Showing posts with label Obstacles. Show all posts
Showing posts with label Obstacles. Show all posts

May 10, 2012

Oh Deer!

This is an amazing photo by my daughter, Michelle Blumenthal. 

This deer just tried to jump a fence, but got impaled right through its neck--yikes! 

Truly a life lesson--it is good to reach high for what you want, but not to overreach. 

It really is a fine balance and takes self-awareness, discipline, and some good fortune. 

We have to know how much and how quickly to push ourselves to grow past prior limitations, but also recognize just how far we can make it on the next leap. 

Maybe that's one reason an incremental or phased approach is good.

It enables us to move ever forward, carefully planning and navigating our next steps, while hopefully not getting unnecessarily hung up by the life obstacles we must overcome. 

Good luck everyone!

Share/Save/Bookmark

March 6, 2010

Overcoming the Obstacles to Cyber Security

There continues to be a significant shortfall in our cyber security capabilities, and this is something that needs our determined efforts to rectify.

Often I hear a refrain from IT specialists that we can’t wait with security until the end of a project, but rather we need to “bake it into it” from the beginning. And while this is good advice, it is not enough to address the second-class status that we hold for IT security versus other IT disciplines such as applications development or IT infrastructure provision. Cyber Security must be elevated to safeguard our national security interests.

Here are some recent statements from some our most respected leaders in our defense establishment demonstrating the dire strait of our IT security posture:

· “We’re the most vulnerable, we’re the most connected, we have the most to lose, so if we went to war today in a cyber war, we would lose.”- Retired Vice Admiral Mike Mullen (Federal Computer Week 24 February 2010)

· The United States is "under cyber-attack virtually all the time, every day” - Defense Secretary Robert Gates: (CBS, 21 April 2009)

· “The globally-interconnected digital information and communications infrastructure known as “cyberspace” underpins almost every facet of modern society and provides critical support for the U.S. economy, civil infrastructure, public safety, and national security. This technology has transformed the global economy and connected people in ways never imagined. Yet, cybersecurity risks pose some of the most serious economic and national security challenges of the 21st Century.” (White House CyberSpace Policy Review, 2009)

Further, the number of attacks is increasing; for example, SC Magazine 20 November 2009 reported that the number of cyber attacks against the Department of Defense was increasing year-over-year 2009 to 2008 by some 60%!

And the penetration of our critical systems spans our industrial, civilian, and defense establishment and even crosses international boundaries. Most recently reported, these included the following:

· F-35 Joint Strike Fighter $300B program at Lockheed Martin,

· The Space Shuttle designs at NASA

· The joint U.S. South Korean defense strategy

· The Predator feeds from Iraq and Afghanistan and more.

Thankfully, these events have not translated down en-masse and with great pain to the individuals in the public domain. However this is a double-edged sword, because on one had, as citizens we are not yet really “feeling the pain” from these cyber attacks. On the other hand, the issue is not taking center stage to prevent further and future damage.

This past week, I had the honor to hear Mr. James Gossler, a security expert from Sandia National Labs speak about the significant cyber security threats that we face at MeriTalk Innovation Nation 2010 on the Edge Computing panel that I was moderating.

For example, Mr. Gossler spoke about how our adversaries were circumventing our efforts to secure our critical cyber security infrastructure by being adept and agile at:

· Playing strength to weakness

· Developing surprising partners (in crime/terror)

· Changing the rules (“of the game”)

· Attacking against our defenses that are “naïve or challenged”

In short, Mr. Gossler stated that “the current state-of-the-art in information assurance [today] is significantly outmatched” by our adversaries.

And with all the capabilities that we have riding on and depending on the Internet now a days from financial services to health and transportation to defense, we do not want to be outgunned by cyber criminals, terrorists, or hostile nation states threatening and acting in ways to send us back to the proverbial “stone-age.”

Unfortunately, as a nation we are not moving quickly enough to address these concerns as retired Navy vice admiral Mike McConnell was quoted in Federal Computer Week: “We’re not going to do what we need to do; we’re going to have a catastrophic event [and] the government’s role is going to change dramatically and then we’re going to go to a new infrastructure.”

Why wait for a cyber Pearl Harbor to act? We stand forewarned by our experts, so let us act now as a nation to defend cyber space as a free and safe domain for us to live and thrive in.

There are a number of critical obstacles that we need to overcome:

1) Culture of CYA—we wait for disaster, because no one wants to come out first—it’s too difficult to justify.

2) Security is seen as an impediment, rather than a facilitator—security is often viewed by some as annoying and expensive with a undefined payback, and that it “gets in our way” of delivering for our customers, rather than as a necessity for our system to work

3) We’ve become immune from being in a state of perpetual bombardment—similar to after 9-11, we tire as human beings to living in a state of fear and maintaining a constant state of vigilance.

Moreover, to increase our cyber security capabilities, we need to elevate the role of cyber security by increasing our commitment to it, funding for it, staffing of it, training in it, tools to support it, and establishing aggressive, but achievable goals to advance our capabilities and conducting ongoing performance measurement on our initiatives to drive results.


Share/Save/Bookmark

March 21, 2009

Challenges of a Change Agent

I have always been fascinated by leadership and how to grow an organization in spite of a broad variety of obstacles to change and maturity.

Indeed, as I have studied, read, watched, and practiced leadership and change initiatives for over two decades, I am always intrigued at the role of the change agent.

Certainly, it is hard to be a change agent for so many reasons. It is hard to change yourself let alone to get others to change. It is hard to exist in an environment where you see new and different possibilities, but others see only their way or the highway. It is hard to see others jockey for power and revel in the humiliation and shame of their peers. Change is only for the strong-hearted.

It’s interesting to me that change agents are often alone in the enterprise. They are specifically brought in fix highly ingrained problems that very often culturally rooted and that are damaging to the continuing maturation and success of the enterprise. But the change agent is coming in with “fresh eyes” and accompanying toolkit of best practices from outside the insular dynamics of the dysfunctional organization.

But the change agent is alone, or relatively so as they may be others who are “bucking the trend,” to try to bring a new openness and flexibility to the stagnant corporate culture and decaying ways of doing business that descend like death over complacent or arrogant organizations that think that once on top of the world, always on top.

Applause to the organizational leaders who are aware of processes, products, and ways of thinking that are broken and recognize the need for change and attract the agents of change and agility.

But the change agents run against the tide. They are new and are viewed as not knowing anything about the organization. Moreover, they are perceived as a danger to the comfortable long-standing held beliefs and ways of doing things. And moreover, they are seen as a threat to the incumbents. So from the incumbents perch, the change agents need to be shamed, humiliated, thwarted at almost any cost. And the change resisters in the established hierarchy “revel” in every obstacle they throw up.

There is an interesting article in the Wall Street Journal, 21-22 March 2009 about a website where people “revel in each other’s humiliation.”

The French site www.viedemerde.fr has 70,000 readers and it has “become a phenomenon in France…it receives a thousand or so new stories a day from which three young men who run it pick a dozen or so to post…the site now has 7,200 vignettes picked from nearly 400,000 sent in.”

It started a couple of years ago by the founder who “started posting stories online about the frustrations of modern life.”

The stories of life difficulty that are shared and read by others is closely aligned with Schadenfreude, a German word which means “One’s person’s misfortune is another’s happiness.” Or another version for the popularity of the site is that “one person’s misfortunes reassure another.”

Whichever explanation you adhere to for the popularity of people posting and reading about other people’s misfortunes and shame, points to people’s need to open up and release thoughts and feeling that are shameful and painful; people have a need to share, commiserate, and gain acceptance and to know that they are not alone.

Now there is an English language version of the popular website www.fmylife.com and “stories are flooding in. But the content is often similar. ‘It’s like there is a kind of solidarity among all countries when it comes to misfortune. We are all in a big, international pile of crap—but we’re in it together.”

The enterprise, its diehard stalwarts, and the change agents are also in it together. And they will either sink or swim. Hopefully, they decide on the latter.


Share/Save/Bookmark

April 18, 2008

10 Obstacles to Enterprise Architecture

Here is an interesting list of 10 obstacles to the enterprise architecture from a colleague and friend, Andy Wasser, Associate Dean, Carnegie Mellon University School of Information Systems Management:

  1. Lack of Senior Management [Commitment] Support
  2. Inability to obtain necessary resources (funds, personnel, time)
  3. Business partner alienation
  4. Internal IT conflicts and turf issues (no centralized authority)
  5. Lack of credibility of the EA team
  6. Inexperience with enterprise architecture planning or inexperience with the organization
  7. Entrenched IT team [operational focus versus strategic]
  8. Focus on EAP methodologies and tools [rather than on outputs and outcomes]
  9. Uncertain payback and ROI
  10. Disharmony between sharing data vs. protecting data

This is a good list for the chief enterprise architect to work with and develop strategies for addressing these. If I may, here are some thoughts on overcoming them:

1-4,7,9: Obtain Senior management commitment/support, resources, and business/IT partnership by articulating a powerful vision for the EA; identify the benefits (and mandates); preparing an EA program assessment, including lessons learned and what you need to do to make things “right”; developing an EA program plan with milestones that shows you have a clear way ahead. Providing program metrics of how you intend to evaluate and demonstrate progress and value for the business/IT.

5,6,8: Build credibility for EA planning, governance, and organizational awareness by hiring the best and the brightest and train, train, train; getting out of the ivory tower and working hand-in-hand in concert with business partners; building information products and governance services that are useful and usable to the organization (no shelfware!); using a three-tier metamodel (profiles, models, and inventories) to provide information in multiple levels of details that makes it valuable and actionable from everyone from the analyst to the chief executive officer; looking for opportunities (those that value EA and want to participate) and build incrementally (“one success at a time”).

10: Harmonize information sharing and security by developing an information governance board (that includes the chief information security officer) to vet information sharing and security issues; establishing data stewards to manage day-to-day issues including metadata development, information exchange package descriptions, discovery, accessibility, and security; creating a culture that values and promotes information sharing, but also protects information from inappropriate access and modification.


Share/Save/Bookmark