The New Crisis in Cybersecurity

cyber-security-lock-image

By Mark Egan

There is a new crisis in Cybersecurity.  A recent article highlights the current lack of trained Information Security professionals and ties this lack to the digital revolution and other technology advances, leading to “mega-breaches on an unprecedented scale.” Stealing IP has become a billion dollar business; couple that with the fact that it is also much easier to break into a system than protect it.  All the criminal needs to do is to find one hole in your environment and they can slip in. Why there is a dearth in Cyber Security professionals and what can be done about it I have outlined briefly in a few key points here.

One of the biggest reasons why there are fewer trained security professionals is due to the fact that the Office of the CISO is still a relatively new organization, compared to that of the CIO, which role has been around for significantly longer.  CIO titles started in the 80’s when Information Technology became a critical component of daily business operations. The CISO title is more recent and in 2006 only 43% of large organizations had a CISO. This has changed over the past 10 years and now most larger organization now have a formal security function and overall leader.

However, companies show a trend of being focused on hiring very experienced security staff externally, as opposed to developing and training individuals internally.  It would be more effective to take existing staff and train them, or hire in trained entry level professionals who you can develop.

Going Forward

The solution to Information Security is that companies have to develop their existing staff and then cultivate a mindset where everybody is “mindful” – like a Neighborhood Watch, where everyone is involved in the program. Most attacks still originate from phishing email – someone clicks on an email, and that email comprises that machine. And once they compromise that machine, they move laterally within the environment to elevate to a privileged level of access.  So if you have Neighborhood Watch, everybody is on alert. When they see the suspicious email, they notify someone, and through this behavior you can build and grow and perpetuate a more “security aware” program.

Ultimately security is a people issue. To this effect we created the Merritt College Information Security program as a fully accredited A.S. degree with majors in Applications and Infrastructure Security. The program has been two years in the making and serves the San Francisco Bay Area East Bay School districts, which include students from less advantaged backgrounds. It results from the partnership with the CISE CIO organization, Merritt College, and CIO’s / CISO’s from leading San Francisco Bay Area companies. The program provides trained, entry level security professionals from which an organization can then expand on and develop other existing staff internally.

They are currently for hire; please contact me for more info.

Organization Structure to Support Digital Business – What to Consider

digital-business-image-1

By John Dick

Central to the changing landscape of IT and business is the proliferation of devices and Internet of Things; by 2020, more than seven billion people and businesses, and at least 30 billion devices, will be connected to the Internet. This interaction leads to the evolution of digital business, and with that evolution is the need for companies to think about how to organize their most important asset – people – in a way that best supports the delivery of their products and services in this new digital business structure.

We have been giving advice to companies on how to thoroughly think about the role of people and organization structure within this evolving and complex equation of people, process, and technology. I have captured some of our leading points around structural questions to consider and critical success factors related to the organization of a company’s technology engineering and delivery groups below. In turn, this blog will lead to a future post outlining digital business organization structure, and guidelines around your company’s infrastructure readiness.

First, there are some questions to consider in thinking about digital business, technical engineering and delivery organization structure.

The first deals with how your company is organized, because it is probably organized the way it is for a reason, such as to most optimally support effective product sales and delivery.  Also, that structure is the eco-system in which you will need to co-exist.

Important Company Structural Questions and Considerations

  • What is your company’s approach to centralization vs. decentralization of responsibilities and structure?
  • Does your company impose structure through traditional functions, product, process functions, or technical expertise?
  • How does your company think about direct line vs. dotted line reporting and to whom?
  • Do you fit the technology organization to the business requirements or to the people?
  • How do you handle regional | international units?

Understanding the relationship of your organization within its larger context is critical to how you organize your group. For example, if your company is decentralized, it will probably be important to understand why your organization is also decentralized. What are the key reasons your business is decentralized? How will you provide digital support to the decentralized units in a meaningful, personal manner? How will you understand unique customer regional requirements? What if it has aspects of both? A carefully crafted hybrid solution may then become necessary.

From here, we offer key initial points to consider toward optimizing your organization structure for success.

Once you’ve thought through and understand how your company is organized for success around its products and services, you’ll want to transition to what are the critical success factors for your technology associated group. That, once aligned with the rest of the company structure, will assist in developing success criteria.

Critical Success Factors

  • Aligning organization with business strategy and function
  • Allowing organization to keep pace with company growth and changing business dynamics
  • Providing effective decision support and related performance | scorecard tracking
  • Integrate organization approaches within company culture

While the first three points are a common theme and well accepted, I believe the last point is often overlooked. All companies have some aspect of company culture in their environments. If your organization is not organized or motivated within that context, success could be difficult. A good way to support this is to subtly develop success criteria that is natural to your environment.

With new roles other supporting or catalyst roles will emerge, and CXOs will need to develop digital leadership capabilities in order to execute an effective digital strategy.

In the next post I will delve further into what this means and how to think about your company’s infrastructure readiness to complete the picture.

StratraFusion – Values

Values balls

 

The pace and evolution of enterprise technology more than ever calls for strategic advice on how best to use this technology to optimize your business.

We formed The StrataFusion Group as a unique technology and business consulting practice based on knowledge gleaned from practitioners and their years of in-house “hands on” leadership and experience. Our Partners have driven technology and business strategies in disruptive Fortune 500 companies and fast-growing enterprises and firms, and they bring years of practical knowledge into solving each opportunity in its complexities and challenges.

We advise and assist our clients on how to leverage their technology investments to increase revenue, and improve customer satisfaction while reducing risk and cost.

We originally conceptualized and founded The StrataFusion Group to provide expertise ”for CIO and CTOs, by CIOs and CTOs.” The practice has, unlike many other technology consultancies, continued to emphasize the personal operational experience of our Partners. This expertise is then applied directly to your problems and issues by our Partners — not inexperienced stand-ins. You receive our personal attention and commitment to efficient and effective engagement management.

Our passion is to empower companies to be business innovators by combining leading-edge insights with significant experience-based knowledge of markets, technologies and industries. We focus on adding client value, delivering ultimate professionalism, applying team cohesion to expand experience and focus success, with respect for individual values and goals. We truly seek to earn the “Trusted Advisor” status. When you have a serious technology problem we want you to think of StrataFusion, not Ghostbusters!

We offer proven solutions for the most difficult business challenges, focusing on these practice areas:

StrataFusion Practice Areas

  • CIO / CTO Advisory
  • Information Security
  • Digital Transformation
  • Big Data / Cloud Analytics

As we go forward and continue to build on our consulting practice areas, how we were formed, our foundation and core values continue to drive how we approach each company with their unique set of of challenges. Underlying all of our work is our set of guiding principles:

StrataFusion Guiding Principles

  • We challenge and reinvent the vision
  • We create through teamwork
  • We nurture the independent, entrepreneurial spirit
  • Our personal and operational competence and professionalism is clear and at our clients’ disposal

We look forward to working with you.

John Dick, Partner and Co-Founder, StrataFusion

How Mature Is Your IT Steering Committee? And Why You Should Care

Map

By Maureen Vavra

Information Technology (IT) Steering Committees ensure that IT maximizes the strategic value of your corporation’s information and technology. But how can you determine the operational level of your Steering Committee? And how can you guide it toward a higher level of maturity and make it more valuable?

New/Early-Stage Steering Committees (first six months)

The young IT Steering Committee takes on the role of enforcing review, performing impact analysis and fit, and acting as a gate keeper over uncontrolled change. This constraining role must evolve within six months for their governance role to be relevant; business leaders will opt out if all they see are roadblocks.

Characteristics of Young IT Steering Committees

  • Focus on immediate control
  • Help projects manage to priorities
  • Set standards and define governance
  • Give IT air cover in implementing critical policies and initiatives
  • Balance long- and short-term vision at about 30/70
  • Create a portfolio management approach to IT over time
  • Have trouble staying focused and out of issue management

Maturing Steering Committees

An active Steering Committee must become more proactive and future oriented. Guided by corporate strategic direction and needs, committees should sponsor the creation of an IT Roadmap for the next two to five years that defines core systems, interfaces and direction. This roadmap must be aligned with and communicated to the business allowing the business to know when to anticipate new capabilities and major system changes, and to assess the impact of new initiatives.

Characteristics of Mature IT Steering Committee

  • Govern via business strategy, IT roadmap and standards
  • Stay true to list of priorities
  • Enforce lean project management and milestones
  • Balance long- and short-term vision at 70/30
  • Guide IT portfolio and budget
  • Anticipate major change
  • Oversee process and data management initiatives

Make Your Steering Committee More Valuable

Start by performing an audit of your Steering Committee’s current operational level, asking the following questions:

  1. Is your IT Steering Committee responding to a budget, security or resource management crises? Should it be?
  2. What is your committee doing about your organization’s data—a hugely valuable asset?
  3. Who is on your committee? Can these committee members ensure business partnership and relevance? Are you missing any critical business functions?
  4. Is your IT Roadmap current and in use?
  5. What is your committee’s balance of long-term planning versus short-term reaction? Is it at least 70/30?
  6. Does your committee meet monthly and does the agenda include:
    • Pre-reading
    • Management to a strategic plan
    • Data-oriented initiatives
    • Monitoring of key measures, including project effectiveness
    • Time for discussion of future corporate direction

Commit to addressing each area that falls short:

  1. Review the IT spend quarterly at least, ensuring that you’re in control of how much resource is going into “Keep The Lights On” (KTLO) spend versus investment. KTLO can be your nemesis.
  2. State a Master Data Management vision and make incremental steps toward it. Data as it pertains to key processes/key performance indicators (KPIs) is a good place to start.
  3. Spend part of a Steering Committee Meeting discussing the membership representation and resolve duplicates and gaps, and who always misses. Be sure the people who come are decision makers.
  4. Review the IT Roadmap at least three times a year, especially in conjunction with the budget cycle.
  5. Talk about your Steering focus and balance and assess whether you are progressing to 70/30.
  6. Ensure monthly meetings are scheduled (not blown by) with the appropriate agenda.

The Best Steering Committees

Over time, the best IT Steering Committees handle the planning, prioritization and control functions with more ease, grouping them around business strategic planning outcomes and budget cycles. By that time, the members have built a deeper understanding of the role Information Technology plays in their business and can use the committee as a sounding board for exploring strategies to leverage core data and processes for innovation.

Maureen Vavra is a partner at StrataFusion. Contact her at mvavra@stratafusion.com; follow Maureen at twitter.com/MaureenVavra.