Daniel Miessler's Blog, page 84

8/10

My One-Sentence Summary
Content Extraction
Takeaways

My book summaries are designed as captures for what I’ve read, and aren’t necessarily great standalone resources for those who have not read the book.

Their purpose is to ensure that I capture what I learn from any given text, so as to avoid realizing years later that I have no idea what it was about or how I benefited from it.

My One-Sentence Summary

While metrics can and do offer extraordinary benefits when they’re used carefully and properly, there is significant chance of them being chosen incorrectly, being gamed and corrupted by various parties, and ultimately becoming toxic to the very cause they were created to help.

Content Extraction

Empower others, but be willing to step in with micromanagement temporarily if things get out of hand
Don’t be so dominating and intimidating that your leaders can’t step up and lead themselves
Discipline is great, but too much leads to a lack of creativity
Too much creativity and not enough discipline leads to sloppiness and mistakes

The more a quantitative metric is visible and used to make important decisions, the more it will be gamed—which will distort and corrupt the exact processes it was meant to monitor.

An adaption of Campbell’s Law

And the second is a similar, more simplified version of the same, by Goodhart:

Anything that be measured and rewarded will be gamed.

An adaption of Goodhart’s Law

All quotes here are from the book itself unless otherwise indicated.

“The three components of great training are realism, fundamentals, and repetition.”

Metrics can be and often are useful, but the thing to avoid is Metrics Fixation, which is where you replace judgement with numeric indicators, you think making metrics public will solve everything through motivation, and thinking that the best way to motivate people is by giving them money or ordinal rankings.

I’m not convinced this is true in theory, but it’s definitely true in practical terms given current society and technology.

Not everything that matters is measurable
Not everything that’s measurable matters


Common flaws

The most characteristic feature of metric fixation is the aspiration to replace judgment based on experience with standardized measurement.

Muller, Jerry Z.. The Tyranny of Metrics (p. 6). Princeton University Press. Kindle Edition.

A common flaw is measuring what’s easiest
You don’t want to measure the simple, when the outcome you want is complex
Measuring inputs rather than outputs
Gaming through creaming is when you find simpler targets or only choose inputs where you’re likely to have good metrics
Lowering standards to have more successes
Leaving out data or reclassifying incidents as higher or lower categories
Outright cheating happens too, when the pressures are high enough (high Metrics Fixation)

The demand for measured accountability and transparency waxes as trust wanes.

Muller, Jerry Z.. The Tyranny of Metrics (p. 39). Princeton University Press. Kindle Edition.

Takeaways

Metrics are a good way to align a team around a goal.
The more numeric, visible, and reward-tied a metric is, the more likely it is to be gamed and turn toxic to its original purpose.
When you use a metrics program, be sure to periodically ensure that undesired externalities have not emerged as a result. And be prepared to go digging, since the negative effects could be well-hidden.
Moderation is key. Use metrics, but don’t let them control you or become a substitute for judgment.
Remember to constantly revisit the spirit of what you’re trying to attain, and continuously ask yourself whether the tangible things you’re tracking are high-signal proxies for those goals.

You can find my other book summaries here.

Notes


There is a previous book by the same two guys, called Extreme Ownership, and while it was good, it did emphasize the extremes of each point that was made. This book corrects that by focusing everything on the balances that have to be constantly adjusted for the situation. This is basically the better version of the first book, but you can still benefit from the first one as well.

—

Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

There are myriad books and websites describing the Top N Metrics in a particular area, but very few tell you what not to do. This article will show you specific examples of metrics gone bad, what’s wrong with them, and what you can do to make them better.

Economic as in economics, not financial.

First, it’s important to understand the philosophical and economic downside of metrics systems. The book, The Tyranny of Metrics, by Jerry Z. Muller does a great job of capturing the issue.

The book talks about a couple of thinkers who called out the dangers of over-indexing on metrics with two related laws. First is Campbell’s Law:

The more a quantitative metric is visible and used to make important decisions, the more it will be gamed—which will distort and corrupt the exact processes it was meant to monitor.

An adaption of Campbell’s Law

And the second is a similar, more simplified version of the same, by Goodhart:

Anything that be measured and rewarded will be gamed.

An adaption of Goodhart’s Law

Basically, the more visible, quantifiable, and important a metric is, the more it’s vulnerable to gaming and toxicity to its initial purpose.

But neither the author of this book, nor I, are saying to avoid metrics, or that they’re inherently harmful. We’re simply saying that you need to avoid metrics worship, or what Muller calls, “Metrics Fixation”.

As with so many important things in life, the key is balance—in this case between measurement and judgment. We can and should use metrics where appropriate, but we can’t allow them to turn into a religion.

Examples of real-world metrics gone bad

Economics is critical because it’s about understanding how policy changes have both desired effects and externalities.

The best way to illustrate this problem is to give examples of bad metrics that produced unwanted outcomes. Here are some of the most cringe-smile invoking examples.

Number of poisonous snakes

What we’re trying to avoid is Metrics Fixation.

A leader in India said too many people were dying from poisonous snakes, so he offered money to anyone who brought him a dead one.

Unintended Negative Result: People started breeding poisonous snakes in private, so they could kill them and bring them to the government.
A Better Metric: Reward people for a fewer number of deaths being reported from poisonous snakes. But realize that this can—and likely will—cause additional effects (like people being paid to classify snakebite deaths as something else).


Stop taking hard cases

Surgeons are often judged by how often there are complications or deaths in their surgeries, which affects their marketability and insurance rates.

Unintended Negative Result: Many surgeons stop taking high-risk or complicated cases, which results in people who really need help getting inferior care.
A Better Metric: Incorporate a rating of difficulty, risk, or complication in the calculation, and maybe even incentivize the courage to take on hard cases.


Teaching to the test

Governments in the last couple of decades have focused on making sure more students can hit a minimum level of competency in subjects such as English and Math.

Unintended Negative Result: Many schools have taken this to an extreme, and basically spend all their classroom time teaching to the test, which results in no freedom, enthusiasm, and ultimately a loss of curiosity and creativity in the students.
A Better Metric: Find ways to encourage creativity and curiosity, as well as wrote learning, since those are a big part of what we’re trying to foster in our children as a springboard for life-long learning.

Additional metrics that directly violated their purpose


Chinese peasants used to be paid for finding dinosaur bones, but this actually lead to them breaking every bone they found into multiple pieces so they could be paid multiple times.
Security managers prioritizing bug volume rather than bug quality, leading to more bugs that don’t matter and them spending less time on the ones that matter.

Salespeople being rewarded based on number of leads, which often creates tons of poor, unqualified leads that take up quality time that should have been spent elsewhere.
Wells Fargo massively incentivized the metric of “new accounts”, which caused them to set up thousands of fake accounts, ultimately resulting in major lawsuits and financial impact.
A number of governments with air pollution problems have started alternating which cars can be on the roads each day by even and odd license plate numbers, which unfortunately led many to buy an additional vehicle so they could drive every day.

Manufacturing workers being told “reported incidents WILL go down”, which doens’t mean necessarily that less people will get hurt, but that if they do get hurt they should find a way to avoid reporting it.
Glass plant workers were told to produce as many square feet of sheet glass as possible, and soon started making it so thin that it wasn’t usable for anything.

The mortgage loan situation is great example of a good-natured metric causing great harm.

Before the mortgage crisis of 2008, many banks were given metrics for loans to non-traditional borrowers (people who couldn’t normally qualify for a mortgage), and the result was billions in loans that couldn’t be paid back.


Discussion

There’s a similar example in the problem of teaching AI what to value if it becomes sentient and super-intelligent. You can’t be too specific or you could cause great harm.

For me the key here is that metrics should 1) tell us the state of the world we care about, and 2) track spiritually to what we desire as opposed to technically. Great examples of that were seen above, where we thought this quantatative, visible metric got us what we wanted, when in fact we wanted something broader and more difficult to describe.

Another example of this comes from Daniel Kahneman’s research on happiness, where he argues that it’s not happiness people are looking for, but rather satisfaction that their lives are going well in the long-term.

If we were to measure smiles, for example, as a proxy for happiness, how would that track with satisfaction? It’s those disconnects between the measured and that which we truly care about that are crucial to avoid in any metrics program.

Many argue that metrics have eaten standardized edudcation.

The other thing to avoid is having the entire measurement effort metastasize into a tumor that eats the organization. Possible solutions there could include hard limits on the number of metrics, the time allowed to be spent on them, and/or the budget for running the program. As Muller points out, organizations with high turnover and a lack of direction could confuse metrics with leadership and do little else.

Summary


Metrics are a good way to align a team around a goal.
The more numeric, visible, and reward-tied a metric is, the more likely it is to be gamed and turn toxic to its original purpose.
When you use a metrics program, be sure to periodically ensure that undesired externalities have not emerged as a result. And be prepared to go digging, since the negative effects could be well-hidden.
Moderation is key. Use metrics, but don’t let them control you or become a substitute for judgment.
Remember to constantly revisit the spirit of what you’re trying to attain, and continuously ask yourself whether the tangible things you’re tracking are high-signal proxies for those goals.

—

Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

There are 39,231 websites out there telling you the Top N metrics, but very few offer tangible instances of what not to do. This article will show you specific examples of metrics gone bad, why they’re not helpful (or worse), and what you can do to make them better.

Economic as in economics, not financial.

First, it’s important to understand the philosophical and economic downside of metrics systems. The book, The Tyranny of Metrics, by Jerry Z. Muller does a great job of capturing the issue.

The book talks about a couple of thinkers who called out the dangers of over-indexing on metrics with two related laws. First is Campbell’s Law:

The more a quantitative metric is visible and used to make important decisions, the more it will be gamed—which will distort and corrupt the exact processes it was meant to monitor.

An adaption of Campbell’s Law

And the second is a similar, more simplified version of the same, by Goodhart:

Anything that be measured and rewarded will be gamed.

An adaption of Goodhart’s Law

Basically, the more visible, quantifiable, and important a metric is, the more it’s vulnerable to gaming and toxicity to its initial purpose.

But neither the author of this book, nor I, are saying to avoid metrics, or that they’re inherently harmful. We’re simply saying that you need to avoid metrics worship, or what Muller calls, “Metrics Fixation”.

As with so many important things in life, the key is balance—in this case between measurement and judgment. We can and should use metrics where appropriate, but we can’t allow them to turn into a religion.

Examples of real-world metrics gone bad

Economics is critical because it’s about understanding how policy changes have both desired effects and externalities.

The best way to illustrate this problem is to give examples of bad metrics that produced unwanted outcomes. Here are some of the most cringe-smile invoking examples.

Number of poisonous snakes

What we’re trying to avoid is Metrics Fixation.

A leader in India said too many people were dying from poisonous snakes, so he offered money to anyone who brought him a dead one.

Unintended Negative Result: People started breeding poisonous snakes in private, so they could kill them and bring them to the government.
A Better Metric: Reward people for a fewer number of deaths being reported from poisonous snakes. But realize that this can—and likely will—cause additional effects (like people being paid to classify snakebite deaths as something else).


Stop taking hard cases

Surgeons are often judged by how often there are complications or deaths in their surgeries, which affects their marketability and insurance rates.

Unintended Negative Result: Many surgeons stop taking high-risk or complicated cases, which results in people who really need help getting inferior care.
A Better Metric: Incorporate a rating of difficulty, risk, or complication in the calculation, and maybe even incentivize the courage to take on hard cases.


Teaching to the test

Governments in the last couple of decades have focused on making sure more students can hit a minimum level of competency in subjects such as English and Math.

Unintended Negative Result: Many schools have taken this to an extreme, and basically spend all their classroom time teaching to the test, which results in no freedom, enthusiasm, and ultimately a loss of curiosity and creativity in the students.
A Better Metric: Find ways to encourage creativity and curiosity, as well as wrote learning, since those are a big part of what we’re trying to foster in our children as a springboard for life-long learning.

Additional metrics that directly violated their purpose


Chinese peasants used to be paid for finding dinosaur bones, but this actually lead to them breaking every bone they found into multiple pieces so they could be paid multiple times.
Security managers prioritizing bug volume rather than bug quality, leading to more bugs that don’t matter and them spending less time on the ones that matter.

Salespeople being rewarded based on number of leads, which often creates tons of poor, unqualified leads that take up quality time that should have been spent elsewhere.
Wells Fargo massively incentivized the metric of “new accounts”, which caused them to set up thousands of fake accounts, ultimately resulting in major lawsuits and financial impact.
A number of governments with air pollution problems have started alternating which cars can be on the roads each day by even and odd license plate numbers, which unfortunately led many to buy an additional vehicle so they could drive every day.
Glass plant workers were told to produce as many square feet of sheet glass as possible, and soon started making it so thin that it wasn’t usable for anything.

The mortgage loan situation is great example of a good-natured metric causing great harm.

Before the mortgage crisis of 2008, many banks were given metrics for loans to non-traditional borrowers (people who couldn’t normally qualify for a mortgage), and the result was billions in loans that couldn’t be paid back.


Summary


Metrics are a good way to align a team around a goal.
The more numeric, visible, and reward-tied a metric is, the more likely it is to be gamed and turn toxic to its goal.
When you use a metrics program, be sure to periodically ensure that undesired externalities have not emerged as a result. And be prepared to go digging, since they’ll often be secretive.
Moderation is key. Use metrics, but don’t let them control you or become a substitute for judgement.

—

Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

Many years ago, Verizon started a trend by releasing their Data Breaches Investigations Report, and today there are dozens of companies releasing similar offerings. But even with all the competition—some of which are quite good—the original DBIR report is still my favorite.

Get the full report

Here were my main takeaways from this year’s release.

Meta


This is the 12th year of the report
As usual, it’s built from real-world data
This year they included 41,686 security incidents and 2,013 data breaches
There were 73 data sources spanning 86 countries


Perpetrators


69% of attacks came from outsiders
34% involved internal actors
They say only 5% involved partners, which I would thought would have been higher


Techniques

Keep in mind that many incidents/breaches fall into multiple categories.

Around half involved “hacking”
1/3 included social engineering
Around 1/3 involved malware
They say only around 4% involved a physical component, which I find fascinating. Coming from such a major report, this could lead some to spend less on physical pentesting. Although, maybe that 4% were the ones that mattered most.


Victims


Almost half the victims were small businesses


Attack types vs. industries

Denial of service and hacking was popular across many industries
The server itself was the most popular target
Hospitality (Accommodation) had series issues with malware and hacking


Their key analysis points


Executives are being targeted (between and 9 and 12 times more than in the past)
Attackers are following companies into the cloud
Web-app-based payment systems are catching up to physical terminal compromises. This is interesting, since I would have thought this crossover would have happened a long time ago. They say Chip and Pin could be a major factor in this
Ransomware is still a very common technique

Maybe we need to build campaigns that more specifically target mobile?

Phishing is quite effective on mobile devices
Miscellaneous Errors continue to represent in many patterns, especially where the industry is usually understaffed and underskilled (healthcare, education, etc.)
Espionage is the biggest issue in the public sector


My takeaways


If you stay up on security news there weren’t too many surprises, but the data backing continues to be exemplary
Protect your VIPs (including executives)
With 1/3 of attacks involving internal actors, and 15% involved misuse by authorized users, they make a pretty strong push for monitoring insiders (also known as employees)
Errors were involved in 21% of attacks, which is still extremely high. Do your best to avoid own-goals

Overall, another solid release. Well done to the team.

And it really is worth taking the time to at least skim the full report.

—

Become a direct supporter of my content for less than a latte a month ($50/year) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month, plus access to the member portal that includes all member content.

Image of Uri Harris, Eric Weinstein, and David Fuller

So I want to comment on the dialogue that is taking place right now about the faction of the liberalism that’s splintering from the mainstream left.

I just got done watching Eric Weinstein’s conversation with David Fuller, and I thought even they were missing what I see to be an extremely simple narrative for this whole thing.

This started when I wrote a piece called A Visual Breakdown of IDW Political Positions, which showed a spreadsheet view of multiple classic dividing line topics, such as man-made climate change, abortion, stronger gun laws, being for or against immigration, drug legalization, single-payer healthcare, etc.

A Visual Breakdown of Intellectual Dark Web (IDW) Political Positions | Daniel Miessler https://t.co/EldWPSxhF4

— Sam Harris (@SamHarrisOrg) April 6, 2019

What I did was go and track down what the positions of the IDW members on all those topics, and lo and behold—they were vastly liberal. Sam Harris, Eric Weinstein, Joe Rogan—all extremely liberal on those issues. Even Dave Rubin and Jordan Peterson showed heavily liberal on a lot of things. Only Shapiro stood apart from the rest.

Anyway, I sent it to Sam Harris, who I corrected one of his positions for, and he made it viral when he tweeted it out.

A few days later, Uri Harris wrote a piece for Quillette, that—honestly—I just didn’t understand. I could tell he was disagreeing with me, but I don’t know what he was correcting.

But just now watching the Weinstein and Harris conversation, I realize what he was saying. He was saying that the things I had in my original list—which are the typical issues that divide the left and right—are no longer the dividing line.

Ok, I 100% agree. That’s what it means for there to be a schism—you have a break where there wasn’t one before.

But the point of my piece wasn’t to say that the IDW was part of the new leftist exodus—it was to say that they’re not part of any version of the right.

That’s a huge distinction.

What we have is a bunch of people who support abortion, climate change, immigration, stronger gun laws, believe income disparity is a huge problem, are pro-drugs, are pro-gender rights, pro-gay marriage, pro-marijuana, etc.—being called alt-right by the new exodus members.

THAT is the move I’m objecting to, and that I was trying to highlight in my piece.

Now, David mentioned that Eric likes to steel man arguments, and Eric seems confused about what the new leftist exodus is saying. So let me give this a shot.

Politics are getting more extreme
The right is rising
We have more Nazis coming out of the woodwork
We have more right-leaning hate crime
All this has been facilitated by Trump taking office
Basically, the extreme right is becoming vocal and dangerous
At the same time, the rich are getting richer and richer
Minorities continue struggle
LGBT people continue to struggle
And we don’t have the goddamn time for centrists
We don’t have time for subtlety or both-siding arguments
There are fucking nazis on the streets in Portland
We don’t need a gentle and passive left
We need an activist left
A left that will acknowledge that the deck has been stacked against those at the bottom for a long time
And if you want to be a centrist, and both-sidser, then you’re part of the fucking problem
You enable the extreme right with your silence and/or nuance, and during wartime you must be treated like them
THAT is why I label you alt-right—because you’re not part of the only faction that has the courage to stand up and do what’s right

Wow, ok, I really channeled it well there. I can do that because I’m a liberal myself, and I sometimes vibrate at that frequency as well.

So, to Eric, THAT (unless I’m very wrong) is what this new branch of progressivism is saying. That is the movement.

So, to turn this into a clean and explanatory narrative, here is the state of the union.

Pressure causes separation

We used to have a left and right, and the issues in my piece were largely where the lines were drawn between them.

Then Trump happened, and the pressure in our country increased exponentially.

That pressure caused the left to fragment, and a new extreme faction has carved off into it’s own thing, which people call different things. Modern Progressives, Extreme Left, the Leftist Exodus—whatever.

Because that new faction’s entire point is that the status quo of passivity is NOT GOOD ENOUGH, they are taking an aggressive stance against anyone who is not in their faction. It’s pretty standard as far as extremist groups go—you have to maintain their level of fervor or you can’t participate.

Now, this whole dynamic leaves one particular group stranded—people previously known as liberals, but who are still open-minded, empathic, prone to listening to both sides of a conversation and looking for common ground. And their primary means of maintaining this lifestyle has always been conversation.

That’s who formed the early IDW. The liberals who stayed behind when the new faction left on their exodus, because they wanted to use conversation to work their way through this mess.

But the new faction isn’t having it—because you don’t talk to Nazis. Conversation in their minds is the same old tactic that clearly hasn’t worked, and now we have Trump and his acolytes terrorizing the streets.

So you’re either with them or you’re against them.

That is the way to encapsulate this.

Now, me personally—I’m part of those who were left behind. Born and raised in the SF Bay Area, liberal down the line, voted for Obama both times, etc.

My personal opinion is that a strongly principled center—powered by good-faith conversation—is not the problem, but in fact the only way out of this.

I think the IDW / left-behinds need to acknowledge that the New Left is mostly good-willed; they’re just young, under a lot of pressure, and angry.
I think the New Left needs to be willing to talk to their bretheren they abandoned. We’re not the enemy, and in most cases neither is your enemy. The true right extemistts are the real problem, and we need to unite to fight them. We don’t accomplish anything by fighting amongst ourselves.
And all of us need to reach out and talk to the center and moderate right types. Most of them are decent, and we need to make sure we don’t produce such a bad taste and smell that they prefer Nazis to us.

In all cases, conversation is the weapon of choice.

Anyway, that’s my read on all of this, and I hope it helps someone orient things in their minds.

If Eric or Uri (or anyone else) disagrees, I’m happy to be shown that I’m wrong and modify my opinion.

—

Subscribe for one coffee a month ($5) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

So I was listening to the Risky Business podcast this week and heard Adam Boileau mention something extremely juicy in passing during the news segment.

Patrick asked him about Microsoft removing password expiration in an upcoming version of Windows, and if he thought that was a good or bad thing. His response was super interesting.

They also mention later that there are exceptions where you definitely want to rotate them.

I’m certainly of the opinion that rotating passwords makes things actively worse. I have the data to assert that.

Adam Boileau, Risky Business Podcast #539

Patrick pushed further, and here’s how he expanded on it.

If you look at password changes over time there’s a direct correlation between the amount of entropy per password change and the number of times you change your password. The longer you’ve been at an organization the worse your password is because you’re forced to change it more often.

He went on to say that this is because, “you settle on a scheme.”

Patrick wanted him to write a report on this—which would be fantastic—but Adam said he’s too busy.

And 2FA of course.

But I thought it was a brilliant nugget, and too good not to capture.

Basically, empirical data showing that if you’re using super-strong passwords—that are unique—it’s markedly worse to force users to change them often because the organization will end up with weaker ones over time.

Good to know.

And I do hope Adam eventually writes that paper.

Notes


This has always been intuitive to me, and I’m sure many others, that if you rely on the human they’ll build security that matches their limitations (in this case memory). This is why there’s been such a push for password managers. It was just so interesting to hear about actual data collected to support our intuition.
Some might say we’ve not yet seen the data, so we can’t really come to any conclusions. My response is that you have to choose to trust if you want to expand your knowledge of the world beyond your own experience. And the Risky Business show, Patrick, and Adam are definitely on that list for me.

—

Subscribe for one coffee a month ($5) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

Unsupervised Learning is my weekly show that provides collection, summarization, and analysis in the realms of Security, Technology, and Humans.

It’s Content Curation as a Service…

I spend between five and twenty hours a week consuming articles, books, and podcasts—so you don’t have to—and each episode is either a curated summary of what I’ve found in the past week, or a standalone essay that hopefully gives you something to think about.

Subscribe to the Newsletter or Podcast

Become a member to get every episode

I think what’s happening to America right now can best be captured as a catastrophic loss of meaning.

Bowling Alone is the canonical work on the loss of community in our lives.

We’ve spent decades cutting religion out of our lives, we’ve stopped interacting with each other, many core “American” jobs have been deprecated due to automation efficiencies. And now the nation’s complexion is changing through immigration and demographics.

If you’re lucky enough to live on one of the coasts, or one of the big cities, and you have a decent education in a hot field, you’re basically fine. Those people have learned to wear their work and their projects like an exoskeleton.

People immersed in tech don’t have time to think about meaning because they’re too busy with their jobs, projects, and startups. Their work becomes their meaning.

But most people aren’t on the coasts with opportunity in a hot field. Most people live in the middle of the country, or are struggling in the big cities. Their meaning comes from sources that have been stripped away over the last few decades. Things like Work, God, and Country.

And once those sources of self-worth are depleted, there is an unfortunate last rung of the meaning ladder—race.

This is true in prison, and it’s true in Trump’s followers who feel they have lost their work, that their religion is under attack, and that their country is being invaded by outsiders.

This, more than anything, is the threat we face in 2020—an angry and mobilized mass of white people at the bottom of the meaning well.

In 2016 we liberals didn’t listen to their anger, and if we ignore it again we’ll have Trump for another 4 years.

Listen.

Notes


This idea emerged from a conversation with my friend Joel P.

—

Subscribe for one coffee a month ($5) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

In October of 2018 my site was hit by a meteor called Google.

My traffic dropped by over 60% in just a couple of weeks—going from around 10,000 pageviews a day, to around 4,000.

Read about the March 2018 Update

After some research and help from Thomas Zickell, I knew that this was a Google algorithm update, but I still decided to tend to my SEO garden to see if I could help the situation.

Here are some of the things I did:

I’ve been blogging since 1999, so I have thousands of posts.

Removed hundreds of old, personally-relevant (but not publicly useful) posts
Removed lots of thin content
Updated some of the metadata for the site
Refreshed a few of my key pages
Changed my top-level nav
Added sub-menus to my top-level nav
Added anchor pages for Information Security and Cybersecurity
Other minor tweaks

I also had a recent article go viral due to some famous associates sharing it on Twitter, so that probably had an impact as well.

As is usually the case, you never know what exactly is working, or if Google is changing things on their side. But to me the graph matches the March Update pretty clearly.

I am sure there were many factors, but it seems clear that the March Core Update was a major one.

Many people are saying that this update reversed a lot of damage done to some sites in 2018, and I think that’s definitely true for me.

I was really worried that I was being punished because I talk about so many different topics on my site, and that I’d never make it back. But I noticed something while my traffic was low that gave me hope: many of the pages that ranked higher than me were really, really bad.

That told me that this wasn’t a policy change, but rather experimentation with something that would likely be fixed in the future for the benefit of users.

And that seems to be exactly what happened. I’m now up over 25,000 spots on Alexa, to sub-100K again.

Anyway, I hope this helps someone who might be going through something similar.

—

Subscribe for one coffee a month ($5) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month.

This is a Member-only episode. Members get the newsletter every week, and have access to the Member Portal with all existing Member content.

Non-members get every other episode.

Sign in

or…

—

Subscribe for one coffee a month ($5) and get the Unsupervised Learning podcast and newsletter every week instead of just twice a month.