Weeknotes s01e27

TL, DR: Azure Express Route — Firewalls in, one circuit up and one to go, and here we come Cloud Migrations.

[W/C 01/11/2021]

Click here for previous weeknotes s01e26.

Who did you talk to outside your organisation?

A mix of meetings this week with multiple vendors to ensure our Azure Express Route was configured with new Firewalls in situ this week.

  • Various catch ups through out the week with our Account Manager at Virgin around delivery timescales to complete some outstanding tasks for our new Azure Express Route. Despite acknowledging that they had dropped the ball with one of our circuits, the escalations only led to just in time timescales, which were heavily caveated and therefore not solid enough for us to plan around and stick to the planned cloud migration schedule. Pre-req for migrations is to have both primary and back network circuits working and tested before we migrate live services into Azure. This has put us back by a week.
  • Product demo with Meta Compliance and this time with a wider KGH/NGH Group audience for a Cyber Security eLearning platform along with a policy compliance toolset for our service users. I am really keen on this, as I do not believe we do enough to educate the user base across the NHS as a whole. As we balance the cyber risk versus user experience, productivity and empowering our user base it is key in my opinion that cyber security awareness training is given the importance it needs. We need more than screensavers and emails campaigns, and yes we do need to make cyber training mandatory.

What would you have liked to do more of?

Started to review and score the security governance elements for procurement tender responses received for a new cloud based system being procured for the Finance dept. Literally ran out of time and steam by the end of the week to complete. Some of the responses took a bit of unpicking given how they had been carefully worded. Learnt a few things to feed into our requirements next time. Like ask the suppliers to detail their ODS code when asking if they currently submit an annual DSPT (Data Security Protection Toolkit) response and what standard they achieved from the outcomes possible:

  • Standards not met ( Fail ),

its possible to search and verify if a supplier has submitted and view their results on the DSPT portal, click here for the link.

What do you wish you could have changed?

Missed out on a Presentation Skills Workshop ran by Andy Callow due to conflicting meetings in the diary. Heard feedback that it was a really good event. So kicking myself that I didn't clear the deck and made the time to attend. Was reminded this week that sometimes you need to just make the time for self development. Hoping there will be another opportunity.

What challenged me?

  • Discovery project — we had a regroup this week to undertake some more scoping in what the next steps we should undertake to deliver a key security related function that goes hand in hand with new ways of working with our Office 365 offering. It has sat on the department’s backlog for a few years now and even though there was consensus that we should have this basic function in place there was hesitancy in standing this significant project up. Mainly due to the same challenge we face elsewhere. Eg. using constrained operational resources to deliver multiple projects whilst keeping the wheels on BAU activity. Made me reflect on other key items on our backlog which have not started for the same rationale and new things on the horizon coming at us that I know will challenge us in the same way. The work funnel needs further development, prioritisation, limiting work in progress, limiting the time something can remain on the backlog, maintaining a flow, and visibility of work… yup Agile/Kanban!

What did you enjoy?

Gaining some extra steps whilst standing at my desk… distributed working just got better and yes I did manage to do some walking whilst on some teams calls (without the video :D).

and of course it was Diwali or as Sikh’s know it and celebrate it Bandi Chorr Divas.

For more info — https://twitter.com/jwsingh/status/1456164269557432323

What did you achieve?

  • Migration Wave Planning Session with Phoenix — more detailed planning for Wave 2 due to start mid-November.

What did you learn?

  • The long awaited all user security groups now available on the NHSmail tenant. We have already submitted our request for this to be setup for KGH, and will enable a number of organisation wide use cases.
  • Received my CISSP Official Study Guide in the post to start some self study ahead of attending a formal training course. Not going to be an easy one, but looking forward to getting into it and getting accredited.

What are you looking forward to next week?

  • Azure Sentinel POC Deployment workshop.

Husband. Dad. Sikh. Lead Services Architect - Kettering General Hospital. Views own. Always learning.