Category Archives: General

The Top 20 Cannabis Strains as Rated on Leafly for 4.20

What better way to celebrate 4.20, our first in Massachusetts with legal recreational cannabis, than combining one’s passion for statistics and fast-growing businesses? I wish that I could take full credit for using the statistical software package R to web-scrape the Leafly site ( in order to identify the top 20 cannabis strains for 4.20.17, but that honor goes to one of my statistically adept progeny.  He supplied me with the consumer ratings of the 2,232 cannabis strains listed on the site.

The methodology was simple:  Identify the top 20 strains, according to consumer ratings. To minimize small sample bias, strains with fewer than 100 reviews were eliminated. Doing so reduced the number of strains from 2,232 to 437.  The top 20 strains for this year’s 4.20 celebration are presented below. Overall, Gelato is the top rated strain on Leafly, according to consumers. Of the top 20, 14 are Hybrid, five are Indica and one is Sativa. Thus, a clear consumer preference (70 percent) exists for Hybrid strains.

Strain Name Category Ratings Stars
Gelato Hybrid 357 4.755
Blue Cookies Hybrid 265 4.75
Papa’s OG Indica 113 4.73
Alien Rock Candy Hybrid 135 4.72
Purple Hindu Kush Indica 112 4.72
Superglue Hybrid 141 4.71
Khalifa Kush Hybrid 488 4.68
Orange Cookies Hybrid 135 4.68
Gorilla Glue #4 Hybrid 3,113 4.675
24k Gold Hybrid 110 4.665
Quantum Kush Sativa 185 4.66
Dogwalker OG Hybrid 176 4.66
Sugar Shack Hybrid 101 4.655
Death Bubba Indica 186 4.65
Kimbo Kush Hybrid 120 4.645
Sunset Sherbet Hybrid 644 4.64
Rainbow Hybrid 109 4.64
Blue God Indica 131 4.635
Paris OG Indica 208 4.62
Middlefork Hybrid 119 4.62

Did your top choice make the list?

The strain with the highest number of ratings on the Leafly site is Blue Dream, with 12,171. How amazing is that? Of the ten most rated strains, five are Hybrid, three are Sativa and two are Indica. Once again, Hybrid strains dominate.

Strain Name Category Ratings Stars
Blue Dream Hybrid 12,171 4.395
Sour Diesel Sativa 7,046 4.38
Girl Scout Cookies Hybrid 6,217 4.485
Green Crack Sativa 5,539 4.325
OG Kush Hybrid 4,837 4.355
Granddaddy Purple Indica 3,980 4.42
White Widow Hybrid 3,717 4.355
Jack Herer Sativa 3,611 4.4
Gorilla Glue #4 Hybrid 3,113 4.675
Bubba Kush Indica 3,007 4.305

Enjoy your 420 celebration, preferably with one of the top rated cannabis strains according to your friends at Leafly.


Exposing Looming Cyber Vulnerabilities

 Guest Post by Dr. Timothy P. Shea


While the way that companies communicate with their employees seems to be adequate, the content is either not thorough enough or not retained well enough to create long-term behavior change needed to prevent many cyber hacks.  These vulnerabilities pose a major risk to companies today.   The survey is the basis of a new employee cyber readiness diagnostic tool that companies can use to determine their own level of risk.


The question is not whether cyber security is an important, even critical issue in business today. Juniper research, in 2015, declared that the cost of data breaches [will increase] to $2.1 trillion globally by 2019, increasing to almost four times the estimated cost of breaches in 2015. Perhaps surprisingly, the biggest problem in cybersecurity is outside the walls of IT. Over 50% of the cyber security problem is due to social engineering — people, not machines. Security Intelligence claims as much as 95% is due to human error.

Steve and I, through the University of Massachusetts Dartmouth Business and Innovation Research Center (BIRC), recently completed a survey – the UMass Dartmouth Threat Readiness Survey – to examine the attitudes and opinions of employees concerning their ability to be an effective “human firewall”. In conjunction with AYTM market research, the data set has 1,000 usable respondents, all from the United States, balanced by gender, age, income, ethnicity, education, and location.

Survey Results

The most compelling results of the survey is the difference between perceived company policies regarding overall awareness – as demonstrated through a variety of company communications, training, etc. – and the knowledge needed to implement the required day-to-day cyber-behaviors of company employees.

The “human firewall” is made up of both “knowing” and “doing” – awareness and action.  The survey took a look at both parts of the equation.  One section asked about the type of communication the employee’s company conducted around cyber-security awareness. How well do employees perceive their companies are doing in terms of their company’s cyber security?  The scores are pretty good, around 70% agree, in terms of: making company cyber security policies clear, senior leadership expectations, encouragement to work as a team, easy access to support and guidance and a process for reporting actual or suspected security breaches.

The results follow:

Q1:   How much do you agree/disagree with the following statements in regards to your company’s cyber security? (Percent Strongly Agree or Agree in parentheses).

1.  Your employer has ensured that you have read the company’s                  cyber security policies and has made it clear what is expected of          you (73%)

2.  Your Company’s senior leadership communicates with everyone          about expectations for cyber safety practices (69%)

3.  As an expressed company value, your employer encourages you           and your coworkers to work together as a team to protect                       against cyber security risks (70%)

4.  Your Company encourages you to help and remind other                            workers of cyber safety best practices (69%)

5.  Your company provides easy access to support and guidance                    to cyber safety questions when they arise (70%)

6.  Your Company has a clearly defined process for reporting actual            or suspected security breaches (70%)

While not great, these results are not too bad.  Almost three out of four companies are getting the word out – awareness, or “knowing”.  Employees are aware of the problem and aware that the company is supporting the effort – at least at a high level.

The positive results are supported when looking at the nature of the company communications. Most companies have come a long way from simply posting a memo on the bulletin board near the coffee machine. For example:

  • Two out of three companies (64%) communicate about cyber security at least every quarter.
  • Seventy-four percent communicate by email, which is expected. However, in addition, 73% of companies still take the time and expense to communicate face-to-face – either in a group setting (41%) or individually (31%). Tangible items – such as posters, pens and mugs – are used 21% of the time. Social media is only used 16% of the time.
  • The general trend towards shorter company communications is also supported here. While 39% of the communications take over 30 minutes to read or view, 41% take 14 minutes or less.
  • Finally, the company communications are well done. Sixty-five percent of “company cyber safety communications are memorable, engaging and easy to follow”.

The second part of the equation is how well employees are prepared for specific responses to cyber-threats – that is, “Doing”.  Do employees feel they agree whether they have adequate cyber safety communications on how to handle specific, common, potential security breaches?  This is where the larger gap appears. Employees were asked if they agreed they had enough information to handle challenges such as: password management, detecting and handling suspicious emails, the use of USB sticks at work, giving out sensitive information over the phone, connecting personal devices to the company network, what is Personal Identifiable Information, and cyber security when traveling or working remotely.   The best result, at 64%, means over one-third of the respondents did NOT agree.  On average, only one out of two answered in the positive across these questions – only 50%!

The results follow:

Q2:   Which of the following activities does your company provide cyber safety communications for:

  1. Providing strong requirements on password composition and regular password changing (64%)

2. Understanding what is considered Personal Identifiable                              Information and how to keep it confidential (55%)

3. Protecting sensitive information when traveling or working                     remotely (49%)

4. Connecting personal devices to the company network (46%)

5. Detecting and handling emails that you suspect are false (63%)

6. Giving out sensitive information over the phone (46%)

7. Recognizing warning signs if other workers’ behavior seems                     suspicious (40%)

8. Leaving your computer where sensitive information could be seen       or the computer could be stolen (54%)

9. Using external machines or USB sticks at work (40%)

Again, almost one out of two respondents stated that they do not feel prepared to handle common activities related to cyber-security.  The findings, more specifically the risks identified are eye-opening – but perhaps not surprising.  Getting into the weeds, providing training and regular communications about specific cyber behavior to the point where behavior is impacted across a company is challenging.  There is evidence that a number of companies practice “phishing” simulations but, as the results suggest, there is much more to do.


So, what is next?  How do we win the cyber-security war on the human front?  How do we strengthen the “human firewall”?  Three significant pieces remain.

      1. First, at the organization level, the survey and results will soon be refined into a risk assessment tool, one that can support a company as it both identifies its level of risk and moves through an Employee Cyber Threat Maturity Model.
      2. Secondly, additional data needs to be collected and analyzed to help drill down on the results. For example, there are indications that women employees are better at handling cyber-securities activities on a day-to-day basis.  The data also suggests that the lowest and highest educated employees are more effective in handling cyber-security.  If confirmed, companies can better focus their cyber-security training resources.
      3. Thirdly, at the individual level, more sophisticated means of communication and training are needed to facilitate behavior change, not just awareness. Here, the research team is expanding to include ThreatReady Resources – a company expert in more advanced training techniques that impact behavior and corporate culture.

The stakes are too high.  Risky cyber behavior at work, to be succinct, can cause significant damage to a company.  The UMass Employee Cyber Threat Readiness survey has shone a bright light on the high level of risk around still to be addressed in today’s workforce.  We are now aware – we know the size of the problem.  What is left, for companies as well as each of us, is to be more vigilant in our cyber activates – to “do” the right thing.  Today, we all need to become fully aware of the cyber threat as well as learn how to practice “safe cyber” every day.


Breaking new ground

I’ve been busy today transitioning my blog from Tumblr to WordPress. Thus far, I’ve been impressed with capabilities of WordPress and the features available. My experience with writing a blog isn’t extensive: I’ve reached the 100 day mark (I started blogging mid-January 2010). The biggest lesson learned to date is how hard it is to manage the time needed to stay current on so many social media platforms (featured in my next blog, Zero to 150) and to generate new content. I’ve received some good advice, including the need to plan topics in advance and to develop a release schedule. I look forward to implementing these in the future. In the interim, resources such as the book Digging into WordPress (click on shovel icon) are available and provide excellent advice for developing high impact blogs.

Feel free to provide feedback regarding the look and feel of the blog. And let me know if I made the right choice switching from Tumblr to WordPress.