For the past month and a half, I've been eating two times a day. The experience has been liberating. In this post, I share my experience and some of my learnings through this change. The outcome has been great, and I am not going back.
Daily Routine Before I made the change
Start of the day: A cup of tea + 2 biscuits
Breakfast @ 9: 3 eggs or oats. A couple of toasts of bread with peanut butter.
Lunch @1: Typical Indian lunch- vegetables, Curry, and a couple of roti (bread)
Snack @3:30: granola bar
Tea time @5:30- 6: some small food serving.
7:00-7:30 I would have a protein shake with water & a spoon of peanut butter after getting back from the gym.
Dinner @ 8:30- vegetables, curry with roti.
late-night snack. (occasionally)
Four Cups of Tea. 2% milk sugar.
One cup of coffee. Pour-over, black & no sugar.
What changed?
I eat two times a day.
My first meal is at 1 p.m.
My second & last meal is around 7:30 p.m.
I drink a lot of water.
Three cups of tea. One cup of coffee. No sugar.
I don't drink any liquor.
No snacking. No binging.
Read and learn about insulin and how the body produces and stores energy/fat
Observations in the past 45 days?
I am much more attentive throughout the day.
No effect or impact on my way of training or resistance training.
No negative effect on my work routine.
This change showed me how much wasteful eating I was indulging in. It cant be useful to my body since what I am operating is far more efficient.
How do you make a shift?
The first barrier is to make a mental shift. There is an adaptation in unlearning eating patterns and shifting over to fasting.
The image of Feasting and fasting has been impactful on me. That is how humans have lived for millions of years as a species. We should not be snacking all day.
Start slow.
if 18 hrs of fasting is not an enticing idea, reduce # of times you eat.
Give a minimum of 4 hrs gaps in between meals. let the body digest what it has gotten, and not always be in a catch-up mode.
If you listen to Indian news, you have heard about Ravish Kumar, NDTV. It does not matter if you like or dislike him, agree with his style or not. You can not ignore him.
I highlight Ten traits we can learn from him and apply to whatever you and I are doing. These are also the reason according to me why ravish continues to be visible and appreciated.
Detailed- Ravish's reporting and analysis is impeccably and sometimes painfully detailed. He comes with specific clauses & snippets from govt websites, international press, and sources. On issues like jobs, immigrants, ravish has built a massive library of reporting work.
Find a new viewpoint- Ravish is a good storyteller. However, his genius lies in finding a fresh point of view when everyone is focused on one viewpoint.
Use facts and backgrounds - Ravish leverages facts and data points heavily. He presents facts instead of using emotions to create impact.
Leverage community - Ravish is seen quoting and leveraging other experts in the community. He shares good work from various reporters, organizations outside of NDTV.
Give credit - He often credits his colleagues, reports, cameramen, and border community for their contribution. He is regularly seen recommending good books and reports.
Focus on substance - He doesn't indulge in bickering around the issues. He focuses on substance. He dives deep into long-tail subjects.
Keep things simple - His reporting style, studio setup, etc are super simple.
Keep it calm - He doesn't invite 20 people to the panel. He doesn't shout. He is not animated or raises his voice.
Show up every day - He shows up every day with detailed work, day after day. It is visible in his reports. He proves there are no shortcuts for doing great work.
Sarcasm - he is highly sarcastic and uses it to wake up listeners.
What did you think of these 10 points? share in Comments.
Cyber Security has been a hot topic for the past few years.
It will be discussed furthermore in the coming days with the increasing cyberattacks. I always thought how cool it would be to predict the likelihood of an event? I used that lens to understand what helps ascertain the likelihood of cyber security incidents.
I have tried to cover those findings here. You will understand the factors influencing the likelihood of a cyber security incident but about a more suitable metric. Read on.
Most of the cyber security stats play to the innate fears of people.
Everyone talks about the sky falling. Every statistic amplifies it.
Here are some examples:
There is an estimated cyber attack every 39 seconds. (University of Maryland)
Cyber Crimes have increased 600% due to covid 19
macOS malware up by 165% in 2021
Ransomware attacks have risen by 350% and are estimated to cost $6Trillion in 2021
These stats scare the executives who worry for their business. 🤯. These stats help consulting companies sell better. 🤑
While it is not a fluke that cyber attacks have increased manifolds and even state-sponsored attacks have gone up in numbers, where is the balance?
How should an executive responsible for cyber security take action?
There are three main approaches:
Identifying vulnerabilities in the systems
Focusing on vulnerabilities was a common approach for years. It gives a good idea of gaping holes in enterprises. Engineering teams go into customer ecosystems and study and compare to the best practices and frameworks(NIST), policies, patches, and guidelines. It is highly comparative with a certain baseline suitable for an organization and maturity levels. There are several tools to scan and identify vulnerabilities across network, cloud, data, Identity, and access management. Typically in these reports, the engineers can also guide how severe these gaps are. As you will see, the approach is not very effective in itself.
Understanding the likelihood of cyber security events
Security professionals have gone after identifying the likelihood for a while. Modern risk modeling takes that into account. But the truth remains, predicting likelihood is a really hard task. Models can be heavily skewed to the quality of data. Moreover, there is significant training and feedback loop required to train the models for accurate predictions. then there are external factors like intelligence from security providers, trends in the market or industries, geolocation data, certain patterns of exploitation, etc. an accurate likelihood prediction must take those into account and spit out something used. so, while it is a cool metric to chase down, it is a complex task to be able to get into prediction.
A Rather better metric - Impact
How would you feel if we tagged an event with very high likelihood but No or Minimal business impact?
It changes the whole scenario. Isn't it?
The outcome or the impact is far more superior and actionable metric.
Rather than being afraid of the statistics, it is far more helpful to contextualize threats and vulnerabilities for your business.
Furthermore, a business can draw worst-case scenarios and conduct exercises to see their level of preparation in dealing with those scenarios.
It forces you to consider:
What is the impact on our business of this scenario playing out in real life?
Is there a financial risk with this scenario?
Is there is a business disruption?
Is there an impact on our shareholder value? Our partners
How do we recover?
How soon can we recover?
When you connect vulnerabilities, likelihood, and impact, the activity becomes actionable and measurable. A better picture emerges.
It forces you to focus on the top priority items.
Order of Priorities for taking action
Priority 1: Very high or High Impact Items with Imminent or high degree of likelihood
Priority 2:Very high or High Impact items with medium to low degree of likelihood
Priority 3:Low Impact items with imminent, Very high, or Low degree of likelihood
The senior leadership can tie investments to these actions and priorities.
Parting thoughts
Enterprises should focus on business impact and not just vulnerabilities and threats. Enterprises must use assumed likelihood to draw worst-case scenarios. Instead of focusing on the negative sentiment in the broader market, it is valuable to contextualize these threats and ensure they can build resilience in their business by preparing for the worst-case scenarios.
Should you beef up the cyber insurance? Should you invest in tools? Should you train your staff? Should you focus on monitoring and quick responses? Security initiatives similar to any other program get a finite budget. On the other hand, the threat landscape is constantly evolving. Executives also know there are no silver bullets out there.
In 2022 and coming years, Executives will need to rely on the lens of People, Process & technology to find holistic solutions in firming up their cyber security programs. We would have already solved it if it was just a technology or a tool problem.
So, I have put up this long list of top items for your holiday reading. This list is a mix of philosophies, best practices, and advice based on lessons learned from 2021.
I have put these in bite-sized bullets for digestion.
These should act as reminders.
These may guide new ways to build security programs.
As always, I would love to hear from you about your experiences. Enjoy the read.
Being compliant does not mean being secure. Compliance does not reduce your attack surface.
Investments in Cyber Security do not equal buying insurance. Instead, It is investing in accelerating your transformation.
CEOs want to see ROI correlation to security investments. Cyber Security Executives should use metrics like improvement in business productivity, time to market when thinking about their initiatives, and the impact those have on the broader organization. Cyber Security can not be about keeping you safe. It should be about moving you forward. (Does your new patching solution reduce the need for system downtime? What were the savings in productive hours? for how many people? )
Every security conversation should not lead towards adding more tools. If anything, organizations have too many tools.
Knowing your current posture and Cyber Security blind spots is more valuable than it is realized. Successful & secure companies are proactive.
Organizations that treat Cyber Security as crucial as performance or quality will continue to do well. Rest will learn those lessons the hard way. Pile of technical debt to cover security issues, expensive re-designs, hacks & breaches.
People will (and have been) remain the most crucial asset. They will also continue to be the weaker links on a cyber security front. Investing in people and creating a Cyber security culture will pay for itself.
Cloud has made enterprises inherently more secure. But remember, everyone carrying a smartphone doesn’t automatically become smart. Adapting & applying Cyber security for your organization and your industry standards is key.
The threat landscape is ever-changing. Bad Actors need to be right once. You need to be right every time. Of course, the equation is set up against you. The only way is to stay on top of the game and ahead as much as possible.
Identify your organizational Crown Jewels. They must be secured and audited. But a mechanism to recover & restore them in case of a breach will differentiate men from boys. (Accenture, a great recent example of it where they were able to recover & move on quickly.)
While evaluating products, Cyber Teams focus too much on features. 80-85% of those will seldom be in use. Be it our car, mobile phone, enterprise tool, or software. A security executive must focus on the essential objective & solve it. Think - business capability matrix.
No organization is immune to attack. 80% of enterprises have suffered a security incident in the past 12 months of 2020/21.
About 45% of organizations are not armed to meet the cyber security challenges. At least 50% of the organizations waste significant time investigating low-level alerts and getting lost in the noise.
1/2 of the SMB organizations lack the right tools to detect, isolate, respond and clean up cyber threats. Moreover, massive integration gaps exist within organizations, which do happen to have the required tools.
I am seeing almost every company drawing cyber liability insurances. However, About 50% of the organization would not know when to engage the legal team when an incident takes place. Is an intrusion taking place? Should legal be engaged upfront or post containment? Most organizations do not have a runbook to leverage their legal counsel and operating procedures in such cases.
People directly in charge of an asset know everything is penetrable. They focus on investing in cyber-attack resilience. Those who gloat about their security programs mostly are not responsible for an(any) asset.
"Return to office date is history". "Omnicron may turn into an endemic in 2024". These articles & deep dives confirm- remote work is here to stay. It is high time organizations focus on improving endpoints visibility for employees & associates. For the past 2 years, 55% of executives have been concerned about endpoint security and lack of visibility.
Elapsed time to identify, remediate, contain a threat is critical. In today's day & age, automation in incident management, threat detection, and threat containment is crucial. It is not humanly possible to make a decision based on manually sifting through logs from hundreds of devices & systems which may run in GBs.
A considerable number of enterprises with investments in incident management tools may still lack a disaster recovery plan and incident responsiveness. While companies use NIST and MITRE-based frameworks, fewer than 40% of companies conduct exercises for incident responses.
Enterprises across the board are reeling with talent management challenges. Finding security talent was a challenge, but with the Great Resignation 2021, talent retention has become a headache. Re-skilling your people and leveraging a robust partner ecosystem will be necessary for 2022.
Operational disruption (60%), Sensitive data compromise, or loss(64% of enterprises) is top of the list of damage from a cyber security intrusion.*
Executives from mid-size Organizations seemed to be most concerned with losing sensitive data. At larger organizations, Executives are most anxious about the revenue impact from a cyber attack.
Some of the best tools for identification, detection, isolation rely on interconnection to communicate, exchange information, and recognize patterns. Lack of integration among the tools & systems continues to be low-hanging fruit for executives in 2022 looking to gain rapid mileage from existing investments.
Enterprises invest in purpose-driven tools. New tools may be acquired as the goalpost or the leadership changes. With time, tools overlap, silos build up. These tools can be studied & rationalized. Often it can unlock a significant spend reduction in the license & maintenance costs.
It is incredible how many organizations invest in expensive security tools but do not have the MFA enabled. 45% of the compromises still originate password compromises. Get it done. Now.
Businesses are well versed in tracking traditional risks like delayed projects, cost overruns, or business impacts. However, they need to consider risks originating from digital transformations. Think about Risks associated with PII data, its movement, laws governing data storage, privacy laws, etc. Data and its associated risks are a new frontier in itself.
Inherent biases in the application or data quality issues can lead AI applications can misguide organizational focus. These can also open companies to new risks.
Gartner predicts that in 2 years, privacy laws will cover 75% of the population. With GDPR, CCPA, and more laws in the making, the grip on a consumer’s data, privacy will continue to get tighter & complex. So, CISOs and leaders need to advance and automate their privacy management systems. They need to ensure a process to capture, scrub or remove data if requested by their customers or readers.
Gartner also made a startling prediction- by 2025 threat actors will weaponize technology environments. We are already seeing signs of it. Oil and Gas, Utilities, School districts, Water utilities do not have consumers' PII data alone. The population's daily lives depend upon these utilities/service providers. Hence, It's essential now to prepare for ramped-up cyberattacks towards these spaces in the coming years. They will not come for the consumer data you have, but weaponize your facilities against the customers you serve.
A significant number of Mckinsey's surveyed companies(48%) reported "being able to identify the risk" as their biggest challenge with digital and analytics risks. If you can not identify or measure the risk, it is hard to manage or plan for those.
The majority of companies approach their assets, then study security controls around those assets, and then work on how to fill the gaps, add procedures, tools. It is time the conversation becomes rather business-focused. What are the business crown jewels? What type of disruption is non-negotiable? What is the organization's risk appetite? It is a much approachable problem to solve when the focus is shifted upside down. Once those questions can be answered, focusing on security controls, tools become more meaningful.
It's time to define a data-driven approach to cyber risk assessments. Being able to associate $ values to risks, their likelihood is important to convey and move the business into action. It will also guide security budgets - "Where should we invest, first?". Leaders can prioritize and ask 'what level of financial risk organization is ready to take?'
Communication is the key to garnering attention and improving cyber security within an organization. Cyber Security is top of mind for CEOs/Boards. However, their focus is often on aspects like Shareholder value, business growth & competitive edge. Reporting on Traffic lights (red, yellow, green) won't convey the context and meaning of actual risk to organization vs business KPI. Communication must be in the business language. A tool implementation, a current list of vulnerabilities, and technical details, or a technical roadmap will fog the actual impact or risk to the organization. It will also confuse the non-technical board/CEOs for being unable to get to the crux of the matter.
If as an investor I know you(your company) have the right cyber security practices in place, would you not become a better company to invest in? Am I willing to see erosion in share price value due to an overnight cyber-attack that stuns the enterprise? SEC is already working on a Cyber Disclosure policy in this regards
References: The above insights have been gained from tons of reading materials over the past 3 months and experiences with customers. I am quoting notable links that are a constant source of knowledge.
We have had some good harvests over the past two summers growing tomatoes and a few other vegetables in the backyard in a small space.
the harvest from tomatoes was phenomenal last. so much so that we shared tons of them with friends in the neighborhood and We still had plenty to enjoy during summer and fall.
This year, however, I decided to experiment with a raised bed kitchen garden in one of the open sides of our house.
Here is how it looked when it was put together and started roughly 45 days ago (Early May).
This is how the bed looked like in Early May after initial plants were put in.
This is how the bed looks like on June 13. I have recently harvested from here.
since I re-started my blogging again, I didn't take photos of the whole process, but here is how I approached it.
I have started a new section on my new blog.#10takeAwaysThe purpose is to share dense knowledge bytes from the books I read. I very much encourage you to read the book but if you are pressed for time, these posts should help.
The books also can cover a variety of topics and go to lengths and breadths.
💡
I will pick the top 10 lessons from every book and share them in easy and palatable bytes.
When finances are taught from early childhood, there is too much focus on rules and laws instead of psychology covering emotions and nuances. The study of the history of greed, insecurity, and optimism provides a huge window into why people bury themselves in debt. A financial study of debt is not required for that. 🤑
The skill which makes you wealthy and which keeps you wealthy are different. Both are equally important to observe, learn & practice.
Timing is everything. Someone who grew up during the 1940s in the US when the stock markets doubled vs Germany or Japan which paid the prices of World war II, timing plays a huge role in the psychology of how you invest. The same is true for the era where Stock markets were standstill compared to an era where stocks were going through the roof.
Risk and Luck and doppelgangers. Opportunities, where the downside is in complete ruin, must be avoided. Avoid single points of failure. Avoid ruin. You want to be able to survive and keep playing the game. There is no reason to risk what you have and need for what you don't have and don't need. "You can be risk-loving and yet completely averse to ruin" - Nassim Taleb.
The margin of safety should be appreciated. "The purpose of the margin of safety is to render the forecast unnecessary" - Graham bell
The hardest skill in finance is to get the goalpost to stop moving. It is critical to know when you have had enough. Your best shot at keeping things that are invaluable to you(reputation, independence, family, friends, happiness, peace of mind) is to know when it is time to stop taking risks.
Compounding is a no-brainer to wealth. The biggest secret behind compounding is 'undisturbed compounding'. Warren buffet's massive investment success came from it. Smart decision making, reading, intelligence, financial acumen are all contributing factors too. "First rule of compounding is to never interrupt it unnecessarily" - Charli Munger
The ability to do what you want, when you want, for as long as you want, has infinite ROI.
People are poor forecasters of future selves. Everything changes and must change. Anchoring decisions to past efforts that can't be refunded will be a huge cause for disappointment. Don't have the concept of Sunk costs hold you back.
Instead of being persuaded by others' success, identify if they are playing on the same field(risk appetite, time horizon, investment behaviors) where you want to be. Only then act upon that advice.
I surveyed my readers for what they would like to see in the newsletter in 2023.
We have the results.
A majority asked for more news. That is what we will do.
If you are one of those who participated and responded, thank you! If you did not, my goal is to persuade you to join in read the newsletter, and engage often.
Read this week
Security issues due to mass exits of employees?
What can you achieve by removing meetings? 76,500 in freed up time. A decision others can copy.
Microsoft eyes a massive stake in ChatGPT.
The Most Interesting Story from CES 2023
AWS finally comes around to encrypting S3 buckets by default.
Will "Matter" really simplify the smart home ecosystem mess?
I can predict you did not spend the last week of the year as you should have. I can predict the same behavior for the first week of the year. A year ends, a new one kicks off. We make new resolutions. We put new goals & commitments. We get busy in time offs, partying, eating, and drinking too much. We return to work stunned from the holidays and another week goes by. Those resolutions begin to fade away as the work pressure builds up. Then things get busy. Soon you realize another year speeds by without much. What happened to the goals you wanted to achieve? What happened to the commitments? I will show you one yearly ritual that has bolstered my achievement rate of over 300% for the past 4 years. If you pay attention and spend a few hours on it, you can get those massive returns yourself too. In this post, I share my practice, how that practice re-wires our brain, and then share my template. You can make this year a winning story you would tell to 2023. Read on.
What is the value of doing a personal yearly review?
It is said don't live in the past, but reflect upon it. Past is for us to learn from it and get better. History teaches us lessons. When we don't acknowledge those lessons, then history repeats itself.
Great behaviors must be repeated. Bad practices must be dropped.
It is all about getting that 1% better in everything we do and incremental improvements.
And those improvements only come from pausing and reflecting.
Think about it-
Are we busy pounding away or, are we doing the right things?
Are we making progress or standstill?
Are we headed towards our goal or in a completely different direction?
How much have we achieved? (it is not just about financial metrics)
Since when did I start doing yearly reviews?
For the past 3 years, I have been doing my yearly reviews. It feels like second nature. When I come to think about it, people in the industry (especially IT) would fill out long-form reviews - quarterly, yearly and sit down with their bosses in a review session. It is seen as a mundane, energy-sucking activity.
How often do you hear a friend excited about submitting their yearly reviews?
How often do you hear a friend or colleague looking forward to their yearly reviews with their bosses or their subordinate or peer?
the reality is those discussions are tied to monetary benefits- a raise, or a promotion. It's mostly reactive and hardly proactive. There is little to no discussion on future challenges. It's almost like a delayed feedback session.
Secondly, it is a push and not a pull. An organization is pushing employees to fill these reviews up and submit them. It is pushing bosses to finish reviews within a stipulated period.
No one wants to submit the reviews, and no one wants to review those reviews.
When I started doing my yearly reviews, my inspiration was opposite to the system I have seen closely. My inspiration came from listening and following closely the likes of Tim Ferris, Naval Ravikanth, and more folks who use reflections and reviews as a massive driving force. My motivation was to reflect and gain value from my patterns.
Have I gained tangible benefit from doing these year-end reviews?
Yes. Let me share an example. During my 2018 year-end review, I noticed a pattern. I called myself out on it. I was starting too many new projects, then interest faded and I would drop them. On closer inspection, I noticed that on some of these projects(like my photobook, a business idea, a technology certification), I was much closer to the finish line. Breaking the initial inertia is hard, but in my case, I would do the difficult work of starting but then would drop it.
I took a note. I promised to take smaller projects or break larger ones into smaller chunks. Not to take more than 2 personal projects at a time. And just doing it.
As a result of this small change, during 2019,2020, 2021 I have been able to lock myself in and finish my IELTS(8.5 Band in 40 days prep), AWS Cloud Practitioner Certification in 25 days, AWS Solution Architect Associate in about 40 days, and a massive list of items which I am proud of. I published more than 15 posts on LinkedIn each year and made significant progress.
This was one of the simple changes which I needed to do, and it emerged from the end-of-year review of my patterns. Hope this inspires you.
How do I review my year?
My process and template are simple. In 1 sitting, I typically allocate 4 hours of thinking and writing time. I allocate 2 hours on the next day to schedule action items on the calendar.
In 2018 and 2019, I carried out the review using physical paper & pen.
In 2020 and now 2021, I reviewed using OneNote and digital template.
The approach you could follow to do your year review
Here is a simple template you can use to do your reviews.
The whole process focuses on two aspects-
Reflect on the past, learn in the future.
#1: Every time you review a past event, it should not go Gaga over the achievement or get drowned in pain over the horrible mistake you made.
Let it hurt or feel amazing, only shortly.
We are reviewing to learn and observe patterns, not daydream.
#2: My focus for learning is around reading, writing, and real-world experiences. Hence I actively track specifics around how many books I read, how many articles I write. For you, this could be different, hence adapt accordingly.
In conclusion, I find the year-end review extremely helpful for personal and professional growth. It is an investment to make next year better. I encourage everyone to do this. The first week of the year is also a good time for this activity.
If you need any help with it, don't hesitate to ask via the comments or email me at quitefar@gmail.com.
2020 was tough. We were looking for hopes from 2021. But it turned out to be a difficult year too. We saw light at the end of the tunnel as the COVID vaccines came out. With the omicron variant spreading rapidly, 2021 is ending with signs of darkness. Global economy swings and macro factors are outside of our control. I generally focus on things in my control and influence. These last few weeks are when I spend some quiet time. It is when I do my yearly review. It is often said that one should not live in the past. Instead, use it for reflection. Learn from it. Build on it. That is my interest too with this exercise. In this article, I am going to share specifics of why I started doing these reviews, share specific examples of what value I have drawn from them. I will guide you on doing your review using my template.
This evening, during my evening run I went to one of the playgrounds which I frequent. It belongs to a school in the village of Thuhi near my home. The school's hockey team practices here while I run or walk. The sky has been beautiful and the sun rays made for a pleasing view.
I got 'meditations' by Marcus Aurelis as a Father's day gift(2020). I actually chose the book. The family happily gifted it. The book has been on my reading list for a while, especially after I read the 'The daily stoic'. The Daily Stoic by Ryan holiday does an excellent job of articulating principles of stoicism, but I have always wanted to read the sourcebook. This is it.
Below are some of my notes or learnings which i took while reading the book. I took the help of my daughter to type up some notes, so I can share the lessons from the book 'Meditations' with others and hopefully help spread the word of Stoicism and writings of Marcus Aurelius to others.
Marcus Aurelius Wrote this diary "To Himself" as the original title, during the intervals of the battle.
Before I jump into sharing my learnings and specific quotes from The legend here are some observations on the book itself:
It's a short book but may not be a short read.
English writing can be very cryptic at times
Some pages are loaded with wisdom and points. So, take the time to read and absorb.
Reflection is part of reading this book. I found myself reflecting on some thoughts post reading through it.
It goes to show that even in 100 AD and before, men have always faced the biggest challenges in front of them. Most of them begin within the heads. hence, "tame your own mind" continues to be the age-old wisdom.
Now, let me share some of the quotes from his book, which I thought are extremely valuable. Some of these, you have to read a couple of times to let them sink in. It is amazing still that thousands of years ago, someone was thinking and answering what we constantly battle with, even today.
