What Would Bobby Fischer Do? Taking a Cybersecurity Lesson from a Chess Master

By |May 7th, 2015|Categories: Technology|Tags: , , |Comments Off on What Would Bobby Fischer Do? Taking a Cybersecurity Lesson from a Chess Master

There’s a great expression that those of you who study chess will be familiar with. A Master will often tell a student to “look at the whole board,” but this instruction is not to be taken literally. It means that the student needs to consider several things: One, the potential impact of all the moves that have been played; two, all the potential moves they can anticipate making through the end of the game, and three, all the moves they can anticipate their opponent making. A small expression to describe a herculean task! Now, although this saying could be applied to many situations, a chess game is far easier to conquer than, say, cybersecurity because you have one opponent and can study his strategy. In the realm of cybersecurity, however, your opponents are legion and their weapons are many.

Protecting your digital assets is very much like looking at the whole board. A proper defense is not just one thing, but comprises a systematic construct of what you know (past events, known best practices, proven strategies), what measures you plan on putting in place, and the anticipation of what your adversaries might try to do.  This would be augmented by an endless cascade of if/then planning and dry runs to prepare for an attack.

A security program should not be static but a living, breathing thing that is ever-changing based upon the observations you make and information you gather. It is a series of defenses and actions premised on what your opponent is doing to others, and perhaps will do to you. For this reason, technology alone won’t guarantee success. While best practices around firewalls, protection systems, network configurations, passwords and processes is essential, people—as in
[ Read More ]

Decisions, Decisions. Or Maybe Not.

By |August 7th, 2014|Categories: Change|Tags: , , , , , |Comments Off on Decisions, Decisions. Or Maybe Not.

Nothing is so exhausting as indecision, and nothing is so futile. So said Bertrand Russell, British philosopher, mathematician and political activist. Aneurin Brevin, the Welsh Labor politician put it this way: We know what happens to people who stay in the middle of the road. They get run over.

Making decisions means risking what is known for what is not. In my line of work, I have seen many organizations mired in keeping the status quo because the bogeyman in the hall is whispering, what if you’re wrong? The irony, of course, is that by not making a decision—right or wrong—you end up doing nothing, and this poses a far greater risk because your competition is certainly doing something. ​

Fear of the unknown and fear of being wrong are formidable inhibitors to decisive action. There are others, such as a reluctance to be held accountable, but even that is anchored in fear. Another inhibitor is being overwhelmed by the number of factors involved: the people who will be affected, the processes that will change, available resources, and so forth—aspects I call the “what.” The “why” of a decision is the part usually easily identified; Something has driven the case for change. It may be an eroding top line, a dissatisfied customer, excessive overtime, the competition, or staff malaise. But how to address the “what”—that becomes the immovable object stopping many decision-makers from acting quickly and decisively. Often, they feel compelled to have all the answers before embarking on any course of action. Unfortunately, seeking those answers, they usually consider the internal ramifications—conditions within their control—and neglect those coming from external sources such as the market, competition, technological advances, etc. And those considerations don’t wait.

This is
[ Read More ]

Transparency & Cost Optimization… Bank on it!!

By |June 19th, 2014|Categories: Leadership|Tags: , , , , , , , |Comments Off on Transparency & Cost Optimization… Bank on it!!

In my last blog I spoke about the four principles that lead to better Cost Optimization. They were Transparency, Flexibility, Simplification and Discipline. I would like to take this opportunity to discuss Transparency in more detail.

How many times has IT management staff felt that their business partners don’t appreciate or understand the effort, time and money required to satisfy a business demand? On the other hand, how many times do you think business partners wonder if IT is focusing on the correct enterprise initiatives, or why their requests are not satisfied to their expectation level? The answer? Too many times to count on both hands. Without transparency, the worst fears of both sides and all stakeholders become a reality.

Webster defines Transparency as “the quality that makes something obvious or easy to understand.” At TransAccel, we view Transparency as a prerequisite for making better supply and demand decisions that are based on cutting the right costs in the right way, while maintaining what is most valuable to the organization. With transparency, the IT organization can participate in valuable discussions that balance costs with IT benefits.

Transparency should exist across all sectors of IT – but especially crucial are:

The first step toward Transparency is to divide IT services into two camps: those that support core (vital, no one else can do them) activities and operations, and those that could be outsourced if need be (non-core). Obviously, step one goes a long way in determining where resources and assets should be allocated (or not). For transparency and cost optimization to occur, defining and validating IT business services must be carried out, even if this is done through a series of incremental steps rather than a complete transformation.

Poor Transparency
[ Read More ]

Risking it All by Resting on Your Laurels

By |May 22nd, 2014|Categories: Change|Tags: , , , , |Comments Off on Risking it All by Resting on Your Laurels

In ancient times, conquering heroes were crowned with wreathes of laurel, giving rise to the idiom to rest on one’s laurels, meaning to bask in the glory of past achievements. When it comes to acts of bravery, one may indeed rest on one’s laurels without fear. However, with respect to implementing change, resting on one’s laurels is a Very Bad Idea. One must guard against the temptation to view the project as over and done. After the fanfare of an effective implementation has faded, the goals of your initiative are at risk unless you have an action-oriented sustainability process in place.

The good news is that this can be done with small steps, consistency, and attention to detail:

Maintain documentation. How often have you looked for information only to find that the only available documentation is three years old and woefully outdated? Assign people—and hold them accountable—to keep documents such as policies, procedures, training materials, and system specifications current. This is particularly critical when members of the original project team leave the organization and new employees are hired. Don’t rely on tribal knowledge.

Provide continuous communication and training to everyone who is affected by the newly installed changes. Proactively distribute news and tips via email distribution lists. Get on the agendas of regular meetings. Post information on your organization’s intranet site or internal portal. Thoughtfully consider if new training modules need to be offered as the system develops. Offer refresher brief training or “lunch and learn” style sessions to address knowledge gaps.

Keep business leaders engaged with updates, issues, and progress, especially after the project governance structure has disbanded. An information vacuum can leave management wondering, “What did we get for that expensive change initiative we launched last
[ Read More ]

Increasing IT maturity: “You have HOW many Severity 1 problems?”

By |October 17th, 2013|Categories: Communication|Tags: , , , |Comments Off on Increasing IT maturity: “You have HOW many Severity 1 problems?”

During a recent call with a prospective client, he informed me that his organization has had 15 Severity 1 problems sitting in a queue for over 90 days. From what I know about this IT organization, and because it tracks its incidents, problems and duration, I would peg it at just over a level 1 IT maturity, where some foundational services are installed but not fully implemented.

Classically, an organization operating at, or just above, a level 1 is focused on “keeping the lights on” activities, as well as “putting out fires.” What’s broken rarely gets fixed because no one has the capacity to diagnose the problem (i.e. root cause) and then implement a change. Likewise, the demand for “getting it done” outweighs the need to do it right.

Here are some other indicators of an organization operating between a level 1 and 1.5 maturity level.

Nothing is tracked well. One former client’s company paid millions of dollars in penalties due to an over-allocation of software licenses because no one in IT was keeping track of the number users during a period of high employee headcount growth.
Documentation is sketchy. Another client’s organization had loads of initial process/software/configuration documentation but didn’t have the discipline, change control, and quality practices to maintain the knowledge as the environment evolved.
IT manages noise. My favorite anecdote is about a senior director who held a one-hour operational review meeting EVERY morning with all her senior staff just to understand what happened over the last 23 hours in case her peers or boss called.

Organizations between a level 1 and 1.5 usually have a myriad of problems across multiple dimensions. Assessing these issues can seem overwhelming. In fact, it’s often the hardest thing for an
[ Read More ]

Get heard with visuals: 5 questions to make sure your PowerPoints pass the visual test

By |December 11th, 2011|Categories: Presentations|Tags: , , , |Comments Off on Get heard with visuals: 5 questions to make sure your PowerPoints pass the visual test

Because IT stands for “information technology,” you would think that IT would be Best-in-Class when communicating via PowerPoint, the quintessential information technology communication tool. Wrong. No surprise to all of us who work in IT. We generally stink at PowerPoint. And we really can’t afford to do this badly. Good communication is vital to our success if we want to create understanding about our organization, processes, systems, innovative ideas and change. But, the undeniable truth is, until we can communicate well, we can’t expect others to recognize IT’s value.

Believe it or not, visuals are the most effective way to express ideas and get people to nod their heads in agreement with you…which, of course, is the appeal of PowerPoint (not the nodding of heads, the visuals).

Before your next important presentation using Powerpoint, ask yourself the following five questions. The answers could make all the difference between being a good communicator and being a great one!

1. Does your presentation have a balance of words and imagery?
Ideally, a balance between words and imagery is best, but when in doubt, cut the copy. The more words you have, the less will stick.

2. Does your presentation resemble a rainbow or a 1940’s black & white film noir?
Neither is the right answer. I’m all for presentations that are full of life with the use of color, but make sure to use it judiciously. The use of too many colors will confuse not only the slide’s message, but the viewer as well, because the eye won’t know what to focus on first (or second or third for that matter). Color is a great tool for things like hierarchies and for making a presentation easy to scan. Make sure to use
[ Read More ]

Toto—I’ve a feeling we’re not in Kansas anymore: The hard reality that IT is not what it used to be…

By |September 19th, 2011|Categories: Change|Tags: , , |Comments Off on Toto—I’ve a feeling we’re not in Kansas anymore: The hard reality that IT is not what it used to be…

How IT has worked forever is coming to a slow or fast end, depending on where you work. If you are paying attention, there are subtle signs of its demise everywhere. For example, gone are the good ole days when an IT professional would spend an entire Sunday fixing the VP’s Blackberry. Now a nice person in India walks the VP through the myriad steps to reboot or reconfigure. Another proof point—IT colleagues are posting new titles on LinkedIn like “Business Strategist” or “Innovation Lead” or “Electronic Design Engineer”…Oh my! Dorothy said it best, “Toto—I’ve a feeling we’re not in Kansas anymore.”

Alas, the rumor is true; IT as we know it is done. Today IT is evolving into something else, and, as with all transitions, it sucks. Yes, I said “sucks” —because that is generally how most people feel about change, and this is particularly true when there is no clear destination or roadmap of how to get there.

Here is what we know for sure: IT’s core stock in trade can no longer be solely fixing or building things, given the surfeit of quality managed service providers that can do the fixin’ 24/7. And, with the advent of the “cloud” (you may have hoped this would drift away…but it’s here to stay) access to constantly updated information and customizable applications is just a pass code away.

Today IT is becoming an entire business within a business. Much like an R&D department, we are expected to conduct research, discovery, and testing that will lead to business solutions. These solutions will be either at our customers’ explicit direction, or, like Professor Marvel, we will peer into our crystal ball and see what they need before they even
[ Read More ]