A Business Technology Place

More or Less?

Truth.

There will always be more work to do than is possible to accomplish by my team.

Think more. Whine less.

Earlier this year I penned some thoughts about thinking through resource contention, Do more with what you have!, because I was looking for better ways to address resource contention than to simply say more people are needed. Getting stuff done is as much a mindset as it is a collection of work output. I’ve learned that when I am overwhelmed with size of the backlog of tasks then the frequency of my output decreases.

In the book, ReWork,  Fried and Hansson address the value of staying lean with less,

“I don’t have enough time/money/people/experience.” Stop whining. Less is a good thing. Constraints are advantages in disguise. Limited resources force you to make do with what you’ve got. There’s no room for waste. And that forces you to be creative. “

Do I believe that? The words do inspire me to look at my backlog through a different set of lenses. One thing I know is this. If I’m able to produce consistent output that adds value to the customer and mission of my team then conversations about the priority of the backlog are easier.

In the book Blue Ocean Strategy, Kim and Mauborgne say it this way,

“instead of getting more resources, tipping point leaders concentrate on multiplying the value of the resources they have.”

The Theory of Constraints management paradigm teaches us to first find the constraint within a process and then to exploit the constraint by shifting resources, managing work queues, and possibly adding capacity. With this lense, value is unlocked by first examining the underlying process instead of trying to add more people.

More or less?

As I sit writing this, I’m led to these conclusions:

More is contentment with less because having less allows me to get more done.

Less is obsession about more, because having more often leads to getting less done.

Onward and upward!

Revisiting – What are you known for?

Deja Vu

I recorded a few rambling thoughts one day after work this week. That’s how many of my blog posts originate. Things happen through the course of a day that stick with me into the evening. When I jot down my thoughts, I see interactions with people, process observations, desires for a better solutions, and things I want to change.

This week I looked over my notes and thought, “What do I want to be known for?” It’s a question I knew I had asked myself in the past. Three years ago, I wrote a post entitled What are you known for?  In that post I expressed my desire to be known more for providing solutions over following processes. I’m a practitioner of following processes, but the process itself isn’t bigger than the results it provides.

Dr. No

Fast forward to today. The Information Technology landscape is increasingly burdened with applying more security and availability controls to keep customers data safe and to achieve compliance with standards. But compliance is never convenient. The IT guy is caught in the cross hairs of a battle between making the work environment more secure and the extra burden it places on other employees. Burden in this context means restrictions. Lots of them.  

Traditionally, IT has been known as Dr. No. There are restrictions on what hardware employees can use and what software they can install; Internet sites are blocked, software can’t be downloaded, etc. This is the seed that birthed Shadow IT where departments arrange and install software outside the approvals and processes of their local IT group.

A better way

I’ve had too many experiences in my career watching people telling someone else they can’t do something for one reason or another. It’s not only frustrating; it drains the energy and motivation of those involved.

But it doesn’t have to be this way in every situation.

A better partner explains the constraints of the problem and solution. Instead of ending a discussion with ‘no’, he or she will offer alternatives for a solution.

 

“We can’t do that for you, but what we can do is this…..”

“That’s not possible, but I know a way that is….”

“We are prohibited by policy/contract/compliance control from doing that, but there a few different ways to accomplish something similar….”

 

Of course, the person on the receiving end has to be able to compromise and think about the solution in different way as well. It takes two to make the partnership happen.

If you are a solution provider, don’t stop at the word ‘no’.

If you are a solution receiver, be open to alternative ways of doing things.

What do you want to be known for?

Onward and upward!

 

The Yin and Yang of Security Patching

 

My computer is working, don’t change anything.

As an IT manager I observe this behavior regularly with end-users and product managers of eCommerce applications. It’s understandable. When a computer system is working and doing its job then “updates” are sources for creating failure. Updates change code. Updates rock the boat.

If a computer security update hasn’t bitten you yet, then it’s probably just a matter of time. My experience is the number of system issues related to operating system updates is growing.  It’s hard to test all the dependencies of code updates against every combination of hardware and software that exists on computing equipment. A couple of examples I can point to in 2017 are Microsoft Edge no longer working after installing the Windows 10 Creators Update.  Then there was the issue of Microsoft Outlook unable to open attachments which was later resolved with another hot fix.  

But we all know security updates are necessary. Why would we risk our personal data to thieves? In a business setting, why would put our customer’s data at risk? Why would we put the reputation of our business at risk?

Therein we find the yin and yang of security updates. We don’t want to upset the balance of a stable system, but we need to update the system so that it can remain stable in the future.

In the name of audit controls and security principles.

In the business environment, audit standards require staying up-to-date with security patches. ISO 27001/ISO 27002 and SOC2 have controls specifically addressing vulnerability patch management policies and procedures. To meet the requirements of the controls, a discipline in process and procedure is required.  These standards are there to help nudge all of us to change because we all know we resist change.

Plug those security gaps or face the consequences.

The consequences of not installing security patches can be devastating. In the worst case of cyber theft reported thus far, Equifax was robbed of information for 143 million individuals. The attackers found a weakness because Equifax failed to patch a known security vulnerability in website code they use.

Now hundreds of millions of people are exposed to the whims of criminals. The reputation of a large credit bureau is blown. The two highest ranking security officials within Equifax are out of a job. Patching known security vulnerabilities is serious business.

Complementary forces at play.

The next time someone schedules a security update for a system or application, understand the potential consequences fully. Intruders are at the gates. They make a living on our resistance to change.  But if we support the change and work with administrators to report any malfunctions, we can all help to build a safer tomorrow.  That’s how another yin and yang can make a more complete whole.

Onward and upward!

Special Sauce

Two all-beef patties, special sauce, lettuce, cheese, pickles, onions, on a sesame seed bun. I remember that McDonald’s commercial like it was yesterday. Now, decades later, I’m still fascinated with ‘special sauce’, just not the sauce on a Big Mac. The topic is universal. What makes companies and groups successful?special-sauce

This article from Harvard Business Review about corporate survival examines the increased failure rate of companies that start today versus those that started before 1980. Their research found that, “firms listed after 2000 spent more than twice as much as earlier firms (in percentage terms) on organizational capital and half as much on physical assets…..But that advantage is a double-edged sword, they add: The good news is the newer firms are more nimble. The bad news for these firms is that their days are numbered, unless they continually innovate.”

Innovation encompasses special sauce. Some companies find it by creating a new paradigm like Cirque de Soleil. They created a new mold for a circus by removing animals and focusing on adults with a more sophisticated form of entertainment. Chic-fil-a uses customer experience and community involvement for their special sauce to make a chicken sandwich more than just lunch. Innovation isn’t limited to technology. The special sauces from Cirque de Soleil and Chic-fil-a have staying power. While competitors can see it, they haven’t really been able to imitate it. I found the Big Mac special sauce recipe online.

Keep searching for your special sauce.

Onward and Upward!

Compete or get left behind

Ack!

This story about Eugene Kaspersky complaining about Microsoft including antivirus software with Windows 10 touched a nerve. I had flashbacks to the litigation against Microsoft and Internet Explorer bundling in the late 1990s. Fast forward 16 years later from the browser showdown and we see that Internet Explorer is currently only the third most widely used browser in the market. That doesn’t sound like a monopoly to me.

Could there be parallels to this story and a lesson for Kaspersky? What happens when like-products compete on value, ease of use, and reputation in the marketplace? There’s plenty of room for competition in anti-virus software market too. Will the best antivirus packages step forward?

Microsoft

In my experience helping friends with personal computer issues at home, I found that most have the antivirus installed that was bundled with the computer. But typically the free trial subscription has expired. That’s certainly not a scientific study and my sample size doesn’t register as adequate. But I’m guessing many people are like that. Microsoft is helping consumers that are not tech savvy by providing automatic antivirus updates and a base level of protection. I see this as a good thing.doctorpc

Competition

There is opportunity for other competitors in this space. Just like the browsers in the late 1990s companies may have to rethink how they connect with customers. The topic of computer viruses is touchy and consumers are wary of a barrage of pop-ups asking for money and subscription renewals.

So let competition find the real players. Build something better. Build something simple. Build something that adds value and builds a reputation of trust.

Onward and upward!

 

Photo credit: Intel Free Press via Creative Commons