Infinistructure: Who Knew What When...

Who knew what when? This is the question of the last few months as we now embark on the path towards recovery.

The Operational Risks that have plagued our aging county, state and federal institutions are growing and the convergence factor has brought us even bigger systemic organizations "Too Big To Fail."

While many will be side tracked by the need to deal with the toxic assets still on the books or in sinking agencies the "Zero's and One's" don't lie.

The information, digital evidence and just pure data audit trails will remain for many to be caught, charged, indicted and then sent before a jury to decide their fate.

Managing risks in the enterprise today takes on many flavors and within several departmental or enterprise domains of expertise.

Whether it be the C-Suite, legal department, the IT department, Internal Audit, Security department or even the Operational Risk Management Committee the "Zero's and One's" don't lie.

Think about how much time the people behind organizational malfeasance spend on trying to cover their tracks, clean up the digital "Blood Trail" of their crimes and wrong doing all the while knowing that someday, a smart investigator or forensic examiner will connect the dots. Game over.

Regardless if you are two paid-off programmers who have been enforcing the "Business Rules" in their software by the boss or an internal threat actor does not matter.

Whether they are copying, stealing, altering or damaging the digital information within the organization does not matter; these Operational Risks still remain constant.

The resources and the money devoted to continuous due diligence, monitoring and preemptive strategy to Deter, Detect and Defend the digital assets of the enterprise need to grow dramatically to stay ahead of the curve.

The best way to figure out “What to do” and “How to do it” will require outside assistance. Moving your digital assets to be professionally managed makes sense for economic and other financially prudent reasons.

Yet this migration away from large numbers of people managing and maintaining your information technology infrastructure internally and on your payroll is just the standard "outsourcing" strategy right?

It has it's own set of 3rd party supply chain set of risks. After your next incident who will be asking: Who knew what when?

Many private sector and government enterprises who are augmenting their COOP and the economic strategy of "Cloud Computing" have realized the smart course of implementing and migrating to managed services and infrastructure suppliers.

"How can the utilization of an "Infinistructure" with the knowledge and application of a legal compliance ecosystem in your enterprise mitigate the risks associated with bad actors, unprepared personnel and the digital loss of key evidence?"

Stay tuned for more on this later. In the mean time remember this.

All of the newest technology, fastest AI computers and neural networks enabled with encryption and secured physical locations will not be enough to save your institution from Operational Risks.

It is just one more piece of the total risk management mosaic, that will still require the smartest people and the most robust policy and processes imaginable.

Who knew what when? This will continue to be the biggest question of the next decade.

operational risk

Private Sector: Proactive Continuity & Protection of Critical Infrastructure…

Before 9/11 who at your organization was responsible for the continuous “Continuity of Operations“ for the business?

Last time your Board of Directors had their quarterly or annual meeting, was your compliance with the U.S. CII Act of 2002 on the agenda?

You know, the Critical Infrastructure Act of 2002 (CII Act):

“Under provisions of the Critical Infrastructure Information Act of 2002 (CII Act), information that is voluntarily submitted per those provisions will be protected from public disclosure until and unless a determination is made by the PCII Program Office that the information does not meet the requirements for PCII. If validated as PCII, the information will remain exempt from public disclosure.”

Critical Infrastructure Information (CII) is information not in the public domain and related to the security of CI or protected systems by either physical or computer based attack that harms commerce in the United States or threatens public health or safety.

Today, who in your particular organization is responsible for the PCII Program and are the entities that submit information:

• Private Sector companies
• State, local, and territorial government entities
• Working groups comprised of government and private sector representatives

"It is well known that over 85% of Critical Infrastructure is owned and operated by these organizations in the United States."

Consider this thought.

AI is increasingly being powered now by the Private Sector. Crypto mining is powered by the Private Sector. There are 16 more key CI Sectors.

The companies that are in your city, county or state that are directly tied to your Critical Infrastructure to provide Water, Electricity and Natural Gas, Emergency Services, Healthcare, Information Technology and Transportation are all components of the on-going safety and security of your community.

Who in your organization is responsible for the key relationships of all of the CI entities that you rely on to operate and serve your community each day?

Is it your CISO? Is it your CSO? Is it your CFO? Is it your CIO? Is it your COO?

If you don’t know that answer in your Board of Directors Meeting then add this to your To-Do list with your CEO.

Here are four key areas of focused leadership in your role to build resilience of Critical Infrastructure Protection in your organization:

> R_ecruiting

> E_ducation

> N_etworking

> S_haring Information

After you and your RENS team have prioritized "Critical Infrastructure Protection" and the safety of the American people at your organization, how will your own leadership be visible and proactive?

Never forget!

Team Learning: Innovation Navigators...

The discipline of “Team Learning” has been present with sports and education, corporations and small businesses since the collaboration of people who have engaged in mutual dialogue.

“In a remarkable book, Physics and Beyond: Encounters and Conversations, author Werner Heisenberg argues that “Science is rooted in conversations. The cooperation of different people may culminate in scientific results of the utmost importance.” By Peter M. Senge The Fifth Discipline - The Art & Practice of The Learning Organization page 238

How will you excel into the future and continue to learn within the ranks of your particular organization?

• By sitting in a classroom?
• By watching a lecture?
• By working alone on a project?
• By creating outcomes without any potential beneficiaries feedback?

Before the “Learning Organization” was born, these kinds of activities and behaviors were the key ways people were educated and taught new skills.

As time passed and the benefits of “Team Learning” began to evolve, each participant was proactive in several key behaviors and activities.

After discovering the benefits of mutual dialogue and discussion with small groups of people who could actively participate together, the “Learning Organization” was launched.

How might you and your team of fellow leaders work together to learn from each other?

You see, if you are engaging in a true dialogue with trusted colleagues in a small group there are tremendous advantages in creating collaborative hypotheses.

The hypothesis building together creates the pathways and navigation for innovation.

“Innovation Navigators” working side-by-side on the testing of a mutual question gives each other the opportunity to learn from the relevant expertise of each other. The IQ of the team is now greater than just the individual."

What journey will you now embark on with your “Learning Team?

A new solution. A new product. A new method. To solve what?

That is not up to you to start the process.

It shall rely upon the answers from potential beneficiaries and how effective you are in asking questions with others on your team.

What is the problem to be satisfied? What is the problem to be solved?

Once your team truly knows the problem-set, the “Team Learning” shall begin…

Analytic Techniques: Ai Derived Decisions...

 Structured Analytic Techniques have been useful in so many ways for decades to arrive at “TrustDecisions”.

What particular technique is/was your favorite over the years for your current role or profession?

• Decomposition & Visualization
• Idea Generation
• Scenarios & Indicators
• Hypothesis Generation & Testing
• Assessment of Cause & Effect
• Challenge Analysis
• Conflict Management
• Decision Support

Analysis in any community of highly trained human professionals requires thinking that challenges and reviews an individual persons strategy.

In the past, it required a series of proven methods for arriving at faster decisions that can be effectively proven reliable and explained to those who are uninformed.

The risks associated with a particular set of actions or strategy can not be entirely eliminated, yet the risks may be minimized by using proven and disciplined thinking models.

Testing a decision makers conclusions by utilizing standardized and structured analytic techniques may sometimes open new thinking for the decision maker and other times avoid a costly outcome.

Testing senior management human conclusions is vital in a high stakes business or in an increasingly important life or death decision.

How might you utilize a methodology to continuously make more effective “Trust Decisions” in your area of responsibility?

Will Ai decision support eliminate certain human analysis techniques once it has been verified, tested and proved its risk is acceptable?

“Analysis conducted by the intelligence, law enforcement and business communities will never achieve the accuracy, and predictability of a true science, because the information with which analysts must work is typically incomplete, ambiguous and potentially deceptive.” Page 165 Structured Analytic Techniques for Intelligence Analysis - 2nd Edition - by Richards J. Heuer Jr. & Randolph H. Pherson

In our near future, it will require analyzing the actual methods that a person or group has been using and then the utilization of “Structured Analytic Techniques” to actually determine their true reliability and outcomes.

Humans may indeed spend even more time and effort into the future analyzing and validating our Ai derived decisions…

Allegiance: Show Me the Way...

Are you working or participating with an organization where you are experiencing a high degree of discontinuity?

A lack of cohesion and communication between the top leadership and the front line management will create that feeling.

Is new leadership going to change the discontinuity experience for customers and clients?

Before the past leadership truly could understand the poor design of the systems, processes and the under qualified personnel in place, it was too late.

They were blind to what core services were so vital and to those who they served.

In reality, the constituents were already working towards the inevitable change ahead and current leadership could only watch it unfold.

On the day after the major change at the top, the discontinuity in the organization began to evaporate.

As your new leaders took over command, the change turned into a true continuum and a building progression that could be seen and felt by the customers.

"Customers, clients and core followers have become a procession of support and they have felt the positive change in the wind."

Everyone can now start to see and feel the differences.

Will you use your expertise with others to solve serious problems that have plagued our employees, customers, neighbors, professionals, first responders, homeland or armed forces?

"How might you contribute and add your vast knowledge and experience to the new continuity generation, during our next era of growth, resilience and our positive change?"

You see, you are extraordinary. You have tremendous talent and knowledge to contribute to the change ahead.

Have confidence in yourself and your ability to truly make your customers, members, clients and followers satisfied and rewarded with your proven leadership.

Get out of the building. Meet with other people in small groups. Talk about your shared experiences, knowledge and capabilities. Create aspiration and deliver new solutions.

Look up. Then say to yourself on your next journey, “Show Me the Way”…

Maps: Finding Your Next Destination...

Where you decide to live your life and the geography that surrounds you, will shape who you become in your future.

When you were growing up, did you ever ask your Mom or Dad, why are we living here?

Did you ever have the pure curiosity to look on a map to discover where in your country your hometown was actually located? How far was it to your Nations Capital?

Your story as a young human being and where you started your early years going to a local school and taking a geography class was just your beginning.

What about the neighborhood you lived in and the friends and places around you that shaped many of your thoughts on life forever. That single map you were curious examining, was just a small world view of our entire globe and your opportunity.

In 2025, you now have the satellite imagery resolution and cloud-based services such as ESRI, Maxar or even just Google Maps to quickly explore your next destination.

Explore your next city, state and geography to live or work.

Your parents probably did not have those high tech tools when you were growing up across from the big lake, in just a small Mid-West community in our United States.

Now, how might you utilize a myriad of new technologies and online tools to research your next destination in life?

What questions might you ask yourself to begin to zero-in on a particular Zip Code or a proximity to the ocean, the mountains or the city with tall skyscrapers?

Would you begin with the weather site? Would you begin with ZipRecruiter dot com? Would you begin with Rent dot com? Would you begin with CrimeMapping dot com?

Yes, and unfortunately these days, people must consider all kinds of “Operational Risks” in their own particular community. Why?

We have all heard or experienced first hand the news reports from city names of where significant “Loss Events” have occurred across our America.

The spectrum of risks are wide and so unpredictable. Here are just a few such examples:

• Northridge Earthquake in Los Angeles, California in 1994.
• Hurricane Sandy in 2012 from the Bahamas to the Mid-Atlantic to North Eastern US/Canada.
• Sandy Hook Elementary in Newtown, Connecticut in 2012.
• The Marshall Fire in Boulder County, Colorado in 2021.
• The Palisades Fire in Los Angeles, California in 2025.

Where will you find your next place to work and/or raise a family, so that you may truly prosper and your family will be more safe and secure?

Where are the schools you will choose to associate with, that start the day with our “Pledge of Allegiance”? Where you will find “School Protective Resource Officers” are on premise and kindly greeting students as they arrive each day.

Why will you volunteer with your local Citizens Corps Community Emergency Response Team (CERT) and/or join your metro area InfraGard Members Alliance (IMA)?

Why will you learn CPR and how to use a tourniquet, organize a search and rescue team, learn self-defense and how to more effectively Understand, Decide and Act, with real-time digital active streams of relevant threat information?

Because of the geography where you grew up and it all began. Because of where you went to College and earned your degree(s). Because you learned and worked more than most in our International world of asymmetric warfare with continuous and invisible Operational Risks.

Because of your growing Christian faith. Because you have been Married once for 38+ years. Because together you and your wife raised a daughter and a son who were only 19 months apart working full-time.

Because your kids both graduated with Bachelor degrees from State Universities. Because they are now reflecting upon successful careers within a Dow Jones Industrial Fortune 500 and a few US Federal Government contractors.

Because you have your first Grandson. :-)

Because your own Mother and Father made the right decisions, on where to live and raise your family, as just another young kid on the YMCA Swim Team in that little Mid-West town.

In our wonderful and only, United States of America…USA.

Godspeed!

Future Risk: What is True...

On the dawn before the next large public gathering across the world, Operational Risk Management (ORM) professionals are on edge.  Readiness and contingencies are at their highest level in anticipation of any globally televised event.

The same crisis management environment exists four or more times a year within the confines of the Board Room and Executive suite.

Operating at the "Speed of Business" and effectively managing daily, weekly, and quarterly risk management tasks requires an adaptive and resilient culture.  A culture that has been born and evolved from its Genesis to a daily run rate based upon two main components.

• Trust is the first one and to many a given in any high performing environment.  To be able to trust the person to your left and to your right requires many tests.  It builds over time yet it must start with the right elements and be nurtured for it to flourish.

• The second component is far more complex.  It requires you to embark on a continuous discipline with yourself and the people to your left and right, to know "What is True."

"What is True" means one set of reality for you and perhaps something different for those around you.  Your mission is to get to a single version and reality of what is true faster than your competition, your adversary or your partner.  Survival will be a factor of your speed to understanding as a team, "What is True" and then your adaptive nature to the consequences of your actions.

Are you accountable for your outcomes?  Have you accepted the consequences of your behavior?  So what does all of this have to do with Operational Risk Management?  It has everything to do with it. The most high consequence event to any risk matrix, is the fact that people do not see themselves or others in a "True" perspective.  They are not operating in reality.

What is your willingness to bring current problems to everyone to dissect, understand and solve?  Those who continue to operate without a proactive problem-solving environment are headed towards disaster.  Surprises.  Being blind-sided.  Never saw it coming.

When you hear people saying these things.  You have someone who has not been proactive in the continuous identification of problems and communicating those problems to the team to be solved.

You see, leadership is about continuously testing, designing and improving the process or the product.  The thinkers and the doers, the blueprint and the construction, the designers and the operators must be in a synchronous harmony together.

Ask yourself; how is this movie unfolding compared to the script that was written?  How has the change and the rate of change had consequences?  What have I and my team done to adapt, by changing the design or the people to achieve the mission? 

The "Speed of Business" is the environment and the successful outcome we all seek and is captured in three words.  "What is True."

operational risk

Vigilance is The Name of The Game...

President George W. Bush logged a victory in 2006 when the U.S. House of Representatives renewed the USA Patriot Act, a law that gave the FBI expanded powers to investigate terrorism after the Sept. 11 attacks.

When was the last time as a CxO in your organization that you reviewed the law? Here are a few of the renewed provisions:

>Section 201 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to terrorism.

>Section 202 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to computer fraud and abuse offenses.

>Subsection 203(b) Permits the sharing of grand jury information that involves foreign intelligence or counterintelligence with federal law enforcement, intelligence, protective, immigration, national defense or national security officials

>Subsection 203(d) Gives foreign intelligence or counterintelligence officers the ability to share foreign intelligence information obtained as part of a criminal investigation with law enforcement.

>Section 204 Makes clear that nothing in the law regarding pen registers an electronic device that records all numbers dialed from a particular phone line stops the government's ability to obtain foreign intelligence information.

>Section 209 Permits the seizure of voicemail messages under a warrant.

>Section 212 Permits Internet service providers and other electronic communication and remote computing service providers to hand over records and e-mails to federal officials in emergency situations.

"Whether you are a government or a small business you must have a layered and defense in depth approach to the safety and security of your enterprise. You have to monitor insiders, gather intelligence and keep an eye on foreign competitors."

Key people in your organization are key targets for a spectrum of threats both physical, economic and digital. When is the last time you saw a CEO, CFO, CRO or Board Member walk down to the INFOSEC department and ask the team if they had all the tools and resources they need to do their jobs effectively.

And if they did raise their hand and say they could use some help with solutions to help combat all insider threats including intellectual property leakage, vendor collusion, financial fraud, and customer data loss. You might recommend they look at the FedRamp Marketplace.

The leaders of a medium-size community bank, Fortune 500 enterprise, Private Sector Critical Infrastructure company and local city government still have the same thing in common today as with George W. Bush 18 plus years ago…

Veterans Day 2024: Our Father U.S. Marine...

 Growing up as the first son of a U.S. Marine officer, you learn much of what it means to be a Veteran.

Loyalty. Dedication. Perseverance. Discipline. Trust. Integrity. Valor.

On this November 11, 2024 it is Veterans Day in the United States of America. A day in America to pause and to acknowledge those who made the decision to serve, in a branch of our Armed Forces.

As a young man approaching graduation of high school the Vietnam War was in full swing and conscription was a weekly discussion around the dinner table. Will your number be called?

The defense of an entire country requires a tremendous number of people to operate at home and across the entire globe.

Some veterans had the opportunity to travel across continents and were stationed in foreign countries. Our men and women were sailing across oceans on the surface and others deep undersea. They were flying whenever and wherever needed to go head-to-head with the evil people and forces in our world.

Veterans from around the USA put their lives in the hands of our country to protect our loved ones and our way of life here.

Veterans who have served our nation honorably have a real understanding of what it means to sacrifice, to work beyond exhaustion, to feel proud of becoming an expert in skills, knowledge and special activities experience.

In years past, as our colleagues waited for the hospital van to arrive on the shore of the Potomac River inside Ft. Belvoir, we prepared for the weekend warriors who wanted to go fishing.

The 501c3 we volunteered to assist would come each weekend over the summer to teach Ft. Belvoir veterans to fly fish or just try and catch a fish on that day. In the sunshine, outdoors and outside the hospital.

Years later, on one weekend when Dad was in his mid 80’s, we drove down I-95 to Quantico VA to visit the National Museum of the Marine Corps.

He could not believe all of the memories coming back to him. 90 Minutes later, as we pulled out of the parking lot to Fuller Road, we looked to the right and saw the entrance to the base where he had attended Officer Candidate School (OCS).

“Let’s go in there he commanded”. So as we approached the gate and pulled up to the Guard, then we said: “This U.S. Marine would like to enter and to drive through the base where he learned to become a First Lieutenant.

The guard asked, “Let me see your Drivers Licenses”. “OK, go ahead he said as we then drove through the gate.”

This is when it really started to sink in. Where and why our Dad learned all about being a leader of U.S. Marines and soon thereafter a devoted Father.

"On this Veterans Day in America, we say thank you."

For all that you have done to protect the American people and our United States to keep us safe…and to learn to serve with pride...

Onward Together: Teams Navigation...

Before you were wise, you just acted out from pure thoughtlessness. You tried to fix situations without truly understanding the problem-set.

At some point in your life long experiences you might read a passage or paragraph in a book or online. Perhaps it is in a room where you are listening to someone preach, or a guest speaker for an event you are attending.

Then the feeling starts to come over you. You are thinking about what you have just encountered and now you start to wonder. Your mind is asking more questions.

After this encounter and as you say to yourself I belong here, in this place with these people, you are on your way to new insights.

As you begin your journey towards new problem-sets to create solutions that will benefit others you care about, you will then start to believe in your direction.

You will be listening and questioning. Over and Over. You will then create a test to determine if your hypothesis is clear.

You will be testing and observing. Over and Over. You will then adapt and change your solution to ensure it is even more reliable. You are an "Innovation Navigator"...

"Reliable in different places. Reliable in different situations. Reliable with different people using your prototype solution."

So what?

After you have talked to enough people you belong with and then you believe that you have the correct solution, then you shall discover the real change in behavior.

As you continue to navigate your life solutions journey “Always Be Ready” for the time, place and person we sometime have named the saboteur.

Will you encounter an act or process tending to hamper or hurt the mission? Sabotage can be destructive or obstructive actions by others to change you.

Being prepared today for the unknown in the future. Using knowledge gained by continuous testing and observation.

Learning and adapting in order to survive the continuous change ahead of you will not be easy.

Who is your most trusted team mate or partner to do it together?

Find the person and build the team of true professionals as soon as you are able. Communicate.

Communicate. Face-to-Face. Observe each others behavior.

Navigate, Change, Test, Adapt, Endure. You are on a life long journey of discovery, learning and wonder…

Onward Together!

Acknowledgment: Forever Grateful...

When was the last time your true business accomplishments were being acknowledged and your personal character celebrated?

As we all watched the 20+ people assemble in the banquet suite facing the Pacific Ocean last evening, you could tell they were all so excited to see the surprise on her face, as she walked into the room at 6:00PM.

The point in your work timeline when you are transitioning from one key role to another and have proven your results is a good place to reminisce and to listen to those who admire and trust you.

Hearing others who are your peers and fellow colleagues stand up over dinner and explain why you are someone they have learned from and that they have valued your leadership, will always be a remembered milestone in your life.

Two out of Ten people in a room, are exactly who the “80/20 Rule” science and “Pareto Principle” are all about.

If you want to find and recruit 4 people to your team, then do the math on how many will not make the final cut.

It is just so refreshing to see a group of professionals all celebrating one of their own:

“The Pareto principle (also known as the 80/20 rule, the law of the vital few and the principle of factor sparsity) states that for many outcomes, roughly 80% of consequences come from 20% of causes (the "vital few”).”

The statistics and the “Moneyball” math is what truly sets you apart as a multi-million dollar producer from those with just the fundamental skills.

As your recognition stories continued from your colleagues into the evening there were plenty of laughs and also a few tears that filled the room. Then she just smiled at us.

How might you ever become close to the 2 people out of 10?

Some might say you are just born into it, it’s all in the DNA. Others would say you have to train, repeat and train harder in order to excel at your particular chosen profession.

Coaches and researchers and professional trainers would all have various opinions on what the ratios should be, to find that next Gold Medal Winner or Scientific Scholar or Sales Leader or even a BUD/s school graduate.

Yet that alone does not make the person that others truly admire, beyond their God given skills or training outcomes.

It is something else. “Extreme Ownership” of the organizations problem-sets and the dedication to finding relevant and timely solutions.

When you finally find the right formula and you find yourself in the spotlight someday being acknowledged and celebrated by your peers and close colleagues, say it to yourself in all CAPS:

“IT WASN’T EASY AND “I REALLY EARNED IT”…It has been a good run...

Onward and Godspeed!

Resilient Future: Curious Observation...

On this vibrant and chilly Fall day, facing West towards the mountains, as the sun rises behind us a few bright star-like lights shine for just a few minutes.

These reflections are from the bright morning sun shining off home windows near Evergreen Meadows some 40 miles away, yet just perfectly in our vision, starts our day ahead.

The tree leaves are actively changing colors and signals to us to now begin to prepare for the changing environment ahead.

In other work or government assignments, perhaps you and your project team have been measuring your environment. Have you been checking your “Threat Management App” this moment for the detection of more serious anomalies this minute.

Being actively observant in nature and your own organizational environment could be the real difference between loss or growth. In your life, you must “Always Be Ready”.

Your ability to continuously increase your resilience to changing temperatures in nature and also the change in temperament of your organizations beneficiaries, will make a significant difference.

As you think about your role, your position and the current project you are now assigned to, the question remains: Who are you serving?

There is change in the wind and you must prepare now, you shall be proactive in your thinking over the horizon, so that you also can anticipate the future outcomes.

How might you spend more time in curious dialogue with your respective beneficiaries to better understand their point of view, their particular requirements and their current temperament?

The problem-set before you requires valuable time, brain power and resources to determine the validity of your current hypothesis.

In the path forward, most researchers, analysts and scientists would probably say that if you have not changed your hypothesis, then you have not used enough data or time to ascertain the true reality of the problem at this point in time.

How might you analyze more data from various sources faster with little error so that you arrive at a valid “Trust Decision”?

Being proactive is not being forceful. Being proactive is being curious. It is a mission of discovery and building wisdom.

Your future actions are a factor of your problem-set and the ability to accurately solve it with a solution defined by your curious observation.

There is change in the wind before us and we must “Always Be Ready”…

Pain or Joy: Change Management 101...

Habits are hard to change.  It takes discipline and continuous perseverance.

When was the last time you changed something that increased your revenue?  Your health.  Or your safety and security.

Change and managing change whether in the corporate ranks of your Fortune 500 Global Enterprise or back in your own personal life at home is a true challenge.

Before you even thought about what you needed to change in your business or your own life, you probably have encountered one of two experiences:

• Pain

• Joy

Which one of these two experiences have you recently encountered?

You see, our human behavior is quite predictable and it is usually one of these two motivators in life that will change your behavior.

Educating yourself and others you care about requires that you sometimes utilize one of these motivators in order to initiate new change.  Let’s begin with “Pain”.

These realities are exactly what the evil in our world today continues to prey on.  Those individuals who are unable or unwilling to change, and to manage change in their lives.

“It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neighbors offer no option other than to require that we rely upon digital information in making decisions. But we will not function successfully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world.”  Page 19 - Achieving Digital Trust | The New Rules For Business At The Speed Of Light  - Author Jeffrey Ritter

In your own digital life, these habits may be as simple as using the same password on multiple accounts that each of us rely on, each day or each week of our lives.  You know who you are.

As the continued use of “Ransomware” remains so pervasive across the globe and is utilized by so many criminal gangs and nation states, each one of us must consider our personal and business habits.

At home and at work.

It is now time to change.  It is time to change your digital habits so you may avoid the pain and continue to have even more joy in your life.

Take action.

Start a new habit now of changing the weak password on your bank accounts.  Make it 20 characters, and make it random.  Easily addressed when you "Use a Password Manager App".  Then set a reminder to change it on January 1, April 1, July 1, and October 1 of each year.

“Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.

The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware.

Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States.” —BleepingComputer

After you have successfully accomplished this simple task in your business and in your own personal life, remember:

The “Pain” of doing this simple “Change Management” step in your life, will help bring you continued “Joy” for so many years to come…:)

Godspeed!

RENS: Growing Your Enterprise...

 There he was, in the early morning light, prancing along outside the fence line just seventy-five feet away.

The young “Buck Deer” with his adolescent antlers stopped and glanced over at the house, just to acknowledge that he saw us sitting on the deck.

As Fall arrives and kids are back in school, it seems as if the pace of work and the demands on peoples time starts to take its toll. Be aware.

Years ago, as some wise people developed the systems and programs around the acronym RENS, they knew from years of experience on the front lines of true battle why it was so vital to success:

• Recruiting
• Education
• Networking
• Sharing Information

This is the high level context for what your daily activities shall be focused on each day, of each week of each month this year.

"How might you design your program, your systems, your time allocations towards these four key components of your enterprise?"

The original designers knew that each organization is unique and therefore, provided an acronym to keep you on track. Easy to remember, harder to implement effectively on a consistent basis.

If you advertise as one example, for a particular event and you ask people to RSVP, how do you respond after they fill out your form, full of personal contact details?

If they actually attend the event and take the time to see and hear all about your X or Y, how do you respond after they leave and think about what they heard and experienced at your event?

Do you follow-up or do nothing?

At a recent weekly event the guest speaker and very wise man broke down the Recruiting part of RENS to further to three simple steps:

• Belong
• Believe
• Behave

First, if you haven’t created an event where people immediately feel like they belong there, that you too believe in many of the same things they do, you will have a rough time ever getting to the last “B”.

How might you get other people to behave in a certain way?

The tough part about RENS is, that if you are not executing 100% on the effectiveness of your “Recruiting”, how will you ever get the opportunity to Educate, Network and then Share truly vital Information?

Perhaps even more difficult, how will you ever get good people to join your "Just Cause"?

As the “Young Buck” glanced back at us one more time as he went around the tall Spruce tree, we smiled and waved…

Critical Infrastructure: OSINT to the Rescue...

Over the past decade our U.S. Critical Infrastructure has become even more vulnerable.

Why?

In the early days of the commercial Internet 2000-2001, there were several dozen of us working in a Rosslyn building on Wilson Boulevard in Arlington, Virginia to answer our growing Fortune 500 and government clients questions of “Who”, “What”, “Where and “How”.

We already knew the answer to “Why”.

The 24/7 Internet crawler algorithms our techies engineered were doing their intended tasks and retrieving Terabytes of data on a 24/7 basis for our further human analysis.

All of this was well on its way before the more sophisticated use cases of the Internet for the implementation of the Banking infrastructure, Retail transactions and Telecommunications were in place.

The systems and infrastructure we now call “Critical”, was just in its early stages of iP maturity.

Remember, the iPhone was not invented until around 2007!

Afterwards and yet even more vital to this day, you might think about your own organizations “Operational Risk Management” (ORM) objectives and tasks into three key categories:

• Human
• Physical
• Cyber

Over the course of your companies legal, compliance and security organizations conducting regular “Threat and Hazard Identification and Risk Assessment” (THIRA) activities and rules, the reality begins to set in.

The Board of Directors are still asking, "How can we as people address the exponential growth, change and remediation without more automation, software and systems?"

"This is when new companies were born to build the software to help humans keep a better eye on the risk management of our growing Critical Infrastructure."

As new software companies were born to address THIRA applications, some people began to feel like it all had NOT been solved.

Asymmetric Warfare today, not only includes our “Nation States” across the globe, but also Black hat “Hacktivist” organizations and individual people. In every country with the Internet.

Evidence of these individuals and groups growing existence are still the “Why” for your own organizations THIRA activities.

This also includes the “Why” for our US Homeland Security organizations such as CISA and others in the National Intelligence and Law Enforcement arenas.

Perhaps even more vital, are the private organizations who are still in the business today of “Open Source Intelligence” (OSINT) since the dawn of the Internet…