Friday, July 26, 2019

Happy #SysAdminDay

What would your life be like without a #Sysadmin?

Sunday, March 24, 2019

Align Risk and ROI analysis with success

Risk and return on investment (ROI) are usually evaluated separately. Yet, they share striking similarities.

Both need an internal (strengths and weakness) as well as external (opportunities and threats) analysis. This is also known as SWOT Analysis. They both analyze the two directions in which any effort can go, risk measures possible monetary loss while ROI measures possible monetary value. But what is at the core of risk analysis and ROI analysis? Impact and Likelihood.

Businesses, organizations and individuals are required to be productive for which they need to be effective and efficient. To be effective they need to have an impact. What they do, must return as high as possible monetary value with as low as possible chances of monetary loss in the lifespan of the delivery. To be efficient they need to be predictable exhibiting the highest possible success likelihood. How they do it, must use the leanest, fastest and highest quality possible approach (the lowest possible entropy solution).

Understanding this simple fact is one thing but learning it is another.

Since businesses are ultimately led by managers, success comes 100% of the time down to the individual. Hiring full stack leaders is at the core of low risk and high ROI results.

As a professional, you the reader, will not have more value just because of your success likelihood based on your skills but also because of the impact your decisions will end up having. In other words, it is not enough to be efficient, you must also be effective. I see too many people focusing on efficiencies but few people out of them are actually focusing on effectiveness for whatever reason. This most likely is the result of a simple fact: common sense is rare.

If I could give a sentence of advise that would be "Align productively towards the definition of success". I have tried to explain what to do and how to achieve this objective above.

Saturday, March 16, 2019

Full Stack Leadership brings Competitive Advantage

All these keywords/key-phrases/hashtags apply to the organization as a whole. They apply to deliverables and quality. To deliver maximum return on investment cost must go down and/or value must go up. Focus on keeping the pace rather than in resource utilization and the result will be a constant delivery of value.

Whether your business depends on an e-commerce website or sending men to the space these concepts still apply. Process engineering is not a pure science discipline, it is also an art. While these hashtags are as old as human thinking what is novel here is the value proposition to embrace them company wide, to have them as the driver of the organization strategy. Unfortunately we are too much focused working in the business instead of on the business. The collective application of these ideas lead to Innovation which is always a result of Collaboration, Communication, Critical Thinking, and Creativity.

The main problem we consistently face is that the people doing it are not the ones thinking it. Leaders should be thinkers and doers, both. Organizations that train their leaders to be full stack will exhibit competitive advantage and such advantage is indeed sustainable depending on how innovative the leaders' interconnections are.

Want to copy and paste?
#LessIsMore #EightyTwenty #KeepItSimple #ParetoPrinciple #TheoryOfConstraints #LawOfDiminishingReturns #SimpleAsPossibleButNotSimpler #MeasureTheRightThing #PerfectIsTheEnemyOfGood #GetItDone #BeEffectiveAndEfficient #GoldenMean #ExcessIsRecklessness #MIddeIsCourage #DefficiencyIsCowardice #DoTheRightThing #ContinuousImprovement #EvolutionNotRevolution #CommonSenseIsRare #Innovation #Collaboration #Communication #CriticalThinking #Creativity #WorkOnTheBusiness #TheWholeIsGreaterThanSumOfItsParts #BestPracticeIsTheEnemyOfCommonSense #BusinessStrategy #BusinessAlignment #BeThinkerAndDoer #DreamLeadershipNotManagement #DefineSuccess #BeFitForSuccess #FullStackLeadership
Have more? I am sure you do, that is what comments are for ;-)

Thursday, March 14, 2019

Panelist notes from the South Florida Executive Roundtable Technology Leaders forum

This is a slideshow containing my Panelist notes from the South Florida Executive Roundtable Technology Leaders forum, 2019. It was a pleasure to share my thoughts and listen to the thoughts of other tech leaders in the area.

Tuesday, March 12, 2019

Secure Translations - Business Email Compromise (BEC)

This subject is sticky for two months for a very good reason. Training is mission critical, mastery is a must and Paranoia is the only effective defense. Trust but verify! Untrained Employees are the biggest security risk for the modern enterprise.

Just Google "business email compromise real case studies" to understand the raise of successful Business Email Compromise (BEC) scams and why proper employee training and auditing for such training pays off big time.

With so many language service providers (LSP) you should look for the ones that have invested smart (and not just hard) into security. Without smart employee training language service providers cannot deliver secure translations. Globalization demands translations but if they are not secure then you better stay local.

You can follow the "Secure Language Translations" series in this blog, on linkedIn or Twitter. My objective is to educate executives and managers but also to help engineers in reducing the organization risk through sound security measures.

Saturday, February 16, 2019

Secure Translations - Employee Training - Phishing - Part 8 of Many

Security Drills like Ethical Phishing Attacks are a must-do to keep digital assets secure.

This immediately poses the question: Are you and your service providers training users on cybersecurity? We need employees to master security, not just to be aware. The employee awareness programs that most auditors are after are a good start but not enough to make sure that your employees act as a trusted line of defense. Trust but verify! With successful Business Email Compromise (BEC) scams on the raise Paranoia is the only effective defense.

This is the 8th post on my Secure Translation series, and this time I am discussing the lack of strong employee security training.

As usual, let us use our simple yet effective quantitative risk management framework to analyze this threat.
  • Threat: Companies are tempted just to check the box when it comes to employee training as part of regulatory compliance. Unfortunately, just caring about compliance is not the same as caring about security.
  • Asset: All digital assets are at risk when employees are not highly trained on security issues.
  • Vulnerability: Users with access to confidential information do not truly know how to combat security dangers like phishing.
  • Risk: The impact of any single employee not knowing how to actively fight threats like phishing is the highest security risk Companies face today. The likelihood of this happening is extremely high with attacks getting so sophisticated that even information technology professionals fall for phishing scams nowadays.
  • Safeguard: Actively craft your own internal ethical attacks, collect statistics like percentage of employees that are failing to identify threats over time, share the statistics openly, help personally those employees that are having trouble with recognizing threats. Make sure not a single user is left behind. Work with the staff, vendors and even contacts for mastery and not for punishment. Do not just ask for audit reports and certifications from your service providers, but in addition ask them for the specific employee training program and proof that such continuous training is happening. Furthermore demand proof about ethical hacking drills performed internally. A service provider like a language service provider cannot provide secure services like secure translations, unless they have a highly qualified cybersecurity program in place. If a single employee or vendor falls for phishing attacks for example, such provider cannot provide secure services. If such providers do not have in place an ethical hacking drill program, they cannot keep your information safe.
The reason why my series are about secure translations is that the processes being used today to translate documentation for international Corporations are in hands of users that are most likely not well trained. If your organization has trusted translations to Language Service Providers (LSP) that do not have strong continuous employee mastery-training programs, then your risk of data loss is high, no matter what such providers promise. If your LSP is not training users for security mastery, then such Language Service Provider cannot offer secure translations. They might sell themselves as secure translation providers but the devil is in the details. You are ultimately in charge of requesting proof that your content is handled by employees and vendors that master the art of fighting cybercriminals, of being cautious, of being knowledgable. This requires constant training and testing. This is serious cybersecurity matter.

You can follow the "Secure Language Translations" series in this blog, on linkedIn, Twitter or Google+. My objective is to educate executives and managers but also to help engineers in reducing the organization risk through sound security measures.

Tuesday, February 12, 2019

Smart Marketing - Understand the Hollywood Principle

Growth hacking has taught Marketing the importance of Applied Software Engineering. Growth Marketing practitioners should understand how consumers think. Consumers apply the Hollywood Principle: "Don't call us, we'll call you". The Consumer should be calling the Producer instead of the reverse. This inversion of control mechanism would, in my opinion, benefit the marketing mix: Products will deliver exactly what customers are demanding. Price will be transparent and commensurate to the offered value. Placement of the product will be dictated by the buyer interest and profitable customer retention analysis, rather than artificially and temporarily apparent customer demand. Promotion of the product will be achieved by free subscription to relevant material rather than expensive ads, and more educated clients will look into comparison matrices emerged from a community rather than paid artificially generated benchmarks.

The Hollywood Principle brings to software development two important benefits: Decoupling, which is needed to make sure code can be tested in isolation; and Cohesion, which is needed to make sure software is packaged together to work towards a very specific goal.

This principle also brings to the customer two important benefits: Decoupling, which is needed to avoid locking into sub-par services as the priority becomes a match on prioritized needed features rather than existing relationships; and Cohesion, which is needed to make sure consumed services offer highly specialized value rather than a one size fits all requirements.

Traditional marketing is still predominant: pushy follow ups on cold email campaigns, pushy follow ups on consumption of published content, pushy ads that do not let you navigate through clean content, pushy commercials that disrupt your productivity ...

We all want our services to be bought but pushing at the wrong time has an adverse effect. Pulling is safer. Instead of overwhelming the potential future customers with unnecessary calls, emails and ads; marketers should keep the good job of publishing meaningful content that educates and makes the customer ultimately decide for the best.

Marketing should be modernized and respect the modern knowledge user. Do not call the customer, let the customer call you later when your service is of interest. Offer your potential and existing customers a valuable newsletter/podcast/videocast without fluff but just stuff, make your website rich in content that educates on the possibilities of your services, showcase previous successful client engagements, make all content short and educative. Everybody wants free lunch, which we know it does not exist, but we should know when is the right time to charge for it.

Here is a simple recipe:
  1. Create relevant content in different media (some prefer video, others audio, others written information)
  2. Allow to subscribe to such content and explain clearly who and how to reach out for further questions and suggestions
  3. Listen to feedback, measure impact and segment the audience to determine what relevant content should be created next
Here are examples of pushy marketing that has not worked for me and probably it is not working for most because it does not respect the Hollywood Principle: