12 January 2019

4th Generation Warfare: Insider Risk...

Flashback to 2010.  Over 8 years ago, this author discussed the situational awareness and the implications of the "Stuxnet" malware that was being investigated by international authorities. In January 2011, the New York Times published a more detailed set of facts and a hypothesis that the sophisticated "worm code" was tested in Israel:

William J. Broad, John Markoff and David E. Sanger.
The Dimona complex in the Negev desert is famous as the heavily guarded heart of Israel’s never-acknowledged nuclear arms program, where neat rows of factories make atomic fuel for the arsenal.

Over the past two years, according to intelligence and military experts familiar with its operations, Dimona has taken on a new, equally secret role — as a critical testing ground in a joint American and Israeli effort to undermine Iran’s efforts to make a bomb of its own.

Behind Dimona’s barbed wire, the experts say, Israel has spun nuclear centrifuges virtually identical to Iran’s at Natanz, where Iranian scientists are struggling to enrich uranium. They say Dimona tested the effectiveness of the Stuxnet computer worm, a destructive program that appears to have wiped out roughly a fifth of Iran’s nuclear centrifuges and helped delay, though not destroy, Tehran’s ability to make its first nuclear arms.
4th Generation Warfare (4GW) and the implications for global critical infrastructure organizations is obvious. The Operational Risks associated with targeted infiltration of systems that control machines, manufacturing processes and software that manages transportation, has now changed the baseline for where to begin mitigating this asymmetric threat.

Executives then and to this day, realize the continuous requirement for improved focus on the "Insider Threat" to their systems operations. Why?
This particular worm was initially delivered by a USB Thumb Drive according to various reports. This means that someone would have to have been inside the facility targeted for the attack, to actually introduce the malware to the actual system controller. A person within the perimeter of the organization with this single device, could set the chain reaction in motion.

Whether you are a major manufacturer or an electric utility doesn't matter. The person you trust to access systems inside the organization, is the basis for mitigating this type of attack. Most important is the scrutiny associated with the extended supply chain of semi-trusted contractors or others known to the organization. 
All of the back ground checks and other methods for determining someone's character will not be the major deterrent to a worm introduced internally to an Intranet, with the use of a USB thumb drive.

So what is the answer to address this threat?
A TSA-style check, scan and pat down at the entrance to every commercial enterprise that has computers inside with open USB ports? This is very unlikely in the near term for most facilities.

What about disablement of the technology itself, that turns off the ports themselves on each system inside the organization perimeter? This solution is more likely to deter many opportunities for this type of USB style attack to occur, yet still doesn't remove all of the risks against another possible vector to the network through a CD drive as an example.
Regardless of the method or the controls you employ to mitigate this risk, it will not eliminate the entire threat from your organization. Even the use of a "Digital Sandbox", Endpoint security measures or other methods to disable ports on systems will entirely lock down your organization.

There is only the ability to create a more resilient and durable environment to survive a significant business disruption. The mind set shift to durability and the latency to recover, now becomes the new strategy for these kinds of risks.
Using a strategy for "Business Resilience" is one that requires significant resources, a Global Security Operations Center (GSOC) and a committed management team. The ability to survive is the first part of the process and how soon you return to full operational capability is the metric. How long does it take to bounce back to normal from a major crisis, in your organization?

The ability to manage emerging risks, anticipate the interactions between different types of risk, and bounce back from disruption or crisis, will be a competitive differentiator for companies and countries alike in the 21st century.

Homeland security is often seen as a protective, even defensive, posture. But Maginot lines are inherently flawed. Fences and firewalls can always be breached. Rather, the national focus should be on risk management and resilience, not security and protection.
Resilience—the capability to anticipate risk, limit impact and bounce back rapidly—is the ultimate objective of both economic security and corporate competitiveness...

05 January 2019

Quantum Governance: The Rules of Trust...

People are learning to trust an AI, to make decisions on their behalf.  This will change our world exponentially in the next 10 years.

Now that we have reached connectivity to the Net with 50% of the human connected population, the AI of the IoT will be a growing trust factor in our daily lives.

We are accelerating beyond the simple tools of trusting that the answers to our questions are correct from "Siri" or "Alexa."  Accepting the trusted route from Google Maps on the most ideal navigation to our destination is already a given.

Beyond the consumer, the "Algo Bots" and Algorithmic Trading have already replaced the previous years of approximately 600 Goldman Sachs traders with 2 people, to oversee daily operations on the floor.  There are others who have already predicted the replacement of other human operators in various public and private decision-making bodies.

So what?

Trust Decisions in the next decade will be augmented by "Artificial Intelligence" on a more frequent basis.  That is already a given for many groups of decision makers across the globe.  The question is, how will governments begin to regulate AI?

Who will be in charge of making sure that the code and the algorithmic activity is correct?  That the rules behind the Trust Decisions are correct?

You see, as the software becomes more invasive in an individuals daily life and we rely on it for the truth, governments will be involved.  They already are.

The "rules for composing the rules, that lead to millions of peoples trusted decisions is at stake.  Maybe even more so, the evolution of "Quantum Law."  For those thought leaders such as Jeffrey Ritter who have for years been so keen to articulate the emergence of the thought of governance of unstructured data, there is this:
"We are moving from a time in which we presume that all electronic information is true to a time in which we can affirmatively calculate what it is and know the rules by which it is governed on the fly," Ritter said. "That's quantum governance."
You realize that the words will live on for eternity and for others to always contemplate.  That is a given, that all of us shall be considering for our future, sooner than later.

So how might decision making bodies such as the U.S. National Security Council (NSC) utilize AI?  Greg Lindsay and August Cole have already addressed this years ago with METIS:

"The result is a national security apparatus capable of operating at, as you like to say, “at the speed of thought”—which is still barely fast enough to keep up with today’s AI-enhanced threats. It required a wrenching shift from deliberative policymaking to massively predictive analysis by machines, with ultimate responsibility concentrated in your hands at the very top."

In 2019, begin thinking deeper and longer about your TrustDecisions...

30 December 2018

Year 2019: Accelerating Towards Resilience...

The year 2019 is upon us and your time for reflection on the past year should provide new insights.

As you review all the major events and milestones of your life in 2018, focus on what you have learned.  Write down at least three areas of your life that will improve or be better, as a result of some new insights or lessons, that are being applied from your past 12 months.

Consider the application of a new online tool or process, to improve your daily tasks such as a simple calendar or even Trello.  Perhaps you even found a new routine to help you get a better nights sleep, so you feel rested and more effective in your role or specialty each day.

How might you change the way you approach your relationship building, with the use of a more transparent and direct communication style?

Launching into 2019 is a daunting challenge and yet so multidimensional from an "Operational Risk" perspective.  Here is a quick review:
Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. These risks are further defined as follows:

Process risk – breakdown in established processes, failure to follow processes or inadequate process mapping within business lines.

People risk – management failure, organizational structure or other human failures, which may be exacerbated by poor training, inadequate controls, poor staffing resources, or other factors.

Systems risk – disruption and outright system failures in both internal and outsourced operations.

External event risk – natural disasters, terrorism, and vandalism.

The definition includes
Legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.
Now with Operational Risk in mind, begin your journey map for 2019.  Left to right on a 8.5 x 11 sheet of paper, start sketching out your timeline.  Draw some square bubbles of major work or life tasks that you will be involved with or places that you will be traveling to across the globe.

In advance of these square bubbles of activity, what needs to be accomplished in general, that you need to do or prepare for, to help insure the success or minimize the risk of a potential failure?  Draw some small circle bubbles around those squares in advance, to give you a more visual perspective of the "Operational Risk" areas that should be considered.

Maybe you are embarking on a new career or major work project.  Maybe you will be traveling overseas to new countries.  Maybe you will be creating a new business unit or product.  Maybe you will be growing your social network.  Maybe you have a son or daughter getting married.  Maybe you have a loved one who is now transitioning to an "Assisted Living" facility or moving in with you for care.

Now that you are looking at your sketch, it is time to embark on your upcoming Operational Risk missions.  There is always time that can be devoted to your advance work.  Your preparation.  Your "What if" scenario thinking.

"What if" you asked your team, your group, your family, your company to devote just a few more hours this year to Operational Risk Management (ORM)?  How might your fellow workers, team mates or family members benefit from fewer Surprises,  Unknowns,  Significant Disruptions, even  Outliers?  How might this bring all of you greater confidence?

You see, 2019 and beyond will be even more challenging and multifaceted.  Our world is accelerating.  We have grown less patient with rapid change itself.  The chaos you feel and the anxiety that our human emotions are experiencing, is simply a factor of our readiness.  Our ability to adapt and to pivot just at the right moment.  Accelerating us towards greater Resilience...

23 December 2018

Christmas 2018: What Do You Believe...

In a day or so, you will be communicating with or traveling towards your loved ones, your family.

We celebrate Christmas across the globe and billions of people give our time and our resources to those who are in need.  Why?
"She will bear a son, and you shall call his name Jesus, for he will save his people from their sins." - Matthew 1:21
When you think about life and the journey it takes you on, there are so many "What if's" that could have made it so different.  Your history and the decisions that your family made and that you have made in life, is all before you.

Starting with "What do you believe"?

Flash back in your life to your first ten years.  Where were you?  What did you and your family do around Christmas?  Are you still doing some or all of those same activities and do you have the same beliefs?

As you touch those you wish to share time with this Christmas, think back to where your journey started.  What have you accomplished since then?  How many others are you with now, to celebrate?

All of us have been born with the ability to believe.  The choices you have made in life so far and the choices ahead, will navigate your particular path in life.

Those decisions, may not have been the right ones at the time.  Perhaps human emotion overwhelmed you at the moment and now you wish you could reverse it and go back in time.

You can't alter history and the "Trust Decisions" you have already made in your life so far.  Yet you can be forgiven.  Asking for forgiveness is possible for everyone.  You can be saved from your sins and your own behavior, just by believing.

Are you a Daughter or Son?  A Sister or Brother? A Wife or Husband?  A Mother or Father?  A Cousin?  A best friend or colleague?

And for all of those "Who Serve" and are too many miles away from your loved ones right now, we are thinking of you and praying for your safe return.  You know who you are.

You most likely have someone else you care about and who you can pray for or with, this Christmas season.  Take a few minutes now, and do this...

16 December 2018

Organizational Pulse: Digital Teams Building Trust...

"We needed to enable a team operating in an interdependent environment to understand the butterfly-effect ramifications of their work and make them aware of the other teams with whom they would have to cooperate in order to achieve strategic--not just tactical--success."  --Stanley McChrystal, Team of Teams-New Rules of Engagement For A Complex World

Does this sound familiar?  Your organization has been becoming more decentralized for decades.  You have key executives and teams working and operating from places you never imagined.  This is why learning from others who have been there before might be a wise exercise.

General Stan McChrystal (U.S. Army, Retired) and his collaborators know a thing or two about the challenges of teams, operating towards a single mission in multiple geographic locations, including the cultural realities operating from an ultra-competitive management network.

Think for a moment about your own organizational design and how it has evolved over the course of your growth.   Why does it look that way, when you stare at the latest version of the "Organizational Chart"?

Now this chart may very well be a factor of your age, especially if you are an organization that had substantial growth prior to the year 2000.  Yet if you have been building a company or your own "Team-of-Teams" in the last decade, your abilities and organizational design will be a factor of the digital era.

If you had the opportunity to start from scratch, in 2019, how would you build your company so that you could achieve Digital Trust? What platforms, tools and applications would you standardize your future growth on? How will you insure that as you scale up and grow the organization, that the complex interdependencies will be able to sustain the velocity?
"Building for digital trust must become a priority of the nation-state and its components. Once ubiquitous computing is achieved, digital trust will become the competitive differential within the global space of the Net. Nation-states that position their regulatory rules to enable private sector companies to build digital trust more effectively will generate genuine advantage for both the public and private sector. But nation-states must also invest in building digital trust in their own infrastructures and services."  --Jeffrey Ritter
 So what?
If true, that "digital trust will become the competitive differential within the global space of the Net" then how will you proceed?  Have you already answered "What is your "Why"?

The Information Technology (IT) choices are vast and the operating standards for privacy, security and architecture are already published.  Your greatest challenge ahead still remains in front you.

The "Leadership of Security Risk Professionals" (LSRP) is more than just raising awareness, utilizing trusted digital methods and testing operational processes.  It is about "Organizational Pulse" and "Asking," "Listening" and the time to "Verify/Clarify."  Guess what General Stan McChrystal understood about building a successful "Team of Teams"?

Operating day-to-day in crisis and chaos requires something new.  Something different.  A "Crisis Communications" dialogue, that has achieved digital trust.  A shared consciousness that can be learned and implemented with your own "Security Risk Professionals" leadership...


09 December 2018

Waves of Discourse: The Pursuit of Context...

As you contemplate your next activities in your new evolving startup, business unit or innovation cell, you may have lost some sleep.  You wonder what the next set of narratives and efforts shall be, to get your team aligned, not just vertically yet even more so horizontally.

The mission could be well defined and the vision articulated in just a few sentences.  Now the real question of Operational Risk Management (ORM) remains.

How effective will we execute the activities across our entire domain expertise, so there is exceptional horizontal communication, coordination, cooperation and continuous team context?
Context noun
con·​text | \ˈkän-ˌtekst
Definition of context
1 : the parts of a discourse that surround a word or passage and can throw light on its meaning

2 : the interrelated conditions in which something exists or occurs : environment, setting the historical context of the war
As the manager, leader, chief or key executive in your organization, what are you doing to provide your team continuous context?  How are you implementing the narratives and the tools to enable the development of and rapid understanding of contextualization for your team?

You see, they may understand the hierarchy.  They can see it on the organizational chart you created and e-mailed to everyone.  They might even have some grasp of the particular area of specialty or expertise that each department or "Line of Business" has for the delivery of their product or solution.

Now think about the "Waves" of discourse that exist in the environment that you are operating in today.

What is the current state of the setting or conditions that you will be executing your duties and tasks to achieve the mission this hour, this day or this week?
  • The "Waves" of change in "Location 1" are no doubt quite different than the change going on in "Location 2", such as the weather.  That is why you have multiple tools and methods to constantly observe the geographic anomalies that are occurring in these places, in almost real-time.
  • The "Waves" of change in the team supply chain for energy, data, fuel, resources and communications speed is continuously being monitored by sensors, that are both automated and human-based.
  • The "Waves" of change of the target market are continuous and requires substantial resources and analysis to gather, synthesize and report a contextual understanding of the current state of the environment.
The Mission.

Getting your team "Horizontally Aligned" is the real mission.  Think about it.  How does your organization provide context between business units, innovation cells or your particular product or solutions, to enable you to begin to achieve the shared mission?

On almost every successful journey, those individuals who are traveling across terrain, in the oceans or in our digitally-based stratosphere, there is utilization of some kind of navigational tools.  Whether it be the compass, a GPS or even the Domain-Name-System (DNS).

Yet what are you using to navigate your own organization?  What visually oriented ways are you providing context to your employees and other stakeholders so they can be more effective?

Begin the exercise with your team, by asking each of them to bring their own "handout" to the next quarterly meeting.  The handout should encompass their current business unit purpose, market approach and how it fits into the larger mosaic of the organization.

What is the likelihood that each person will end up bringing the same type of "handout"?  Will each bring a document full of words.  A document full of numbers.  Or will someone bring a map?  Is it one page, or many?

If your team ends up with all three and there is not any single method or tool that has created the handout, you will now understand why you are currently experiencing these significant "Waves" in your organization.  You are simply not in horizontal alignment.

It all begins with a map.  Now the question is, what kind of maps?

This is your first moment of contextualization.  You have clearly demonstrated that everyone is out of synch with each other on their understanding and perception of how the mosaic looks and "works" in your organization.

The Take Away.

Once you think you know and understand the vertical and horizontal set of solid and dotted line relationships in your organization, take a step back.

Now as you look at your new single journey map, realize that all these people and locations or processes or hubs are not equal. Regardless of rank or title, their influence or "Powerbase" of each, is a completely different factor in your "Waves of Discourse"...

01 December 2018

Survival: Experiential Learning to the Rescue...

Change is in the wind.  You have heard this before and the truth is, that this is not anything new.  We have only started to understand however, how the accelerating pace of change, is impacting us.

The number of App's staring at you in the palm of your hand should be one indicator.  How many are you using on a daily basis now?  No longer are we spending a work day logged into an e-mail client, our word processor and maybe the spreadsheet or database application.

The pace of change and the number of places we access our valuable daily information is rapidly taking over our lives.  We have seen the growth of Fortnite now at exponential proportions and little did Potomac Computer Systems, now Epic Games know what was ahead of them upon their founding in 1992.

In the gaming industry they have genre(s) and Fortnite is a survival game:
Survival games are a subgenre of action video games set in a hostile, intense, open-world environment, where players generally begin with minimal equipment and are required to collect resources, craft tools, weapons, and shelter, and survive as long as possible. Many survival games are based on randomly or procedurally generated persistent environments; more-recently created games are often playable online, allowing multiple players to interact in a single persistent world. 
Wake up corporate management.  As you proceed to continue your growth in your particular industry over the next decade, think about the pace of change.  How fast will you be able to pivot, adapt and survive in your persistent environment?

Think about your latest strategic endeavors that you have launched in the past year.  Has the process and goals been achieved, without some level of challenge, disruption or even misdeeds?  The likelihood is, that somewhere along the way, the project, the business or the endgame was at risk.  Perhaps not a total failure, yet not the envisioned outcome.

It is this game of perceived survival and the new pace of change in our lives, that is the greatest Operational Risk before us.  How will we mitigate the risk of such rapid change?

Experiential business learning is a vital way forward.

"Experiential business learning is the process of learning and developing business skills through the medium of shared experience. The main point of difference between this and academic learning is more “real-life” experience for the recipient.[31][32][33]

This may include for example, learning gained from a network of business leaders sharing best practice, or individuals being mentored or coached by a person who has faced similar challenges and issues, or simply listening to an expert or thought leader in current business thinking.

Providers of this type of experiential business learning often include membership organisations who offer product offerings such as peer group learning, professional business networking, expert/speaker sessions, mentoring and/or coaching."

How are you capitalizing on the people in your organization who are part of an external group or other network of like-minded professionals?  It's difficult if you don't even understand who or where your own employees are interacting on a daily basis outside your company.

So what?

Perhaps the place to start is by asking people.  Ask them over coffee in the corporate food court or that new Open Space floor plan with the "Bistro" on every other floor.  What if they told you, that they were a member of an external or virtual organization because they could not find the information or the people with the expertise inside your own organization?

Your goal is to figure out how to capitalize on all of these external groups, organizations and "Experiential Business Learning," that is going on within your own company today.
 How might you capture that passion and the excitement this individual has for the network or "Virtuous Insurgency" they are learning from everyday?
The Operational Risks before you, spans the number of people in your team who are learning somewhere else X the number of other networks they are affiliated with.

Who on your team is gaining new insight somewhere else?  Who are building valuable relationships outside the perimeter.  Who are living in a new unpredictable world of survival...without you even knowing about it.

What could you be learning today?

24 November 2018

Predictive Profiling: The Human Firewall...

In Harrison Ford's 2006 movie Firewall the viewer is entertained with a combination of a Seattle bank heist, kidnapping and good old fashioned Hollywood chase and fight scenes. There is even a degree of deception and conspiracy mixed in, to spice up the story line. The plot is full of social engineering lessons, that even those with little knowledge of high technology can learn a thing or two.

While the actual high technology bank heist turns out to be nothing more than a simple stealing of account numbers and a transfer of $10,000 from 10,000 high net worth customers, the movie title is a ploy. In only one short sequence is there any focus on the fact that the bank is being attacked on a daily basis from other locations on the other side of the globe.

Those attackers using new and increasingly sophisticated strategies, are consistently giving financial institutions new challenges to secure their real assets; binary code.

In early 2005, a criminal gang with advanced hacking skills had tried to steal GBP 220 million (USD 421 million) from the London offices of the Japanese banking group Sumitomo and transfer the funds to 10 bank accounts around the world. Intelligence on the attempted theft via key logging software installed on banks' computers has been circulating in security circles since late last year after warnings were issued to financial institutions by the police to be on the alert for criminals using Trojan Horse technology that can record every key stroke made on a computer.
In this case and even in the movie, the "Insider" is a 99.9% chance. A person has been bribed, threatened or spoofed in order for the actual fraud or heist to occur. The people who work inside the institution are far more likely to be the real source of your crime, rather than the skilled hacker using key logging software. More and more the real way to mitigate these potential risks is through behavior profiles and analysis.

The human element, which relates to awareness, can't be ignored any longer. And this can only be changed through education, training, and testing of employees. An organization that procures technology worth millions, is naive if you don't invest in educating your employees to make the investment worthwhile.

Sometimes the human element stands alone. Awareness, detection and determination of threat, deployment, taking action and alertness are key ingredient for security.

Predictive Profiling comes into play as organizations recognize that detecting threats starts long before the firewall is compromised, falsified accounts established and bribes taken.

The Israeli Airline El Al has known for a long time the power of the "Human Factor" as a force in security. An empowered, trained and aware group of people, will contribute to the layered framework as a force multiplier that is unequaled, by any other technology investment.

Firewall The Movie, was a wake-up call for those institutions who still have not given their employees more of the skills and tools, for detecting human threats long before any real losses occur.

18 November 2018

Risk Parity: Ideal Organizational Design...

Organizations across the globe are operating each day with Operational Risks. As a result, management is doing their best to implement a combination of Operational Risk Management (ORM) capabilities.

The strategy is to manage risk to the enterprise through a series of controls and modification of human behavior. Is it possible to create the most ideal organization from the start? Could you design it with the lowest possible Operational Risk exposure at every physical, process, virtual and human component?

What do we mean by this? Lets play a game. Or more importantly, lets imagine a workplace exercise to design the ideal professional services organization in one hour:

This organization will be in the private sector. The fictitious name for the organization is "Improvise, Inc." All of the legal entities have been created and it is registered as a U.S. Delaware company. It will have the following characteristics, capabilities, assets and purpose:

200 humans with advanced education between 25 and 65 years old. 50% Men & 50% Women
Global reach of professional services. (It sells intellectual capital and information)
Office hubs are physically located across four locations: Denver, Zurich, Abu Dhabi, and Singapore.
Language expertise includes English, German, French, Italian, Arabic and Mandarin.

Subject Matter Expertise of the Improvise associates is diversified. The core staff devoted to operational administrative processes is also diversified by physical location, 4 people each. Therefore, less than 10% core overhead.

Improvise, Inc. generates revenues by selling information, advisory services and subject matter expertise. The diversity of it's 200 humans and their Intellectual Capital provides professional services to Fortune Global 500 companies.

Now, to start the exercise you will have one hour to design the ideal mosaic of people, processes, systems and external factors to operate Improvise, Inc. on a daily basis. Begin.

How would you begin designing the ideal organization? Will you have a headquarters location? Will the offices have four leased corporate offices or utilize a virtual / shared space model? What will the facilities layout be with single offices, cubicles, conference rooms? Would you start with human resources and the hiring and selection process? What kind of systems and tools would you procure to issue to your new associates? How would you communicate and what vendor/providers will Improvise use outside its core? What organizational "Rule-sets" will be established?

Who will govern and what roles of power and influence will these employee-owners (Associates) have to make decisions for the good of Improvise? What countries across the globe will you dispatch your associates to do their work? How will you keep them safe and secure where and how they travel? What vendors and service providers will you contract with to provide digital communications and store your valuable intellectual property?

Will you locate your Associates across the four locations equally? Since you have 200 split into 100 men and 100 women, will you have 25 of each or 50 people in each office? Will they all be citizens of that native country only? Again, we are designing the ideal organization with Operational Risk Management (ORM), as our highest priority in the design. Is this even a valid consideration?

What about the use of digital assets? Will your associates at Improvise use PC or Mac, both? Microsoft or Linux-based? Android or iOS? Anti-virus scans daily or monthly. VPN, yes or no. Public or Private cloud? Encrypt data to remote sites? Retention and privacy policy? What happens when an associate goes home? When they leave the organization? Is there an "Acceptable Use" policy in place? And the list goes on.

Will Improvise standardize on a single travel agency, airline or hotel chain? What kind of training will occur with your associates on international customs, cultures, threats and vulnerabilities. Who will be accompanied by a buddy system or personal protection specialist when they travel? Will travelers receive intelligence briefings or reports in advance of their departure? Commercial or private carrier?

What processes are to be put in place for Improvise to follow, in the way it sells and delivers it's professional services? What autonomy does each associate have to make their own decisions on the price, scope and deliverable to a client? How do you interact, treat and question yourselves? Are your associates subject to any laws from the U.S. or the country they are operating in with regard to selling your professional services? Why are we doing all of this?

So when you are done with this first phase of the exercise after one hour, how could you improve Improvise, Inc. over your lifetime? Hopefully, this illustrates the breadth and depth of Operational Risk Management (ORM) and some of the key considerations. Your single points of potential failure. Your risk exposures and places to focus your design. Your decisions and how this shapes your culture and principles. Your trust and transparency.

One last thought. How would you currently judge your risk parity? In other words, how have you allocated risk effectively across the organization. Not in terms of assets, but in terms of volatility. Think about it. What kind of social contract do you have in place to operate together?

Is it true, that you are now on your way to achieving true "Business Resilience"...

11 November 2018

Veterans Day: The Spectrum of Those Who Serve...

On this Sunday in the United States of America, it is Veterans Day November 11. As you look around your neighborhood, how many others are flying the colors of our American Flag?

Flag of the United States of America
Veterans Day (originally known as Armistice Day) is an official United States public holiday, observed annually on November 11, that honors military veterans; that is, persons who served in the United States Armed Forces.
As the son of a U.S. Marine, the thought of what our country has endured and how people like him loved all that the Flag stands for, brings tears.  This morning, we are the only house on our street with the "Stars and Stripes" on display flying in the wind.  Why?

It is hard to understand and yet most people on the block have never read "Team of Teams" either.   There are millions in the U.S. Armed Forces who have lived their whole career, experiencing when people working with a sense of mission can be so remarkable.

Yet you don't have to be holding your Form DD-214 to understand, that the American people on your block, in your town or across your state, need a clear mission to come together.  A purposeful mission helps most people get out of bed in the morning.  To go to school.  To show up at work.  Are you a leader of people or a leader of a true Team?

Sure, you can use the sports analogies to get the point across.  The Vince Lombardi stories are famous for getting people to understand team work and winning the game.  Yet ask any Veteran, and they will probably say that a game that lasts years, is so much different.  Lombardi coached at West Point at one point in his career, and this had a lasting impact on him.

The new rules of engagement for a complex world, is the name of the game today.  The rapidly advancing tools of conflict are changing from superior geographic positions on the hill with a Combat Controller (CCT), to the stealth of an exploit code software payload.

So what?

Start thinking about the spectrum of digital members of our military who serve our country each day.  Some are behind a keyboard, or working on the front lines of software maintenance to keep the data centers operating at peak efficiency.  Think about all of the professionals in the shadows, who are collecting and analyzing intelligence for us all to better anticipate, prepare and to be more resilient.

The asymmetric conflicts here are going on 24 hours a day, 7 days a week.  Right in your own city or business.  Everyone has their specialty, and each finds there way into the job they are destined to perform.  And they are truly a "Team of Teams"...

Thank you for all that you have done for our country.  Thank you for what you are doing today for us here and in the rest of the world...

04 November 2018

Wonder: The Mystery of Your Relationships Map...

"Mystery creates wonder and wonder is the basis for man's desire to understand" --Neil Armstrong
Think about it.  How could you use the inspiration of this remarkable man and apply it to your life?  Your family.  The people you work with and collaborate with on projects, to discover what is possible.

When was the last time you had the opportunity to say to your closest love one:  "I wonder..."

How might we frame the context of our next quest with a friend, a co-worker or just a sponsor of our project, with a sense of "Wonder."

When you think of the quote by Neil Armstrong, a test pilot, an explorer, an astronaut it makes some sense.  Yet what about the quote from a boy who grew up in Ohio, and moved to sixteen towns in the state over the course of 14 years.  A boy who learned to fly and earned his student flight certificate on his 16th birthday.  Little did he know, that someday he would be looking at the planet Earth from the surface of our Moon.

What do you wonder?  It is there, inside you and all you have to do is capture it and capitalize on it.

Take out a piece of paper.  Write your name in the middle of the page.  Write the names of your family around yours in a circle.  Maybe it's more like a star*.  Now write the names of people around the core of your family relationships, that you truly value and trust as friends, comrades and collaborators.

An now on this most outside band of people, write the names of those you admire or would most like to spend more time with, to wonder.  In a meeting, on a project or to pursue a long term mission with.

Ever wonder about your life right now?  Look at the piece of paper in front of you.  The spiral of relationships you have and are pursuing, will of course influence your destiny.  The ability to achieve your life long dreams.  Is it a mystery?

So what?

Trust this piece of paper as your daily game plan.  Your life compass.  It is your map to what is important today.  When you spend time elsewhere or with other people, it is a distraction.  A life limiting factor.  Your livelihood and the quality of your trusted relationships are that important.

What can you do or say to the people on your relationship map today, that will make a significant difference?


"On November 18, 2010, aged 80, Armstrong said in a speech during the Science & Technology Summit in The Hague, Netherlands, that he would offer his services as commander on a mission to Mars if he were asked.[246]"

28 October 2018

In Search of the Truth: How you make Judgements or Conclusions...

"Intelligence analysts should be self-conscious about their reasoning processes. They should think about how they make judgments and reach conclusions, not just about the judgments and conclusions themselves." --Richards J. Heuer, Jr.

What is truth and how can we know it?  Alternative hypotheses need to be carefully considered--especially those that cannot be disproved on the basis of available information.
When was the last time you worked on a challenge to disconfirm or disprove a hypothesis?   Our analysts do not have enough time out of their building.  They must start and end the process for "sense making" with using all of their senses, in front of and immersed in the hypotheses they are trying to disprove.

The data-driven mosaics before the people who are looking "Over-The-Horizon" (OTH) are vast.  In many cases, they do not need more aerial imagery, RF data, or more forensic information.  They just need more context and they must spend more quality time actually seeing, smelling, tasting or feeling the environments that they are or will be analyzing.

Who makes the best analysts?  Some would say those who have been there and done that.  Others would say, it is better to have people that are not biased and have never done that, yet have the opportunity to experience the environment being analyzed, long enough and close enough, to be able to create valid competing hypotheses.
So what?
false positive noun

Definition of false positive

: a result that shows something is present when it really is not
The test produced too many false positives to be reliable.  This is our greatest vulnerability and our search for the truth, must do all that we can do, to eliminate the possibility of false positives.

The mounting challenges and problem-sets before us, as "Operational Risk Management" (ORM) professionals is substantial.  Still to this day the gaps in fundamental knowledge on topics such as "Digital Forensics" are increasing.

The mobile sensors that we carry around in our pockets and purses have become the problem.  Now we have embarked on the mission to call upon the data from the Apple and Samsung devices for a search for the truth.  Are we seeking intelligence or looking for evidence?  There is an incredible difference.

And where does all of this data live?  Have you backed up your iPhone to iCloud lately?  Or perhaps you have an online account with your particular Internet Service Provider (ISP) where you archive your data for safekeeping.  Or maybe you have backed up our data to the multi-terabyte portable drive sitting on your desk.  The possibilities are endless.

In our search of the truth, how do you make judgements and reach conclusions...

20 October 2018

Linchpin: Who will you call?

Are you a "Linchpin" in your organization? The person who people may call the "Fixer", "Troubleshooter" or just plain "Rainmaker". Are you considered to be a combination of all three and indispensable?

By now, hundreds of thousands or maybe millions of people have read Seth Godin's book, Linchpin: Are you Indespensable.  They are now well on their way to becoming more self-aware of their position within their organization and the others they interact with on a daily basis. Are you just following instructions or are you a leader or an artist in your industry or company?

Operational Risk Management (ORM) Executives know who in the organization are considered "Linchpins". If they don't now, then it's time to learn who they are and why. Some of these people may even be outside the formal organization and it's imperative that you know who they are as well.


Because when the next major incident makes itself visible or when the Emergency Management Broadcast System breaks into the TV or there is a breaking story on the Radio show you're listening to, then you will know the correct "Linchpin" to deal with the risk category and situation that is unfolding before you.

So who are some good examples of Linchpins in your life or organization? The people who get the call to handle the problem, issue or opportunity in their particular category or area of subject matter expertise.

Each one of these people at their respective organizations or category, has been a "Linchpin" at a particular moment in history with the following characteristics articulated by Seth Godin in his book:
  • Charm
  • Talent
  • Perseverance
Seth does a great Venn Diagram on page 43 of his book that describes those who may have only two out of these three traits or areas of competency. If you only have Charm and Talent then you are a Prodigy. If you have Charm and Perseverance then you are a Princess. If you have Talent and Perseverance without Charm then this is pure Frustration. Yet if you have all three, then you are a Linchpin.

Now think about the people you know in your organization who have all three. These are the "Linchpins" that you want to know and you want to have at the tip of your call list.

Operational Risk Management that is effective and responsive may require the Linchpin to handle a dire situation or rectify a dispute or investigate an allegation or discover the right balance of art and science.

The road to becoming indispensable in your group, organization, unit or department may begin with some DNA, yet it is something that almost every human can aspire to become.

Search out the people in your organization who are Operational Risk Linchpins and find out a way to have them start teaching your most promising students, on how to achieve greater levels of charm, talent and perseverance.

13 October 2018

Cognitive Diversity: A Mile High...

On the eve of an early winter storm in Denver, CO USA, there is change in the air and the anticipation of a new blanket of fresh snow.  Hundreds of like-minded individuals with a common mission, steadfast purpose and glowing enthusiasm for innovation are gathered here.  This is the "Virtuous Insurgency."

The Defense Entrepreneurs Forum (DEF) is gaining momentum on so many fronts.  The crisp dialogue and the challenges for change are so distinct and even heart felt.  When you put this much "Cognitive Diversity" in one place over the course of 3 days, there is bound to be multiple examples of critical moments of brilliance and also social intelligence.

Maybe it's time you changed your "Chief Operations Officer" (COO) title to:  "Chief Outlaw Officer."

When was the last time you heard such intellect, witnessed such courage of ideas and even caught your eyes gathering a tear listening to people tell their vivid stories.  This is evidence of the organizational and cultural hurdles that we face each day to achieve our purpose, within a tremendous system designed for an era of arms races and so many decades past.

The United States Department of Defense (DoD) and the incorporated Intelligence Community (IC) are rapidly accelerating the pace of change and even celebrating their failures.  The question on many people's minds is this.  Are we too late?

When was the last time you as a CxO in your commercial enterprise, made the decision to assist our men and women serving our country, to better learn more about the daily business strategies of the private sector?  It's processes, the entrepreneurial factors and the continuous race for market share.

Have you created a strategic initiative within your commercial company, that invites outstanding fellows from our military and intelligence domains, for a Tour of Duty within your organization?

Why not?

You see, it is a 360 degree opportunity for the individuals in your firm to learn from these military and intelligence fellows, to gain new insights as they have become so skilled in their respective specialties and roles.

This learning works both ways and would provide those serving our country with vital experience and understanding of the idiosyncrasies of your industry sector and unique commercial enterprise.

There are current forms of this kind of work exchange fellowship going on across America now, yet it is now being optimized.  It is far from perfect for both stakeholders.

What is the right amount of time and at what level of seniority is the fellow brought in to the organization?  Six months, a year?  Who is the sponsoring department?  Engineering, Information Technology.  Business Development.  Accounting, Customer Service, Procurement, maybe it is even more than one.

You see, organizations today are asking for Veterans to consider their commercial company for employment and have specific recruiting events being marketed to those who have transitioned out of one of our military services.  Why are these companies waiting for someone with a DD Form 214?

Our organizations large and small should be creating the most ideal roles and experiences for these fellows now, so that they ultimately would like to return, once they have finalized their tour of duty with the military.

What is brought back to the inner core of the current state of our military industrial system are new ideas, new processes to be tested and the experiences of working in the private sector.

So how might we lead the commercial race to attract new found experts in asymmetric warfare to work along side those inside your Information Security department?  Who will lead the commercial race to attract new found experts in Geo-Spatial Intelligence to work with your Logistics, Disaster Recovery Planning (DRP) or even your Marketing department?  The possibilities are too numerous to imagine.
"Our U.S. nation state adversaries have optimized their defense and intelligence systems already.  The blur between commercial and military operations is hard to discern sometimes.  The speed to market and the "Cognitive Diversity" of those working on Quantum Computing and Artificial Intelligence is already well known."
One only has to peruse this recent report to ascertain why we are now behind the curve.  Yet our "Virtuous Insurgency" is on the correct trajectory.  Almost straight up...

06 October 2018

National Security: Cyber Infrastructure Risk...

Is your organization a threat to National Security? That depends on whether you own, install, and maintain Critical Infrastructure. When you hear that term, "Critical Infrastructure" what comes instantly to mind? A bridge, a road or some other shovel ready project?

Yes, the hard leap for many to get their head around is that your cell phone, TV and Internet connection are vital "Critical Infrastructure" and if you are a Verizon, AT&T, Sprint or large cable company in the United States; National Security is a top of mind issue.

Is it possible that our country is at risk because of the same "Risk Management" paradigm that has plagued the Financial Services industry? A lack of resources and focus to deter, detect, defend and document risks to our critical infrastructure, could turn into a systemic and interdependent threat to our national security.

How can you make the case for a 2008 era economic meltdown in the financial services sector, to be similar to the potential failure of the Communications, Information Technology, Water or Energy sector?

It's easy. Look at human behavior and to the motivators of greed, selfishness and just plain blindness to a "risk bubble" just waiting to burst. Who will be the next Bear Stearns, in the Communications Sector?

The truth is, that some Fortune 500 companies marketing departments, may have a larger budget than the information systems, internal audit department and the security department combined. When the nuts and bolts, concrete and plumbing associated with electronic commerce, banking, and just plain mobile communications come to a slow crawl or halt in it's tracks, the government will have to do the same thing all over again.

Bail out or restore the industry and the companies, who are the lifeblood of our Critical Infrastructure.

Our National Security is at stake and the owners and operators are still waiting for the right incentives to invest in robust maintenance and security programs, instead of just more marketing. After all, market share is what shareholders ask about, along with how many new subscribers you won or lost last quarter.

How often do we hear the question at the shareholders meeting, that asks about the amount of downtime, failed systems or customers without service, as a result of a "Glitch" or fried circuit board?

So how does the electronic critical infrastructure really impact National Security?  The Department of Homeland Security (DHS) has the lead.  The mission is to lead the national effort to secure Critical Infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community.

"The Office of Infrastructure Protection (IP) leads and coordinates national programs and policies on critical infrastructure security and resilience and has established strong partnerships across government and the private sector. The office conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks to critical infrastructure. IP provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks."

A culture of risk management is slowly moving it's way into the Board Room conversations and the CEO may be on notice, if the "Tone at the Top" is not focused on Enterprise Business Resilience. However, that "Tone at the Top" needs to go beyond the shareholder value conversation, to the National Security topic.

One only has to look further in a few places on the "Net," to better understand what the offensive cyberwarfare conversation is all about, as the Advanced Persistent Threat (APT) has evolved in the past few years.

Once you understand that many cyber incidents with our U.S. Critical Infrastructure are just a test, then you will realize that U.S. shovel ready projects need a new public service announcement (PSA), with a shock value of texting while driving.

The risk of a specific kind of behavior on the road or the critical infrastructure complacency within the corporate enterprise, can have the same results. We have already nationalized the likes of AIG, Freddie Mac and Fannie Mae after the last financial crisis.

Perhaps it time to do the same for Amazon, Verizon, AT&T, Sprint and others, who are vital assets in our National Security and have them report directly to the Pentagon...think about it.

30 September 2018

The Social Network: "Speed of Trust"...

Corporate Executives have for years understood the power of building trust.  What are a few of the foundations for creating sustainable credibility, in a world fueled by digital social networks?

This begins with reading the Stephen Covey bestseller, "The Speed of Trust."

The one thing that changes everything, as the cover reads is a real understatement. As a CxO in your organization, you have to examine the degree to which your people, processes and systems possess the "4 Cores of Credibility":
  • "Integrity - is deep honesty and truthfulness. It is who we really are. It includes congruence, humility and courage. To increase your integrity, make and keep commitments to yourself. Stand for something and then live by it. Be open. Do you seriously consider other viewpoints?
  • Intent - is your fundamental motive or agenda and the behavior that follows. It includes motive, agenda and behavior. To improve your intent, examine your motives. Are everyone's interests being served? Share the "why" behind the "what" wherever possible.
  • Capabilities - is our capacity to produce and accomplish tasks: talents, attitudes, skills, knowledge and style. To build your capabilities run with your strengths. Match your strengths to unique high-value opportunities. Know where you are going and keep the vision in front of you.
  • Results - is your track record. People evaluate you on three key indicators of performance. Past, current and anticipated. To improve your results take responsibility and adopt a "results" mind-set. Expect to win and create a climate of high expectations. Finish strong and avoid the "victim mentality."
Trustworthiness in a relationship and an environment of trust in the economy, national security or the stock market makes all the difference. The behaviors that you exhibit in public and behind closed doors with your stakeholders, will set the tone for everyone inside and outside the organization.

Can you think of any companies or people over the past two years, that you have lost trust in?

Stephen Covey goes on to explore the 13 behaviors that we all need to be more aware of in the way people perceive us and our companies. These are all important items that we have all heard before, yet are worth the time to explore again and more deeply at this stage of our evolving digital social networks.

Everything we do should be looked upon from and through a "Trust Lens," so that we take the time to ascertain how a particular behavior may have an impact on someones perception of you or your organization.

It does not matter where or what is going on in the news, the perceptions are being formed on the fly in our respective human mind views. Depending on how the headline reads or the iPhone video reveals, could influence even whether you decide to read an entire news article or watch a news segment that is unfolding before you.

Operational Risk Management (ORM), that is effective in the enterprise begins with building trust and integrity. If you are a private company, do you even have an "Ethics" 800 number, that allows employees to report anonymous tips on infractions on company policy or observations of security violations and/or malfeasance?

If you do, this could be the first sign that the "Tone at the Top" means business when it comes to "Walking the Talk" on trust and integrity.  And when you have reached these milestones, then it may be time for "Achieving Digital Trust:  The New Rules for Business at the Speed of Light"...

21 September 2018

Calm Before The Storm: Time to Dare and Endure...

"This is no time for ease and comfort.  It is time to dare and endure."
  --Winston Churchill

Have you ever felt the calm before the storm?  Literally, you can feel it.  Yet this is exactly the time you should not be complacent.  It is a time to Think, to Plan and to Act.

Almost each day the headlines from our global news feeds tells the story.  Countries, Corporations, Communities and Chief Executive Officers seemingly caught off guard.  Surprised by the threat of the cyclone, the ransomware, the drought, or the economic volatility.

Over-The-Horizon (OTH) thinking requires a mindset, that anticipates change.  It embraces the calm before the storm.  Yet it is the uncertainty of an unpredictable world, that should motivate you.  You have seen it before, as the environment you operate in reaches a place and feeling of calm.

Your focus should be on better understanding the indicators.  What are the indicators in your particular environment, that signals the warning?  How will you know when it is time to act and to be more proactive, in your situational awareness?  When will you engage in purposeful thinking and planning to increase your readiness to act?

History has recorded incidents of economic downturn that have caught some investors and corporations off guard.  There have been communities suddenly consumed by fire, tornadoes or cyclones.  How many places of work and worship, are now the crime scenes of active shooters and/or terrorist bombers?  When was the last time a key leader or linchpin at your company was diagnosed with cancer?

Operational Risk Management (ORM) is a discipline that never sleeps.  It is your mechanism and systems for continuously thinking, planning and then executing in anticipation of change.  When was the last time your team actually had a dialogue about the vital topic of your organizational "Business Continuity?"

You see, complacency is one of our greatest threats.  It is the thought that it will never happen to us.  It is the thought that you are invincible.  Guess what?  You are only seconds away from catastrophic change.  To your country, corporation, community or your most vital personnel.

It is time to dare and endure.  You have the power to begin right now.

Tap the icon for your calendar and look at the next 60 days.  Certainly there are at least one week where you have 2 days you could devote to leading your team.  Gathering them together, away from the distractions of your enterprise.

The strategy to challenge your leaders, to ask them to think, to engage in spirited dialogue and the outcomes you seek, will produce organizational endurance.  What are you waiting for?

16 September 2018

Crowdsourced Risk: Situational Awareness in Mass Emergency...

Real-time information and raw intelligence via mobile devices, has changed the risk management dialogue from the Emergency Operations Center (EOC) to the corporate board room.

Operational Risk Management (ORM) professionals are leveraging this information in combination with crowdsourced mapping applications, GPS, video feeds and live reporting.

Intelligence Analysts have leveraged Big Data and Digital Analytics to extract the relevance of key questions asked by their constituents.  These same ORM professionals also realize the raw data feeds from John Q. Citizen is exactly that.

Fact checking, vetting and data verification, is still the task of journalistic and intelligence experts.

Whether you are talking about risk incidents that involve whistle blowers on Wall Street, severe weather events, natural disasters, the Arab Spring or an active shooter in a Denver, CO suburb; social media is there.

Corporate Chief Information Officers are in the middle of "Bring Your Own Device" (BYOD) policy development, while National Public Radio (NPR) is using Twitter as a news room approach to reporting in the Middle East. Errors, Omissions and the operational risks associated with this "New Normal" is upon us, with the crowdsourced future of news and intelligence:

In just a single flash back to 6 years ago, we were writing about how users of Twitter and Reddit used those networks to tell a compelling story about a mass shooting in Toronto, and how the same phenomenon was playing out in real-time during another horrific incident: a shooting at a movie theater in Colorado, that had killed at least a dozen people and wounded more than 50.

Although local TV news channels and CNN had been all over the story since it broke, some of the best fact-based information gathering had been taking place on Reddit and other open source curation tools.

The information posted on Facebook, Reddit or the organizational blog is at stake. Crowdsourcing and Crowdmapping with the correct tools and trusted rule-sets, is just the beginning.

From innovation to Revolution, Patrick Meier and his blog captures even more on the vital crowdsourcing topics. For a good foundation, also be sure to visit Sarah Vieweg's dissertation on situational analysis:

Situational Awareness in Mass Emergency: A Behavioral and Linguistic Analysis of Microblogged Communications (2012)

"In times of mass emergency, users of Twitter often communicate information about the event, some of which contributes to situational awareness. Situational awareness refers to a state of understanding the “big picture” in time- and safety-critical situations. The more situational awareness people have, the better equipped they are to make informed decisions. Given that hundreds of millions of Twitter communications (known as “tweets”) are sent every day and emergency events regularly occur, automated methods are needed to identify those tweets that contain actionable, tactical information."

Welcome to Dataminr...

In each of these news worthy events, we can see how a new form of journalism and situational intelligence — one that blends traditional reporting and crowdsourced reports — has evolved.

When an era of these applications and zettabytes of pictures and videos are available to the public, the journalist/analyst has a tremendous volume of sources. This now includes the evolution of Body-Worn-Cameras (BWC).  And with those sources, comes a renewed responsibility to the integrity of the real mission before us. The truth.

What is actually the truth? What happened to whom and when?

The private sector has been leveraging Big Data Analytics for decades, including little known companies such as Acxiom, to collect and verify information on people, for the purpose of marketing. This indeed is a mature and established sector of the consumer retail industry and financial institutions for the purpose of operational risk management:
The ideal combination of vetted and proven data sources from private sector companies such as Acxiom in the U.S., along with the raw reporting of information from the social media sources is already the future of journalistic trade craft.
When journalism from trusted sources or intelligence reports from trusted analysts misuse or error in their use of these tools, the operational risk factors are magnified. This can damage reputations and even jeopardize human lives.  The mobile social media revolution has the potential to be a Pandora's Box.

Operational Risk Management discipline provides the framework and the proven methodologies to mitigate the rising likelihood, of a "Decision Disadvantage."

Whether you are the editor of a major publication or the watch commander at the local police department does not matter. Whether you are the CISO at a major corporate enterprise or the head of a government intelligence agency does not matter.

It begins long before Journalism school or high school English class. The ethics and integrity of information is at stake and it begins the first time you hand a pre-teen, their first mobile digital device.

09 September 2018

9/11: Seventeen Years of Resilience...

Flying over the rolling mountains of Virginia, on the final approach to IAD for the 17th year ceremonies since September, 11 2001, there are so many thoughts and memories of that tragic day in U.S. history.

Being in the Washington, DC area on that morning, is forever etched in visions of chaos, uncertainty and fear. Yet remembering each 9/11 anniversary, is important on several fronts.

The process of analyzing that day and all that we have learned since then, assists us with the healing and the ability to become more resilient. It answers the question of "Why," for some of the reasons we continuously send our military training assistance to foreign nations.

Watching footage of the Twin Towers, Shanksville, PA or the Pentagon with rising smoke that morning, brings tears so easily, just as the memory of any trauma in your life will do. A smell, a picture, a sound. It makes you remember a point in your life, that brought tremendous emotions.

Are you as a person more resilient some 17 years later? Is your family? What about your business? What have you done to be even more ready, able and substantially more resilient since 9/11/2001?

So what?

If you are government DoD, IC, DHS or a First Responder, you are training all the time. It is almost a constant state of readiness, preparedness and Operational Risk Management (ORM). You are anticipating the next incident, the next attack or the next emergency. You understand. Thank you!

When was the last time you were certified in advanced first aide, how to use a tourniquet or a defibrillator? How have you been training to notify your employees of a major incident and what plan to execute? Do you even know about your local CERT and how it can save lives?

Whether on the home front, in a strange city or country, or back at your place of work, the focus on increasing resilience never ends.

Never Forget.  Be more Resilient...

01 September 2018

Trusted Leaders: This I Believe...

In 2018 our global challenges are in many ways, no different than years or centuries past.  Leadership across nation states and even now our private sector companies, that have revenues larger than some countries, are in conflict.

People across our world, now have the technological ability in the palm of their hands, to express their thoughts to millions, almost instantaneously.

During John McCain's celebration of life service today in Washington, D.C., there were many gathered to pay tribute to one of our countries greatest leaders.  Remembering his life and his military journey through a life of leadership, these words from his own "This I Believe Essay" and today's experience shall stay with us forever:
"Years later, I saw an example of honor in the most surprising of places. As a scared American prisoner of war in Vietnam, I was tied in torture ropes by my tormentors and left alone in an empty room to suffer through the night. Later in the evening, a guard I had never spoken to entered the room and silently loosened the ropes to relieve my suffering. Just before morning, that same guard came back and re-tightened the ropes before his less humanitarian comrades returned. He never said a word to me.
Some months later on a Christmas morning, as I stood alone in the prison courtyard, that same guard walked up to me and stood next to me for a few moments. Then with his sandal, the guard drew a cross in the dirt. We stood wordlessly there for a minute or two, venerating the cross, until the guard rubbed it out and walked away."
What do you believe in?  Is it possible that your ability to be a leader in life, has much to do with your own belief system?

Many leaders would say that their beacon in life, is burning bright and it is so obvious what direction to follow.  Others are lost, without a way to find the path to leadership, as their tools for navigation become broken or outdated.

The truth is, that John McCain never lost sight of what leadership is really all about.  He maintained his skills around how to navigate a path in life, that would always make a difference to others.  You see, a true leader never loses faith, or the continuous pursuit of what they really believe in.

You have met people in your life who you would call a leader.  Maybe they had some of the same traits and a belief system, that you could identify with.  Maybe the first time you met them in person, you walked away saying to yourself, "Wow__that is someone that I could follow or I wish we had more time to get to know each other."

Our world if full of potential leaders, who shall never find their entire ability to make a difference in life.  Why?

The debate might start with a discussion about a person's upbringing, where they were born or how their parent(s) nurtured them.  Yet science and research has studied this for decades if not more and it will be continued, for the foreseeable future.  Why one person becomes a leader and another does not, is an interesting dialogue to have with someone, you trust.

When you make a decision to trust, remarkable results are possible.  "TrustDecisions" are a purposeful act, to engage in the very rules you have adopted in your life.  To stand by those rights, wrongs and the spirit of your life beliefs, that have guided you during your trust decisions.  And more.

Leadership and John McCain are synonymous, alike in meaning or significance.  What if?

What if our children, now were asked to study the life of John McCain, as history has asked them to study others?  Our United States founding fathers or other leaders across the world, who are now in our history books.

Just as John McCain, your life journey begins with "This I Believe."  Your decisions to trust will follow from there.  Godspeed Senator McCain!