify your challenge whenever possible.

The slide show should be self explanatory. If you have better means to solve the same problem, please share!

CISSP Exam Rising Interests

It’s June 2022, ISC2 officially updated its CAT exams format. You now expect to see more questions (125-175 from 100-150), additional time (4 hours from 3 hours), more provisional/pilot questions (50 from 25), which don’t count to the actual score. The knowledge domains and weight remain the same.

Please check out details from the official ISC2 site: https://www.isc2.org/Certifications/cissp/Certification-Exam-Outline#.

I took and passed my exam in February 2022. it is after a 7 week part time and spare time preparation. CISSP exam preparation is an amazing learning experience: it is systematic, comprehensive, up to date, rich content, and all knowledge points are tightly associated with real life work.

Here are some observations from my one time,100 question experience:

  • I didn’t encounter multiple selections. This can be a huge break for most. However, you should still prepare with multiple selection so you force yourself into a stronger position. Identifying multiple correct answers is more about learning.
  • I see a spike of questions related to cloud. I would say 15% of my exam touched cloud from various perspectives. The most favorite question and toughest of all is down selecting between IaaS and PaaS, which is top decisions as a cloud or security architect. ISC2 is in the same pace with industry, as always.
  • Pay attention to software defined network. At One Page Press, I did two blog post earlier: DevOps question and Infrastructure as code. In my case, 2 questions (different context and interest) showed up on SDN. This is how exam preparation help you, your practice question might ask you what is SDN, and the exam asks you what SDN does. There are a list of modern technology concepts you want to fully understand.
  • Cyber attack and incident management. In practices, cyber security is more operation than anything else. The bottom line is do everything to prevent, detect, mitigate, report, and improve. Attack methods, counter actions, and entire incident management process are key knowledge points. And please include observability.
  • The latest industry focuses are properly and timely reflected in CISSP exam. You will encounter newer concepts from traditional preparation books such as: zero trust architecture, supply chain risks, wireless and cellular security improvements, and continued emphasize on privacy and compliance.

CISSP CAT is a pleasant experience. No question is too simple or suffocating difficult. Time does pass fast. Since you can’t go back and change answers (CAT format), you want to have a good rhythm where you do not rush for an answer but balance the time spent on each question. Before next time, I might talk more about overall exam strategy, please enjoy, comment, and pass the information here if you feel it is relevant.

Methodology matters from simple math 002

On Wall street, less revenue and more expense lead to bigger profit miss. In project management, late start and additional future delay lead to more schedule miss. In personal health, less intake and more fat burning lead to more weight loss. Those are all obvious use case of this math question: simple fact: if a – b = 1. (<a) – b < 1; a – (>b) < 1; and definitely (<a) – (>b) < 1.

The first lesson learned is that: for certain situations, you don’t need to know the exact of the unknowns. You need to know the relativity of the unknowns to the knowns. This is true in many decision makings because we don’t need exact amount each time, we just need the relativity to a target.

The second lesson learned is that: when you face a seemingly complicate problem, try to break it down. In this example, √360 and √325 can be a full formula itself. Group and aggregate.