Starfish: A Community of Resilience…

When is the last time you were in an environment where trust was implicit? A place where the people you were working along side, shared a unity of purpose and a single mission.

Once you experience this, it is forever engraved in your mind and felt deep in your soul.

A "Starfish Community," walking together with such a high degree of mutual trust, it will endure and remain resilient against all Operational Risks that may be encountered.

Enabled by the wisdom and thinking from Rod Beckstrom and Ori Brafman's book "Starfish and the Spider: The Unstoppable Power of Leaderless Organizations", the "Starfish Community" is growing rapidly across the globe.

A group of decentralized networks that are able to work without hesitancy and with moral courage. It does not matter if the model is used on the battlefield or in business, the desired outcomes are the same.

The ability for the Starfish Community to evolve, adapt and to consistently execute against its agreed upon mission manifests itself in terrorist acts and simultaneously in humanitarian and disaster response.

The ability for the human race to at one moment be so evil and at the same moment so forgiving and good, will continue to amaze us all.

The business world evolves around us with mergers and acquisitions, incidents of fraud and corruption while a silent and clandestine army of cyber warriors wage conflict on our critical infrastructure and copy or steal our intellectual assets.

The ability for the "Starfish Community" to survive in the virtual environment of the Internet is no different than the cities of Amman or Washington, DC.

This is why Wikipedia and other open source projects are able to continuously adapt, grow and survive the threats or vulnerabilities to this resilient and self-healing network.

A crisis appears in your business only when you are unable to adapt and withstand the impact of the virtual or physical forces thrust upon you.

"Whether it is the economic well being of the U.S. or the privacy laws in Europe. The shock wave of a VBIED or Insider Threat."

Your organization could reach an Operational Risk crisis state, if you have not embraced the architecture of the "Starfish Community". Learn from the best on how to withstand the test of time and all that humanity has in store for us.

And to all of those who are on the front lines of crisis everyday. God Speed. You know who you are. 

Battle-Tested Strategies: for Mission Critical Activities...

Mission Critical Activity (MCA)

Critical operational and/or business support, service or product related activity (provided internally or externally), including its dependencies and single points of failure, which enables an organization to achieve its business objective(s), taking into account seasonal trends and/or critical timing issues.

The trend to create "virtual" organizations raises a number of new issues as it pertains to interdependencies and single points of failure. The ability to provide sourcing alternatives in the event of a catastrophic failure of an MCA provider is a key priority. As the trend becomes more operational and logistically complex organizations must exercise more often to determine where processes or systems weaknesses occur.

An organizational Business Crisis & Continuity Management (BCCM) strategy ensures resilience and high reliability of MCA's. At the process level is a documented framework that identifies the organizations MCA's in the context of products or services.

Each MCA should have it's own BCM strategy that provides clarity of how the organization will provide protection for the MCA.

One key outcome is the definition of the BCCM relationship, positioning and connection with other risk related functions, e.g. Operational Risk Management (ORM) A critical component of getting this BCCM relationship connected with the risk management culture is through awareness and education training.

Merely documenting a strategy and plan provides a narrow and limited method of fully developing a true BCCM culture.

Ownership of BCCM by organizational lines of business, especially where Operational Risk originates and resides is paramount. No matter how well designed a strategy may be, exercising and testing on a regular basis is necessary to identify potential issues during a real incident.  

Good quality exercises rely on specific and relevant scenarios in the actual locations, facilities and with normal personnel in place.

And no BCCM is complete without measurement and audit. You must verify compliance independently to highlight key material deficiencies and issues to ensure their resolution.

Each stage of the BCCM life-cycle may require a unique audit process depending on that stage of the life cycles maturity.

At the end of the day, the question is this.

Has the organization introduced risk management controls to eliminate, mitigate, reduce, transfer the effects of identified threats, vulnerabilities, exposures or liabilities to MCA's?

operational risk

Corporate Directors: Continuous Continuity (C2) of the Enterprise...

The modern enterprise that effectively manages the myriad of potential threats to its people, processes, systems and critical infrastructures stands to be better equipped for sustained continuity.

A Business Crisis and Continuity Management (BCCM) program is a dynamic change management initiative that requires dedicated resources, funding and auditing. Corporate Directors must scrutinize organizational survivability on a global basis.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C2, or "Continuous Continuity”.

A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare.

These nightmares are "Loss Events" that could have been prevented or mitigated all together.

The following testing techniques must be used to ensure the continuity plan can be executed in a real-life emergency:

• Table-top testing: Discussing how business recovery arrangements would react by using example interruptions
• Simulations: Training individuals by simulating a crisis and rehearsing their post-incident/crisis management roles
• Technical recovery testing: Testing to ensure information systems can be restored effectively
• Testing recovery at an alternate site: Running business processes in parallel with recovery operations at an off-site location
• Test of supplier facilities and services: Ensuring externally provided services and products will meet the contract requirements in the case of interruptions
• Complete rehearsals: Testing to ensure the organization, employees, equipment, facilities and processes can cope with interruptions

Many of these best practices talk about a BCCM that will be periodically updated. Periodic is not continuous. Change is the key factor here.

What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.

This will change over time as organizations figure out that this is now as vital a business component as supply chain management. The effective BCCM framework will become a core process within the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise.

As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C2, or "Continuous Continuity”.

Having survived several large quakes in Southern California in years past, we are not sure that all of the testing in the world can prepare people for human behaviors that come from within.

"People literally lose all sense of common sense when you are on the 42nd floor of the 50+ sky scraper and without any warning it physically sways a couple feet to the left and a few more feet to the right. Believe me, the issue is not the testing itself, it’s how to create a real enough scenario that you get similar behaviors out of unsuspecting people."

Certainly the largest organizations realize that the external threats are taking on new and different forms than the standard fire, flood, earthquake and twister scenarios. These historically large catastrophic external loss events have been insured against and the premiums are substantial.

What it is less easy to analyze from a threat perspective are the constantly changing landscapes and continuity postures of the internal facets of the organization having to do with people, processes and systems.

Corporate Boards of Director’s are now being continuously subjected to regulatory scrutiny across the globe to ensure the continuity and survivability of the enterprise.

It is their duty and responsibility to their shareholders to make sure this occurs on a continuous basis. The world can only hope that our Global 500 companies are well on their way to achieving C2 already.

Corporate Directors are ultimately responsible for Continuous Continuity (C2) of the Enterprise…

Security Governance: Corporate Emergency Response Team (CERT)...

You can be a proud CxO if you can confidently say that in the event of a "Crisis" your employees are trained and ready to handle it.

You can never predict human behavior in the face of a sudden and shocking incident.

If your company doesn't have "Corporate Emergency Response Teams" (CERT) exercising test scenarios monthly or quarterly, you face the consequences of poor Operational Risk Management (ORM); losses that could have been prevented.

We are still amazed at how many “Executive Rows” we visit that still doesn’t have an AED within arms reach in the event of a heart attack.

Protecting corporate assets first begins with common sense and then expands exponentially from there.

How will you and your CxO’s provide your employees with the privacy as a U.S. citizen and remain vigilant with all potential insider threats?

Programatic Data Privacy and Integrity is the real issue at stake here.

“Enterprise Security Governance will provide the mechanisms and controls necessary for the Patriot Act to operate with the highest degree of assurance.”

Our civil liberties are still in force and will be there to protect everyone who is an American.

What we must not waiver on is the need to modernize, to re-equip and to create more robust "Correlation Centers”. Perhaps with AI and always with trained Intel Analysts.

The fact is, our intelligence analysts in enforcement are under attack every day by more savvy and increasingly powerful adversaries.

The establishment of a more robust, pervasive and technologically superior force to defend our Homeland today is still in the maturation stages.

What is paramount now at this stage of growth, is the framework for your own organizations “Security Governance” to be injected into each stakeholder.

The policies, ethics and controls must be there to guide those who are protecting our privacy while simultaneously allowing us to accelerate our countermeasures to Deter, Detect and Defend against those who will continue to attack us.

The Patriot Act will remain a powerful asset to those who wake every morning to ensure the Confidentiality, Integrity and Availability of information in our country and to protect the American people…

The Third Alternative: A Precarious Future...

 If we really believe what we say we believe- if we really think that home is elsewhere and that this life is a "wandering to find home", why should we not look forward to the arrival. There are, aren't there, only three things we can do about death: to desire it, to fear it, or to ignore it. The third alternative, which is the one the modern world calls "healthy" is surely the most uneasy and precarious of all." — C.S. Lewis (Letters to an American Lady)

How will your life change, now that she is gone and she is truly home?

Have faith in the journey ahead with the confidence she is safe, sound and secure forever.

Your mission forward shall be to explore your own course of activities and actions to continue to give back. To invest in those new people who need you most now.

You see, your mission ahead is to find ways to help others you care about who can thrive from your advice. Your love. Your experience.

Relationships. >>>>> Results. >>>>> Rewards.

Find the time to build on your relationships with others and to increase the true value of the relationship mutually.

The increased value of the relationship will take time to discover and yet the trust and sharing will produce the most favored results.

Count the results and realize what and how the results will continue forward in time. Analyze the results and determine the changes that might be necessary.

Feel and process the rewards. Cherish the time and feelings you now have earned.

Look up...

Recognize that your time and your efforts are valuable and that it all begins with the “relate.”

You know, the way you behave initially with that person each time, to further build the relationship.

Your words and your actions collaborating with others shall provide you with the ongoing satisfaction and desirable outcomes you shall always seek.

Continue to cherish those Relationships, Results and Rewards that will make her so proud of you, before you see her again…

Godspeed!

Destination Unknown: Explore, Adapt & Learn...

What is your new destination? How will you get there?

The business climate in your particular industry is adapting to the latest global change upon us in 2025. What are you implementing now, that will change the processes, business rules and positive outcomes for you in the foreseeable future?

Creative activities to adapt to your particular new approach to customers, clients and followers requires new thinking. It may achieve your primary destination, yet how long will it take to arrive?

As you “Go-to-Market” in your particular industry sector in 2025, what new innovations and strategies will be in place? Have you thoroughly prototyped your solutions and discovered their results? What have you learned?

Was your industry launched in 1903 at Kitty Hawk, NC or Dearborn, MI? Your business is going to require more than one “Maverick” to achieve your future destination on a timely basis.

You will require exponential unconventional thinking. People who are “Nonconformist”, “Dissenting” and “Iconoclastic”.

Why?

How many years have you been running your business this way? In the same cities, with the same labor pools, absent of any new thoughts of creativity.

When was the last time you financed a new product launch with a brand new sales force?

Perhaps you have a tradition of doing business with the same old Legal Counsel, Accounting firm, or hosting systems of Information Technology services. Are you using the same suppliers for talent acquisition? Look where you are today.

"Are you capable of creating a new “Business Unit,” that will shed the past and test the future of your organization and your industry? Then do it."

The future of your business and our country requires it. Your particular contributions to our economic livelihood, persistence and longevity, needs your new ingenuity and continuous resilience.

Head out there.

Explore. Adapt. Learn.

Onward!

Infinistructure: Who Knew What When...

Who knew what when? This is the question of the last few months as we now embark on the path towards recovery.

The Operational Risks that have plagued our aging county, state and federal institutions are growing and the convergence factor has brought us even bigger systemic organizations "Too Big To Fail."

While many will be side tracked by the need to deal with the toxic assets still on the books or in sinking agencies the "Zero's and One's" don't lie.

The information, digital evidence and just pure data audit trails will remain for many to be caught, charged, indicted and then sent before a jury to decide their fate.

Managing risks in the enterprise today takes on many flavors and within several departmental or enterprise domains of expertise.

Whether it be the C-Suite, legal department, the IT department, Internal Audit, Security department or even the Operational Risk Management Committee the "Zero's and One's" don't lie.

Think about how much time the people behind organizational malfeasance spend on trying to cover their tracks, clean up the digital "Blood Trail" of their crimes and wrong doing all the while knowing that someday, a smart investigator or forensic examiner will connect the dots. Game over.

Regardless if you are two paid-off programmers who have been enforcing the "Business Rules" in their software by the boss or an internal threat actor does not matter.

Whether they are copying, stealing, altering or damaging the digital information within the organization does not matter; these Operational Risks still remain constant.

The resources and the money devoted to continuous due diligence, monitoring and preemptive strategy to Deter, Detect and Defend the digital assets of the enterprise need to grow dramatically to stay ahead of the curve.

The best way to figure out “What to do” and “How to do it” will require outside assistance. Moving your digital assets to be professionally managed makes sense for economic and other financially prudent reasons.

Yet this migration away from large numbers of people managing and maintaining your information technology infrastructure internally and on your payroll is just the standard "outsourcing" strategy right?

It has it's own set of 3rd party supply chain set of risks. After your next incident who will be asking: Who knew what when?

Many private sector and government enterprises who are augmenting their COOP and the economic strategy of "Cloud Computing" have realized the smart course of implementing and migrating to managed services and infrastructure suppliers.

"How can the utilization of an "Infinistructure" with the knowledge and application of a legal compliance ecosystem in your enterprise mitigate the risks associated with bad actors, unprepared personnel and the digital loss of key evidence?"

Stay tuned for more on this later. In the mean time remember this.

All of the newest technology, fastest AI computers and neural networks enabled with encryption and secured physical locations will not be enough to save your institution from Operational Risks.

It is just one more piece of the total risk management mosaic, that will still require the smartest people and the most robust policy and processes imaginable.

Who knew what when? This will continue to be the biggest question of the next decade.

operational risk

Private Sector: Proactive Continuity & Protection of Critical Infrastructure…

Before 9/11 who at your organization was responsible for the continuous “Continuity of Operations“ for the business?

Last time your Board of Directors had their quarterly or annual meeting, was your compliance with the U.S. CII Act of 2002 on the agenda?

You know, the Critical Infrastructure Act of 2002 (CII Act):

“Under provisions of the Critical Infrastructure Information Act of 2002 (CII Act), information that is voluntarily submitted per those provisions will be protected from public disclosure until and unless a determination is made by the PCII Program Office that the information does not meet the requirements for PCII. If validated as PCII, the information will remain exempt from public disclosure.”

Critical Infrastructure Information (CII) is information not in the public domain and related to the security of CI or protected systems by either physical or computer based attack that harms commerce in the United States or threatens public health or safety.

Today, who in your particular organization is responsible for the PCII Program and are the entities that submit information:

• Private Sector companies
• State, local, and territorial government entities
• Working groups comprised of government and private sector representatives

"It is well known that over 85% of Critical Infrastructure is owned and operated by these organizations in the United States."

Consider this thought.

AI is increasingly being powered now by the Private Sector. Crypto mining is powered by the Private Sector. There are 16 more key CI Sectors.

The companies that are in your city, county or state that are directly tied to your Critical Infrastructure to provide Water, Electricity and Natural Gas, Emergency Services, Healthcare, Information Technology and Transportation are all components of the on-going safety and security of your community.

Who in your organization is responsible for the key relationships of all of the CI entities that you rely on to operate and serve your community each day?

Is it your CISO? Is it your CSO? Is it your CFO? Is it your CIO? Is it your COO?

If you don’t know that answer in your Board of Directors Meeting then add this to your To-Do list with your CEO.

Here are four key areas of focused leadership in your role to build resilience of Critical Infrastructure Protection in your organization:

> R_ecruiting

> E_ducation

> N_etworking

> S_haring Information

After you and your RENS team have prioritized "Critical Infrastructure Protection" and the safety of the American people at your organization, how will your own leadership be visible and proactive?

Never forget!

Team Learning: Innovation Navigators...

The discipline of “Team Learning” has been present with sports and education, corporations and small businesses since the collaboration of people who have engaged in mutual dialogue.

“In a remarkable book, Physics and Beyond: Encounters and Conversations, author Werner Heisenberg argues that “Science is rooted in conversations. The cooperation of different people may culminate in scientific results of the utmost importance.” By Peter M. Senge The Fifth Discipline - The Art & Practice of The Learning Organization page 238

How will you excel into the future and continue to learn within the ranks of your particular organization?

• By sitting in a classroom?
• By watching a lecture?
• By working alone on a project?
• By creating outcomes without any potential beneficiaries feedback?

Before the “Learning Organization” was born, these kinds of activities and behaviors were the key ways people were educated and taught new skills.

As time passed and the benefits of “Team Learning” began to evolve, each participant was proactive in several key behaviors and activities.

After discovering the benefits of mutual dialogue and discussion with small groups of people who could actively participate together, the “Learning Organization” was launched.

How might you and your team of fellow leaders work together to learn from each other?

You see, if you are engaging in a true dialogue with trusted colleagues in a small group there are tremendous advantages in creating collaborative hypotheses.

The hypothesis building together creates the pathways and navigation for innovation.

“Innovation Navigators” working side-by-side on the testing of a mutual question gives each other the opportunity to learn from the relevant expertise of each other. The IQ of the team is now greater than just the individual."

What journey will you now embark on with your “Learning Team?

A new solution. A new product. A new method. To solve what?

That is not up to you to start the process.

It shall rely upon the answers from potential beneficiaries and how effective you are in asking questions with others on your team.

What is the problem to be satisfied? What is the problem to be solved?

Once your team truly knows the problem-set, the “Team Learning” shall begin…

Analytic Techniques: Ai Derived Decisions...

 Structured Analytic Techniques have been useful in so many ways for decades to arrive at “TrustDecisions”.

What particular technique is/was your favorite over the years for your current role or profession?

• Decomposition & Visualization
• Idea Generation
• Scenarios & Indicators
• Hypothesis Generation & Testing
• Assessment of Cause & Effect
• Challenge Analysis
• Conflict Management
• Decision Support

Analysis in any community of highly trained human professionals requires thinking that challenges and reviews an individual persons strategy.

In the past, it required a series of proven methods for arriving at faster decisions that can be effectively proven reliable and explained to those who are uninformed.

The risks associated with a particular set of actions or strategy can not be entirely eliminated, yet the risks may be minimized by using proven and disciplined thinking models.

Testing a decision makers conclusions by utilizing standardized and structured analytic techniques may sometimes open new thinking for the decision maker and other times avoid a costly outcome.

Testing senior management human conclusions is vital in a high stakes business or in an increasingly important life or death decision.

How might you utilize a methodology to continuously make more effective “Trust Decisions” in your area of responsibility?

Will Ai decision support eliminate certain human analysis techniques once it has been verified, tested and proved its risk is acceptable?

“Analysis conducted by the intelligence, law enforcement and business communities will never achieve the accuracy, and predictability of a true science, because the information with which analysts must work is typically incomplete, ambiguous and potentially deceptive.” Page 165 Structured Analytic Techniques for Intelligence Analysis - 2nd Edition - by Richards J. Heuer Jr. & Randolph H. Pherson

In our near future, it will require analyzing the actual methods that a person or group has been using and then the utilization of “Structured Analytic Techniques” to actually determine their true reliability and outcomes.

Humans may indeed spend even more time and effort into the future analyzing and validating our Ai derived decisions…

Allegiance: Show Me the Way...

Are you working or participating with an organization where you are experiencing a high degree of discontinuity?

A lack of cohesion and communication between the top leadership and the front line management will create that feeling.

Is new leadership going to change the discontinuity experience for customers and clients?

Before the past leadership truly could understand the poor design of the systems, processes and the under qualified personnel in place, it was too late.

They were blind to what core services were so vital and to those who they served.

In reality, the constituents were already working towards the inevitable change ahead and current leadership could only watch it unfold.

On the day after the major change at the top, the discontinuity in the organization began to evaporate.

As your new leaders took over command, the change turned into a true continuum and a building progression that could be seen and felt by the customers.

"Customers, clients and core followers have become a procession of support and they have felt the positive change in the wind."

Everyone can now start to see and feel the differences.

Will you use your expertise with others to solve serious problems that have plagued our employees, customers, neighbors, professionals, first responders, homeland or armed forces?

"How might you contribute and add your vast knowledge and experience to the new continuity generation, during our next era of growth, resilience and our positive change?"

You see, you are extraordinary. You have tremendous talent and knowledge to contribute to the change ahead.

Have confidence in yourself and your ability to truly make your customers, members, clients and followers satisfied and rewarded with your proven leadership.

Get out of the building. Meet with other people in small groups. Talk about your shared experiences, knowledge and capabilities. Create aspiration and deliver new solutions.

Look up. Then say to yourself on your next journey, “Show Me the Way”…

Maps: Finding Your Next Destination...

Where you decide to live your life and the geography that surrounds you, will shape who you become in your future.

When you were growing up, did you ever ask your Mom or Dad, why are we living here?

Did you ever have the pure curiosity to look on a map to discover where in your country your hometown was actually located? How far was it to your Nations Capital?

Your story as a young human being and where you started your early years going to a local school and taking a geography class was just your beginning.

What about the neighborhood you lived in and the friends and places around you that shaped many of your thoughts on life forever. That single map you were curious examining, was just a small world view of our entire globe and your opportunity.

In 2025, you now have the satellite imagery resolution and cloud-based services such as ESRI, Maxar or even just Google Maps to quickly explore your next destination.

Explore your next city, state and geography to live or work.

Your parents probably did not have those high tech tools when you were growing up across from the big lake, in just a small Mid-West community in our United States.

Now, how might you utilize a myriad of new technologies and online tools to research your next destination in life?

What questions might you ask yourself to begin to zero-in on a particular Zip Code or a proximity to the ocean, the mountains or the city with tall skyscrapers?

Would you begin with the weather site? Would you begin with ZipRecruiter dot com? Would you begin with Rent dot com? Would you begin with CrimeMapping dot com?

Yes, and unfortunately these days, people must consider all kinds of “Operational Risks” in their own particular community. Why?

We have all heard or experienced first hand the news reports from city names of where significant “Loss Events” have occurred across our America.

The spectrum of risks are wide and so unpredictable. Here are just a few such examples:

• Northridge Earthquake in Los Angeles, California in 1994.
• Hurricane Sandy in 2012 from the Bahamas to the Mid-Atlantic to North Eastern US/Canada.
• Sandy Hook Elementary in Newtown, Connecticut in 2012.
• The Marshall Fire in Boulder County, Colorado in 2021.
• The Palisades Fire in Los Angeles, California in 2025.

Where will you find your next place to work and/or raise a family, so that you may truly prosper and your family will be more safe and secure?

Where are the schools you will choose to associate with, that start the day with our “Pledge of Allegiance”? Where you will find “School Protective Resource Officers” are on premise and kindly greeting students as they arrive each day.

Why will you volunteer with your local Citizens Corps Community Emergency Response Team (CERT) and/or join your metro area InfraGard Members Alliance (IMA)?

Why will you learn CPR and how to use a tourniquet, organize a search and rescue team, learn self-defense and how to more effectively Understand, Decide and Act, with real-time digital active streams of relevant threat information?

Because of the geography where you grew up and it all began. Because of where you went to College and earned your degree(s). Because you learned and worked more than most in our International world of asymmetric warfare with continuous and invisible Operational Risks.

Because of your growing Christian faith. Because you have been Married once for 38+ years. Because together you and your wife raised a daughter and a son who were only 19 months apart working full-time.

Because your kids both graduated with Bachelor degrees from State Universities. Because they are now reflecting upon successful careers within a Dow Jones Industrial Fortune 500 and a few US Federal Government contractors.

Because you have your first Grandson. :-)

Because your own Mother and Father made the right decisions, on where to live and raise your family, as just another young kid on the YMCA Swim Team in that little Mid-West town.

In our wonderful and only, United States of America…USA.

Godspeed!

Future Risk: What is True...

On the dawn before the next large public gathering across the world, Operational Risk Management (ORM) professionals are on edge.  Readiness and contingencies are at their highest level in anticipation of any globally televised event.

The same crisis management environment exists four or more times a year within the confines of the Board Room and Executive suite.

Operating at the "Speed of Business" and effectively managing daily, weekly, and quarterly risk management tasks requires an adaptive and resilient culture.  A culture that has been born and evolved from its Genesis to a daily run rate based upon two main components.

• Trust is the first one and to many a given in any high performing environment.  To be able to trust the person to your left and to your right requires many tests.  It builds over time yet it must start with the right elements and be nurtured for it to flourish.

• The second component is far more complex.  It requires you to embark on a continuous discipline with yourself and the people to your left and right, to know "What is True."

"What is True" means one set of reality for you and perhaps something different for those around you.  Your mission is to get to a single version and reality of what is true faster than your competition, your adversary or your partner.  Survival will be a factor of your speed to understanding as a team, "What is True" and then your adaptive nature to the consequences of your actions.

Are you accountable for your outcomes?  Have you accepted the consequences of your behavior?  So what does all of this have to do with Operational Risk Management?  It has everything to do with it. The most high consequence event to any risk matrix, is the fact that people do not see themselves or others in a "True" perspective.  They are not operating in reality.

What is your willingness to bring current problems to everyone to dissect, understand and solve?  Those who continue to operate without a proactive problem-solving environment are headed towards disaster.  Surprises.  Being blind-sided.  Never saw it coming.

When you hear people saying these things.  You have someone who has not been proactive in the continuous identification of problems and communicating those problems to the team to be solved.

You see, leadership is about continuously testing, designing and improving the process or the product.  The thinkers and the doers, the blueprint and the construction, the designers and the operators must be in a synchronous harmony together.

Ask yourself; how is this movie unfolding compared to the script that was written?  How has the change and the rate of change had consequences?  What have I and my team done to adapt, by changing the design or the people to achieve the mission? 

The "Speed of Business" is the environment and the successful outcome we all seek and is captured in three words.  "What is True."

operational risk

Vigilance is The Name of The Game...

President George W. Bush logged a victory in 2006 when the U.S. House of Representatives renewed the USA Patriot Act, a law that gave the FBI expanded powers to investigate terrorism after the Sept. 11 attacks.

When was the last time as a CxO in your organization that you reviewed the law? Here are a few of the renewed provisions:

>Section 201 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to terrorism.

>Section 202 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to computer fraud and abuse offenses.

>Subsection 203(b) Permits the sharing of grand jury information that involves foreign intelligence or counterintelligence with federal law enforcement, intelligence, protective, immigration, national defense or national security officials

>Subsection 203(d) Gives foreign intelligence or counterintelligence officers the ability to share foreign intelligence information obtained as part of a criminal investigation with law enforcement.

>Section 204 Makes clear that nothing in the law regarding pen registers an electronic device that records all numbers dialed from a particular phone line stops the government's ability to obtain foreign intelligence information.

>Section 209 Permits the seizure of voicemail messages under a warrant.

>Section 212 Permits Internet service providers and other electronic communication and remote computing service providers to hand over records and e-mails to federal officials in emergency situations.

"Whether you are a government or a small business you must have a layered and defense in depth approach to the safety and security of your enterprise. You have to monitor insiders, gather intelligence and keep an eye on foreign competitors."

Key people in your organization are key targets for a spectrum of threats both physical, economic and digital. When is the last time you saw a CEO, CFO, CRO or Board Member walk down to the INFOSEC department and ask the team if they had all the tools and resources they need to do their jobs effectively.

And if they did raise their hand and say they could use some help with solutions to help combat all insider threats including intellectual property leakage, vendor collusion, financial fraud, and customer data loss. You might recommend they look at the FedRamp Marketplace.

The leaders of a medium-size community bank, Fortune 500 enterprise, Private Sector Critical Infrastructure company and local city government still have the same thing in common today as with George W. Bush 18 plus years ago…

Veterans Day 2024: Our Father U.S. Marine...

 Growing up as the first son of a U.S. Marine officer, you learn much of what it means to be a Veteran.

Loyalty. Dedication. Perseverance. Discipline. Trust. Integrity. Valor.

On this November 11, 2024 it is Veterans Day in the United States of America. A day in America to pause and to acknowledge those who made the decision to serve, in a branch of our Armed Forces.

As a young man approaching graduation of high school the Vietnam War was in full swing and conscription was a weekly discussion around the dinner table. Will your number be called?

The defense of an entire country requires a tremendous number of people to operate at home and across the entire globe.

Some veterans had the opportunity to travel across continents and were stationed in foreign countries. Our men and women were sailing across oceans on the surface and others deep undersea. They were flying whenever and wherever needed to go head-to-head with the evil people and forces in our world.

Veterans from around the USA put their lives in the hands of our country to protect our loved ones and our way of life here.

Veterans who have served our nation honorably have a real understanding of what it means to sacrifice, to work beyond exhaustion, to feel proud of becoming an expert in skills, knowledge and special activities experience.

In years past, as our colleagues waited for the hospital van to arrive on the shore of the Potomac River inside Ft. Belvoir, we prepared for the weekend warriors who wanted to go fishing.

The 501c3 we volunteered to assist would come each weekend over the summer to teach Ft. Belvoir veterans to fly fish or just try and catch a fish on that day. In the sunshine, outdoors and outside the hospital.

Years later, on one weekend when Dad was in his mid 80’s, we drove down I-95 to Quantico VA to visit the National Museum of the Marine Corps.

He could not believe all of the memories coming back to him. 90 Minutes later, as we pulled out of the parking lot to Fuller Road, we looked to the right and saw the entrance to the base where he had attended Officer Candidate School (OCS).

“Let’s go in there he commanded”. So as we approached the gate and pulled up to the Guard, then we said: “This U.S. Marine would like to enter and to drive through the base where he learned to become a First Lieutenant.

The guard asked, “Let me see your Drivers Licenses”. “OK, go ahead he said as we then drove through the gate.”

This is when it really started to sink in. Where and why our Dad learned all about being a leader of U.S. Marines and soon thereafter a devoted Father.

"On this Veterans Day in America, we say thank you."

For all that you have done to protect the American people and our United States to keep us safe…and to learn to serve with pride...

Onward Together: Teams Navigation...

Before you were wise, you just acted out from pure thoughtlessness. You tried to fix situations without truly understanding the problem-set.

At some point in your life long experiences you might read a passage or paragraph in a book or online. Perhaps it is in a room where you are listening to someone preach, or a guest speaker for an event you are attending.

Then the feeling starts to come over you. You are thinking about what you have just encountered and now you start to wonder. Your mind is asking more questions.

After this encounter and as you say to yourself I belong here, in this place with these people, you are on your way to new insights.

As you begin your journey towards new problem-sets to create solutions that will benefit others you care about, you will then start to believe in your direction.

You will be listening and questioning. Over and Over. You will then create a test to determine if your hypothesis is clear.

You will be testing and observing. Over and Over. You will then adapt and change your solution to ensure it is even more reliable. You are an "Innovation Navigator"...

"Reliable in different places. Reliable in different situations. Reliable with different people using your prototype solution."

So what?

After you have talked to enough people you belong with and then you believe that you have the correct solution, then you shall discover the real change in behavior.

As you continue to navigate your life solutions journey “Always Be Ready” for the time, place and person we sometime have named the saboteur.

Will you encounter an act or process tending to hamper or hurt the mission? Sabotage can be destructive or obstructive actions by others to change you.

Being prepared today for the unknown in the future. Using knowledge gained by continuous testing and observation.

Learning and adapting in order to survive the continuous change ahead of you will not be easy.

Who is your most trusted team mate or partner to do it together?

Find the person and build the team of true professionals as soon as you are able. Communicate.

Communicate. Face-to-Face. Observe each others behavior.

Navigate, Change, Test, Adapt, Endure. You are on a life long journey of discovery, learning and wonder…

Onward Together!

Acknowledgment: Forever Grateful...

When was the last time your true business accomplishments were being acknowledged and your personal character celebrated?

As we all watched the 20+ people assemble in the banquet suite facing the Pacific Ocean last evening, you could tell they were all so excited to see the surprise on her face, as she walked into the room at 6:00PM.

The point in your work timeline when you are transitioning from one key role to another and have proven your results is a good place to reminisce and to listen to those who admire and trust you.

Hearing others who are your peers and fellow colleagues stand up over dinner and explain why you are someone they have learned from and that they have valued your leadership, will always be a remembered milestone in your life.

Two out of Ten people in a room, are exactly who the “80/20 Rule” science and “Pareto Principle” are all about.

If you want to find and recruit 4 people to your team, then do the math on how many will not make the final cut.

It is just so refreshing to see a group of professionals all celebrating one of their own:

“The Pareto principle (also known as the 80/20 rule, the law of the vital few and the principle of factor sparsity) states that for many outcomes, roughly 80% of consequences come from 20% of causes (the "vital few”).”

The statistics and the “Moneyball” math is what truly sets you apart as a multi-million dollar producer from those with just the fundamental skills.

As your recognition stories continued from your colleagues into the evening there were plenty of laughs and also a few tears that filled the room. Then she just smiled at us.

How might you ever become close to the 2 people out of 10?

Some might say you are just born into it, it’s all in the DNA. Others would say you have to train, repeat and train harder in order to excel at your particular chosen profession.

Coaches and researchers and professional trainers would all have various opinions on what the ratios should be, to find that next Gold Medal Winner or Scientific Scholar or Sales Leader or even a BUD/s school graduate.

Yet that alone does not make the person that others truly admire, beyond their God given skills or training outcomes.

It is something else. “Extreme Ownership” of the organizations problem-sets and the dedication to finding relevant and timely solutions.

When you finally find the right formula and you find yourself in the spotlight someday being acknowledged and celebrated by your peers and close colleagues, say it to yourself in all CAPS:

“IT WASN’T EASY AND “I REALLY EARNED IT”…It has been a good run...

Onward and Godspeed!

Resilient Future: Curious Observation...

On this vibrant and chilly Fall day, facing West towards the mountains, as the sun rises behind us a few bright star-like lights shine for just a few minutes.

These reflections are from the bright morning sun shining off home windows near Evergreen Meadows some 40 miles away, yet just perfectly in our vision, starts our day ahead.

The tree leaves are actively changing colors and signals to us to now begin to prepare for the changing environment ahead.

In other work or government assignments, perhaps you and your project team have been measuring your environment. Have you been checking your “Threat Management App” this moment for the detection of more serious anomalies this minute.

Being actively observant in nature and your own organizational environment could be the real difference between loss or growth. In your life, you must “Always Be Ready”.

Your ability to continuously increase your resilience to changing temperatures in nature and also the change in temperament of your organizations beneficiaries, will make a significant difference.

As you think about your role, your position and the current project you are now assigned to, the question remains: Who are you serving?

There is change in the wind and you must prepare now, you shall be proactive in your thinking over the horizon, so that you also can anticipate the future outcomes.

How might you spend more time in curious dialogue with your respective beneficiaries to better understand their point of view, their particular requirements and their current temperament?

The problem-set before you requires valuable time, brain power and resources to determine the validity of your current hypothesis.

In the path forward, most researchers, analysts and scientists would probably say that if you have not changed your hypothesis, then you have not used enough data or time to ascertain the true reality of the problem at this point in time.

How might you analyze more data from various sources faster with little error so that you arrive at a valid “Trust Decision”?

Being proactive is not being forceful. Being proactive is being curious. It is a mission of discovery and building wisdom.

Your future actions are a factor of your problem-set and the ability to accurately solve it with a solution defined by your curious observation.

There is change in the wind before us and we must “Always Be Ready”…

Pain or Joy: Change Management 101...

Habits are hard to change.  It takes discipline and continuous perseverance.

When was the last time you changed something that increased your revenue?  Your health.  Or your safety and security.

Change and managing change whether in the corporate ranks of your Fortune 500 Global Enterprise or back in your own personal life at home is a true challenge.

Before you even thought about what you needed to change in your business or your own life, you probably have encountered one of two experiences:

• Pain

• Joy

Which one of these two experiences have you recently encountered?

You see, our human behavior is quite predictable and it is usually one of these two motivators in life that will change your behavior.

Educating yourself and others you care about requires that you sometimes utilize one of these motivators in order to initiate new change.  Let’s begin with “Pain”.

These realities are exactly what the evil in our world today continues to prey on.  Those individuals who are unable or unwilling to change, and to manage change in their lives.

“It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neighbors offer no option other than to require that we rely upon digital information in making decisions. But we will not function successfully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world.”  Page 19 - Achieving Digital Trust | The New Rules For Business At The Speed Of Light  - Author Jeffrey Ritter

In your own digital life, these habits may be as simple as using the same password on multiple accounts that each of us rely on, each day or each week of our lives.  You know who you are.

As the continued use of “Ransomware” remains so pervasive across the globe and is utilized by so many criminal gangs and nation states, each one of us must consider our personal and business habits.

At home and at work.

It is now time to change.  It is time to change your digital habits so you may avoid the pain and continue to have even more joy in your life.

Take action.

Start a new habit now of changing the weak password on your bank accounts.  Make it 20 characters, and make it random.  Easily addressed when you "Use a Password Manager App".  Then set a reminder to change it on January 1, April 1, July 1, and October 1 of each year.

“Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.

The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware.

Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States.” —BleepingComputer

After you have successfully accomplished this simple task in your business and in your own personal life, remember:

The “Pain” of doing this simple “Change Management” step in your life, will help bring you continued “Joy” for so many years to come…:)

Godspeed!