Blog | Smeester & Associates :: Denver, Colorado USA Denver Cyber Security Engineering :: Smeester & Associates

How C-Suite Executives Keep Their Geeks Geeking Out Over Their Job

It seems now that everyone is a Geek. I read the other day about Concrete Geeks. Of course, you have Student Geeks and Sports Geeks and Cookie Geeks and Politics Geeks and Fitness Geeks. In other words, you have people claiming to be Geeks even if what they geek out over is pretty much the opposite of what original Geeks were known for.

So let’s apply the brakes a bit. Yes, Geeks are known as someone with an intense interest and curiosity in a particular subject. But as Wil Wheaton says, “it’s not what you love but how you love it.” And that is the key understanding for C-Suite Executives, because even if you are an Executive Geek, it is highly likely you are motivated differently than a true Geek, and by true Geek, I mean us high-tech gurus who defined Geek in the first place, and name claim to the highest definition of Geek because we were the ones who spilled blood, and who were diving into computer programming while others were beating us over the head with automatic typewriters.

 

So you want to keep your Geeks and not lose them to the competition…

It’s not what you love (modern definition of Geek) but how you love it (true Geek). If you want to keep Geeks in your company, the IT wizards who are at the heart of everything you do, then you must be intentional in differentiating extrinsic motivation (which works for most of your employees) and the intrinsic motivations that drive your Geeks. Yes, Geeks love money and time-off and other physical perks, but that is not what drives them and keeps them. Instead, most Geek-work is driven by creative problem solving. The C-Suite Executive who keeps their Geeks geeking out are the ones who offer multiple motivations built around this single core.

Geeks want challenging projects, on purpose, with the right people, the right tools and the right reward.

  1. Challenging Project

There are two sides to challenging projects: There is the Geek and there is the work. The Geek is an artist; (s)he wants to be able to look at a problem and consider the number of options available by which it may be solved. “And this is how we want you to do it” is a literal death sentence to a Geek.

The project needs to be well-defined. Specifically, a challenging project needs a problem statement, a clear idea of what the Geeks are trying to solve. It’s even better if there are clearly articulated goals at the outset. Part of a challenging project is that it is accompanied by realistic deadlines and humane hours. The challenge of a project is not in the impossibilities (“have this done yesterday”), it’s in the possibilities of solving a problem the best way possible, and perhaps, in ways not envisioned before.

If you want to keep Geeks in your company, the IT wizards who are at the heart of everything you do, then you must be intentional in differentiating extrinsic motivation (which works for most of your employees) and the intrinsic motivations that drive your Geeks.

Geeks want to know that their work provides measurable value. Geeks are learners; what they learn, and how they apply it to a problem, is inherent in demonstrating their value. The last thing they want to do, for most of their time at least, is to do what “anyone else can do.” Geeks pride themselves on what they alone can bring to the table. This is also why a good C-Suite Executive will build competition into a project. Geeks love competition, not necessarily against something but within something: For example, “Produce a system more efficient than this company has ever seen before.”

  1. On Purpose

Geeks will leave if they aren’t accomplishing anything. If projects are always delayed or courses are being changed, Geeks will look for the company that actually need their expertise to get something done.

That is why the best C-Suite executive or IT Manager knows to protect their Geeks from any customer interface or meeting prematurity where a desire has yet to be translated to an objective. Objectives can be turned into code. Ambiguous wishes are merely vapors that vanish into the air.

That a Geek needs to provide value, and that a Geek needs to solve a problem, and that a Geek needs to see their contribution against a bigger corporate objective is exactly why Geeks thrive on communication. Leaders must constantly keep in front of Geeks what the company is trying to accomplish and how the projects advance the greater mission. Geeks are info junkies – they want to know. But they don’t want too much information. Geeks live enough in a silo to not want to be distracted by information that is not relevant. It’s not that information is power; it’s the right information is power.

  1. With the Right People

For Geeks, the right people are team members who know their stuff, and who are not prone to make mistakes that will cost the rest of the team innumerable hours on unnecessary repair and rework.

For Geeks, the right people are teachers and mentors. Geeks will leave if they do not have people expanding a Geek’s capacity. This is a critical question for the C-Suite Executive: “Do I have masters in place who answer the intrinsic need of Geeks to inquire, to know and to grow in their fields?”

For Geeks, the right people are those who highlight a Geek’s intelligence and give proper credit. It is those who take them seriously, and what drives them seriously. Geeks want to contribute; they genuinely want to help. They also really don’t want to be asked to do anything that calls their credibility into question. Geeks are ruthlessly honest because their work requires honesty; they know if there is a problem in the system, and they know that misrepresenting the problem creates bigger problems. Never ask a Geek to misrepresent your product. They will flee.

For Geeks, the right people give them free food. Seriously. Not all the time, but regularly. It inspires them. It’s a low end investment for the company that gains a high yield of creativity.

  1. With the Right Tools

Stagnant technology will drive away your Geeks faster than the Flash can circle the earth (which is about a work day at Mach 6 speed).

It’s not that Geeks just want the latest and greatest gadgets. A Geek is genuinely driven to succeed at a problem you have given them, believing that the company legitimately wants to solve a customer need, and to do so in a way that is profitable in the long run to the company. To be given such a challenge, and to then have the right technology withheld, is to betray the honesty of the project, and certainly, to cast a shadow on the true motivation of the company.

Geeks either want to learn the technology that can solve their problem (and once a project is entrusted to them, it personally becomes their problem), or they want the ability to develop the technology that is needed.

  1. The Right Reward

Have you established for your Geeks a clear path toward career development? Remember, Geeks want to expand themselves. Career development can mean promotion, but it definitely means the ability to become their best creative self, making the most valuable contributions possible.

Geeks will stay with a company for a long time if their ability to grow is not short-term within the system. C-Suite Executives that want to keep their Geeks geeking-out will live by one rule: Geeks Are Always Learning. Reward them with educational opportunities, mentoring relationships, peer growth circles and other capacity-building avenues.

After reading this, you are probably geeking-out yourself over your Geeks. Who doesn’t want employees who are driven by problem solving, focused on the most profitable means, simply seeking to be their best for the best of the customer?

3 Shifts The CIO Must Master In Order To Provide Value

Don’t blink.

Change in your role as CIO is that fast. In seemingly no time, business departments are now employing their own IT staff. Those same departments are buying technology without consulting with you. Overall, you are making less IT decisions for the company, and much of your own IT work is being outsourced. The days of control have passed; the time of being only a cost center is in the history books. People are looking to you to be more than a Director of IT – and that is good news. You always have been more. Your love of what technology has longed for others to see its value. That day is here. But you must make some shifts, and you can’t wait to be invited to make them. You must demonstrate your value, or the thing you always knew technology could do will be entrusted to someone else.

Welcome to your new world of customer experience, data analysis and wise counsel.

The Shift to Customer Experience

Customer experience is the new brand differentiator. Price and product is becoming secondary to customer-business interaction. Consumers will pay more out of brand loyalty if such loyalty is rooted in experience; and one bad experience not handled to a customer’s satisfaction will be the end of the loyalty.

As CIO, you must now be aware of every customer’s touchpoint with the company, and how your technology meets customers at each point. To demonstrate your value, you must engage in multiple department interaction. Understanding the end user experience, and how each department feeds into that, you are now the champion of how technology serves their strategies. In this, you are aware of how changes in technology and new proposals for technology affect each department’s performance.

You are not just a cost center; you are a revenue driver. Over half the projects consuming the attention of a Chief Experience Officer involves technology.

The days of the CIO and IT staff being brought late into strategic development are far behind you. You must seat yourself at the table, in the beginning, designing the customer journey and being the champion each department needs for technology’s implementation.

The Shift to Data Analysis

Just like that, data is seated on the throne. As CIO, you are now a critical player in digital strategy. You do not need to be the Chief Digital Officer, a position that 90% of global companies will have in place by next year. But you do need training in analytics.

As a CIO trained in analytics, you further equip yourself to be a data source that helps departments solve problems. Your primary role is moving from a permission-giver (the old cost center mindset) to a prophet: Because of data, you can see what is needed before others, you can warn of regrettable actions departments might take, and you can direct leaders to the most efficient, cost-effective and customer-centric options available to them.

The Shift to Wise Counsel

The CIO now represents a consultative relationship rooted in strategic relevance. You have the opportunity to use your IT knowledge to inform better decisions. You are now more than bits and bytes. You create a digital, optimum performance place of work.

As CIO, you must be consulted on significant technical spending. There are aspects of past responsibilities that will remain in play. But you must also inform marketers what technology is capable of, and in places where technology, marketing, customer experience, sales and services seem blurred, emerge as the one to whom others turn for sound advice.

You live in an interesting tension. The CIO today that clings to the old model of business will find that people will look for ways to avoid them and get around them. Today, the CIO is a peer strategist and team player. IT is not a necessary evil; it serves every department in quest of the mission. To succeed, to demonstrate your continued value, you must shift into areas foreign to your previous job descriptions. You are now the heart of every customer experience; you are the knowledge pool of business decision making; you are the sage who has stepped out of the shadow to guide the many.

The Myth of Trust, The Must of Trust and the Role of Technology

Myth: Trust is earned.

Truth: Trust is not earned. Trust is granted.

If I can earn your trust, then you have given away power to me. If I can earn your trust, then trust is something that can be quantified, and all I have to do is reach a goal, a standard, a 100% of something that necessarily releases what you have. Trust doesn’t work that way.

Trust is something that you grant. You can give it or not give it. Trust is in your control, an expression of your power and will.

If someone failed you, and then asked, “What can I do to get your trust back,” I doubt you gave them a clear list of tasks to complete.

Trust is an opportunity you extend for someone to act in your best interest. Trust is a bridge you are willing to cross with another from the known to the unknown. When you get on an airplane, you trust the pilot to get you there safely, and to get you to a place in a way you could not on your own.

Do-It-Yourself industries rely on undermining the trust you put in professionals. Where you once relied on someone to act in your best interest and to do so with a knowledge you did not possess, DIY now gives you the knowledge you need to act in your own interest (while trusting that the knowledge they provide is accurate). It’s not that professionals are bad; some just aren’t needed like they once were. Trust is rooted in need.

Consumers are moving their trust away from institutions and toward individuals. It is a major shift. Before, we relied on the good name of companies. Now, corporate reputation as a whole is suspect. Consumers either rely on individuals directly (e.g. Airbnb, which averages 5 email exchanges before booking, vs. hotels) or indirectly (hence, the rise of peer reviews).

Trust cannot be earned, but it can be triggered. How do companies today trigger the trust of the public?

The Musts of Trust

1.    Don’t try to build trust. Trigger trust.

Building trust is an exercise of persuasion. Being trustworthy is an expression of character. Persuasion seeks to have you act in another’s best interest. Character will act in our best interest.

Trust is triggered by four trustworthy character-istics. Not any one of these is a magic bucket that, once filled, requires the trust of another. Each one of these is a signal, for reasons you cannot predict, to another’s mind and emotion that they can grant something of their self to you.

Competence: Do you have what it takes to act in my interest or get me to a place in a way that I cannot?

Consistency: Will you be responsive to me and act in a way that I can count on you?

Care: Are you really driven to meet my need or is your service just a camouflage for your own profit?

Congruence: Does your behavior match your stated intentions?

Trust is not necessarily revoked because of failure. Studies have shown that loyalty to a company is highest not among those who never had a problem with a company, but with those who had an issue rightly resolved. Why? Because competence is but one of four triggers, and if, when you fail, you are responsive, genuinely caring, and living up to what you project, then trust might remain in place.

2.    Technology that triggers trust amplifies decisions rather than dictates decisions.

Technology does things for people, and it has a growing role in deciding things for people (algorithms). Your company will be more human when it chooses to enhance decision-making (honoring a trust to be granted) rather than to impose a decision (trying to require trust).

Customer knowledge (which informs what you offer) plus multiple options (which maintains your customer’s power of choice) is the equation for relational business versus transactional business. And the more you seem human (relational), the more you will trigger trust.

The Role of Technology

Your company’s technology serves the triggers. Technology is not only about you being more efficient; technology empowers your ability to be trustworthy. IT must do both – serve you, and strengthen your competence, consistency, care and congruence.

Failure to utilize technology to both serve you and strengthen you will cause consumers to entrust their needs elsewhere, and neither one of you may be able to articulate why – and that’s because trust is not a commodity a company can measure and attain, but a part of a consumer that they willingly, if not consciously, give.

Five Skills IT People Must Have Before Being Considered for Promotion

In a recent article, Techie to Tech Lead, Peter Gillard-Moss confessed to the five biggest mistakes he made when assuming a lead role from his previous tech role. It’s a great article, written from lessons learned the hard way. As I analyzed the article, I found myself framing his lessons proactively:

What makes a leader effective who has been promoted based on technical competence?

1. Leadership is not about the leader’s competence but the team’s competence.

It feels good to work in the field, to plunge into the familiar, and to bolster one’s ego by producing great product. But leadership is always about someone else and their competence in cooperation with their peers. Leaders aren’t building stars; leaders are bringing stars into alignment. Leaders orchestrate by bringing the pieces together to perform as a whole.

IT leaders experiencing promotion lose sight of this if they focus first on their own reputation, or if they believe they must be the best skilled among the team. Some of sport’s best coaches were nominal players, but they understood the game better than most. In understanding the game, they know how the system best works and how to bring out the best in a player in a team capacity.

In order to be about team, and in order for a leader to keep his or her own ego checked, the measure of success must be stated in terms of team accomplishment and team play, not technical or personal expertise. How do you define success as a leader? Define it in terms of overall objectives, objectives that can only be met by the whole of who you work with.

The moment you assume the mantle of a leader, you redefined success in terms of how you bring out the best in others, and how you multiply your skills to the point that others surpass them. Leaders are not threatened by any one individual’s success, because the leader is measured differently than those they lead. A leader is not evaluated by the same standards as when they were a tech genius. So don’t allow a former standard to drive what you do in a given day.

2. Leaders focus on their strengths but expand their competence.

The Strengths Movement has taught us that to focus on weakness and seek to improve it is counter-productive: Know your strengths and build on them. As true as that is, leadership comes with increased responsibilities, and those are characterized by skills that can be learned. For example, one may not be the most administratively detailed person, but they can still learn the skills of time and project management. One may not lean toward being a people person, but people skills, such as listening, asking questions, and giving proper direction can be acquired.

Think of it this way: If you are being asked to learn something that applies to other areas of your life, it’s a competence you can grow in (being on time and listening improve a lot more than your job). If you are trying to become someone you are not, then you may be seeking to over-reach. For example, if you are strategic (strong in ideas and plans), being asked to be deliberate (focused only on tasks at hand), you will find yourself climbing the wall in order to see the big picture.

As an IT leader experiencing promotion, the critical essential to expanding your competence is to beware of the source. That’s why outside eyes serve you well: People who have history and connections in the areas you are seeking to improve upon can lead you to credible sources so that you are maximizing effort and not wasting time.

3. Leaders guard values and facilitate action.

As a technology expert, your primary responsibility was to get your job done, and if possible, to play nice doing so. Your biggest obstacles were obstacles that got in your way, not necessarily the way of others. As an IT leader who wants to maximize your promotion, you are responsible to make sure that all of your team can get the work done, and so you are aware of all the obstacles that can come into play. You must be proactive more than reactive as before.

Obstacles are either internal to your team or external upon your team. As a leader, you must be aware of what is happening company wide, anticipating how decisions will affect the work of your team, and articulating to others what your team absolutely needs.

As a techie, you could ask, “Who let in the wolf?” As a leader, you look out for the wolves in the first place.

Also, before your promotion, you contributed to the culture. As an IT leader, you shape and defend the culture.

4. Leaders cannot afford to control every aspect of how the work is done; but they must continually move the work toward the right outcome.

Doing things right (as determined by you) now gives way to doing the right thing (as determined for everyone). A leader is still aware of wrong, and is quick to correct; but a leader gives much more allowance to the various right ways of accomplishing tasks and purpose.

5. Leaders are more person-sensitive than product focused.

Before your promotion, your aim was to produce that best product possible. The IT leader builds the best team possible. Part of building people is being aware of all that is in play for them in a given day: life circumstances, distractions, insecurities, personal liabilities. How to identify issues and engage in helpful conversations about those issues are skills to be learned. They are essential skills for those who sit upon the summit of leadership.

Consistent to each of these five realities: Leaders have a broader perspective. You must take far more into account than ever before. More things shift, and leaders live in the paradox that they must be more proactive than ever before, and they must be more agile in being reactive than ever before. Simply, more is at stake: People.

3 Top Responses of C-Level Execs To The Inevitability Of Cyber Crime

Cyber crime costs to the world will double in a six year period ending in 2021.

More reports of attacks give rise to a gnawing sense of inevitability. As leaders in the fight, there is only one strategy that safeguards our companies. Inevitability must promote “Response-ability.”

The Biggest Catalyst to Response-ability is Compliance.

Internal compliance drives adherence to the practices, rules and regulations set forth by internal policies. External compliance follows the laws, regulations and guidelines imposed by governments and agencies.

Compliance requirements are numerous, and the legal team and C-Suite Executives are responsible to determine the scope of compliance. Compliance officers and staff are a growing requirement. Technical, procedural and strategic frameworks must be built to assure your company’s integrity.

Behind the pressures, costs and potential fines that surround your compliance, the public is demanding more of you as the steward of their information. 6 of 10 people would blame you, not the hacker, for lost data. 7 of 10 people said they would boycott a company that appeared negligent in protecting their data.

Here are a few pressing challenges to compliance:

  • Use of Personal Devices

Companies now must have strong policies and technical controls in place, such as mobile device management protocols that exist, and by enforcing device lock passwords and time-based, one-time based passwords. Employees with laptops and devices should be provided security policies and prevention mechanisms, as well as secure access to corporate data.

  • Updates and Patches

IT Managers must ensure that your organization is current with software updates and that they immediately patch known vulnerabilities. Last year alone, the number of third party vulnerabilities doubled.

  • Third Party Vendors

Also last year, 63% of data breaches originated directly or indirectly from third-party vendors. Managing vendor information security and vendor compliance with privacy laws is a major and essential undertaking.

Cyber Insurance is Response-able.

And it’s being responsible in advance of the need. Cyber insurance not only covers legal fees, but typically expenses associated with notifying customers of a data breach, restoring personal identities of customers, recovering compromised data and repairing damaged systems.

Purple is Response-able.

Borrowed from military language, Red Teams exist to attack your cyber-security systems and to expose points of weakness. Blue Teams defend, enforcing the security measures you have in place. The buzz of the day is the Purple Team. The Purple is either a make-up of both Red and Blue teams in which participants form a learning community for the sake of the other, or an outside group brought in to examine the tactics of both teams and make recommendations. Ideally, Red and Blue Teams exist not in competition to the other but as complement, holding the security objectives of the company as the standard of each team’s success.

The greatest detriment to your response-ability is lack of clarity on what you need or don’t need. Outside eyes continue to be the best check and balance for CIO’s. Without third-party, unbiased expertise, you will not possess the confidence you need that the compliance, policies, insurance and Purple evaluations are sufficient and efficient for your situation.

3 Building Blocks That Keep Your Board On Solid Footing And Grateful For You

Board members are becoming increasingly aware of their own accountability and risk in the event of a cybersecurity breach. By 2020, 100% of large companies will be asked by the Board to report on cybersecurity, an increase of 60% in four years.

What boards are not asking for is a lot of detail they will not understand and that will just cloud their ability to make good decisions on your behalf. Instead, I recommend shaping the board around three important mindsets which I treat as building blocks.

Building Block 1: Cybersecurity is about Risk

The risk is no longer just an IT issue, but an enterprise issue with costs and penalties at every level, from company mission and profit, to employment, and to financial and legal consequences.

Risks are proportionate to threats, vulnerabilities and consequences.

Therefore, boards need to be informed about

  • Evolving threats
  • Changes in business needs and their association to new security risks
  • Increasing regulations
  • Policy updates
  • Geographic changes in which services have been moved to outsider or cloud applications

Building Block 2: Cybersecurity is about Risk Mitigation

Mitigation is about reducing the threats, vulnerabilities and consequences your company faces.

And it starts with the Board. Often overlooked is their own vulnerability. The Board is privy to a lot of information, much of it confidential, and much of it being communicated on their own devices. Security measures need to be in place for them that reflect the policies and procedures of the company.

By extension the Board needs to be aware of how training and education is implemented and practiced among all employees.

Building Block 3: Cybersecurity is about Risk Mitigation Strategy

A number of boards are now discussing the value of having a cybersecurity specialist on the board in order to bridge the gap between the board’s lack of knowledge and the increasing expertise they must have in front of them. In the least, they must address who in the company reports to them. Ideally, it is the same person each time. Boards are increasingly aware of the time they must now give to cybersecurity issues in their meetings, and to being able to understand these essentials:

  • Is our budget congruent with our security need?
  • Are we in compliance?
  • Is the Business Continuity Plan and Disaster Recovery Plan in place and what are the results of the tests of it?
  • What risks must we avoid, what risks are we willing to accept, and what risks must we transfer through insurance?
  • Are the right people in the right places?

The CIO that builds these into the working knowledge of the Board will find a Board and CEO ready to build back into them and the IT needs the CIO represents.

Which of these has been most critical in your own work with boards? Tell us below.

How To Hire IT In Order To Accelerate Your Work and Teams

“Take away my people, but leave my factories, and soon grass will grow on the factory floors. Take away my factories, but leave my people, and soon we will have a new and better factory.” – Andrew Carnegie

We suffer a deficit in IT and cybersecurity professionals. The projections are in the millions of vacant positions. That means the competition for good staff is tough. It also means the temptation for desperate hires are great.

But a bad hire can devastate your company.

So what are the guardrails you need in place to ensure that you are hiring a quality person who will move your company forward?

Let’s look at four: Character, Commitment, Cultural Fit and Competence.

Character

One professional football coach, prior to each draft, would put these initials next to the names of potential players: DNDC – Do Not Draft, Character. Coach understood that character detrimental to the team was not easily corrected or coached.

But how do you explore character and avoid legal entanglements?

Behavioral assessments are based on the belief that past actions are the best predictor of future actions. The key is to identify the character essentials you are looking for, translate them into behaviors, and then ask about past experiences with each.

For example, let’s say you are looking for the following essential character traits:

Disciplined. Compatible. Positive. Compassionate.

Those traits have certain behaviors, such as:

Being on time. Resolving Conflict. Handling criticism well. Partnering in a company’s community service.

Those behaviors translate into important, demonstrable and perfectly legal questions:

When was a time that you had to go to extra lengths to make sure you finished a project on time?

Tell me about a person you had a difference of opinion with and how it was resolved in a manner satisfactory to you both.

When did you receive a criticism, and how did you turn it into a learning opportunity for yourself?

What did you do in the last community service project you volunteered for?

Commitment

Resumes can be deceptive. Both a long time at a company, or frequent changes in work, can demonstrate strength or weakness. Longevity may signal insecurity as much as tenacity. Short stays may point to lack of commitment or promotion or life circumstances.

I prefer a different formula to determine a candidate’s commitment:

Shared Conviction + Rich Participation = Bedrock Commitment

Shared conviction exists when an employee agrees that why a company does what it does matters. Rich participation exists when an employee buys into how a company does what it does matters. “Rich” indicates that they invest in the values that are important to you, and find new ways that best express those values.

How do you know if they possess shared conviction and will bring rich participation?

Behavioral questions!

Let’s say that you own a chain of fitness clubs and your big Why is “to promote health to persons of all body types so that they feel good about themselves and put a smile on the doctor’s face.” How you accomplish your mission is through customized training at affordable prices in well-kept facilities filled with accepting persons. The four qualities found in that last sentence each have strategies and processes behind them.

Here are some sample questions I would ask a prospective IT person working in my company:

“When was a time you recognized that someone was making an effort to improve their health? How did you encourage them? What did you feel inside yourself as you watched them work at it?

“When was a time you adapted to a company’s process? Along the way, as you discovered how a process could be improved or done differently, how did you communicate that?

The key is to ensure that the person you are hiring isn’t just filling a spot. Instead, they are investing who they are into what you do.

Cultural Fit

Culture transcends character and commitment. You can hire a person of great character who is fully committed, but if they are straight-laced and paired with a team of practical jokers, the lack of chemistry will blow up morale and productivity.

Personalities can learn how to work together, but culture is more than personality. Culture is the way things are done that personality must bend itself to. Culture can be disciplined, loose, competitive, confrontational, non-confrontational, professional, artistic and so forth.

Know the culture of the team your hire will be working with. Assign behaviors to it. Ask questions about how the candidate has demonstrated those behaviors. One example: The culture is confrontational, and it’s confrontational because one mistake can cost the team valuable time and money. A behavior is the need to be able to defend an idea or position. The question: “Tell me about a time you put forth an idea that was challenged. How did you defend it, and how did you fight off any discouragement because you were challenged?”

Competencies

I saved this for last, because you have any number of ways that you test for competencies, whether it’s their understanding of technologies, designing technical architecture, systems integration or project management.

The insight you need is the complement of a candidate’s competencies with the team (s)he will be working with.

Though a wrong hire can devastate a company, the right hire may accelerate what you are all about.

Which of these have proven most important in your hiring? Help us to learn from you in the comments below.

Six Major IT Functions You Cannot Do Without and Must Perform At Optimal Level

Your body is amazing.

It is comprised of six major systems in which all functions interact with each other. Not one survives without the other. Remove one from your body? You die.

(Just in case you were wondering: Skeletal, Muscular, Nervous, Digestive, Respiratory and Circulatory).

IT management also consists of six major functions that interact with each other. Failure to develop and maintain health in these, and you invite serious dysfunction; weak in one weakens all.

Communication

How does your IT leader communicate with peers and executives?

How do you coordinate when IT cannot make a decision alone?

How does IT partner with senior managers in strategic development and complementary focal points?

How does the Board understand IT issues and what must they know to make appropriate decisions?

People

How do you ensure that you hire, develop and retain the best talent?

How do you manage the gap of knowledge between managers and tech specialists?

How do you navigate leadership of highly smart and variously motivated employees?

How do you know what your talented people can or cannot do?

Cost and Accounting

How do you get the right people in decisions and safeguard what is in the interest of the company and not just a particular department?

What determines value for IT and where to invest for maximum return?

How do you know what projects to invest in and what determines there priority?

Project

When do you know to expand the scope of a project or not?

How will you budget while allowing for uncertainty in project time and cost?

What budget considerations do you make for the need to learn during the course of a project?

What is the chain of communication for when problems arise?

Partner and Services

What is essential in the agreements you structure with outside partners and vendors?

What is the selection process?

How do you know what must stay within the company’s walls and what need not be?

Who will we use for outside eyes?

Infrastructure

How much do you invest in maintenance versus new capabilities, and how do you know when new is needed?

What is your Business Continuity and Disaster Recovery Plan?

How much will you invest in redundancy?

How do you identify emerging threats and opportunities?

How does emerging technology integrate into your strategic plans?

In coming weeks, I will address each of these. But a major takeaway for today is, every company needs to bring in outside eyes to evaluate each of these functions: We don’t ignore our body’s systems, and we don’t ignore our company’s IT systems. The last thing you want is an IT emergency that could have been avoided.

The Dirty Dozen: What every Disaster Recovery Plan must have in place.

Last week, I wrote “Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.” We also learned together the critical need for DR.

But what really needs to be in the plan? Twelve questions begging to be answered:

1. What are the potential interruptions?

The key is to list all the ways in which business function could lose support, prioritize the likeliest, and address each with a plan. Today, cyber-attack is an increasing threat, and should be in the top of your list.

2. What are all the possible impacts?

A Business Impact Analysis (BIA) evaluates financial, safety, legal and public relations effects, and addresses to ensure the maintenance of confidentiality, integrity and availability.

3. Who calls for the DR to be enacted, and who is called when it is enacted?

A DR Plan spells out expectations of the roles and responsibilities for C-Suite Executives and the employee chain in the event of disruption. The chain of communication must be established as to who calls for DR enactment, and then who is called: What employees must come in and how they are to be contacted, with all contact information at hand.

4. Who updates the DR Plan?

Technology change, systems change and application changes, which are frequent, may all affect the effectiveness of the DR Plan. Who communicates the updates? Who adjusts the DR Plan and communicates the changes?

5. How often will you test the DR Plan and run drills?

Data breaches happen. It’s rare that a job will be lost over it, or a company’s reputation hurt over it. The damage is done on how well the company responded to it. Failure to respond properly leads to loss of employment and reputation. The only way to respond professionally is to have an exhaustive plan and to ensure that it works!

6. Who is responsible for hardware and software inventory?

Make sure the vendor technical support, contract and contact information is readily accessible in the event of a disruption.

7. What is your Recovery Point Objective (RPO) and your Recovery Time Objective (RTO)?

RPO is the maximum period in which data might be lost from an IT service. It answers the question, “How much time can we tolerate having to recover or rewrite lost content?” That determines your backup frequency. RTO addresses the target time to recover IT and business activity.

Prioritize plans based on what needs immediate recovery, what is acceptable to be recovered within a business day and what can be recovered within a few days.

8. What is your communication plan?

In the event of a disruption, Who needs to know What by When and by Whom? This also includes a statement prepared that will be accessible on your public platforms, and a plan on how and when customers receive initial communications and updates.

9. Where do you go if you can’t go to the office (or usual place of business)?

The DR Plan should address alternative worksite options, including telecommuting. Employees will need to know how to access systems from the alternative sites, and IT will need to ensure that compliance requirements are being observed.

10. Are all your vendors and contractors prepared to help?

The DR Plan must ensure that Service Level Agreements are in place, addressing how vendors and contractors are to help and the timeliness by which they are committed to respond.

11. Do you have operations and procedures in place to protect and access sensitive information?

12. Who is in Second Chair?

If a key employee is not available during a disruption, who knows what they do in order to perform their responsibilities in a crisis?

I hope you never have to enact your DR Plan. But I am available to make sure you have addressed all the key components for your business, and that you not only have a plan, but that it works and that you know how to use it.

What other questions do you have about DR Plans that I can help you with? Please comment below so that others can learn with you.

Why The Odds Are Against You In Disaster Recovery

Let’s walk down a neighborhood, but it’s not your typical neighborhood. Instead of houses, it’s lined with businesses much like your own. Let’s put yours in the middle, and you have businesses down either side of you, ten total.

One bright morning, you wake up, throw on a robe, and step outside to drink coffee on your front porch. You can know that on any morning:

  • 4 of the 10 small businesses on your street will have suffered a cyber attack.
  • 6 of the 10 businesses that suffer a cyber attack will be out of business within six months. Your street will have six empty lots where once there was a structure (like a bomb went off or a tornado swept through).
  • 9 of the 10 employ different backup and recovery tools. 7 of those 9 will have overlapping capabilities, and of those 7, 6 will experience problems because they use a variety of tools requiring different learning systems and added costs.
  • The 5 businesses to your right and the 4 to your left experienced a major outage in the last 24 months (do you feel the walls closing in).
  • Your neighbor to the right is the only one who said they could respond and recover from a similar disaster within two hours.

Welcome to the neighborhood of Disaster Recovery (DR).

Disaster Recovery is about the information or technology systems that support business functions. It is a component of Business Continuity (BC), which plans to keep all aspects of business functioning during disruptive events.

7 of your neighbors experienced downtime due to human error or hardware failure or power outage. It took them between one to nine hours to recover, at costs ranging up to $700,000.00 per hour. Most of your neighbors, say the four on your right and the three on your left, spent one million dollars each to restore their business to normal.

It’s only a matter of time before one of your neighbors steps out for her morning coffee, and you are the statistic.

As a matter of fact, 7 of your 10 C-Suite Executive neighbors said they are very prepared for Disaster Recovery. But not even 5 of their IT leads agree. You have some domestic disputes in your neighborhood.

Plus, some of your neighbors are being stingy: Not even 5 of them allocate budget for risk-mitigation.

What’s happening in your neighborhood? Fear is rampant. Your neighbors distrust new technology. Ignorance browns the yards; the guys next door lack the expertise to build and test a plan. Money fell from the trees and has been raked away into other expenditures, leaving little behind for essential protection.

The 5 businesses to your right and the 4 to your left experienced a major outage in the last 24 months.

3 of your neighbors have no Disaster Recovery plan in place. If it was a house, it would be uninsured. All three of those neighbors will fail if their business is seriously disrupted.

If you called a meeting of your neighbors, you would discover that if they have a plan, it is likely incorrect. If their plan was a garage, and you opened the door, you would find unnecessary technology overwhelming the space. Only one of the business on the block tests their plan monthly (that would be you, right?) Three of your neighbors will make the effort to test it two or three times a year. The guy right next door: He never tests his plan.

Your neighborhood needs a better watch program. Not only are you vulnerable to intruders, regulators will be up in arms over the insufficient information management they will find.

Some of your neighbors have listened. Over two of you use the cloud as a DR strategy, which is an increase of 10% in the last four years. One of you is using Disaster Recovery as a Service.

What should you do?

I will address more of these issues in upcoming articles, but no matter how much you read, you need outside eyes to ensure your maximum protection. It is my pleasure to help so that you feel safe at home.

3 of your neighbors have no Disaster Recovery plan in place. Are you your neighbor? Do you know or not know?

1 2 3 10