11 November 2018

Veterans Day: The Spectrum of Those Who Serve...

On this Sunday in the United States of America, it is Veterans Day November 11. As you look around your neighborhood, how many others are flying the colors of our American Flag?

Flag of the United States of America
Veterans Day (originally known as Armistice Day) is an official United States public holiday, observed annually on November 11, that honors military veterans; that is, persons who served in the United States Armed Forces.
As the son of a U.S. Marine, the thought of what our country has endured and how people like him loved all that the Flag stands for, brings tears.  This morning, we are the only house on our street with the "Stars and Stripes" on display flying in the wind.  Why?

It is hard to understand and yet most people on the block have never read "Team of Teams" either.   There are millions in the U.S. Armed Forces who have lived their whole career, experiencing when people working with a sense of mission can be so remarkable.

Yet you don't have to be holding your Form DD-214 to understand, that the American people on your block, in your town or across your state, need a clear mission to come together.  A purposeful mission helps most people get out of bed in the morning.  To go to school.  To show up at work.  Are you a leader of people or a leader of a true Team?

Sure, you can use the sports analogies to get the point across.  The Vince Lombardi stories are famous for getting people to understand team work and winning the game.  Yet ask any Veteran, and they will probably say that a game that lasts years, is so much different.  Lombardi coached at West Point at one point in his career, and this had a lasting impact on him.

The new rules of engagement for a complex world, is the name of the game today.  The rapidly advancing tools of conflict are changing from superior geographic positions on the hill with a Combat Controller (CCT), to the stealth of an exploit code software payload.

So what?

Start thinking about the spectrum of digital members of our military who serve our country each day.  Some are behind a keyboard, or working on the front lines of software maintenance to keep the data centers operating at peak efficiency.  Think about all of the professionals in the shadows, who are collecting and analyzing intelligence for us all to better anticipate, prepare and to be more resilient.

The asymmetric conflicts here are going on 24 hours a day, 7 days a week.  Right in your own city or business.  Everyone has their specialty, and each finds there way into the job they are destined to perform.  And they are truly a "Team of Teams"...

Thank you for all that you have done for our country.  Thank you for what you are doing today for us here and in the rest of the world...

04 November 2018

Wonder: The Mystery of Your Relationships Map...

"Mystery creates wonder and wonder is the basis for man's desire to understand" --Neil Armstrong
Think about it.  How could you use the inspiration of this remarkable man and apply it to your life?  Your family.  The people you work with and collaborate with on projects, to discover what is possible.

When was the last time you had the opportunity to say to your closest love one:  "I wonder..."

How might we frame the context of our next quest with a friend, a co-worker or just a sponsor of our project, with a sense of "Wonder."

When you think of the quote by Neil Armstrong, a test pilot, an explorer, an astronaut it makes some sense.  Yet what about the quote from a boy who grew up in Ohio, and moved to sixteen towns in the state over the course of 14 years.  A boy who learned to fly and earned his student flight certificate on his 16th birthday.  Little did he know, that someday he would be looking at the planet Earth from the surface of our Moon.

What do you wonder?  It is there, inside you and all you have to do is capture it and capitalize on it.

Take out a piece of paper.  Write your name in the middle of the page.  Write the names of your family around yours in a circle.  Maybe it's more like a star*.  Now write the names of people around the core of your family relationships, that you truly value and trust as friends, comrades and collaborators.

An now on this most outside band of people, write the names of those you admire or would most like to spend more time with, to wonder.  In a meeting, on a project or to pursue a long term mission with.

Ever wonder about your life right now?  Look at the piece of paper in front of you.  The spiral of relationships you have and are pursuing, will of course influence your destiny.  The ability to achieve your life long dreams.  Is it a mystery?

So what?

Trust this piece of paper as your daily game plan.  Your life compass.  It is your map to what is important today.  When you spend time elsewhere or with other people, it is a distraction.  A life limiting factor.  Your livelihood and the quality of your trusted relationships are that important.

What can you do or say to the people on your relationship map today, that will make a significant difference?

Wonder...

"On November 18, 2010, aged 80, Armstrong said in a speech during the Science & Technology Summit in The Hague, Netherlands, that he would offer his services as commander on a mission to Mars if he were asked.[246]"

28 October 2018

In Search of the Truth: How you make Judgements or Conclusions...

"Intelligence analysts should be self-conscious about their reasoning processes. They should think about how they make judgments and reach conclusions, not just about the judgments and conclusions themselves." --Richards J. Heuer, Jr.

What is truth and how can we know it?  Alternative hypotheses need to be carefully considered--especially those that cannot be disproved on the basis of available information.
When was the last time you worked on a challenge to disconfirm or disprove a hypothesis?   Our analysts do not have enough time out of their building.  They must start and end the process for "sense making" with using all of their senses, in front of and immersed in the hypotheses they are trying to disprove.

The data-driven mosaics before the people who are looking "Over-The-Horizon" (OTH) are vast.  In many cases, they do not need more aerial imagery, RF data, or more forensic information.  They just need more context and they must spend more quality time actually seeing, smelling, tasting or feeling the environments that they are or will be analyzing.

Who makes the best analysts?  Some would say those who have been there and done that.  Others would say, it is better to have people that are not biased and have never done that, yet have the opportunity to experience the environment being analyzed, long enough and close enough, to be able to create valid competing hypotheses.
So what?
false positive noun

Definition of false positive

: a result that shows something is present when it really is not
The test produced too many false positives to be reliable.  This is our greatest vulnerability and our search for the truth, must do all that we can do, to eliminate the possibility of false positives.

The mounting challenges and problem-sets before us, as "Operational Risk Management" (ORM) professionals is substantial.  Still to this day the gaps in fundamental knowledge on topics such as "Digital Forensics" are increasing.

The mobile sensors that we carry around in our pockets and purses have become the problem.  Now we have embarked on the mission to call upon the data from the Apple and Samsung devices for a search for the truth.  Are we seeking intelligence or looking for evidence?  There is an incredible difference.

And where does all of this data live?  Have you backed up your iPhone to iCloud lately?  Or perhaps you have an online account with your particular Internet Service Provider (ISP) where you archive your data for safekeeping.  Or maybe you have backed up our data to the multi-terabyte portable drive sitting on your desk.  The possibilities are endless.

In our search of the truth, how do you make judgements and reach conclusions...

20 October 2018

Linchpin: Who will you call?

Are you a "Linchpin" in your organization? The person who people may call the "Fixer", "Troubleshooter" or just plain "Rainmaker". Are you considered to be a combination of all three and indispensable?

By now, hundreds of thousands or maybe millions of people have read Seth Godin's book, Linchpin: Are you Indespensable.  They are now well on their way to becoming more self-aware of their position within their organization and the others they interact with on a daily basis. Are you just following instructions or are you a leader or an artist in your industry or company?

Operational Risk Management (ORM) Executives know who in the organization are considered "Linchpins". If they don't now, then it's time to learn who they are and why. Some of these people may even be outside the formal organization and it's imperative that you know who they are as well.

Why?

Because when the next major incident makes itself visible or when the Emergency Management Broadcast System breaks into the TV or there is a breaking story on the Radio show you're listening to, then you will know the correct "Linchpin" to deal with the risk category and situation that is unfolding before you.

So who are some good examples of Linchpins in your life or organization? The people who get the call to handle the problem, issue or opportunity in their particular category or area of subject matter expertise.

Each one of these people at their respective organizations or category, has been a "Linchpin" at a particular moment in history with the following characteristics articulated by Seth Godin in his book:
  • Charm
  • Talent
  • Perseverance
Seth does a great Venn Diagram on page 43 of his book that describes those who may have only two out of these three traits or areas of competency. If you only have Charm and Talent then you are a Prodigy. If you have Charm and Perseverance then you are a Princess. If you have Talent and Perseverance without Charm then this is pure Frustration. Yet if you have all three, then you are a Linchpin.

Now think about the people you know in your organization who have all three. These are the "Linchpins" that you want to know and you want to have at the tip of your call list.

Operational Risk Management that is effective and responsive may require the Linchpin to handle a dire situation or rectify a dispute or investigate an allegation or discover the right balance of art and science.

The road to becoming indispensable in your group, organization, unit or department may begin with some DNA, yet it is something that almost every human can aspire to become.

Search out the people in your organization who are Operational Risk Linchpins and find out a way to have them start teaching your most promising students, on how to achieve greater levels of charm, talent and perseverance.

13 October 2018

Cognitive Diversity: A Mile High...

On the eve of an early winter storm in Denver, CO USA, there is change in the air and the anticipation of a new blanket of fresh snow.  Hundreds of like-minded individuals with a common mission, steadfast purpose and glowing enthusiasm for innovation are gathered here.  This is the "Virtuous Insurgency."

The Defense Entrepreneurs Forum (DEF) is gaining momentum on so many fronts.  The crisp dialogue and the challenges for change are so distinct and even heart felt.  When you put this much "Cognitive Diversity" in one place over the course of 3 days, there is bound to be multiple examples of critical moments of brilliance and also social intelligence.

Maybe it's time you changed your "Chief Operations Officer" (COO) title to:  "Chief Outlaw Officer."

When was the last time you heard such intellect, witnessed such courage of ideas and even caught your eyes gathering a tear listening to people tell their vivid stories.  This is evidence of the organizational and cultural hurdles that we face each day to achieve our purpose, within a tremendous system designed for an era of arms races and so many decades past.

The United States Department of Defense (DoD) and the incorporated Intelligence Community (IC) are rapidly accelerating the pace of change and even celebrating their failures.  The question on many people's minds is this.  Are we too late?

When was the last time you as a CxO in your commercial enterprise, made the decision to assist our men and women serving our country, to better learn more about the daily business strategies of the private sector?  It's processes, the entrepreneurial factors and the continuous race for market share.

Have you created a strategic initiative within your commercial company, that invites outstanding fellows from our military and intelligence domains, for a Tour of Duty within your organization?

Why not?

You see, it is a 360 degree opportunity for the individuals in your firm to learn from these military and intelligence fellows, to gain new insights as they have become so skilled in their respective specialties and roles.

This learning works both ways and would provide those serving our country with vital experience and understanding of the idiosyncrasies of your industry sector and unique commercial enterprise.

There are current forms of this kind of work exchange fellowship going on across America now, yet it is now being optimized.  It is far from perfect for both stakeholders.

What is the right amount of time and at what level of seniority is the fellow brought in to the organization?  Six months, a year?  Who is the sponsoring department?  Engineering, Information Technology.  Business Development.  Accounting, Customer Service, Procurement, maybe it is even more than one.

You see, organizations today are asking for Veterans to consider their commercial company for employment and have specific recruiting events being marketed to those who have transitioned out of one of our military services.  Why are these companies waiting for someone with a DD Form 214?

Our organizations large and small should be creating the most ideal roles and experiences for these fellows now, so that they ultimately would like to return, once they have finalized their tour of duty with the military.

What is brought back to the inner core of the current state of our military industrial system are new ideas, new processes to be tested and the experiences of working in the private sector.

So how might we lead the commercial race to attract new found experts in asymmetric warfare to work along side those inside your Information Security department?  Who will lead the commercial race to attract new found experts in Geo-Spatial Intelligence to work with your Logistics, Disaster Recovery Planning (DRP) or even your Marketing department?  The possibilities are too numerous to imagine.
"Our U.S. nation state adversaries have optimized their defense and intelligence systems already.  The blur between commercial and military operations is hard to discern sometimes.  The speed to market and the "Cognitive Diversity" of those working on Quantum Computing and Artificial Intelligence is already well known."
One only has to peruse this recent report to ascertain why we are now behind the curve.  Yet our "Virtuous Insurgency" is on the correct trajectory.  Almost straight up...

06 October 2018

National Security: Cyber Infrastructure Risk...

Is your organization a threat to National Security? That depends on whether you own, install, and maintain Critical Infrastructure. When you hear that term, "Critical Infrastructure" what comes instantly to mind? A bridge, a road or some other shovel ready project?

Yes, the hard leap for many to get their head around is that your cell phone, TV and Internet connection are vital "Critical Infrastructure" and if you are a Verizon, AT&T, Sprint or large cable company in the United States; National Security is a top of mind issue.

Is it possible that our country is at risk because of the same "Risk Management" paradigm that has plagued the Financial Services industry? A lack of resources and focus to deter, detect, defend and document risks to our critical infrastructure, could turn into a systemic and interdependent threat to our national security.

How can you make the case for a 2008 era economic meltdown in the financial services sector, to be similar to the potential failure of the Communications, Information Technology, Water or Energy sector?

It's easy. Look at human behavior and to the motivators of greed, selfishness and just plain blindness to a "risk bubble" just waiting to burst. Who will be the next Bear Stearns, in the Communications Sector?

The truth is, that some Fortune 500 companies marketing departments, may have a larger budget than the information systems, internal audit department and the security department combined. When the nuts and bolts, concrete and plumbing associated with electronic commerce, banking, and just plain mobile communications come to a slow crawl or halt in it's tracks, the government will have to do the same thing all over again.

Bail out or restore the industry and the companies, who are the lifeblood of our Critical Infrastructure.

Our National Security is at stake and the owners and operators are still waiting for the right incentives to invest in robust maintenance and security programs, instead of just more marketing. After all, market share is what shareholders ask about, along with how many new subscribers you won or lost last quarter.

How often do we hear the question at the shareholders meeting, that asks about the amount of downtime, failed systems or customers without service, as a result of a "Glitch" or fried circuit board?

So how does the electronic critical infrastructure really impact National Security?  The Department of Homeland Security (DHS) has the lead.  The mission is to lead the national effort to secure Critical Infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community.

"The Office of Infrastructure Protection (IP) leads and coordinates national programs and policies on critical infrastructure security and resilience and has established strong partnerships across government and the private sector. The office conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks to critical infrastructure. IP provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks."

A culture of risk management is slowly moving it's way into the Board Room conversations and the CEO may be on notice, if the "Tone at the Top" is not focused on Enterprise Business Resilience. However, that "Tone at the Top" needs to go beyond the shareholder value conversation, to the National Security topic.

One only has to look further in a few places on the "Net," to better understand what the offensive cyberwarfare conversation is all about, as the Advanced Persistent Threat (APT) has evolved in the past few years.

Once you understand that many cyber incidents with our U.S. Critical Infrastructure are just a test, then you will realize that U.S. shovel ready projects need a new public service announcement (PSA), with a shock value of texting while driving.

The risk of a specific kind of behavior on the road or the critical infrastructure complacency within the corporate enterprise, can have the same results. We have already nationalized the likes of AIG, Freddie Mac and Fannie Mae after the last financial crisis.

Perhaps it time to do the same for Amazon, Verizon, AT&T, Sprint and others, who are vital assets in our National Security and have them report directly to the Pentagon...think about it.

30 September 2018

The Social Network: "Speed of Trust"...

Corporate Executives have for years understood the power of building trust.  What are a few of the foundations for creating sustainable credibility, in a world fueled by digital social networks?

This begins with reading the Stephen Covey bestseller, "The Speed of Trust."

The one thing that changes everything, as the cover reads is a real understatement. As a CxO in your organization, you have to examine the degree to which your people, processes and systems possess the "4 Cores of Credibility":
  • "Integrity - is deep honesty and truthfulness. It is who we really are. It includes congruence, humility and courage. To increase your integrity, make and keep commitments to yourself. Stand for something and then live by it. Be open. Do you seriously consider other viewpoints?
  • Intent - is your fundamental motive or agenda and the behavior that follows. It includes motive, agenda and behavior. To improve your intent, examine your motives. Are everyone's interests being served? Share the "why" behind the "what" wherever possible.
  • Capabilities - is our capacity to produce and accomplish tasks: talents, attitudes, skills, knowledge and style. To build your capabilities run with your strengths. Match your strengths to unique high-value opportunities. Know where you are going and keep the vision in front of you.
  • Results - is your track record. People evaluate you on three key indicators of performance. Past, current and anticipated. To improve your results take responsibility and adopt a "results" mind-set. Expect to win and create a climate of high expectations. Finish strong and avoid the "victim mentality."
Trustworthiness in a relationship and an environment of trust in the economy, national security or the stock market makes all the difference. The behaviors that you exhibit in public and behind closed doors with your stakeholders, will set the tone for everyone inside and outside the organization.

Can you think of any companies or people over the past two years, that you have lost trust in?

Stephen Covey goes on to explore the 13 behaviors that we all need to be more aware of in the way people perceive us and our companies. These are all important items that we have all heard before, yet are worth the time to explore again and more deeply at this stage of our evolving digital social networks.

Everything we do should be looked upon from and through a "Trust Lens," so that we take the time to ascertain how a particular behavior may have an impact on someones perception of you or your organization.

It does not matter where or what is going on in the news, the perceptions are being formed on the fly in our respective human mind views. Depending on how the headline reads or the iPhone video reveals, could influence even whether you decide to read an entire news article or watch a news segment that is unfolding before you.

Operational Risk Management (ORM), that is effective in the enterprise begins with building trust and integrity. If you are a private company, do you even have an "Ethics" 800 number, that allows employees to report anonymous tips on infractions on company policy or observations of security violations and/or malfeasance?

If you do, this could be the first sign that the "Tone at the Top" means business when it comes to "Walking the Talk" on trust and integrity.  And when you have reached these milestones, then it may be time for "Achieving Digital Trust:  The New Rules for Business at the Speed of Light"...

21 September 2018

Calm Before The Storm: Time to Dare and Endure...

"This is no time for ease and comfort.  It is time to dare and endure."
  --Winston Churchill

Have you ever felt the calm before the storm?  Literally, you can feel it.  Yet this is exactly the time you should not be complacent.  It is a time to Think, to Plan and to Act.

Almost each day the headlines from our global news feeds tells the story.  Countries, Corporations, Communities and Chief Executive Officers seemingly caught off guard.  Surprised by the threat of the cyclone, the ransomware, the drought, or the economic volatility.

Over-The-Horizon (OTH) thinking requires a mindset, that anticipates change.  It embraces the calm before the storm.  Yet it is the uncertainty of an unpredictable world, that should motivate you.  You have seen it before, as the environment you operate in reaches a place and feeling of calm.

Your focus should be on better understanding the indicators.  What are the indicators in your particular environment, that signals the warning?  How will you know when it is time to act and to be more proactive, in your situational awareness?  When will you engage in purposeful thinking and planning to increase your readiness to act?

History has recorded incidents of economic downturn that have caught some investors and corporations off guard.  There have been communities suddenly consumed by fire, tornadoes or cyclones.  How many places of work and worship, are now the crime scenes of active shooters and/or terrorist bombers?  When was the last time a key leader or linchpin at your company was diagnosed with cancer?

Operational Risk Management (ORM) is a discipline that never sleeps.  It is your mechanism and systems for continuously thinking, planning and then executing in anticipation of change.  When was the last time your team actually had a dialogue about the vital topic of your organizational "Business Continuity?"

You see, complacency is one of our greatest threats.  It is the thought that it will never happen to us.  It is the thought that you are invincible.  Guess what?  You are only seconds away from catastrophic change.  To your country, corporation, community or your most vital personnel.

It is time to dare and endure.  You have the power to begin right now.

Tap the icon for your calendar and look at the next 60 days.  Certainly there are at least one week where you have 2 days you could devote to leading your team.  Gathering them together, away from the distractions of your enterprise.

The strategy to challenge your leaders, to ask them to think, to engage in spirited dialogue and the outcomes you seek, will produce organizational endurance.  What are you waiting for?

16 September 2018

Crowdsourced Risk: Situational Awareness in Mass Emergency...

Real-time information and raw intelligence via mobile devices, has changed the risk management dialogue from the Emergency Operations Center (EOC) to the corporate board room.

Operational Risk Management (ORM) professionals are leveraging this information in combination with crowdsourced mapping applications, GPS, video feeds and live reporting.

Intelligence Analysts have leveraged Big Data and Digital Analytics to extract the relevance of key questions asked by their constituents.  These same ORM professionals also realize the raw data feeds from John Q. Citizen is exactly that.

Fact checking, vetting and data verification, is still the task of journalistic and intelligence experts.

Whether you are talking about risk incidents that involve whistle blowers on Wall Street, severe weather events, natural disasters, the Arab Spring or an active shooter in a Denver, CO suburb; social media is there.

Corporate Chief Information Officers are in the middle of "Bring Your Own Device" (BYOD) policy development, while National Public Radio (NPR) is using Twitter as a news room approach to reporting in the Middle East. Errors, Omissions and the operational risks associated with this "New Normal" is upon us, with the crowdsourced future of news and intelligence:

In just a single flash back to 6 years ago, we were writing about how users of Twitter and Reddit used those networks to tell a compelling story about a mass shooting in Toronto, and how the same phenomenon was playing out in real-time during another horrific incident: a shooting at a movie theater in Colorado, that had killed at least a dozen people and wounded more than 50.

Although local TV news channels and CNN had been all over the story since it broke, some of the best fact-based information gathering had been taking place on Reddit and other open source curation tools.

The information posted on Facebook, Reddit or the organizational blog is at stake. Crowdsourcing and Crowdmapping with the correct tools and trusted rule-sets, is just the beginning.

From innovation to Revolution, Patrick Meier and his blog captures even more on the vital crowdsourcing topics. For a good foundation, also be sure to visit Sarah Vieweg's dissertation on situational analysis:

Situational Awareness in Mass Emergency: A Behavioral and Linguistic Analysis of Microblogged Communications (2012)

"In times of mass emergency, users of Twitter often communicate information about the event, some of which contributes to situational awareness. Situational awareness refers to a state of understanding the “big picture” in time- and safety-critical situations. The more situational awareness people have, the better equipped they are to make informed decisions. Given that hundreds of millions of Twitter communications (known as “tweets”) are sent every day and emergency events regularly occur, automated methods are needed to identify those tweets that contain actionable, tactical information."

Welcome to Dataminr...

In each of these news worthy events, we can see how a new form of journalism and situational intelligence — one that blends traditional reporting and crowdsourced reports — has evolved.

When an era of these applications and zettabytes of pictures and videos are available to the public, the journalist/analyst has a tremendous volume of sources. This now includes the evolution of Body-Worn-Cameras (BWC).  And with those sources, comes a renewed responsibility to the integrity of the real mission before us. The truth.

What is actually the truth? What happened to whom and when?

The private sector has been leveraging Big Data Analytics for decades, including little known companies such as Acxiom, to collect and verify information on people, for the purpose of marketing. This indeed is a mature and established sector of the consumer retail industry and financial institutions for the purpose of operational risk management:
The ideal combination of vetted and proven data sources from private sector companies such as Acxiom in the U.S., along with the raw reporting of information from the social media sources is already the future of journalistic trade craft.
When journalism from trusted sources or intelligence reports from trusted analysts misuse or error in their use of these tools, the operational risk factors are magnified. This can damage reputations and even jeopardize human lives.  The mobile social media revolution has the potential to be a Pandora's Box.

Operational Risk Management discipline provides the framework and the proven methodologies to mitigate the rising likelihood, of a "Decision Disadvantage."

Whether you are the editor of a major publication or the watch commander at the local police department does not matter. Whether you are the CISO at a major corporate enterprise or the head of a government intelligence agency does not matter.

It begins long before Journalism school or high school English class. The ethics and integrity of information is at stake and it begins the first time you hand a pre-teen, their first mobile digital device.

09 September 2018

9/11: Seventeen Years of Resilience...

Flying over the rolling mountains of Virginia, on the final approach to IAD for the 17th year ceremonies since September, 11 2001, there are so many thoughts and memories of that tragic day in U.S. history.

Being in the Washington, DC area on that morning, is forever etched in visions of chaos, uncertainty and fear. Yet remembering each 9/11 anniversary, is important on several fronts.

The process of analyzing that day and all that we have learned since then, assists us with the healing and the ability to become more resilient. It answers the question of "Why," for some of the reasons we continuously send our military training assistance to foreign nations.

Watching footage of the Twin Towers, Shanksville, PA or the Pentagon with rising smoke that morning, brings tears so easily, just as the memory of any trauma in your life will do. A smell, a picture, a sound. It makes you remember a point in your life, that brought tremendous emotions.

Are you as a person more resilient some 17 years later? Is your family? What about your business? What have you done to be even more ready, able and substantially more resilient since 9/11/2001?

So what?

If you are government DoD, IC, DHS or a First Responder, you are training all the time. It is almost a constant state of readiness, preparedness and Operational Risk Management (ORM). You are anticipating the next incident, the next attack or the next emergency. You understand. Thank you!

When was the last time you were certified in advanced first aide, how to use a tourniquet or a defibrillator? How have you been training to notify your employees of a major incident and what plan to execute? Do you even know about your local CERT and how it can save lives?

Whether on the home front, in a strange city or country, or back at your place of work, the focus on increasing resilience never ends.

Never Forget.  Be more Resilient...

01 September 2018

Trusted Leaders: This I Believe...

In 2018 our global challenges are in many ways, no different than years or centuries past.  Leadership across nation states and even now our private sector companies, that have revenues larger than some countries, are in conflict.

People across our world, now have the technological ability in the palm of their hands, to express their thoughts to millions, almost instantaneously.

During John McCain's celebration of life service today in Washington, D.C., there were many gathered to pay tribute to one of our countries greatest leaders.  Remembering his life and his military journey through a life of leadership, these words from his own "This I Believe Essay" and today's experience shall stay with us forever:
"Years later, I saw an example of honor in the most surprising of places. As a scared American prisoner of war in Vietnam, I was tied in torture ropes by my tormentors and left alone in an empty room to suffer through the night. Later in the evening, a guard I had never spoken to entered the room and silently loosened the ropes to relieve my suffering. Just before morning, that same guard came back and re-tightened the ropes before his less humanitarian comrades returned. He never said a word to me.
Some months later on a Christmas morning, as I stood alone in the prison courtyard, that same guard walked up to me and stood next to me for a few moments. Then with his sandal, the guard drew a cross in the dirt. We stood wordlessly there for a minute or two, venerating the cross, until the guard rubbed it out and walked away."
What do you believe in?  Is it possible that your ability to be a leader in life, has much to do with your own belief system?

Many leaders would say that their beacon in life, is burning bright and it is so obvious what direction to follow.  Others are lost, without a way to find the path to leadership, as their tools for navigation become broken or outdated.

The truth is, that John McCain never lost sight of what leadership is really all about.  He maintained his skills around how to navigate a path in life, that would always make a difference to others.  You see, a true leader never loses faith, or the continuous pursuit of what they really believe in.

You have met people in your life who you would call a leader.  Maybe they had some of the same traits and a belief system, that you could identify with.  Maybe the first time you met them in person, you walked away saying to yourself, "Wow__that is someone that I could follow or I wish we had more time to get to know each other."

Our world if full of potential leaders, who shall never find their entire ability to make a difference in life.  Why?

The debate might start with a discussion about a person's upbringing, where they were born or how their parent(s) nurtured them.  Yet science and research has studied this for decades if not more and it will be continued, for the foreseeable future.  Why one person becomes a leader and another does not, is an interesting dialogue to have with someone, you trust.

When you make a decision to trust, remarkable results are possible.  "TrustDecisions" are a purposeful act, to engage in the very rules you have adopted in your life.  To stand by those rights, wrongs and the spirit of your life beliefs, that have guided you during your trust decisions.  And more.

Leadership and John McCain are synonymous, alike in meaning or significance.  What if?

What if our children, now were asked to study the life of John McCain, as history has asked them to study others?  Our United States founding fathers or other leaders across the world, who are now in our history books.

Just as John McCain, your life journey begins with "This I Believe."  Your decisions to trust will follow from there.  Godspeed Senator McCain!

25 August 2018

Homeland Resilience: Operational Risks in the Supply Chain...

The U.S. Homeland Security Intelligence (HSI) priorities, are good indicators of what the private sector can expect for government intelligence focus, coordination, cooperation and collaboration.

Operational Risks to business operations in the United States, are ever more so complex and increasingly tied to the supply chain security of the Homeland.

In many cases, the private sector has the answers, that can pave the way for improved relevancy and accuracy of information for the government. This translates to greater Operational Risk Management (ORM) insight, that would not previously be known.

It also enhances the clarity of the insights already known, by our Homeland Security Intelligence mechanisms.

Here are a few of the top of mind categories, that the Private Sector and the Public Sector could be forging new partnerships and strategies together:
  • Global Maritime Shipping
  • International Banking & Finance
  • New and Developing E-Commerce & Artificial Intelligence Technologies
  • Application and Use of Social Media - Charting Cultural Topography
  • Modeling Human Behavior - Patterns and Applications of Usage
  • Nanotechnology
  • Robotics and Automation - New and Developing Technologies and Uses
Why should the private sector be working on these and sharing what they know with the appropriate channels in the U.S. Government? For one, to reduce your own Operational Risks, as you run your business operations across the country and as you operate on a more global basis. Overall, Homeland Security is reliant on a Resilient "Global Supply Chain".

International trade has been and continues to be a powerful engine of United States and global economic growth. In recent years, communications technology advances and trade barrier and production cost reductions have contributed to global capital market expansion and new economic opportunity. The global supply chain system that supports this trade is essential to the United States’ economy and is a critical global asset.

Through the National Strategy for Global Supply Chain Security (the Strategy), we articulate the United States Government’s policy to strengthen the global supply chain, in order to protect the welfare and interests of the American people and secure our Nation’s economic prosperity.


Our focus in this Strategy, is the worldwide network of transportation, postal, and shipping pathways, assets, and infrastructures by which goods are moved from the point of manufacture until they reach an end consumer, as well as supporting communications infrastructure and systems. The Strategy includes two goals:

Goal 1: Promote the Efficient and Secure Movement of Goods – The first goal of the Strategy is to promote the timely, efficient flow of legitimate commerce while protecting and securing the supply chain from exploitation, and reducing its vulnerability to disruption.

Goal 2: Foster a Resilient Supply Chain – The second goal of the Strategy is to foster a global supply chain system that is prepared for, and can withstand, evolving threats and hazards and can recover rapidly from disruptions.


One of the vital linchpins for these goals to occur, will be a converged and globally accepted management system for supply chain resilience. This blog has discussed ISO 28000 in the past and the U.S. White House has published the policy direction for this and is a private sector imperative:
ISO 28002 Standard for Resilience in the Supply Chain

ISO 28002:2011 specifies requirements for a resilience management system in the supply chain to enable an organization to develop and implement policies, objectives, and programs, taking into account legal, regulatory and other requirements to which the organization subscribes; information about significant risks, hazards and threats that may have consequences to the organization, its stakeholders, and on its supply chain; protection of its assets and processes; and management of disruptive incidents.
For those private sector organizations that are for some reason not familiar with the ISO 28002, you should be.

It is the path towards creating a more resilient private sector, that will have the lions share of responsibility for keeping the supply chain operating after any significant disruption, whether physical, cyber or both.

So what?  So what does all of this mean for the Operational Risk Management Professional of a U.S. business today?

It means that you have to take it up a notch. Gather the heads of your risk silos from Finance, Information Technology, Corporate Security, Human Resources and your Crisis or Continuity of Operations section.

Look at ISO 28002 as a team and begin the process of digesting what it means to your organization.

How could you internalize and even operationally collaborate to increase your level of resilience from 36 hours to 72 hours?  The clock is ticking...

19 August 2018

Information Threat: Battle for Superiority...

What continues to be the greatest economic threat to your organization? Is it "Internal" or "External" to your institution? Could it be both?

Insiders rarely work alone and therefore the nexus with some outside influence, whether it be a person, life factors or some other entity are typically in play.

Is an engineer in R&D copying precious intellectual property information from within the enterprise company, that could be worth hundreds of thousands or even millions to the highest competitive global bidder? Could your small business have an accounting supervisor that has been diverting funds to a private bank account for the past two years?

Would it be possible that a supplier or 3rd party partner is capable of inflating the number of billable hours on a project?

Whether it's IP Theft, Fraud or other white collar corporate malfeasance, these Operational Risks are real and growing at a double-digit percentage rate annually. The greatest economic threat to your organization could be complacency or an apathetic staff, who works without adequate resources and little communication with the Executive "Powerbase".

The compliance and oversight mechanism's are in full swing from the federal governments around the world as highly regulated critical infrastructure organizations are implicated in a myriad of corruption, scandal, ethics and criminal matters.

Litigation is an Operational Risk that many organizations have realized the necessity for more robust internal teams to address the continuous requests for information from the government.

There is one common denominator across all of the insider threats, external forces and other vectors that seem to be attacking our institutions night and day. That common denominator is "Information".

And underlying this is the data and meta data that all to often ends up being the key or clue to finding the "Smoking Gun" and the source or person(s) associated with the scheme or attack on the organization.

Managing information in a mobile and interconnected planet is a major issue in any global company. Providing the tools and the right information faster and more accurately than the competition can be the difference in your own survival on the corporate battlefield.

So how does the CxO suite even begin to address the risks, opportunities and resilience in our demanding "Information-centric" environment?

They believe in having a strong culture of ethics, training and continuous monitoring of employees, systems and their supply chain. They understand the importance of providing the vital resources to the people on the front line of risk management and to make sure that their early warning systems and methods are not compromised.

This breed of CxO's are the new breed of organizational management, that are leveraging information to their most significant advantage:
Whether you are trading in a marketplace, analyzing assets on a map or manufacturing widgets and selling them to qualified buyers, operational risk management begins and ends with information. Managing that information effectively and more accurately than your competition is the name of the game. What have you done today to insure your survivability in the face of the next crisis?

11 August 2018

Operational Risk: The Pursuit of Trusted Information...

Operational Risk is about Performance Management and Business Resilience.  CEO's and the Board of Directors realize the road to eliminating fear in their organization and the marketplace, is through trusted information.

Being agile, ready and capable of a quick recovery is what competitiveness is all about, on the field, on stage or around the table in the Board Room. Working towards control and protection while "fear" builds in the back of your mind makes you stiff, depletes your energy, confidence and creates doubt.

And when you are operating a business or standing on the tee of your first sudden death hole on any PGA weekend, you better have resilience.

The business equivalent to homeland security and critical infrastructure protection is Operational Risk Management (ORM)—a domain that many executives see as the most important emerging area of risk for their firms. Increasingly, failure to plan for operational resilience and crisis readiness can have “bet the firm” results.

There are numerous examples of how errors, omissions and glitches have brought down the reputations of many a Fortune 500 companies. What do they all have in common that was clearly absent and that led to their demise?
"A trusted reservoir of economic and business resilience to remain competitive in the marketplace."
Even beyond natural disasters and information security hacks, the threat of "Tort Liability" and the loss of organizational reputation is top of mind these days, with every major global company executive.

The threat is continuous and increasing at a faster rate than many other real operational risks to the enterprise. Litigation from regulators, class actions and competitors has given the term "Crisis Readiness Team" a new emphasis and meaning.

Once corporate management understands the need for a continuous "resilience" mentality in place of a "protection" mental state, a new perspective is found. Investing in the vitality, agility and competitive capabilities of the organization, sounds and is more positive.

It alleviates the fear of doom and gloom and inspires new found innovation. The future of your organizations longevity and in it's adaptability, can be achieved with a new bold perspective.  Compete or die.

Crisis Readiness could be enabled or suppressed in your enterprise by the amount of power you give your leadership. Do they have the ability to make an autonomous $1M decision or just $10K decisions when it comes to investing budgeted capital into their business unit operations?

Do they manage risk on a level where they are the most informed and the most knowledgeable about the business?  Or is the "Mother Ship" back at the home office HQ dictating the way they spend or the way they invest?

The ability to know how to manage risk at the point of creating new information, is the nexus of several disciplines and requires substantial training. Every minute that goes by with people not performing and behaving correctly, puts the enterprise at greater risk to lost performance opportunities.

All these issues can be summed up in a single concept:  Trusted Information. Simply accessing data is no longer enough.

CEOs, CFOs and knowledge-workers must be able to reliably track the information they use for decisions, back to the original source systems, in order to ensure its timeliness, accuracy and credibility.

Over the last decade, organizations have invested millions of dollars in systems to collect, store and distribute information more effectively.  Despite this, information users at all levels of the organization, are often uncomfortable with the quality, reliability and transparency of the information they receive.

Today's organizations rarely have a "single view of the truth." Executives waste time in meetings debating whose figures and policies are correct, rather than what to do about the company's issues.

Additionally, they worry about the consequences of making strategic decisions, using the wrong information, directly impacting the long-term survival of the organization.

The search for trusted information is a continuous pursuit for commanders in the "Mission Ready Room" and the "Corporate Board Room".

So how do you achieve the level of assurance that's required to make the "Bet the Firm" risk management decisions in your enterprise...

05 August 2018

Supply Chain: Interdependencies Risk...

In the U.S., it is now less than 30 days away from the next cyclone season.  One thing is for sure. You are in complete control of your readiness factor.

In what countries do you operate? Do you source raw materials from politically unstable regions of the globe for your end products? Are you subject to a myriad of taxes, tariffs and duties including new security measures in our ports? How complex are your sales and distribution channels?

At the end of the day. the big question is: What is my financial, operational and economic risk exposure in the event of a disruption in our external supply-chain?

The risk of external supply-chain interdependencies has been talked about for many years. Monte Carlo simulations, scenario analysis and other methods have been effective in the determination of what the magnitude of a loss event may look like. Once the dollar analysis is done and you know that your exposure is $XXM. or $XB., then what do you do with that information?

Much of the outcome of this exercise may go into the next strategic planning phase on who you need to partner with or create an alliance with in order to satisfy certain future contingencies. Once you realize that you need more than one source for a raw material or a key service to run your business, then the real analysis begins. Who and where do I find the best alternatives for this vital component in my global supply-chain?

If you begin your due diligence now on the top 10 vital components in your supply-chain contingency planning exercise, you might have these all completed, through the legal department and signed within a few months time. If you are lucky. Then you must really test the new supplier or source for your product or service to determine how smooth they operate when you pick up the phone or send the "Alert".

The ultimate architecture requires an "Adaptive Supply-Chain" that will provide cross-border agreements and resilient mutual-aid partners to assist in times of crisis. Just shifting production from one country to another may not be enough to mitigate the disruption in a vital component of the manufacturing process or delivery of services.

Having a reflexive and responsive supply-chain is only one of many contingencies in a robust Business Crisis and Continuity Management plan.

When was the last time you reviewed your key suppliers and sourcers plans for continuous operations and their record for testing these plans? This will be the place you find your greatest weakness in external supply-chain management.

And your readiness factor, is directly proportional to your interdependencies in your supply-chain.

28 July 2018

Certainty: Solutions for an Unpredictable World...

As the moon rises on a distant horizon, vital leaders across our globe are gaining new strategic foresight to continuously adapt their enterprise.

The future horizons in the mid-2000's are now on their mind and for good reason.  All of us are operating at increasing speed, in an unpredictable world:
What is the certainty that the Operational Risks in the next 20 years, will be a replay of the variety and spectrum of loss events we have witnessed in the past 18 years.  The difference is that they are accelerating.  What have we learned?  What are we doing about it?  How are we changing?  Why?

Solutions for resilience in motion in our "Unpredictable World" span the domains of people, processes, systems and external events.  Operational Risk Management (ORM) is a discipline that can be applied in most any size enterprise including government.

When you are seated around the meeting room with your leadership team, what do you see?  People who are in charge of teams, business units, departments, subsidiaries, portfolio investments and other assets of the enterprise.  You are counting on them to be prepared, to be predictive and to be proactive.  Are they?

You see, after all of the lessons learned and the After Action Reports (AAR) have been written and published, it seems to come back to the fundamentals.  It is history repeating itself.  Will our future world continue to be unpredictable?

If you said yes, then what are you doing about it?  Let's go back to that group of leaders sitting around the conference table.  Who have they engaged outside your enterprise to back them up to help them be more prepared, predictive and proactive?

The truth is, that you are behind the solutions curve.  Even your simple, yet effective Business Continuity Plan is outdated and gathering dust on the bookshelf.  The crisis team is far too preoccupied with the next news story or "Tweet," that may have an impact on the stock price.
The truth is, our unpredictable world is actually certain and we only have a limited amount of time until the next crisis, to prepare and adapt...

21 July 2018

Remember His Name: The Long War Ahead...

"Edward Wilson believed in America, and he would sacrifice everything he loved to protect it."

In "The Good Shepard" Matt Damon's character, Edward Wilson, is partly based upon the founder of the CIA's counterintelligence operations, James Jesus Angelton. As we look back over the past year, one can only wonder what Mr. Angelton would have to say, if he were alive today.

This September 11, 2018, brings all kinds of thoughts and emotions thinking about what our world has become since the days after World War II. Edward Wilson and Jim Angelton were both focused on the risks of finding out the truth.

Getting answers to questions that few others would even contemplate to ask. For the love of their country alone.

We are reminded of other professionals with the same mission. On September 11th, 2006 on the cover of Sports Illustrated Magazine, sits another patriot in a tree near the Afghanistan-Pakistan border. His name is Pat Tillman.

And as the SI cover story title says: "Remember His Name." Journalist Gary Smith captures the essence of what it means to walk in the shoes of men like Pat Tillman, who seek answers even more than life itself.
Everybody who thought he'd enlisted purely out of patriotism, they missed reality by a half mile. Sure, he loved America and felt compelled to fight for it after more than 2,600 people at the World Trade Center were turned to dust. But his decision sprang from soil so much richer than that. The foisting of all the dirty work onto people less fortunate than an NFL safety clawed at his ethics.
He had uncles and grandfathers on both sides who'd fought in World War II and the Korean War, one who'd taken a bullet in his chest, another who'd lost a finger and one who'd been the last to leap out of a plane shot from the sky. On a level deeper than almost any other American, he'd reaped the reward of those sacrifices: the chance his country afforded him to be himself, all of himself.

He yearned to have a voice one day that would carry, possibly in politics, and he was far from the sort of man who could send others into a fire that he had skirted. His relentless curiosity, his determination to live his life as if it were a book that would hold its reader to the last word, pushed him into the flames as well. The history of man is war, he told a family member, so how, without sampling it, could he ever know man or himself completely?
The Operational Risks we choose to face as professionals, keeps us focused on the fears that haunt us most. Someday, we hope that the fear will disappear, if we face it long enough and often enough. And then it dawns on us, that this will never happen. The "Long War" ahead will not have an end point.

Nor will it's end, ever be celebrated with a ticker tape parade in New York City.

The long war ahead, requires leaders who understand what Jim Angleton and Pat Tillman both have in common. It begins with a renewed hope for conquering the fears ahead...

15 July 2018

Enterprise Risk: The Future of Public Private Partnerships...

When it comes to the overall Business Resilience in a city or geographic region, there are a plethora of Public Private Partnerships that have been in development for decades between government entities and the private sector.

The goal for some, is the simple exchange of information on relevant topics of community and local or federal jurisdictions. Others have a very distinct role and measurable outcomes designed into their structure, to achieve a mutual purpose. The Houston Ship Channel Security District is a rare example:
The Houston Ship Channel Security District, a unique public-private partnership, improves security and safety for facilities, employees and communities surrounding the Houston Ship Channel.
There are other Public Private Partnerships (PPP) that help address the safety and security of the United States, including the FBI's InfraGard program. This is an approach to engaging with private and public sector individuals in a region or sector of critical infrastructure, as opposed to a specific business entity.

The combination of an individual-based intelligence sharing organization of subject matter experts, combined with a more business owner-operator and city, county and state governments model, is one that needs continuous care and oversight to remain effective.

There are hundreds of other local and national models that converge on the goal of a true public private partnership, that never achieve excellence. They continuously miss the mark from several levels of information exchange, coordination, cooperation and collaboration.

These failed attempts at getting the private sector working in concert with government, still comes back to one key criteria for success; people. Regardless of whether you have the funding resources or not, a single or handful of motivated, dedicated and smart people, can and will make the relationship work.

Simultaneously, people can also be the roadblock, the resistance or the problem in getting a public private partnership working as effectively as it could be, to achieve the mission. This is when the mechanisms of governance, oversight and common sense are needed to guide the respective initiatives and operations of the entity either public or private, in the right direction.

You only have to look at the leadership in many cases to understand why there is continuing success in achieving SMART objectives or why there is failure. Service before self-interest is what becomes a major facet of why many of these organizations perish and then you have to examine who is really the beneficiary of the work being done by these dedicated volunteers.

Another effective public private example is the Intelligence National Security Alliance (INSA):
"INSA provides a nonpartisan forum for collaboration among the public, private, and academic sectors of the intelligence and national security communities that bring together committed experts in and out of government to identify, develop, and promote practical and creative solutions to national security problems."
When you are able to converge the thought leaders from a particular vertical discussion area, to produce the best thinking on an Operational Risk topic, the output is extraordinary. The key is to keep these same set of thought leaders together long enough and often enough, for the trust factors to build and for the true sense of collaboration to emerge.

INSA has accomplished this with the "Homeland Security Intelligence Council". Formed in 2010 and now renamed the "Domestic Security Council" and working continuously on a monthly and even bi-weekly basis, they have produced several valuable outcomes from their work together. One example is the white paper produced soon before the tenth and also the fifteenth anniversary event of 9/11.

Homeland Security Intelligence is a discipline that depends on the successful fusion of foreign and domestic intelligence to produce the kind of actionable intelligence necessary to protect the homeland. INSA is one private private organization that realizes this more than others.
The key to public private partnerships in the U.S., the "Enterprise" is not just government when it comes to intelligence and situational awareness. One only has to look at the number of iPhones and camera enabled devices being carried around by hundreds of millions of people to understand this today. Social Media and global real-time information discovery will remain our continuous situational awareness challenge.

The private sector companies, who in many cases are the owners of critical infrastructure assets in the nation remain the power base. The willingness or reluctance to share the right information at the most appropriate time from government and combine it with private sector capabilities, will always be the largest challenge for the public private enterprise going forward.

08 July 2018

ORM: The Science & The Art...

Operational Risk Management today is a true "science", with the "art" becoming more of a key component in connecting the dots. Yes there are plenty of standards from various disciplines to assist professionals in the assessment and measurement of risk.

The tools that have been developed over decades to help predict risk, dates back to the insurance industries inception. Actuaries are indeed a key component in this evolution of the science. What happens when you put several other factors into the equation? Like dates in time when various events are converging on a single window of potential risk consequences and implications:
Actuaries are those with a deep understanding of financial security systems, their reasons for being, their complexity, their mathematics, and the way they work (Trowbridge 1989, p. 7). They evaluate the likelihood of events and quantify the contingent outcomes in order to minimize losses, both emotional and financial, associated with uncertain undesirable events.

Actuarial science
applies mathematical and statistical methods to finance and insurance, particularly to risk assessment. Actuaries are professionals who are qualified in this field through examinations and experience.

Actuarial science includes a number of interrelating disciplines, including probability and statistics, finance, and economics. Historically, actuarial science used deterministic models in the construction of tables and premiums. The science has gone through revolutionary changes during the last 30 years due to the proliferation of high speed computers and the synergy of stochastic actuarial models with modern financial theory (Frees 1990).
The art of Operational Risk comes into play with practitioners and professionals who have the "Grey Matter" to see the big picture. They have the ability to think like the enemy, or examine the window of opportunity. Working with windows in time and the ability to see the convergence of particular events, allows for the creation of scenarios, to draw more strategic insight.

This ability to create filters and extract true meaning from raw data, segmented information and then from cognitive analysis creates the true vision we seek. This is an "Art" as much as it is a "Science".

Forecasters in the hurricane, typhoon and tsunami warning centers around the globe know the meaning of using the science as much as the art of risk management. The nexus of security and terrorism puts another dimension on the meaning of operational risk management and now you have the Terrorism Screening Center (TSC) assisting with the fusion of intelligence to counter potential individuals from terrorist acts.

If you were planning an event for your organization in downtown Washington, DC for the 3rd week in July 2018, what are the factors that are taken into consideration? Have you scheduled to fly in all of your key executives for a Board of Directors Meeting and a round of golf at RTJ?

What about all of the other events and organizers who have made the decision to hold their event the same week or day in July? What impact will any of these other events have on you and your organizations ability to facilitate a safe, secure and productive meeting for your participants, members or customers?

The truth is, that many event planners and organizers are not even tied into the same database or the systems as the Chief Security Officer. The CSO in many cases is not aware that the sales or marketing organization has scheduled a customer summit or new product kick-off the same time as a scheduled anti-[insert activist group here] march. Or maybe it's just a PGA golf tournament.

So what? So what does the "science" of operational risk have to do with the "art" of operational risk?


Think clearly and use both when it comes time to develop your own "Fusion Center" for risk in your organization. Make sure you include the people and the data that could create the perfect storm when a combination of events all take place within the same time window. There are only so many hotels, convention centers and airports for people to utilize for the logistics of these meetings.

The competition is fierce to get the location, dates and venues you seek to impress your audience. It's not always about the number of things going on at the same time, it is the combination of each unique entity that makes the "Art" of Operational Risk imperative.

Any combination of ingredients by itself can be harmless. But when you mix them together in the right amounts, in the right place, you could be facing a loss event that could not have been predicted looking at the science alone...

01 July 2018

4th of July: Risk of Complacency...

This new nation state is turning 242 years old on July 4th, 2018. The United States of America will be celebrating another birthday and the Republic, will reflect on what we have learned, so far.

"Rule of Law" is an ever so powerful component of a democratic way of life and is the envy of so many nations who still seek its most true form. Operational Risk Management permeates the essence of the laws and rights of U.S. citizens in the work place, companies and organizations in global commerce and the government who provides oversight on all of it.

The balance of power between individual citizens and the government responsible for the protection of life, liberty and the pursuit of happiness is always in flux. Yet in the end, "The Union" has endured some of the most significant "Operational Risks" and disruptions one can imagine.

It is the analysis of "The Union" and the incredible resilience of all the moving parts that make the United States what it is today. Weathering the storms of mother nature by hurricanes, tornados, earthquakes and droughts to the economic threats of depression, mortgage or Wall Street implosion has not put a dent in "The Union's" ability to bounce back.

Withstanding the challenges to our Constitution and the rights proclaimed to each and every citizen, has only made us stronger. What cases to the Supreme Court have changed our future?

When you look at your own organization and examine the components of your people, processes, systems and potential external events, does it have what it takes to endure 242 years? Certainly there are risks that exist today that are prevalent in the eyes of shareholders, Board Members and even executive management.

The question really is "What are you doing about it?" This in itself, could be the biggest threat to the United States and your own organization. Complacency.

complacency

[kuh m-pley-suh n-see]
  1. a feeling of quiet pleasure or security, often while unaware of some potential danger, defect, or the like; self-satisfaction or smug satisfaction with an existing situation, condition.
It is the perception of the quiet pleasure or security of your organization or your own country, that may very well be the greatest threat to it's existence. Ignoring the cues and clues to the deterioration of the balance of power, the rule of law and the economic engine necessary to sustain the necessities of life, such as food, water and cash flow may be the reason for your demise.

Your own business resilience will continue to be a factor of the correct mixture of the ingredients that sustain and organically grow the enterprise. Those who try to grow to quickly without regard to quality will in many cases fail.

Those who let the power base become significantly imbalanced, so too will find the ability to endure a tremendous hardship. Those who ignore the constant requirement for monitoring and governance will suffer the realities of human factors. Motivations that are often defined as greed, jealousy and hate, soon will emerge.
"Relationships remain vital to our family unit, the neighborhood we live in and the cities, counties and states that oversee our way of life."
It is those same relationships within our business and government ecosystems, that will determine whether they perpetuate your healthy growth, or its inevitable deterioration.
 
Those same family units, neighborhoods, and government jurisdictions have the power and the ability to avoid complacency and mitigate the Operational Risks that will be present in each. Look around the country of the United States or the nations of the world and you will see who has been complacent, and who has been the most effective in OPS Risk Management.

"I pledge allegiance to the flag of the United States of America, and to the republic for which it stands, one nation under God, indivisible, with liberty and justice for all."

The flag consists of 13 alternating red and white stripes that represent the 13 original colonies, and 50 white stars on a blue field, with each star representing a state. The colors on the flag represent:
  • Red: valor and bravery
  • White: purity and innocence
  • Blue: vigilance, perseverance, and justice
Happy Birthday Uncle Sam!

24 June 2018

SOC: Statement of Truth...

Global transnational organizations who provide 24x7 Business Resilience Intelligence and executive security protective details are on the rise. Corporate personnel who must travel to high risk regions of the globe, realize the requirement for a minimal, yet comprehensive security envelope.

Back at the Business Resilience or "Security Operations Center" (SOC), you will find a team of subject matter experts working in concert, to continuously enhance the Operational Risk Management matrix. One set of analysts are tasked with the media review and real-time intelligence collection from Open Sources. One example could be CNN or even more regional sources such as Alhurra:
Alhurra (Arabic for “The Free One”) is a commercial-free Arabic language satellite television network for the Middle East devoted primarily to news and information. In addition to reporting on regional and international events, the channel broadcasts discussion programs, current affairs magazines and features on a variety of subjects including health and personal fitness, entertainment, sports, fashion, and science and technology. The channel is dedicated to presenting accurate, balanced and comprehensive news. Alhurra endeavors to broaden its viewers' perspectives, enabling them to make more informed decisions.
Another set of analysts are sifting through online intelligence portals such as Opensource.gov or Data.gov . However, when you have a specific executive who is traveling to a specific country, there are more detailed plans and substantial advance work that takes place.

These facets of corporate enterprise risk and operational risk management (ORM) are vital to protect human assets and the ongoing continuity of business operations. Situational awareness enhancement is a 24/7 x 365 day process.

Whether your business takes you to Pakistan, Paris, Toronto or London the risk of bombing, or criminal elements are a real potential threat:
LONDON — An 18-year-old Iraqi asylum seeker was sentenced on Friday to life in prison in Britain after he was convicted of attempted murder in the botched bombing last September of a rush-hour train on the London Underground, which injured 30 people.

Ahmed Hassan was convicted last week after he left the bomb that partially exploded one stop after he had disembarked. The explosion triggered a stampede that injured tens of passengers.
Executive Protection details have been utilizing the compendium of wisdom and research that is found in Gavin De Becker's publication, "Just 2 Seconds" and for good reason:
"Think of every assassination you've ever heard about. For most people, a few of these major ones come to mind: Caesar, Abraham Lincoln, John Kennedy, Martin Luther King, Mahatma Gandhi, Indira Gandhi, Anwar Sadat, John Lennon, Israel’s Prime Minister Rabin, Pakistan’s Benazir Bhutto.
From start to finish, all of these attacks — combined — took place in less than one minute. And the hundreds of attacks studied for this book, all of them combined, took place in less than a half-hour. Those thirty minutes, surely the most influential in world history, offer important insights that can help today’s protectors defeat tomorrow’s attackers."
Operational Risk is far more pervasive than just the detection of fraud, mitigating the loss events from internal information theft or the "All Threats, All Hazards" approach to the "Continuity of Business Operations."  It's been said here before and it's worth repeating again this statement of truth:

"Attackers use tools to exploit a vulnerability to create an action on a target that produces an unauthorized result to obtain their objective."

Whether you utilize this statement within the context of your digital domains, physical domains or the vast set of processes within the enterprise, it does not matter.

What does matter, is that those individuals responsible for the survivability and the defensible standard of care of the organization,  "Never Forget"...

17 June 2018

Father's Day 2018: 30 Years of Wisdom...

On the dawn of the day in America, known as Father's Day we reflect and we acknowledge him.  For many, their Father was a major influence in their life.  All to often, others never really knew who he was.  Father's are all Operational Risk Management (ORM) professionals in many ways.

This Father has two adult children, a daughter and a son about 19 months apart in their late twenties.  Fatherhood started in mid-September, 1988.  That gives you some perspective on our years of experience together.  So to all those Father's out there, who are planning a family someday, here are a few thoughts.

First off, the role consumes you.  Seeing that first born baby, changes you forever.  You suddenly realize the word "I" is no longer in your vocabulary.  Most certainly, you thought you loved your wife tremendously, before you watched your first daughter born.  Yet the overwhelming feeling of new love you have for your wife at that time and moment, is ever so special.  Incredible!

Second, becoming a Father becomes a life long responsibility and a new life mission.  You find yourself having memory moments, decades later about your children's greatest achievements in life.  The day they walked for the first time.  The special birthday party with friends in that old neighborhood.  The day they walked up on stage to get their College/University Diploma.  At that point in your life, when you were working 12 hour days.

Father's Day as long as you are alive, shall be a day of remembrance, a day of memories and a day of looking into what lies ahead.  You have watched them grow up.  You have counseled them, taught them, trained them and loved them.  When is your role as Father over?  Not until your last day on Earth.

Being a Father makes you a better husband.  It gives you the role of being all those things that your wife can't be or won't be at that particular point in time.  As your kids grow up, you will both find your path, as a mate and a parent.  One thing is for certain.  Being married now 30+ years and raising two kids, who are both college graduates and now in challenging careers, makes you realize you might have made a difference.

Finally, being a Father makes you think about your own Father and how you want to be the same or different.  After all, where did you learn many of the things that will influence how you might parent.  When I saw my Father on the day he died, I cried.  And yet, I saw a look of joy on his face as if to say, I know I was not perfect, but I loved you very much.

On this Father's Day in America, this one is so proud.  This Father loves his wife dearly and realizes that our two kids love us so much too.  Having a son makes you strive to be your best.  To be a model husband, to live ethically, morally and spiritually.  And now that we have a new Son-in-Law, loving him like my own.  Walking my daughter down that aisle, was almost as joyful as the day I saw her born...

Happy Father's Day...Onward!

09 June 2018

Crisis Readiness: Future of Risk Response...

One of the key components of effective Operational Risk Management (ORM) is a robust Crisis and Incident Readiness Response Team. This team shall have practiced and exercised multiple scenarios over the course of their training together. Why?

The ability to adapt on the fly regardless of the kind or type of incident is the core of what OPS Risk professionals are able to do, time and time again. The more unknowns that are encountered in any space of time, requires the ability to Observe, Orient, Decide and Act.

Yet this is not so much about the use of the OODA Loop or any other process in effectively adapting to your new and rapidly changing environment. It is about having the right sensors and early warning capabilities in place to detect and to deter the potential for new threats and new vulnerabilities, that may disrupt your mission.

Why do you read about Global 500 organizations that have seen their stock price erode in a day, week or month due to the ineffective response to a crisis incident? In many cases, it is a simple fact. The Crisis and Incident Response Team was caught in a scenario that they had never imagined.

An unfolding situation that they had never thought of and simply didn't plan for because it's likelihood was just too low. This author has talked about this before and it deserves repeating that exercising for the low likelihood and high impact events is where you need to spend most of your time.

The 1-in-100 year events are no longer the case. They are 1-in-50 or less. Just ask your property and casualty insurance carrier about how their actuarial Quants are thinking about this very topic. Whether is it global climate change or unregulated nuclear power industries in emerging nations, the low likelihood and high impact events are becoming more of a risk.

So what is the answer? To begin, you must first start the culture change and mind set shift to the future and to your own Strategic Foresight Initiative. Looking into the future is not exactly the exercise. Pick a point in time, five years, ten or twenty-five years into the future. Select a scenario that you can't even fathom is a possibility of actually coming true that will impact your organization. Then start your own "Backwards from Perfect" strategic foresight initiative.

What this process will do, is to get all the focus on what you still need to accomplish between now and then to get yourself into a position so that your people, systems and organization will be able to withstand the scenario incident. Welcome to Global Enterprise Business Resilience.

Across every sector of society, decision-makers are struggling with the complexity and velocity of change in an increasingly interdependent world. The context for decision-making has evolved, and in many cases has been altered in revolutionary ways. In the decade ahead, our lives will be more intensely shaped by transformative forces, including economic, environmental, geopolitical, societal and technological seismic shifts.

The signals are already apparent with the re-balancing of the global economy, the presence of over seven billion people and the societal and environmental challenges linked to both. The resulting complexity threatens to overwhelm countries, companies, cultures and communities.

FLASHBACK TO THE:  Global Risks 2012 Seventh Edition

What if you happen to be a Non Governmental Organization (NGO)? What are some of the risks that may impact you from a "Geopolitical" perspective that today have a high likelihood?
  • Global Governance Failure
  • Terrorism
  • Failure of Diplomatic Conflict Resolution
  • Pervasive Entrenched Corruption
  • Critical Fragile States
  • Entrenched Organized Crime
  • Widespread Illicit Trade
Crisis impact will be specific to your particular stakeholder group. These will be higher or lower depending on whether you are a:
  • NGO
  • Business
  • Government
  • International Organization
  • Academia
There are however, three main cross cutting observations by all of the these stakeholders from the Global Risks 2012 report and even to present day:
  • Decision-makers need to improve understanding of incentives that will improve collaboration in response to global risks
  • Trust, or lack of trust, is perceived to be a crucial factor in how risks may manifest themselves. In particular, this refers to confidence, or lack thereof, in leaders, in the systems which ensure public safety and in the tools of communication that are revolutionizing how we share and digest information 
  • Communication and information sharing on risks must be improved by introducing greater transparency about uncertainty and conveying it to the public in a meaningful way.
The way that the global citizen decides to digest information in five or twenty years will be different than it is today. The world has already started to see this with the proliferation of mobile smart phone technologies, GPS, cameras, and other Twitter-like knowledge systems networks such as FrontlineSMS and Ushahidi.

Do you really believe that CNN and AlJazeera will be the source of truth in the next two decades? Social Media is here to stay and the only reason that formal news organizations will exist, is to try to validate and verify.

Operational Risk Management (ORM) and Crisis Readiness shall continue to be one of the most dynamic and challenging places for global enterprises for years to come...