Tag Archive: Grant Lloyd

“Ethical” Hacking

…..oxymoron or necessary business tool?

–By Grant Lloyd, CTO Softline and Sage AAMEA


According to most national law: “Breaking and entering is the crime of entering a residence or other enclosed property without authorization and some element of force. If there is intent to commit a crime, this is burglary. Without an intent to commit a crime, breaking and entering by itself usually carries a charge of the crime of trespass”.

Whilst intellectual property and access to systems is treated differently from that of physical property in many legal jurisdictions around the globe, it is perhaps expedient to draw parallels between “hacking” a system belonging to someone else, and, Breaking & Entering (B&E).

Whilst potentially arguable, it is contended that since “White Hat Cracking” involves gaining explicit permission from the owner of the system (and perhaps even payment for service rendered) to hack a specific system or sub-system and to provide information regarding security flaws to the owner thereof, that pre-authorised, contracted “White Hat Cracking” is indeed both a service to commissioning organisations as well as ethical.

On the other hand, it is proposed that any other form of hacking: grey, black or “hacktivism” is not only unethical but potentially illegal too, depending obviously on the jurisdiction.

If one considers the relatively benign definition of “hacktivism” proposed by TheHacktivist.com, as a recombinant initiative blossoming from the joining of hackers and activists in order to refine, modify and invent computer systems and networks, one may be easily mislead.

Grey hat cracking is often intended to identify security shortfalls in an organisation with the intent to elicit either monetary compensation (for identifying such shortfalls in the systems of an organisation) after-the-fact, or, to generate awareness of such system integrity violations not only for the purposes of preventing such shortfalls in the future but also to garner credit, kudos and recognition for the hackers efforts i.e. “ego-based hacking”.

Black hat cracking is usually malicious or at least mischievous in nature and as such is potentially even less ethical.

It is however necessary to concede that it is important to identify the motives of hackers and hacktivists, on a case by case basis, in order to establish the true intent of hacking initiatives before one can simply classify these as either unethical or illegal.

However, the question which one cannot escape is the following: “If hackers (for any unauthorised reason) attempt to access private property (in the form of a business’ or individuals systems) irrespective of intent (with or without causing direct or consequential damage as a result), are they not at the very least guilty of trespassing, perhaps even B&E?”

Computer professionals and their commercial colleagues should at the very minimum be aware of the potential benefits of controlled hacking as well as the benefits of authorised hacking initiatives initiated to verify the integrity of particularly mission-critical systems.  Indeed, one would further suggest that any form of hacktivism should be replaced by transparent, visible and legal methods of addressing problems posed by the use of the internet.

For example, hacking a spam server (simply because one can) lowers the computer programmer (professional or amateur) to the same level as the spammers and does not enhance the image of the industry whatsoever.  It would be preferable to follow legal and formal means to address the problem rather than making use of the “vigilante-style” internet behaviour facilitated through hacking in anything other than its highest and most benevolent forms…..

In this article, Grant Lloyd, Chief Technology Officer Softline and Sage AAMEA reflects on the impact of managerial style on Agile Software Engineering initiatives.


Grant Lloyd, CTO Softline and Sage AAMEA

Growing application complexities, drastically curtailed project delivery schedules (schedules being halved every 2 to 3 years in practice), a general intolerance by commercial users of software defects, and, greater integration, interface and interoperability requirements are principle drivers of software engineering in the present day.

Simultaneously, functional requirements have amplified and project funding apportionments have declined.  Where a project manager was previously able to trade one component of the project triple-constraint: time, cost and quality, against either of the others to reach a reasonable compromise, the more recent challenge has become improving the performance of all triple-constraint aspects simultaneously.

This compounded vigour in user demands and commercial priorities is demonstrated by frequently developing customer requirements which have given rise to agile software engineering models.  Principally directed at focussing software engineering on tasks and activities adding direct value to the ultimate deliverable i.e. functional software, the approach eliminates “non-value-adding” activities from the project whilst embedding the principles of constant change, trust, courage and independence at the core of the initiative and team.

A significant differentiator between agile and traditional approaches is that each requires very different management styles.  Traditional methodologies require more management and less leadership, whilst the agile approaches require more leadership and less management.

As a process-based approach, the traditional methodologies focus heavily on what is supposed to be done, in what order, with what inputs, processes and outputs, and, with a desired deliverable as overriding goal.  On the other hand, the agile approaches are completely outcomes-based.  The sole goal of the agile approaches is to deliver software that exceeds customer expectations with little or no concern with interim processes unless these processes add directly to the final outcome of customer satisfaction.

If one considers a highly simplistic continuum of management styles from [controlling to directing to visionary to anarchic] it is apparent from the style of the traditional approaches that a blended management style, somewhere between controlling and directing would be most suited for traditional methodologies.

On the other hand, the optimum leader of an agile approach project would have a very visionary outlook, would be directing at times (when needed) and would most certainly not be uncomfortable with phases of anarchy during the project – even in times of trouble an agile leader needs to avoid operating at the controlling end of the spectrum at all costs, as the basis of agile development leadership is courage, empowerment, trust and a focus on the customer’s needs.

This is clearly not to say that one approach is subjectively “better” than the other – I believe that not only are both approaches applicable under very different circumstances, but they are equally suitable to different leadership styles at different times.  Care should be taken when selecting agile versus traditional methodologies to not only match the project with the approach, but also the people with the approach.

Personalities of individuals on the team, specific project requirements and indeed corporate culture as well as the risk profile of each project should be used to determine the optimal type of methodology being deployed on any given project.

Whilst the purists may disagree with this assertion, the real power of software engineering, I believe, lies in a sensibly “blended” approach for optimal results and performance as well as team wellness, motivation, energy and courage in the face of some of the largest challenges this planet has ever seen i.e. engineering modern-day software systems.

Where the agile approaches are of less benefit is where the application being constructed is mission-critical, high-risk and specifically where requirements of the system are clearly specified and unlikely to change rapidly over time.  For example: space shuttle mission-control systems, aeronautical embedded systems, healthcare applications and the like…..

When agility, responsiveness and high levels of flexibility and change are present (together with active customer commitment and involvement) in a project, the agile methodologies such as XP and SCRUM can provide empowering alternatives to the more rigid waterfall model regardless of project size and scope.

Whilst I am personally an ardent fan of the agile approaches (particularly SCRUM and XP) in the ERP and line-of-business industry, they do indeed have many detractors one of whom is Steve Yegge who presents a light-hearted yet scathing critique of agile on this link: http://steve-yegge.blogspot.com/2006/09/good-agile-bad-agile_27.html

Of all the elements that need to be considered if a company is to be able to select the best candidate for a specific position, the most difficult to gauge or judge correctly is the culture fit.

“It’s also one of the most important elements in any evaluation of potential employees,” says Grant Lloyd, managing director Softline Pastel Payroll.

Companies need to have a feel for and have an understanding of the company culture. Lloyd says culture is usually driven from the top down and is established by the upper echelons of management. However, it is never cast in stone and can change with the appointment of a new CEO or management team.

“There are many influences on company culture, including the alignment of the company vision, the business objectives and the business ethics,” says Lloyd. “Whoever is conducting the recruitment needs to have a feel for the company vision, objective and ethics because they not only shape the company culture but also the various job descriptions and purposes aligned to them within a specific department.”

Key performance areas (KPAs) and key performance indicators (KPIs) are also important in assessing the culture fit and ensuring the candidate will be able to deliver what the business needs.

“This is complicated by the fact that not all companies have integrated the business culture and the company values with their KPAs. While these historically were used to measure individual performance, the process is now open to much wider interpretation,” adds Lloyd.

“Employers need to clearly understand the purpose behind each individual recruitment and employment process. The information for this understanding must come from the person that the new recruit will be working for.”

People involved in the hiring process often sway towards taking on someone with a similar personality to their own, which is not necessarily the best fit and hence it is important to also involve line managers and team leaders to provide another perspective.

He adds that people often perceive themselves incorrectly and that the characteristics most sought after in recruitment are trust, respect, honesty, accountability, integrity and consistency.

Honesty throughout the recruitment process is paramount because it saves time and money for both parties. The company should state exactly what it is looking for and the applicants need to present themselves honestly. A complication is the fact that divisions within companies tend to develop sub-cultures and the candidate fit has to match.

“Personality traits also need to be examined, and this is a whole science in itself. But it is an important area and it is very useful to know a candidate’s personality as it is invariably a strong indicator of suitability and culture fit,” says Lloyd.

Finance Minister Pravin Gordhan delivered a safe, no real surprises budget [yesterday] ([Wednesday] 22 February) with R9.5-billion personal tax relief achieved by increasing the personal tax brackets. This brings the primary annual tax rebate for individuals under the age of 65 to R11 440, for individuals aged between 65 and 75 to R6 390 and those aged 75 and older to R2 130.

A key feature of the budget is that tax revenue stabilised at about 25% of South Africa’s gross domestic product (GDP). Overall revenue was slightly lower than the estimate in February last year and the revised estimate for 2012/13 is R739-billion, which is R10-billion higher than projected last year. Also pleasing was reductions in the rates of tax on small businesses and in the compliance burden on micro businesses.

It is proposed that from March 2014 an employer’s retirement fund contributions on behalf of an employee will be regarded as a taxable fringe benefit in the hands of the employee. Individuals will be allowed to deduct up to 22.5% of the higher taxable income or employment income for contributions to pension, provident and retirement annuity funds to a maximum of R20 000 and an annual maximum of R250 000. For individuals of 45 and over the deductible amount is up to 27.5% with a minimum annual deduction of R20 000 and annual maximum of R300 000.

There is a major change relating to medical aid where from 1 March 2012 the capping system will be replaced with a medical aid tax credit, bringing in equality for all taxpayers under the age of 65 and improved benefits for lower earners, a move in line with international best practice. The medical aid tax credit is R230 a month for the first two beneficiaries (including the principal member) and R154 for each additional dependent thereafter. Taxpayers over the age of 65 will receive their full medical aid contribution as a tax deduction in 2014.

Comments Grant Lloyd, managing director of payroll and HR software specialist Softline Pastel Payroll, part of the Softline and Sage Group plc: “The medical aid tax credit system will likely result in lower earners receiving greater benefits, which is a good thing.”

He adds that the Site tax portion of PAYE will fall away, making payroll administration easier.

“Secondary Tax on Companies (STC) will be terminated on March 31 this year and a withholding tax of 15% on dividends is to be introduced on April 1. The tax will be withheld on payment, not on declaration. South African branches of foreign resident companies are exempt from STC.”

Capital gains tax rates have effectively been increased to 13.3% for individuals, 18.6% for companies and 26.7% for Trusts, effective March 1.

Most individual taxpayers will be affected by the introduction of a 20-cent levy on fuel and an 8-cent levy for the Road Accident Fund.

To assist SME businesses with the changes outlined in the new Budget, Softline Pastel Payroll is incorporating all of the Budget changes to tax bracket values, medical aid benefits, and tax relief rebates.

“Automated Payroll and HR software ensures that payrolls are accurate and legally compliant the moment the new Budget stipulations take effect in the new tax year,” says Lloyd.

To find out how the Budget Speech affects your pocket, visit www.pastelpayroll.co.za and enter your current monthly salary and allowances in the online Pastel Salary Tax Calculator.