Protecting your digital assets is very much like looking at the whole board. A proper defense is not just one thing, but comprises a systematic construct of what you know (past events, known best practices, proven strategies), what measures you plan on putting in place, and the anticipation of what your adversaries might try to do.  This would be augmented by an endless cascade of if/then planning and dry runs to prepare for an attack.

A security program should not be static but a living, breathing thing that is ever-changing based upon the observations you make and information you gather. It is a series of defenses and actions premised on what your opponent is doing to others, and perhaps will do to you. For this reason, technology alone won’t guarantee success. While best practices around firewalls, protection systems, network configurations, passwords and processes is essential, people—as in ALL the people in your company—need to play a vital role. This cannot be understated. While it’s true that people often cause cybersecurity risks and outright breaches through negligence or idle curiosity or ignorance, they can also be educated to help identify and stop bad behavior. That said, an annual security “training” program alone won’t do this. A continuous communication campaign that engages the employees and gives them a forum where they can ask questions and learn how to better protect their personal digital world will pay a nice security dividend. If you can show them how their efforts as an integrated part of your security team have paid off, you will have built a security function that isn’t static but considers the changing world. By using your company’s staff as part of your security program, you are now looking at the whole board!

– See more at: http://www.transaccelgroup.com/blog/2015/05/07/what-would-bobby-fischer-do-taking-a-cybersecurity-lesson-from-a-chess-master/#sthash.1u1vHupb.dpuf

Making decisions means risking what is known for what is not. In my line of work, I have seen many organizations mired in keeping the status quo because the bogeyman in the hall is whispering, what if you’re wrong? The irony, of course, is that by not making a decision—right or wrong—you end up doing nothing, and this poses a far greater risk because your competition is certainly doing something. ​

Fear of the unknown and fear of being wrong are formidable inhibitors to decisive action. There are others, such as a reluctance to be held accountable, but even that is anchored in fear. Another inhibitor is being overwhelmed by the number of factors involved: the people who will be affected, the processes that will change, available resources, and so forth—aspects I call the “what.” The “why” of a decision is the part usually easily identified; Something has driven the case for change. It may be an eroding top line, a dissatisfied customer, excessive overtime, the competition, or staff malaise. But how to address the “what”—that becomes the immovable object stopping many decision-makers from acting quickly and decisively. Often, they feel compelled to have all the answers before embarking on any course of action. Unfortunately, seeking those answers, they usually consider the internal ramifications—conditions within their control—and neglect those coming from external sources such as the market, competition, technological advances, etc. And those considerations don’t wait.

This is why Change Management is an important weapon in your arsenal against indecision and inaction. Change Management builds the business case by objectively assessing what is versus what should be and engages the organization in why it is good for them. It garners the right sponsorship and builds coalitions; it demands commitment and ferrets out resistance; and it focuses the entire organization on a singular goal. Change Management is grounded in communication—communication that is clear, consistent, and candid. Change Management champions intellectual honesty and trust, and encourages open dialogue and debate that fosters buy-in and mitigates the possibility of decisions being undermined.

Theodore Roosevelt got it right: “In any moment of decision the best thing you can do is the right thing, the next best thing is the wrong thing, and the worst thing you can do is nothing.” Decisions should evolve; they should never be made in a crisis. Making decisions is a daily event. If you don’t make the small ones today, you will have to make a big one tomorrow—chances are, it won’t be pretty.

How many times has IT management staff felt that their business partners don’t appreciate or understand the effort, time and money required to satisfy a business demand? On the other hand, how many times do you think business partners wonder if IT is focusing on the correct enterprise initiatives, or why their requests are not satisfied to their expectation level? The answer? Too many times to count on both hands. Without transparency, the worst fears of both sides and all stakeholders become a reality.

Webster defines Transparency as “the quality that makes something obvious or easy to understand.” At TransAccel, we view Transparency as a prerequisite for making better supply and demand decisions that are based on cutting the right costs in the right way, while maintaining what is most valuable to the organization. With transparency, the IT organization can participate in valuable discussions that balance costs with IT benefits.

Transparency should exist across all sectors of IT – but especially crucial are:

• Portfolio management
• IT budgeting, performance management, chargebacks and cost allocations
• Measurement and benchmarking
• Investment planning
• IT service portfolios and catalogs

Poor Transparency exists when the value and tradeoffs associated with IT spending are not quantitatively discussed within the larger context of business strategy and goals. Typical results of this information disconnect are inaccurate budget forecasting, inefficient investment planning, and the wrong projects draining away resources, to name a few. Another consequence? Prior optimization goals are often repeated or even increased in following years.

Benefits of Transparency include better demand and supply management, budget forecasting, investment planning, increased governance, respect from business partners, identification of business-valued initiatives, and the elimination of non-core and non-differentiating resource-sapping projects.

The goal is to run IT like a business. TransAccel would be happy to assist your organization with aligning IT services and activities to business goals, and mapping those services to interdependencies and resource requirements.

As organizations strive to achieve leaner and more cost effective IT departments, Transparency is one of four basic cost optimization principles that will allow you to drop additional coins into your piggy bank.

The good news is that this can be done with small steps, consistency, and attention to detail:

1. Maintain documentation. How often have you looked for information only to find that the only available documentation is three years old and woefully outdated? Assign people—and hold them accountable—to keep documents such as policies, procedures, training materials, and system specifications current. This is particularly critical when members of the original project team leave the organization and new employees are hired. Don’t rely on tribal knowledge.

2. Provide continuous communication and training to everyone who is affected by the newly installed changes. Proactively distribute news and tips via email distribution lists. Get on the agendas of regular meetings. Post information on your organization’s intranet site or internal portal. Thoughtfully consider if new training modules need to be offered as the system develops. Offer refresher brief training or “lunch and learn” style sessions to address knowledge gaps.

3. Keep business leaders engaged with updates, issues, and progress, especially after the project governance structure has disbanded. An information vacuum can leave management wondering, “What did we get for that expensive change initiative we launched last year?” Keeping leaders updated has an additional benefit; it earns you the credibility to ask them to help remove obstacles as they arise during the system’s or process’s evolution.

4. Value and respond to individual needs and provide coaching or assistance when needed. Organizational change happens at the individual level, one person at a time. Each person you assist provides them with confidence, reinforces the change in the organization and likely wins you a person more willing to embrace whatever changes come in the future. You will have subtly developed a network of change champions.

Sustaining change requires discipline, but it’s not as time- or resource-consuming as it appears. It’s a relatively small investment of effort that pays substantial benefits. Safeguard your project achievements by not resting on your laurels.

Classically, an organization operating at, or just above, a level 1 is focused on “keeping the lights on” activities, as well as “putting out fires.” What’s broken rarely gets fixed because no one has the capacity to diagnose the problem (i.e. root cause) and then implement a change. Likewise, the demand for “getting it done” outweighs the need to do it right.

Here are some other indicators of an organization operating between a level 1 and 1.5 maturity level.

• Nothing is tracked well. One former client’s company paid millions of dollars in penalties due to an over-allocation of software licenses because no one in IT was keeping track of the number users during a period of high employee headcount growth.
• Documentation is sketchy. Another client’s organization had loads of initial process/software/configuration documentation but didn’t have the discipline, change control, and quality practices to maintain the knowledge as the environment evolved.
• IT manages noise. My favorite anecdote is about a senior director who held a one-hour operational review meeting EVERY morning with all her senior staff just to understand what happened over the last 23 hours in case her peers or boss called.

Organizations between a level 1 and 1.5 usually have a myriad of problems across multiple dimensions. Assessing these issues can seem overwhelming. In fact, it’s often the hardest thing for an IT organization at this level. But it’s at this point that the pain of managing “noise” is greater than the risk of moving towards the “P” word: PROCESS. Before doing this, however, it’s important to understand the current state: what abilities you have, how committed your management and business partners are to change, and how accountable your IT leaders are for their part in it all.

One way to approach the problem is to use a tool, like a balanced scorecard, to help you think in a simpler, more disciplined, and measurable fashion.

Each of the four standard components of a balanced scorecard have a cause and effect on the other components:

1. Learning and Growth: How much does IT need to invest in its people so they have the skills necessary to perform high quality activities and interactions? And fulfill the outcomes of the services they support?
2. Internal Business Processes: Are IT processes consistent, repeatable, and measureable? Are they delivering/achieving expected outcomes for customers?
3. Customers: What are external customers paying the business for? Where is the business headed? How can IT enable better decision-making? How aligned are IT’s strategic imperatives with the business’ strategic driver?
4. Financial: How can the company generate revenue from the services IT delivers?

So what’s the key to progressing towards a 2+ organization? It’s simplification, measurement, and consistent communications. I know it’s not sexy, but they’re probably not paying you for sexy. It’s not easy either, but the benefits, like freed up capacity and helping your business run more efficiently and effectively, are worth it.

How have you simplified?

Believe it or not, visuals are the most effective way to express ideas and get people to nod their heads in agreement with you…which, of course, is the appeal of PowerPoint (not the nodding of heads, the visuals).

Before your next important presentation using Powerpoint, ask yourself the following five questions. The answers could make all the difference between being a good communicator and being a great one!

1. Does your presentation have a balance of words and imagery?
Ideally, a balance between words and imagery is best, but when in doubt, cut the copy. The more words you have, the less will stick.

2. Does your presentation resemble a rainbow or a 1940’s black & white film noir?
Neither is the right answer. I’m all for presentations that are full of life with the use of color, but make sure to use it judiciously. The use of too many colors will confuse not only the slide’s message, but the viewer as well, because the eye won’t know what to focus on first (or second or third for that matter). Color is a great tool for things like hierarchies and for making a presentation easy to scan. Make sure to use a color palette that is appropriate for the company or project involved—this will ensure that you only use those colors that have been pre-selected.

3. When you look at a visual slide, is it hard to understand?
Allow the visual to tell the story. Who wants to look at slides that say everything the presenter is saying? Last time I checked, PowerPoint was described as a tool to help present your ideas, not repeat your ideas word for word. (If repetition is your aim, however, you may want to consider a handout.)

Using metaphors is the best way to ensure an audience will remember your presentation. But sometimes choosing the right metaphor is the biggest challenge. If the metaphor or visual used doesn’t make sense even after some copy is added, then it’s not the right one.

4. Can you present each slide in less than 3 minutes?
If you are having trouble with how you will present a slide, it probably has too much information. The number of slides isn’t as important as what is on them. The fix: divide the slide into 2 or 3 concepts. It will appear much clearer. SIMPLIFY. Period.

5. Is there a “magazine” effect?
Within a presentation there should be key slides that make a viewer want to stop and linger. Like an intriguing magazine page, these slides should hold an audience’s attention but also make them want to see more. Key slides should contain the “meat” of your presentation and, taken collectively, provide the “glue” that holds your presentation together as a cohesive package. It is important to make sure these slides are worth looking at.

Finally, if you wouldn’t want to sit through your own presentation, chances are your viewers wouldn’t want to either. They want you to show them, not tell them. Use visuals to your advantage to get the buy-in you are seeking.

Alas, the rumor is true; IT as we know it is done. Today IT is evolving into something else, and, as with all transitions, it sucks. Yes, I said “sucks” —because that is generally how most people feel about change, and this is particularly true when there is no clear destination or roadmap of how to get there.

Here is what we know for sure: IT’s core stock in trade can no longer be solely fixing or building things, given the surfeit of quality managed service providers that can do the fixin’ 24/7. And, with the advent of the “cloud” (you may have hoped this would drift away…but it’s here to stay) access to constantly updated information and customizable applications is just a pass code away.

Today IT is becoming an entire business within a business. Much like an R&D department, we are expected to conduct research, discovery, and testing that will lead to business solutions. These solutions will be either at our customers’ explicit direction, or, like Professor Marvel, we will peer into our crystal ball and see what they need before they even know they need it. In the past, we often had to “sell” our projects, but today IT is helping to frame company strategy and make the business case for resource allocation and marketplace investments, just like a true sales and marketing team. We are also in the delivery business. We must be the best at on-time delivery of solutions at minimal cost, and, maybe most importantly, engaging the internal customer to ensure that the solution is used and the maximum benefits are realized.

The good ole days of IT are gone. The new objective of placing IT at the hub of driving business is here, and most IT organizations are ill prepared for the shift in roles, focus, skills, knowledge and leadership this will entail. If IT leaders don’t step-up their skill-sets and those of their organization, there will be no more IT—it will simply be absorbed into the business organization. After all, why turn to the old IT when needs can be handled (and, in some cases better) by outsourced managed services and the “cloud”?

What to do? My advice is to focus on and invest in one skill right away. Communication. In my next blog I will outline the specific communication skills IT needs to use right now and those they should look for in new hires. Suffice it to say, that from my perspective, for IT to survive successfully within in the world of IT it has to have strong capabilities in communicating with customers, vendors (manage services) and maybe most importantly—within IT organization itself.

For now, IT is probably both Dorothy—who can see the home but isn’t entirely certain how to get there—and the Wizard—who has had the curtain thrown back to reveal a man frantically trying to control an entire enterprise through illusion. Neither is an envious place to be, lost and unable to do what you did well for so long. Just the same, there is only one path and that is straight into organizational change with smarts, heart and courage. The road of change may not be yellow or brick, but it is definitely time to get on with it, ruby slippers or not.