Share and discuss this blog

Announcing Schank Academy Logo

Welcome to the future of learning - the way it was always meant to be.

Courses start June 2017. Enroll today.

Monday, May 15, 2017

Who are these hackers and how did they learn to be hackers? some interviews

We hear a lot about hackers these days. The US election was hacked. The French election was hacked. A hotel was hacked and had to pay ransom to get the locks to work so that their guests could get into their rooms. The electrical grid in the Ukraine was hacked. We read about this and we may not really comprehend it. But when you are forced to pay ransom to get your hospital data back you might believe it more. 

Who are these hackers? Are they graduates of some hacker U? 

For some time now I have been working with hackers of a particular sort, mainly hackers who want to be good guys and who tend to work for the US government to help their country. How can they help? They can attack our enemies and they can defend our institutions. I wondered how these hackers learned how to hack.

To find out, I interviewed a few of them. Here is “Riverside.” (They tend to be nervous about giving out their real names):

I remember some very vivid memories as a child as early as 2 or 3 of different things that I would do playing in the neighborhood doing things with different kids.  I was always into finding ways to get around anything where there were security systems locks.  I ran away to go get burritos at three.  My mom had locks all up and down the doors.  At 3 you should never be able to figure out how to get through that.  I built this contraption out of chairs and tables and a whole bunch of other things to unlock every single lock to figure out all of them and wandered over and they brought me home.  I’ve always had that natural solved puzzle mindset in my head.

How odd is this story in the world of hackers? Not at all odd as it turns out. Hackers like to break into things and find things to break long before they ever hear about computers. What happens to kids like that when they enter school? Riverside again:

I grew up with a number of disabilities.  I was in special ed for a number of years.  In the kindergarten first grade timeframe, I could not learn anything.  The teacher actually told my mom I was retarded (she used that word) so they took me to do tests and I sat for hours doing tests: ink blot tests, and IQ tests, and they said he’s clearly not retarded and said that I was far above what they expected. They decided that I was in need of a special ed program.  This was back in the 70’s, and in the 70’s they really struggled with consistency across the programs.  I was extremely lucky to go into special ed with this one lady, Sandy Tatum.  She helped to develop my abilities.  One of the things she did to help that was put me on a computer in first grade.  I could visually see everything.  I can work math problems and read off the computer screen perfectly.  But if I was trying to do it off a paper or listening to an instructor it was all garbled.  And so I accelerated in a couple of months as fast as other kids would accelerate in several years.  Just using the computer.

This seems odd, but is it. In the early ’70’s I worked with a psychiatrist (Kenneth Colby) who was working with autistic kids. I built programs that they could interact with and they were very into doing that. Why? Because kids that are labeled “autistic” are quite often kids who prefer interacting with machines rather than people. Colby wanted to see how much machines would help these kids and it worked rather well.

Riverside again:

I remember a friend of mine in grade school in maybe 4th grade or 5th grade brought in a project. His father installed alarm systems and he was building an alarm system with magnetic contacts and I was fascinated by that.  I wasn’t fascinated necessarily how it works specifically but how to bypass it.  So I learned how it worked so I could figure out how to bypass it.  

Something is going on here, but what? Riverside was clearly a smart kid and clearly a kid who was interested in learning how to do things that were off the straight and narrow. The school system of course, has no real way to deal with kids like this but that is not my point.

What is Riverside telling us about how hackers learn? He is saying that he can learn whatever he wants to learn and what he wants to learn tends to be how to get around things he is not meant to get around. One figures in hearing these stories that he will wind up in jail eventually. But, of course, that is not what happened at all. Riverside:

For me hacking is really the old-fashioned term where you try to make device do something beyond its capabilities. I'm considered an autodidactic learner. I do a lot of learning on my own I read quite a bit. I grew up in special ed and I had a lot of learning disabilities and challenges so I was really fortunate in that my special Ed instructor set me aside on computers and worked and focused me to learn that that capability.  I would have to just bang my head against the problem over and over and over until I figured it out and it is that perseverance and a kind of rigor that I had in solving problems, that has really become an advantage to me in the long run.

Let’s hear from another hacker. His handle is Rigs:

One of the first things I did when I was kid was to play with answering machines.  I found out that you could dial star and that would let you  enter a password.  So I did this the first time by calling some movie theater downtown and hit star and that would let you enter a password.  To me, as a kid, that was a really cool moment.   That was like a puzzle. It was becoming a game— guessing a password  and figuring out what it was. My parents had a very similar one.  I would figure out what my parents password was so I could change the message.  People would call the house they’d hear what I wanted them to hear not what my parents had recorded.  That was a cool thing.

Let’s generalize and assume that most hackers have the characteristic of wanting to break into things from a young age. What does this tell us about learning to be a hacker? One thing it tells us is that school is likely to not work so well with people like this. Why not? Because they have their own motivations and tend not to adopt and follow what others think they should do. Here is Rigs again:

So I think it's really cool that I get to wake up every day and take something somebody built and take it apart.  To me, it's like a puzzle. You take all these little  pieces and learn so much from figuring out how somebody else thought about the problem.  Cause if you're building a router, phone, or some software for anything, somebody or some team people spent a long time designing that thing and building it in some special way. All those people who do that are experts in their field and are really smart.  They spent all this time building it.  To me, it’s sort of like a present that I get to unwrap. I get to peer into the mind of somebody else, figure out how they were doing something.  To me that's really neat.

What conclusions should we draw from all this? Let’s consider a real problem in the world of cybersecurity. It seems that every business needs to be very careful about defending cyber attacks. What should they do about this? 

Here is Riverside again:

To be a good defender, you need to really truly understand the mindset and the motivations of the attacker. If you have never done any offense or any attacking is very difficult to be a defender. You need to understand both sides of the fence to be really good. By understanding the attackers motivations you can understand what you need to put in place.  

One issue is that hackers have a different view of the world than your average Joe. You can't take just make anyone into a hacker. Here is Rigs:

The mindset associated with software developers is about building very clear solutions very elegantly. They know what they want to build and what feature or capability they want in the program they are building.  The hacker mindset is: “there’s this thing this guy built and I want to take it apart. I want to see how it works and figure out how to tinker with it.” They want to find some way to make it do something that it wasn't intended to do.    

In the U.S. Department of Defense there are plenty of people who are concerned with cyber attacks. Here is one DOD official (called D9):

I've looked at the cyber problem from a supply and demand issue. I've looked at the destructive nature of cyber. I thought we should look at the past and see when was the last time this nation has been confronted with a disruptive piece of technology.  Aviation is really a good example.  If you look at aviation in its beginnings, it was under the signal Corps in the Army. Cyber is considered in many ways an information technology. It actually is right now assigned to the signal Corps in the Army.  Aviation was also used as a reconnaissance tool because of the battlefield in World War I. How do we do cyber today?  We do a lot of intelligence surveillance reconnaissance kinds of things.  So it's actually not a bad example. Now in between World War I and World War II, the military, in particular the Army and the Navy, realized that actually aviation was much more than just reconnaissance and surveillance tool.  And in fact, was a very powerful offensive tool that can overfly the enemy defenses and strike at the heart of their capital of their leadership and at their strategic centers of gravity.  So between 1930 and 1942, there was a huge sea change in the way in which the military thought about aviation. For example, the Army in 1938 had  20,000 people in the Army Air Corps.  By 1944, they had 2.4 million. So that's clue number one. Can the department energize itself and build a very large force to respond to a destructive piece of technology? The past says absolutely. In fact, it was able to do a thousandfold increase capability in six years. How do they do that?  Public-private partnership and a focus on training, and not on building defensive infrastructure.

How can we make more hackers? How do we teach them? How can we organize them into a force for good? What kinds of people should we select? What teaching methods might work? 

These are all important questions.  Why? Here is Forgotten:

For industrial control systems such as the power grid, most of the threats are going to be from more advanced attackers as they would have to navigate through multiple layers of protections, at least in the U.S..  In other countries, there is not necessarily the same level of protections. Outside of the heavily regulated energy world of industrial control systems, there are very few protections.  In some cases, devices are exposed directly to the Internet.  A lot of these devices are designed with functionality in mind and weren’t given the engineering to handle exploits and other types of scanning.  In many cases just doing a vulnerability scan can actually cause a device in an industrial control system to either reboot or stop functioning permanently.  So the threat is huge if somebody gets into any of those networks.

We need to protect ourselves. But who will do that protection? Rigs’ explanation of what interests him is illuminating:

I think it's really cool that I get to wake up every day and take something somebody built and take it apart.  To me, it's like a puzzle. I get to take apart all these little  pieces and I get to learn so much from figuring out how somebody else thought about the problem.  If you're building a router, phone, or some software for anything, somebody spent a long time building that thing in some special way and all the people who do that are really experts in their field are really smart.  They spent all this time building it.  To me, it’s sort of like a present that I get to unwrap. I get to peek into the mind of somebody else and figure out how they were doing it and what they were thinking. To me that's really neat.

Riverside again:

Real hackers want to try to solve really hard problems. That's what hacking really is.  You have a challenge. You are told  that you can't do something. That's the motivation behind wanting to be able to go do it. You want to prove that something people said can't be done can be done. If we didn't have hackers, we would never have any innovation and any new technology in the world.

While that seems like a rather outlandish statement, hackers are rather outlandish people. You cannot begin to understand them without talking to them and realizing that they aren’t like everyone else. It is unlikely that they fit into any of our normal ways of teaching and learning because those were designed for good little boys and girls who will sit still and listen and do what they were told.

With that idea in mind, I came across Brown University’s Master’s degree in Cybersecurity. (I can’t help but point out that this program. meant for executives, costs $97,000.) Here are the courses that comprise the program.

Introduction to Computer Security
Advanced Topics in Computer Security
Applied Cryptography and Data Privacy
Human Factors in Computer Security and Privacy
Privacy and Personal Data Protection
Management of IT Systems and Cybersecurity Risks
Global Cyber Challenges: Law, Policy, and Governance
The Future of Cybersecurity: Technology and Policy
Effective Leadership

I showed the Brown website to Forgotten and this is what he said:

The Brown Master's CyberSecurity Program is built with the intention to give business knowledge to information security managers.  It covers high level topics, but attempts to cover the entire technical domain in two courses that are only partly hands-on.  Information Security is a technical discipline that requires management to understand the technical implications of their decisions.  

Of the instructors listed, all of them seem to be policy focused with the exception of a single technical professional as the non-lead instructor for the introductory class.  The instructors are unlikely to have the knowledge to impart the technical implications of their policy enough detail to make informed decisions.  This will continue a trend of information security managers who make decisions to introduce unnecessary risk into organizations unless they previously have hands-on technical knowledge.  

For example, when setting up wireless networks within a company, a policy is generally created about whether their wireless networks should be hidden.  To most, hidden would imply more secure however, it causes all clients to beacon looking for that network.  This is important because mobile devices such as laptops and cell phones will continue to beacon in public areas like coffee shops.  Even without connecting to those networks, attackers profile people by the networks they have connected to thereby causing unnecessary information disclosure and can even cause them to become a target.

Given the shortage of technical coverage within this program, it's highly unlikely to create technical professionals able to deal with the technical nature of information security, even if they are managers.  The technical  problem solving and research skills that are so critical for the information security world don't appear to be represented at all in these descriptions.

If our plan is to build course with lecture and tests we have a problem. What must we do instead? We need to understand that hackers like to be thrown into a problem and figure there way out. The Cyber Security course that we built for the DID does just that. There are no classes, no lectures and no tests. Just problem after problem. The problems are so complex that if you are not OCD you are unlikely to succeed at solving them. We employ mentors to help out when our hackers to be are stuck but we don’t help that much. We need to find the kids who like to break into things and teach them how to fight back on our behalf. Otherwise we will be attacked everyday by bad guys who want to harm us. Who are these people? Here is D9 again:

You have to understand the adversary.  If you’re going to get hacked by the Chinese, I’ll give you a metaphor.  They’re going to walk up to the front door of your building and they’re going to see if the door is open. If it’s open, they are going to walk in.  If it’s not opened, they’re going to kick the door down.  And if the doors not opened, they’ll go through a wall or a window.  They're not worried about anybody seeing what it is that they’re doing.  A Russian hacker will come in at the dead of  night in a black helicopter. He’ll climb up on the roof of your building and find an open ventilator shaft he’ll sneak in the ventilator shaft steal what he wants and leave.   Two totally different approaches to cyber.  Now why is that?  We have to go back and look at how the Russians learn the craft. Most of the Russian hackers came from the criminal side of the house.  They were self-taught, autodidactic, and they were doing criminal things.  If they were caught, they had high potential to be killed.  And so the Russian society goes goes out and recruits these criminals who grew up in a very clandestine approach to cyber. They didn't want to get caught — life or death.   The Chinese on the other hand actually institutionalized it. They built Army brigades made up of hackers so they were sanctioned by the government.Therefore they don't feel the need to hide what they’re doing because their government is giving them all the validity they need.  If you don't know who it is, you can tell by the way in which they are coming in your system what might be.

Learn more about the six month immersion course we built here: 

Monday, April 10, 2017

Introducing Schank Academy: learn by doing online and get a job

In an earlier column I wrote that college is over. What should replace it?  We have just launched Schank Academy. 

Schank Academy offers online courses, all use learning by doing, instead of learning by listening, or learning by reading. They are all experiential, and mentored by experts on as as needed basis. Students work on realistic projects. Each project fits within an overall story that keeps getting more  complex. When a student is finished (typically these course are 6 months long and we expect student participation to be full time during the six months.)

The three we have launched so far are:

Data Analytics, 
and Cyber Security.

These courses are meant to make those who complete them employable. We will help get students jobs.

Should this replace college? The easy answer is “no,” because our society accepts a college degree as a sign of something, I am not sure what, but something. The real answer why Schank Academy will not replace college is that there are many more sets of job-preparation skills that might attract students besides the three courses that are part of our initial launch

Here are other three things we have built which would be equally useful

Mobile Application Development, 
How to be an effective legislator

There are probably hundreds of courses of this type that could be built, covering every job possibility where it doesn't take very long to learn how to be effective in a new field.

Suppose we built 100’s of these kinds of experiences? Would one really need to go to college? A student could take what interests him or her when they wanted to, as these are all online.  What matters is that the students show their ability by mastering the final project. Passing that performance test would serve as certification of ability and attract  employers interest. 

Of course, most people will not admit that college is about career training. They will tell you about how reading classic literature taught them to think about everyone needs to know calculus for some reason. But, as far I am concerned, this all just puffery. I know how courses become required for graduation in a university. It is all about keeping the faculty employed. If you hire art history faculty then you need to require art history. Otherwise few would take it. 

College also has had another role, although that role is changing. Originally if you went to Yale it was because that is where your father and grandfather had gone (e.g. the Bush or Vance families) and that was where the people of your parent’s social set had gone. Going to Yale got you a job, not because of what you learned there but for clannish reasons. Yale graduates still are  hired on Wall Street or at The New York Times because they like to hire members of their clan.  

Schank Academy has no such legacy. But if you want a data scientist, cyber defender, or software developer, we know how to create one and it won’t be by sitting passively in a lecture hall or by getting a firm to hire you because of family connections.

We know how to build these pragmatic courses. We even have a tool which we make available to people who have courses they want to build. 

With enough pragmatic courses like these built, what would be the point of college?

One reason is that colleges produce researchers. These must continue to exist. The best universities should indeed be teaching people how to advance various fields of study. But, assuming that is not want you want to do in life, learning things that you enjoy that will get your employed is a pretty good option. Unfortunately, it is an option that most colleges eschew.

But if you can learn to program and companies need programmers, what difference does it where and how you learned to program? You just need to be able to demonstrate your skills. Most companies need cyber defenders. You really can’t learn to do this in college. Yes, there are courses with lectures that claim to train cyber people, but you can’t learn  by listening. We have had great success with people who didn't even graduate high school in our cyber course. Prior education doesn't help one do cyber attack and defense.

The bootcamp model works under a similar idea, although they tend not be online, and tend to have lectures, and quite often aren’t long enough to produce people that are hirable. 

With enough Online Academies covering the space of workforce needs, your basic four year liberal arts college will go away. Bye bye.

Monday, March 13, 2017

Stop the AI BS already

I am getting really tired of all the AI hype. Last week alone, the Wall Street Journal, Forbes, Fox News, Huffington Post, MIT Tech Review, The Guardian,TechCrunch, Bloomsburg, Newsweek, Fortune, Fast Company. and a host of lesser known publications had articles hyping AI. In contrast, Atlantic Magazine actually had a reasonable article about why the term AI has become meaningless.

So, I thought I would take a moment to explain something simple about AI. Most of my work in AI was an attempt to get computers to understand English. We had a program hooked up to the UPI wire at one point that could summarize a story, answer questions about the story, and translate that story, To do this we had had to carefully represent  various domains of knowledge. So if we wanted the program to understand stories about diplomatic visits for example, we had to represent in gory detail what took place on a diplomatic visit, why that visit took place, and what kinds of accomplishments were hoped for and might be achieved.

To help you understand how hard this is. I wrote down some words that I saw in today’s New York Times:


An “AI” that read stories or did anything else would have to understand what these words meant. Many people wouldn’t be able to explain them all. But, today, we are told about “AI’s” that can deal with the words it finds on the internet in various ways and then we must all watch out before they take away our jobs.

I know this is not true because I know how hard it is to represent the complex meanings of words like this, and I know that the “AI” that is being worked on now isn’t even trying to comprehend these words. Todays “AI” is all about counting words and finding superficial patterns among them. No matter how many times you count the word discrimination you would not comprehend what it was about, why it might matter, nor would you understand which sense of discrimination was being used when you read it.

What does communitarian mean? I can guess and can figure it out in context. Current “AI’s” can count it. What does quintessential mean? Could you explain it to a computer? How about self-deprecation? Try explaining that word to a child. AI needs to do simple things like figure out what a word might mean and explain what it has just read to others. We are nowhere near doing that.

Let me try to explain just one of these words. Let’s look at “faith.” What does it mean to have faith in someone? It means we believe that they will do what they say. Or it could mean that we believe they will do their best to come through in a difficult situation. But faith refer to more than people. You could have faith in a company, which would mean that you believe their products are good. Or you could have faith in the system which means that you think you should follow the rules. Or you couch have faith in a religion which means you believe their teachings. Faith also connotes a kind of optimism. But there is also the word faithful which in the context of religion is the same as faith but in the context of marriage has to do with extra marital affairs.

How do we explain this to a computer? To do that we need to detail the rules of marriage or work (a “faithful employee.”) You could be a faithful advocate of a political persuasion or religion or point of view on life. But for a computer to understand all this it would need to comprehend political philosophies, religious philosophies and a whole lot more. You could a faithful follower of a band or you could be playing Minecraft which has a faithful resource pack.

My point is this: AI requires modeling the world in gory metal so that we can comprehend people's actions, intents, beliefs, and a while lot more. Sorry, but matching keywords is not AI.

But the press will keep on telling us how an AI will suddenly take our jobs and how chat bots are the answer to customer service. I don’t know about you but if I got a chat bot answering my customer service call, I would hang up.  Or maybe I would filibuster. Or maybe I would show some restraint. Either way no AI would know what I was doing nor would it understand if I explained it.

Tuesday, March 7, 2017

The SPGU Tool: A response to current so-called AI

OK. We have to fight back. Enough with the AI is going to take over the world stories. Enough with chat bots. Enough with pretending AI is easy. Enough with AI people who barely know the first thing about AI.

I am not discussing machine learning here. If you want to count a lot of words fast, and you can draw some useful conclusions from that, go ahead. I wish you wouldn’t call it AI, but I can’t control that. But I can fight back. Not with words, which I know don’t really convince anyone of anything, but with a new AI tool, one that uses what I know about AI, in other words, what most people  who worked in AI in the 60’s, 70’s, and 80’s likely know about AI.

The SPGU Tool is named after the iconic book by Schank and Abelson (1977) Scripts, Plans, Goals, and Understanding.

In that book, we laid out the basis of human understanding of language by invoking a set of scripts, plans, goals, and themes, that underlie all human actions. This was used to explain how people understand language. The classic example was the attempt to understand something like “John went into a restaurant. How ordered lobster. He paid the check and left.” This understanding was demonstrated by the computer being able to answer questions such as: What did John eat? Who did he pay? Why did he pay her? In this easy example of AI, SAM (the Script Applier Mechanism we built in 1975) could answer most questions by referring to the scripts it knew about and parsing the   questions in relationship to those scripts. In this example, given a detailed restaurant script, it could place any new information within that script and make inferences about what else might be true or what might possibly be asked at that point in the script.

The SPGU Tool (SPGU-T) takes that 1970’s technology and makes it useful in the modern era. People who plan often need help in making their plans succeed. A tool that helps them plan needs to have a detailed representation of the context of that plan, what goals were being satisfied and well-known obstacles to achieving those goals. Then it can access expert knowledge to assist a planner when the planner is stuck. We used this methodology when we built the Air Campaign Planner for the Department of Defense (in the 90’s). We captured expert knowledge (in the form of short video stories), tracked what the planner was doing within a structured air campaign planning tool, and offered help (in the form of one or more retrieved stories) when SPGU-T saw that help was needed.

In a project for a pharmaceutical company, for example, one expert story we captured was called the “Happy Dog Story.” The story was how the company had found a drug that made dogs every happy and then went into clinical trials with humans very quickly. Some months later, the dogs had all killed each other, but the people who were doing the clinical trials were unaware of this. This story should come up when a planner is planning clinical trials and is relying on data that required continued tracking. SPGU-T would know this and be able to help, if and only if, all of the planning for the trials was done within SPGU-T’s framework that detailed the steps in the clinical trials script.

A partner or manager in a consulting firm could use SPGU-T to plan a client engagement. SPGU would be able to help with problems and suggest next steps at each stage if it knew the gory details of how engagements work, and if it had stories from experts addressing well-known problems that occur in engagements. SPGU-T could not only answer questions, but it could also anticipate problems, serving as a helpful expert who was always looking over the user’s shoulder.

A Deeper Look at SPGU-T

It is well beyond the state of the art, both now and in the foreseeable future, for a computer system to answer arbitrary questions, or more difficult still, to deeply understand what a person is doing and to proactively offer advice. Both of these forms of intelligent assistance are possible today, if the person is working to accomplish a well-defined, goal-oriented task using a computer-based tool that structures his or her work. In other words, if we can lay out the underlying script, and we can gather used advice that might be needed at any point in the script, we can understand questions that might be asked or assist when problems occur. That understanding would help us parse the questions and retrieve a video story as advice in response.

This isn’t simple but neither is it impossible. Advisory stories must be gathered and detailed scripts must be written. We built the needed parser years ago (called D-MAP for direct memory access parsing.)

SPGU-T helps someone to carry out a plan in a specific domain, be it planning a large-scale data analytics project, a strategy consulting engagement, a construction project, or a military air campaign. It does so by knowing a person’s goals in creating such a plan, the steps involved in plan creation, the nature of a complete and reasonable plan, and the problems that are likely to arise in the planning process.

Imagine, for example, a version of SPGU-T that is customized for developing and tracking a project plan that a consulting firm will use to successfully complete a complex data analytics project. It knows that its registered user is an engagement manager. Given the usage context, it also knows that the user’s goal is to plan a time-constrained, fee-based project on behalf of a new client. From this starting point, SPGU-T can take him or her through a systematic process for achieving that goal. At any step in the process, SPGU-T will know specifically what the user is trying to accomplish and the nature of the information he or she is expected to add to the plan. For example, in one step, the user will identify datasets required for the project. SPGU-T will expect him or her to identify the owners of those datasets, the likely lag times between data requests and receiving the required data, and any key properties of the data, such as its format and likely quality.

This very specific task context, computer-based interpretation of the semantics of the information being entered, and heuristics to infer reasonable expectations about the input enable the system to accurately interpret questions posed by the user in natural language and to retrieve context-relevant answers from a case base of answers, both video stories and textual information, to a wide range of common questions about planning a data analytics project. For example, the user might ask, “How can I determine the quality of data provided by a commercial data service?,” “What is the likely impact of poor data quality on my schedule?,” or “What is a reasonable expectation of the lag time between making a data request and receiving data from a market research firm?”

More important, perhaps, are situations in which the user does not recognize that a problem exists and, therefore does not think to ask a question, e.g., the question above about the likely lag in receiving data. In such situations, SPGU-T can use the same knowledge of task context and semantics of input information, coupled with heuristics for evaluating the completeness and reasonableness of information to proactively offer help and advice. SPGU-T can also carry information forward to a future task, for example, to offer proactive advice about the likely duration of the “data wrangling” step of an analytics project given previously entered information about the formats, quality, and lags in obtaining third-party datasets.

That being said, when SPGU-T is proactively offering help and advice, it is essential that it not be wrong if the user’s confidence in the value of such advice is to be maintained. In situations in which SPGU-T recognizes a likely problem with low certainty, it can do one of two things: It can offer a small set of potentially relevant pieces of advice from which the user can select, or it can ask the user a few questions to raise the certainty that specific advice is relevant to the user.

In either the case of answering a user’s question or proactively offering help and advice, SPGU-T can also answer follow-up questions, using not only the contextual information enumerated previously but also the user’s inferred intent in asking the follow-up question, thus making the retrieved answer all-the-more relevant.

There will, however, be cases in which SPGU-T cannot answer a question or cannot identify relevant help and advice with reasonable certainty even after interacting with the user to further understand his or her specific context. In such cases, SPGU-T will refer the question or situation to a human expert and promise the user that the expert will address the issue. SPGU-T can extend its case base as a result of capturing such interactions, thus enabling it to answer a wider range of questions and to provide better help and advice to future users.

We are building SPGU-T now. Watch this space.

Tuesday, February 14, 2017

Oh Accenture, you spent all that money and you learned nothing

Learning technology has its fads. One by one they are adopted by the big corporations who have one real goal: don’t spend a great deal of time on training people. 

In 1989, I was hired by Andersen Consulting (now Accenture) as a consultant to help improve their training which was mostly lecture based, at a training facility in St Charles, Illinois. Simultaneously, they gave Northwestern University a great deal of money enabling me to found the Institute for the Learning Sciences that tried to invent new ways of learning on the computer, and also took on ten Andersen people for two years master’s degree programs with the aim that they would bring back new ways of thinking about training to Andersen.

I happened to look at Accenture’s training site the other day:

I was curious what they were doing these days and wondering if I had had any effect on them. It was easy to draw two conclusions:

1- Accenture is now obsessed with the idea that all courses should last an hour and should be online. They are closing (or have already closed) the St Charles facility.

2. They learned exactly one thing from me. They learned that learning objectives for courses should be about doing rather than knowing. It doesn’t matter what people know (typically have memorized.) What matters is what people can do that they could not do before.

There seem to be hundreds of courses available. If you hit Risk Management, for example, about 100 course titles are listed. All of them seem to be one hour long (I didn’t look at every single one) and all of them have Learning Objectives that read like this one for Overcoming Challenges in Asset Management.

After completing this course, you should be able to:
Identify the top pressures and risks for asset management.
Recognize how top companies are addressing the growing talent gap.
Describe how to use remote asset connectivity for an effective asset management strategy.
Define how predictive analytics can strengthen your asset management strategy.

This uses the language of doing but objectives that start with “define how” are not really doing objectives.

And what does this one hour course involve the trainee in doing? It involves them listening to a one hour “webinar.” (The person giving this speech is working on a masters degree in statistics.)

Let’s look at another: Analyzing the Core Elements of the Strategic Plan. This one is one hour of online self study (which I suppose means one hour of reading). Its learning objectives are: 

After completing this course, you should be able to:
Determine how to create an effective mission statement at both the corporate and the divisional levels.
Recognize the role of objectives in the strategic planning process.
Identify the characteristics of an effective strategy.
Explain the function of tactics in a strategic plan.

I am impressed. I didn't know you could learn all that from an hour of reading. (The author of this course has an M.S. in Finance.)

So, clearly, I failed. I tried to change Accenture’s approach to training but failed. I already knew this because I hear from my former Andersen students from time to time and almost none of them are still at Accenture. And, ironically, my major clients are Accenture’s direct competitors. So, while I appreciate Andersen's help to me, so do their competitors. Accenture itself seems not to have learned much from me.

But, my real issue here, is trying to understand what you can learn and how you can learn, in an hour, since it this is now a fad that is driving demand for more and more one hour courses.

With this in mind, I asked myself what I might ever have learned in an hour (in a lifetime of trying and failing at many things.)

The first class (part of a graduate AI course) I ever taught (at Stanford in 1969) taught me a great deal in one hour. I learned how students at Stanford thought, what they paid attention to, and how Computer Science graduate students differed from me on what was important to think about. So I did learn a lot in hour. How?

I performed in front of people, tried to convey information by talking, and reflected on the kinds of responses I was getting back. Of course, I did this many times since I taught more than one hour of that course.

So, did I learn in an hour? Yes. Did I learn a lot? Yes. What motivated me to learn? I had to evaluate my own effectiveness.

In that same year, I learned something else in an hour. I taught one hour of a very different kind of course that was meant to encourage first year graduate students to sign up for a more intensive second semester course with the various faculty members who had that course. I was teamed with a guy named Ken Colby. He made people laugh when he talked. I didn’t. I had a lot to say in my hour. In the end our team signed up a large number of students. I was very proud of myself. I soon found out that they had all signed up because of him, not me. I asked him what I had done wrong. He said “you told them everything you know in one hour. If you can do that you don’t know much.” As you can see, I never forgot that. 

So, in effect I learned how to speak in an hour. One hour of failure and one comment from someone respected. I resolved to become a better speaker.  

My father once told me a story about how he had mistreated another lawyer when he was clerking after graduating from law school because that guy was dumb and he had graduated from a law school inferior to the one my father had attended. The punch line of his story was that that guy became the Chief Justice of the Supreme Court of New York. (My father hadn’t done much of note in his life.)

That was a lesson that was taught in ten minutes. But I never forgot it. In fact I learned two important things from that story. 

The first was not to be such a big shot because of what school you attended or how smart you are. I am sure that my father was unimpressed with how I had acted at some point which prompted the telling of the story.

The second thing I learned, after I reflected on this for some time, was the importance of just-in-time the story telling, which has served as the basis of my work in AI and in education.

The moral here is clear: stories are powerful and you can learn from them in a lot less than an hour, if, and only if, they are told by the right person at the right time.

So, I believe you can learn something in an hour. Here are some other things I learned in an hour. Each has a story associated with it, but in the interest of brevity I will omit the context of each:

1. Listen to what people tell you about themselves, they mean it.

2. In the academic world, be careful whom you attack.

3. Don’t assume you know the reason why things are the way they are. Dig into it and find out for yourself.

4. Politicians love to talk about education, but they really don’t give a damn.

5. Changing school is harder than simply making suggestions about what they should do.

6. You are not really encouraged to have your own point of view in college.

7. Life has its way of evening the score. 

8. Nobel Prizes aren’t awarded to revolutionaries. 

9. Genetics is powerful stuff. Most people don’t realize the extent to which their likes and dislikes and their ability to thrive under various conditions stems from thousands of years of evolution.

10. Smart is easy, but you are more likely to get a job by being smart and appearing to be cool. 

11. You know when you have won in sports. In real life, victory is never so clear cut.  

12. Education needs to be personalized and local at just the time when the country is trying to make it into one size fits all.

13. You can learn more by thinking about something and trying stuff out than you can by asking an authority for advice.

14. People rarely listen to the advice you give them

15. To produce great students help them to frame their questions and encourage hard answers. Asking a good question is much harder than answering one.  

16. Doctors seem to diagnose what they know, so find out what they know before you ask them whats wrong with you.   

17. Children are awful judges of their own childhood experiences, even as adults.

18. In the end, everyone just wants someone to pay attention to them. Good parenting is about paying attention while not overburdening the child with that attention.

19. Universities do not want to be “training school.” If you want to learn to do something practical, universities are probably not the place.  

20. You don’t really know what freedom is until you lose it.  

21. The goal of investors is to sell. The goal of inventors is to create. This always leads to conflicts.

All of these heave personal stories attached to them — experiences that taught me an important lesson in an hour.

So, can we build effective one hour courses? Yes. But they would have to not try simply to tell you something. They would need to put you in a situation you were in from which you could discover things about yourself and about the world.  Talking at people and telling them they will be learning to do things as a result of listening is simply wrong. We learn from actual experience and from reflection on that experience.

Here is a hint for Accenture. Instead of listing courses by their are and title, try cataloging the problems that you employees have on the job and create courses that help you resolve issues and problems that you have encountered. These shouldn't be listed alphabetically either. People think in terms of goals, and plans to achieve those goals, and problems they have encountered along the way.