Since the classes I teach at the University of Maryland and Syracuse University are on-line distance learning, it is always a treat for me to have actual live students in the same classroom as I am to interact with. This year the exchange of information was really great, Dr. McCreight has a wonderful class. For all of these activities, I deal with what I call the “avoidance of appearing like an idiot in front of people syndrome”, which forces me to at least to scan and keep up with the literature before the class is held.

While I am one of those people who learn best by doing, being able to talk to and/or discuss with bright students is still very helpful and fun to do.

I have posted my presentation below and during the next few weeks hope to write a few columns based on the later slides, of course I have still not written my last two posts I promised on cloud computing, as as usual what I plan to do with this blog and what actually happens continues to diverge.

GWU Cybersecurity Presentation

On slide 13, I put a quote from Professor John Mueller, who is the Woody Hayes Chair of National Security Studies at Ohio State University, parenthetically a title which gives one pause for a number of reasons. I really like to read Professor Mueller’s papers not because I agree with all of them but because he is a contrarian. It is from those people who do not follow the crowd, that much can be learned.

Professor Mueller basically claims that the ability to predict what a terrorist would do is so small and the cost of protecting everywhere so high that we need to rethink our entire approach to national security. He has written a number of papers on this subject including doing mathematical analysis of the value of the lives saved or lost, which I expect makes some readers uncomfortable, but in the end makes a pretty strong case that we are throwing a lot of money down a bottomless well and not achieving very much with the investment.

I do not have enough expertise to figure out if he is right or wrong, but wanted to mention the related issue which his premise touches on which is prioritization.

The lesson from Professor Mueller is that prioritization in order to work has consequences. That is, when one decides what is a high priority and what is a low priority, then more attention and resources need to be invested in the high priority items – this is the easy part – and less attention and resources need to be invested in the low priority items – AND THIS is the actual hard part.

Interestingly to me, there is lots and lots of attention in the Government in how to create and implement performance based measurements. Doing so in the Government has difficulties not present in commercial situations in large part due to the less clear goals or at least less agreed to goals that a Government program may have. But as hard as creating a performance based approach is, in reality in the end it is the easy step. Much, much harder is acting on the results.

Taking ownership for NOT dealing with a low priority item is not a goal for most Government managers. If you do so and something goes wrong unexpectedly with the area you didn’t get to, you will own the negative results which is not so hot in our blame-first, analyze-second culture. Thus regardless of how we prioritize and how we measure performance there is a tendency to peanut-butter the investments, spreading them around so everything gets at least some attention and none, including the potentially identified high-priority items, get solved.

The lesson from this to me is that it is as or more important to focus on getting agreement from all stakeholders, and their management, as to how to prioritize and the implications of prioritization as it is to create the measurement systems. If the implications are not agreed to up front in a public fashion, then even after performance is measured, you will still end up not acting on the results.

Many people have a permanent signature that has some generic sign-off like “Gratefully yours” or “Many thanks” or  ”Respectfully yours” or something like that and then their first name on the final line.

However, there are tons of emails where this signature ends up being jarring.

“Dear Second Rate Person,

You have been unreasonable for ever. You don’t return calls, you don’t respond to emails.

Your company provides lousy customer service.

Your children are ugly.

I can’t even believe you found someone willing to mate with you for money let alone be a fellow parent.

Respectfully yours,

- Me”

And such is the electronic world we live in today.

First when I woke up I checked my emails for the two classes I am teaching through distance learning, at the University of Maryland University College, a capstone class for an IT Master’s program, and at Syracuse University, about Cyber-Security Policy.

One of my students at Syracuse University was taking the class for a second time because he was unable to finish it the first time. The reason he could not the first time was because he had been stationed in Afghanistan and he wasn’t able to juggle the time he had to spend out in the field with the time necessary to complete the class assignments. This, coupled, by the intermittent Internet access meant he was unable to finish the work. As a result I arranged with Syracuse University for him to take it again this year without additional cost and with no negative grade consequences (small things for a large sacrifice on his part).

This morning his email confirmed that he will have to redeploy back to Afghanistan this coming week. Since he will be based in Bagram, he is much more confident that he will have sufficient Internet access and thus will be able to finish the final weeks this time. His role is to provide IT support for Forward Operating Bases, which doesn’t sound like something most of us would want to do.

He thanked me for being so flexible. I thanked him for his service, I told him it was a continuing honor to have him in my classes.

After reading his email, I went and voted.

All of us should, people like my student are the reason we can.

In a separate post, I will talk more about that, but until I get that written, one of my students in my Syracuse University class on CIO on “CIO’s and the Global Enterprise”, wrote an interesting discussion about Ambient Organizations.

As I understand the various phrases that use the word ambient in this context, what is being said is that we come across information all the time; conversations, books we read, news sources, and so on. Over time even when we do not realize it, we tend to process and integrate this information often in unexpected ways. This is becoming even more relevant as the number of information sources and the pervasiveness of them increases.

For a simple example, for those of us who participate in such things as twitter or facebook, it is not infrequent that we when we run into someone for the first time physically that we are connected to on one of these social networks, it is as if we already know them. Even when we didn’t notice it, we pick up on what a person is interested in and what their opinions on a variety of topics are.

Helen Patricia McKenna is one of my students in this semester’s CIO class, the class itself in fact is completely on-line; taught asynchronously – that is, no direct lectures. It is part of the on-line graduate curricula at Syracuse University’s iSchool,  http://ischool.syr.edu/. She often posts very interesting comments, this one I thought was of particular interest – I will warn those who go on, that in addition to being interesting it is a bit long.

BTW, in the interests of full-disclosure, I also teach at the University of Maryland University College. I find that the “do not want to appear like an idiot” syndrome forces me to keep relatively up-to-date in the topic areas I teach – which typically range from Cyber-Security Policy to CIO Management to IT Acquisition.Helen Patricia McKenna

What will the CIO position look like in 10 years, and in 20 years?

It is difficult to know what the CIO position will look like in 10 or in 20 years but I would guess that it will have transformed considerably. In responding to part of quiz question number 3 for this course — What would you predict would impact on CIOs in the next 3-5 years — I wrote about the ‘ambient enterprise’ as follows:

In the next 3-5 years I would predict that it is the emergent ‘ambient organization’ or ‘ambient enterprise’ (Elliot, 2006)¹ that will have a great impact on CIOs.  Bjorn-Andersen (2003) defined an ambient organization as:

“a networked entity of organizations that, enabled by emerging technologies, exploits virtual resources, communication and collaboration schemes and defines an organizational structure and business model to create sustainable value.”²

We note from this definition the very technologies and elements that have been coming together to transform business as we know it — collaboration, virtualization, networking, and the ‘social’ enterprise.

Elliot (2006) explores the industry context for ambient organizations and examines their impact on ‘theory and practice.’ He points to “the increasing dependence on alliances as a critical factor in the implementation of transformative strategies.”  Elliot goes on to refer to ambient organizations as ‘amborg’ and proceeds to develop a series of characteristics noting that:

“the Amborg represents an emerging organizational form … there is a move from a focus on activities performed by enterprises to a focus on reconfiguring roles and relationships among a constellation of suppliers, business partners, and customers in order to mobilize the creation of value in new forms by new players.”

And on another level³ “the idea of ‘Ambient Business Intelligence’ simply means that it will surround and inform, even in ways that may not be perceived directly. The value of BI will no longer be assessed by its functionality or ‘ease of use,’ it will be valued by what it can deliver for an organization at the top line and the bottom line.”

Schmitt et al (2008)⁴ encourage us to think of  ‘ambient business’ enabled by open source and mobile technologies allowing for open innovation.  Cripe (2010)⁵ brings ambient to the level of metrics:

“Ambient metrics center on business intelligence that comes not from rows and cells in a database, but rather from unstructured content itself … Tracking and identifying consumption patterns of similar kinds of users in an organization can yield actionable intelligence … This allows relevant content from one part of a company to be suggested to a worker in another part of the company … What makes that information uniquely relevant is its contextual appropriateness to the business problem or business process at hand. What makes any of it workable at all is user-centricity.”

And Hinchcliffe’s research leads him to the development of ‘The Emerging Transition To Social Business Models’,⁶ a component of which is ‘ambient communication’, the notion that “today, everyone can talk to anyone, just about anywhere for nearly … at zero cost.”  Ambient communication, together with the other elements of the model — global information flows, social computing, market discontinuity — are rapidly transforming the business world as we know it and, in the process, the business of the CIO.  My advice would be — watch the ‘ambient business space’ and the ability of the CIO to understand, engage with and navigate this space and its potential.

Skarler (2009) explores 3D models for e-managing arguing that, “As we work in different constellations, levels, networks, and sub networks etc., we need to see networking in multiple dimensions, i.e. as ambient organizations.”⁷ ( Skarler, 2009)

Moving on to other thinking on the topic, Watson (2009)⁸ considers whether the CIO position is in crisis and notes that:

Guy Currier, who oversaw our CIO Role study and wrote its accompanying analysis⁹, doesn’t see CIOs disappearing, per se, but says that the function is clearly in trouble. ‘The possibility of the demise of the CIO position seems overblown … but the fact that nearly 16 percent of our survey respondents this year agreed with the statement, ‘The CIO position will have virtually disappeared in 10 years,’ represents a profound crisis brewing for IT leaders.’

Watson goes on to say that “about two in three respondents to our annual CIO Role study believe the CIO role will look very different in 10 years” and by working with this realization the “transition into the future will strengthen the CIO community — and potentially help stave off an even greater crisis in their ranks.”

Research on women and IT leadership, mentoring and other related factors suggests that women are increasing in numbers in the CIO role in higher education concluding that “Higher education appears to be a more favorable environment for the development of female IT leaders than the technology field in general.”¹⁰

Acknowledging the changing role and competencies for the CIO, a ‘Future-State CIO’¹¹ has been established by the CIO Executive Council global community claiming that “outstanding CIOs most resemble outstanding CEOs” and providing a leadership competencies journey document.¹²

In 2008 PricewaterhouseCooper emphasized the ‘I’ in CIO and pointed to the importance of the innovation role for the CIO¹³ while in its most recent report,¹⁴ PricewaterhouseCooper focuses on the CIO and ‘big data’ -

“Big Data isn’t merely a new model; it’s a new way to think about all data models. Big Data isn’t merely more data; it is different data that requires different tools. As more and more internal and external sources cast off more and more data, basic notions about the size and attributes of data sets are likely to change. With those changes, CIOs will be expected to capture more data and deliver it to the executive team in a manner that reveals the business —and how to grow it —in new ways.”

Guterman (2010) claims that:

“As companies with a history of cautious data policies begin to test and embrace Hadoop, MapReduce, and the like, forward-looking CIOs will turn to the issues that will become more important as Big Data becomes the norm. The communities arising around Hadoop (and the inevitable open-source and proprietary competitors that follow) will grow and become influential, inspiring more CIOs to become more data-centric … Whether learning from Google’s approach to Big Data, hiring a staff primed to maximize its value, or managing the new risks, forward-looking CIOs will, as always, be looking to enable new business opportunities through technology.”

Dignan (2009) sees the CIO role splitting into two areas of concern, operational:

“a purely operational group that keeps the networks up, builds and maintains the virtualized infrastructure, and maintains shared business services like email and ERP. Complex and critical, yes, deserving of a C-suite role, no.”

And more importantly, ‘internal consultancy’:

“This group will be equally at home in both the business and technical worlds (just as its colleagues in business units will be extremely well-versed in technology), and will work to leverage corporate infrastructure to build new functionality. This group might advise on a new digital marketing campaign, or it might help finance determine the right mix of outsourced and internal infrastructure to support a new system. Rather than being compensated for technical objectives, they are compensated for business results and succeed or fail along with their business counterparts … the CIO becomes a mix of process officer, information broker and skunk works-type researcher. … the “Information” portion of IT becomes far more relevant than the technical aspects.”¹⁵

FastCompany magazine recently ran a blog series on the C-Suite where Elkington (2010) used the metaphor of the ‘wild card’  referring to CIOs as ‘Chief Innovation Officers ‘ and ‘a new breed of aces’¹⁷ – the CIO, CTO, CCO (chief creativity officers) :

“In the new order, by stark contrast, much of the change is bubbling bottom-up, cutting across established hierarchies, and it turns out that many of the most powerful solutions to the great systemic and market challenges we face are to be found outside the confines of the company. Tomorrow’s corporate Aces will know how to play the wild cards that have [been] so disruptive to earlier generations of CEOs and senior executives–and they will know how to source suitably disruptive solutions, whether from customers, competitors, NGOs, public agencies or social and environmental entrepreneurs.”

Elkington goes on to speak about innovation, sustainability and the new business environment claiming that:

“The tragedy is that so many business schools betrayed their students for so long by failing to equip them for a world where environmental, social and governance issues are becoming part of the C-Suite agenda in one sector–and geography–after another. Having worked with MBA and other postgraduate students at business schools and universities around the world, we have experienced at first hand the incredible appetite of so many of these young people for exposure to these new challenges and to those who are innovating solutions.

And Elkington sees “sustainability as innovation’s new frontier” rather than a choice “between the largely social benefits of developing sustainable products or processes and the financial costs of doing so.” He concludes by suggesting that:

“whatever your business, it’s time to find and learn how to play your Aces. Ranking as either the highest or lowest card in the deck, depending on the rules, the Ace symbolizes the top-down, bottom-up world into which we are headed. But however it gets into your hand, it is the most powerful card in poker–a key to making the highest possible pair, straight, flush, or full house. It’s time to find these people, whether inside or outside today’s C-Suite, inside or outside the corporation. And to work with them to create new forms of capitalism fit for the new century.”

Changing values and the pace at which technology is changing is demanding massive transformations for business and in how we conduct business, in and around the social and organizational  structures we create.

¹ Elliot, Steve. (2006). Technology-enabled innovation, industry transformation and the emergence of ambient organizations.. Industry and Innovation.

² Bjørn-Andersen, N. (2003). Ambient organizations. Centre for Electronic Commerce. Copenhagen Business School.

³ Hired Brains Inc. (2007). Ambient business intelligence: pervasive technology White paper.  Framingham, MA: IDG Connect.

⁴ Schmitt, Christian, Schoder, Detlef, Fischbach, Kai, and Muhle, Steffen. (2008). Towards ambient business: enabling open innovation in a world of ubiquitous computing. Hershey, PA: IGI Global.

⁵ Cripe, Billy. (2010). User approach, processes and ambient metrics differentiate Enterprise 2.0 strategies.  Washington, DC: FierceMarkets.

⁶ Hinchcliffe, Dion. (2010). Exploring why social business will drive 21st century enterprises. Dion Hinchcliffe’s Web 2.0 Blog.

⁷ Skarler, Viktoria. (2009). eManaging ambient organizations in 3D. Journal of Theoretical and Applied Electronic Commerce Research, v. 4(3):30-42.

⁸ Watson, Brian P. (2009). The CIO in crisis mode. CIO Insight.

⁹ Currier, Guy. (2009). CIO blowback. CIO Insight.

¹⁰ Brown, Wayne & McClure, Polley. (2009). Women as current and future CIOs. EDUCAUSE Review, 44(6).

¹¹ Kelner, Steve & Patrick, Chris. (2010). Your leadership portfolio: developing the competencies of a Future-State CIO. A Leadership Competencies Development Series from the CIO Executive Council and Egon Zehnder International.

¹² Egon Zehnder International & CIO Executive Council. (2010). Leadership competencies journey.

¹³ PricewaterhouseCooper. (2008). I for innovation*: the next-generation CIO. Center for Technology and Innovation. (* connectedthinking).

¹⁴ Guterman, Jimmy. (2010). Revising the CIO’s data playbook. In: Making sense of big data. Technologyforecast: a quarterly journal, Issue 3, p. 45. PricewaterhouseCooper.  < http://www.pwc.com/us/en/technology-forecast/assets/PwC-Tech-Forecast-Issue3-2010.pdf >

¹⁵ Dignan, Larry. (2009). The CIO is dead (long live the CIO). ZDNet, News & Blogs.

¹⁶ Elkington, John. (2010). Wildcards for tomorrow’s C-Suite.  Fastcompany Magazine.

¹⁷ Elkington, John. (2010). Playing aces: going for the C-Suite flush. Fastcompany Magazine.

A few people asked me to post my presentation, but I have found that my current job as the COO at Powertek Corporation has caused me to miss many of my self-imposed deadlines for doing many things, including updating my blog.

However, has now been overcome, at least for a few moments, and here it is.

UMUC Slides 

My talk was divided into four parts:

• Context where I discussed what I call First Principals, what I feel are the underlying causes of much of the technological disruptions happening these days
• Some thoughts on security trends, after all this was a Cybersecurity Symposium
• Comments about the demand for security professionals, after all this also was a Job Fair
• Ending with some thoughts on the goals for security and some general advice

I think the slides are pretty self-explanatory though I keep hoping to turn some of them into individual blog entries.

I had two key pieces of advice.

First, I related an old joke by Steve Martin that talked about how to make a million dollars and not pay taxes. The first step was to ‘find a million dollars’. I find that many proposed solutions to security, well, actually to almost anything hard is the functional equivalent of that first step.

Second, I told them to remember that the primary mission of almost every organization they will work for is NOT security. Because of that fact, one of the primary jobs of a senior security professional is to learn how to articulate the reasons for security investments in the context of the actual mission goal. Otherwise, organizational senior management will not make the right decisions.