Problem-Set: Enterprise OPS Risk...

Who is responsible when a particular Operational Risk problem-set has risen to your organizational awareness?  Clue: It is not the name of a department or single person.

This means that all people in your company, agency or command unit may have encountered behaviors, information or evidence of potential Operational Risk loss event outcomes.

Until you have a documented 1-Pager in your organization, you don’t have a problem-set or someone with the responsibility to solve it.

What is the Problem-Set? Give it a short Title that identifies the issue.

How do you describe the Background on the new problem-set in less than two short paragraphs?

Explain the Challenge ahead.

In less than one paragraph of three or four sentences, explain what the intended outcomes of solving the problem-set will be.

Now provide the Boundaries in your process of discovery and activity, that will provide you with the solutions solving the problem-set.

Now, who is the Owner / Sponsor of this problem-set?

“You have an “Operational Risk” loss event potentially waiting to happen.”

The people and/or the team who have been assigned to the defined  “OPS_RISK_PROBLEM-SET” (ORP), now have the organizational responsibility and power to engage with mitigating the risk of the potential outcomes, by designing and implementing the prototype Solution.

If leadership assigns you to this particular 1-Pager, it is now your responsibility to follow the process and to execute the steps you have been trained to carry out within your organization.

This shall occur in a timely manner, based upon the severity of the Operational Risk:

Design an easy and memorable numerical scale that could be utilized with the team or owners of your Problem-Set to provide a quick numerical severity for the ORP.

SEVERITY / LIKELIHOOD OF LOSS EVENT

LOW >>>>> 1 >>>>> 3 >>>>> 6 >>>>> 10+ HIGH

Stack rank your company, agency or command unit ORPs from High Severity to Low Severity on a pre-determined schedule, relevant to the size and pace of your national regulatory requirements.

If your organization is categorized as one of the 16+ national Critical Infrastructure Sectors as defined by the U.S. Department of Homeland Security (DHS), your organization shall engage in a continuous process of solving new problem-sets that are being continuously discovered in your enterprise.

Now you are on your way to solving more problem-sets with timely defined solutions within your entire Operational Risk Management (ORM) organization.

Onward!

Vantage Point: Never Stop Wondering...

If you grow up in America in a small town, it gives you a "Vantage Point". Especially, when that one day early in your life when you finally drive out of there.

So you are on to a new U.S. state, a new global time zone or traveling to a new place you have never been before.

In America, we like to drive a vehicle a thousand miles somewhere, across our country to observe. To learn. And to just explore.

Traveling from that small town in Michigan to a small college town at the foot of the Rocky Mountains in Colorado, provided all kinds of new learning.

vantage point

noun

Synonyms of vantage point

: a position or standpoint from which something is viewed or considered

especially : POINT OF VIEW

The minute upon arrival, you could not take your eyes off of the mountains and the glorious sun sets above them.

It wasn’t much longer until it was time to explore, to walk up with a pack on your back. 

To visit that small “Blue Lake” in September, was definitely a vantage point at 9,300+ feet looking up at Mt. Audubon and Paiute Peak in the Rocky Mountains.

Lying out there under the thousands of stars in the new L.L. Bean Goose Down sleeping bag for the first time was so epic.

"Thinking about the journey so far, it was almost certain the infinite game had started."

This was going to be a life full of adventures, with so many stories to tell from small towns to a college campus to some of the largest cities in the world.

Once you begin, it’s difficult to stop exploring. It just seems like you can’t get deep enough or high enough on this planet.

Whether you are almost a hundred feet deep in the South Pacific holding hands with your new spouse, or thousands of feet high in the Monashees snow skiing in light powder does not matter. You are at another Vantage Point.

While you are learning throughout your life, what else do you wonder about?

Whether you are falling asleep under the stars or to the sounds of sirens in a metropolitan city near the quiet ocean, say a prayer.

Give thanks for all you have been given and witnessed so far in your life. Guess what, there are so many more "Vantage Points" to come.

Wonder…

Trusted Horizon: "Augmented Intelligence"...

When you read that critical powerpoint report last week at work, did you trust what the author had written?

How did you make the decision to trust the numbers that the author placed in the columns and rows chart on page 3?

Did you trust the author and source because of their previous track record of accuracy?

Did the numbers come from a sensor that has been tested in an independent lab to a 99% level of truth?

You trusted that report at work for a reason. It was a “Trust Decision”.

Why?

Have you personally tested the math? What is the source of the data?

So why do you trust Apple vs. Samsung? Verizon vs. AT&T?

Would you pay $100 for a machine that was 99% accurate or could you live with a machine that was 50% accurate and only cost $50?

Think about your mobile navigation mapping app. Where are you going?

These kind of discussions are fundamental yet necessary for us at this point in our digital innovation journey. Just as humans have since the inventions of the Personal Computer, Internet and Quantum Computing.

Trust Decisions are mathematical.

mathematical

adjective

1: of, relating to, or according with mathematics

2 a: rigorously exact : PRECISE

b: CERTAIN

3: possible but highly improbable

We have been trusting computers, data and all kinds of sensors as a result of established testing standards. You name it. ATM’s. Stock Markets. Airplanes. Rockets.  Satellites.

Today, would you trust the answer of any question asked to your favorite Large Language Model (LLM)?

LLM’s will challenge your future digital “Trust Decisions” because you might decide whether you believe Chat-Brand A vs. Bard-Brand B vs. Claude-Brand C.

No different than your preference today on using Google search or Bing.

Are human lives at stake? How will we ensure the trust of our digital machines? 

Into the future, our ability to produce high accuracy “Trust Decisions” will depend on your own “Augmented Intelligence” (Ai)...

Never Forget: Memories & Our Future Resilience Innovation…

On the dawn of September 11, 2023 our United States remembers and reflects.

The day 22 years since the attacks on our country 9/11/01 actualizes so many facets of our “Resilience”:

Emotional.

Educational.

Emergency Management, Transportation, Healthcare, Communications, Information Technology, Financial, Defense, Energy and so many others within our International Critical Infrastructure systems.

In the middle of a 8:30am business breakfast at the Reston, Virginia Hyatt on 9/11, the screams from those watching the bar TV across the restaurant will never be forgotten.

Our USA is so much more “Resilient” than we were over two decades ago and we have much further to reach, in order to achieve total functional resilience across new sectors.

The true commercialization of SPACE is far beyond the knowledge awareness of our average U.S. citizen. Unless of course, they have seen the film Apollo 13 or The Right Stuff.

Our SPACE infrastructure is rapidly growing from the key private sector companies ecosystem who have been in business for years.

More importantly, the new Space ecosystem of private sector companies beyond the traditional government aerospace suppliers to NASA, is currently providing vital resources and new SPACE technology innovation.

The growing supply chains for SPACE missions has already multiplied the requirements for resilience in so many new and different realms of our United States private sector, including academic engineering education and R&D environments.

Therefore, on the eve of this September 11, 2023 we must be even more vigilant to NEVER FORGET.

“Around and within our innovative U.S. Space infrastructure is a growing threat landscape and it requires: securing our space assets, increasing situational awareness, maintaining resilient satellite communications, creating new policy frameworks, expanding workforce development, and creating new emerging technologies.” --Space ISAC

So what?

The United States shall now create a 17th Critical Infrastructure domain, that shall require our resources and continuous innovation for the next 20+ years and beyond.

“Resilience of SPACE infrastructure” has always required key people from vital organizations:

“The Space ISAC (Information-Sharing-Analysis-Center) has launched in Colorado Springs, CO and is the only all-threats security information source for the public and private space sector.

“It is the most comprehensive and single point source for sharing data, facts and analysis on space security and threat to space assets. Space ISAC also provides analysis and resources to support response, mitigation and resilience initiatives.”

Who will we work with side-by-side, to prepare our response in an “All-Hazards” SPACE world that changes by the minute?

These dedicated people can be found solving SPACE problem-sets in our future innovation strategies by utilizing proven methodologies in:

• Mapping / Targeting

• Sketching / Solutions

• Deciding

• Prototyping / Testing

How shall we continuously work together to provide the correct tools, systems, knowledge and trusted experience to make a proactive global difference? 

It is our purpose and our mission to “Protect Critical SPACE Infrastructure” across our great nation and to ensure the resiliency of our people, systems and our organizations in the Public - Private Sector.

Secure: Find it...

What are you and your team doing this week to create a “Secure” environment?

Your organization is counting on you for all that defines this adjective:

Secure

adjective

se· cure si-ˈkyu̇r  -ˈkyər

securer; securest

1a: free from danger

b: affording safety

c: TRUSTWORTHY, DEPENDABLE

a secure foundation

d: free from risk of loss

2a: easy in mind : CONFIDENT

b: assured in opinion or expectation : having no doubt

How are you creating and maintaining a continuously “Secure” workplace, church, school, home, transportation system, main street or entire country environment?

It’s not the role or responsibility of One person. One department. One agency. One camera.

"Leadership as a CEO, Principal, Parent, Mayor or President requires you to continuously pursue a more “Secure” environment that requires focus and a persistent innovation mindset."

Your family, your employees, your town and your own nation are watching you.

You may think you understand the problem-set. You might try to use one tool. You will learn that you must continuously adapt. Build prototypes. Test again.

Your creative ability to change on the fly, your capability to act faster than the threat will make all the difference in your counter-response.

What are you measuring this day, week or month to determine what and where you need to adapt?

It is not always what you will be able to hear, smell or see with the naked eye. This is why innovators designed detectors, radar, alarms, cameras and even binoculars.

Asymmetric threats to our environments are Invisible. Undetectable. Irregular. Disordered. Atypical.

So what?

All of us, into eternity will remain responsible for our “Secure” environment.

Whether it may be in your global neighborhood, on campus, at the Mall, in your software, undersea, aerial or to Mars, you too shall have a role.

Find it…

Observation: Sensory Informed+Aware+Ready (SIAR)...

In a focus to be more innovative in your particular business or vocation, which of your own human senses are you using most effectively today?

• Sight.
• Sound.
• Smell.
• Touch.
• Taste.
• Pain.
• Hunger.
• Thirst.
• Pleasure.

Anything else?

How well are you using your complete observations that combine these senses with other brain functions to create new insights, new intelligence or safety knowledge?

How many steps are there from your front hallway up to your second story in your residence? If you know the answer, why?

Your observation skill sets are combining human senses and other brain functions to provide you with new insights, knowledge and domain awareness.

Or you may already know the answer of how many steps are in your home because you are handicapped or blind.

You many also know the moment that someone in your house is boiling water on the kitchen stove, because of a unique smell. And you probably know who that person is.

You many know the moment a next door neighbor leaves their garage, based upon the sound of their vehicle.

We are continuously combining our sensory functions and brain functions all the time, even without thinking about it.

"Yet how observant are you really? Do you store your sensory information somewhere for retrieval later? In case you need it?"

What if you became more actively conscious about this by practicing it each day. How might this new observant talent be of a vital use to you and others?

Operational Risk Management requires multi-sensing information processing and response 24x7 by you, not just by your machines.

By you as a standalone human.

If you had to operate for a whole day without your iPhone with you on next Friday, what might you observe? What might you learn?

How might you better increase your own personal knowledge on this Friday.

With the observation of human senses of Time? Of Direction? Of Temperature? Of Weather? Of even a lack of “Knowledge” of what your friends, followers or family are doing each hour of their day.

So what?

Your future abilities of human observation will enhance your innovation capabilities as you continuously adapt to your hourly and daily environment.

Your enhanced personal “Operational Risk” skill-sets will keep you more Sensory Informed, more Aware and more Ready (SIAR) than so many others…

Onward!

Objective: Utilizing Empirical Learning…

 Objective  adjective

1 a : expressing or dealing with facts or conditions as perceived without distortion by personal feelings, prejudices, or interpretations.

When you were growing up in your family, perhaps sitting down for a dinner each evening at 6:30PM, what was your classic ritual?

Did your Father sit at the head of the table and your Mother on the opposite end? Was it a time of jovial catching-up on each others respective days and sharing information on topics of family interest?

Was the dialogue open minded and full of questions about the topics? Maybe it was the opposite.

Or was your Father or Mother listening and observing while adding experiential lessons to the dialogue.

Each persons age and level of experience in life has much to do with the value of a true dialogue.

Each persons ability and willingness to be truly “Objective,” enhances the value of the dialogue because it is actually more empirical.

Is the person talking, teaching or facilitating the group focused upon actual observation or actual experience?

Is the information being shared capable of verification or testing by experiment?

Is the person at the end of the table or in front of the room or the principal investigator utilizing experiential knowledge and lessons, based upon true witnessed outcomes?

How many high school and college class rooms today, do you find someone who is a true empiric?

One who relies on practical experience. An “Instructional Facilitator” who is in the back of the room, carefully listening.

With decades of experience to provide additonal context.

Learning and discovering what the day, week or hours have produced from those people who have been recently operating on the front line. Operators in the action and who have been part of the actual witnessed experiences.

How well do those who are listening and observing, utilize both “open-ended” questions to explore and expand while also utilizing “close-ended questions” to verify understanding?

Empirical  adjective

1 : originating in or based on observation or experience.

2 : relying on experience or observation alone often without due regard for system and theory.

As you learn more about our own human behavior and the way our brain stores information, the questions that you will have, shall begin to change…

Trust Decisions: Creating a State of Zero Surprise…

Most people believe in some form of risk management and the truth is, that it doesn’t work all the time. It doesn’t work because the human being is incapable of processing all of the possible rules of the moment, the game, in any specific scenario, fast enough.

The organization or environment you are operating within and the responsibility you are tasked with each minute of each hour of each day, requires you to make “Trust Decisions.”

There are three essential qualities of Trust:

1. “Trust is a rules-based exercise.”
2. “Trust decisions are fueled by information.”
3. “Trust decisions are mathematical.”

“In a digital world where we are struggling to sustain and build trust across a global, wired landscape of human affairs characterized by reports and allegations of cyberwars, digital theft, electronic espionage, and the loss of human dignity through ubiquitous surveillance, this essential truth changes everything.”

“Achieving Digital Trust: The New Rules For Business At The Speed of Light” - By Jeffrey Ritter Page 51-53

As you begin to think about your daily tasks, do you know and understand the rules?

Trust Decisions require a “Yes” or “No”. There is no “Maybe”.

Unfortunately, humans operate differently than machines and software that were designed with rules that are truly binary. Zero or One.

That is why we designed and built tools and innovations that can follow the rules at tremendous speeds using rules that we agreed upon.

How well do you know the rules that are the origin of behavior within your most trusted tool?

Is it a gondola? Is it an alarm? Is it a safety switch? Is it a software program? Is it a computer embedded in another machine?

Rules are followed. Information is gathered. Calculations are executed.

So what?

“Taking the risk” means choosing not to calculate trust and the first opportunity to do so occurs far earlier than you might ever imagine.“

“Decisions that are thorough—decisions that are to be trusted—create more wealth.”

“Achieving Digital Trust: The New Rules For Business At The Speed of Light” - By Jeffrey Ritter Page 75-77

Humans are continuously processing a combination of all three qualities simultaneously and yet you know when “Trust” is quickly eroding in your vision, your senses and your mind.

You are comparing all of these qualities simultaneously based upon your past performance and/or experiences.

Therefore, failures of people, processes, systems and external events seem to occur randomly.

Is it possible to achieve a state of zero surprise? Where all risks are mitigated and humans can achieve an environment of trust that is sustainable. We think it is. In the right environment and in a specific scenario, surprise is now almost “impossible”.

How safe, secure and wealthy do you feel today?

Prediction: Another Year of Living Dangerously...

Will this be another year of living dangerously?

Security forces within your organization are busy at work, contemplating a combined strategy to address a continuing barrage of new potential threats. 

2023-2024 could very well be even more dangerous than this past year.

"Enterprise Security Risk Convergence is the "Operational Risk Management" wave of the future."

How these converged entities are forming and how they will arrive at a single focal point is based on what they both have in common. Information-based assets.

“Contingency Planners” shall be more beware. Savvy CIO's and CxO’s recognize that new threats and soaring costs are two factors driving the convergence or integration of traditional and information security functions in a growing number of global organizations.

Operational Risks span the continuum from the physical to the digital environment in our enterprise ecosystems.

Prepare your organization for the day when the efficiencies and the effectiveness of having redundant safety and security responsibilities becomes a new agenda topic at the next executive retreat.

Business desire for contingency professionals who can examine and assess the risks that organizations face as a whole, is one of the tipping points behind the convergence phenomenon.

In the end, the winners will be those contingency planners that realized that all the guards, gates, firewalls and intrusion prevention systems are nothing more than tools.

What they support is the successful implementation of a Risk Management System focused on intelligence information.

The single asset that security organizations have in common is the dynamically changing information in our contingency plans.

As the Operational Risks continue to surround our supply chains to corporate enterprises, it's imperative strategic planners look at where we are spending our money and deploying our resources.

What would happen to our preparedness, readiness and recovery capabilities if we just reallocated 5% of the corporate marketing budget to our protective intelligence and risk management budget?

If we did, then we might find ourselves with fewer calls to the Courthouse, State house or even to the (202) area code...

Navigator: Speed of Innovation...

When the Netscape Navigator was finally launched here on our planet Earth, much of humanity was just on the verge of an era of massive organizational change.

Working in the IT industry and living through the transition of our communications era of data transfer across and through the digital Internet in the early days was full scale innovation. In more ways than one.

As the desktop devices were rapidly designed for digital storage and computing power and the software industry was now at the dawn of incorporating modems of mbps data exchange, data integrity, data security and data resilience; our global intelligence strategies were still naive.

Deficient in worldly wisdom and informed judgment, it would not be too long until DISA, DARPA and others expanded the processes for the protection and the exploitation of the Internet. Network Solutions, Inc. ICANN and so many others.

Ft. Meade, MD to McLean, VA to Arlington to Quantico to Mt. Weather, VA. This was only the beginning of the late night SCIF meetings in the late 90’s.

The next data wake up call was February 18, 2001 in Foxstone Park near Vienna, VA when Robert Hanssen was finally arrested. His Palm 3 PDA was logged into evidence.

So what!

The light speed of fiber-optic submarine cables communicating our “Zeros and Ones,” Quantum, Hypersonic missiles at Mach 5, is just an example.

Back in July of 2000, a few stories above 1555 Wilson Boulevard in Arlington, a three year old startup company was already crawling the Internet 24/7, downloading Terabytes of open source information (OSINT). It was named Cyveillance then.

Many of these early Cyveillance founders can still remember what was discovered then, and what the value of international online monitoring services would soon become. The exponential growth of just the “Dark Web” was astonishing.

It was just causing a feeling of great wonder among leadership early mornings and late evenings across the National Capital Region (NCR).

The speed of defense and intelligence innovation and the pace of critical response in those days was truly epic.

On May 11, 2017 the President issued an Executive Order (EO) on strengthening the Cybersecurity of Federal Networks and Critical Infrastructure?

The question now is, why did it take us so long? In the mean time, 20+ years had passed.

In April of 2018, the NIST Cybersecurity Framework 1.1 was updated. Now 5+ years later, the journey to CSF 2.0 is in draft.

One of our U.S. greatest vulnerabilities still remains in so many places. The speed of change and our future technology innovation.

Our next few decades are so ready for acceleration, in so many places.

With so many more new young minds, working alongside our people with real leadership experience. 

With so many new inventions of mankind ready for launch…

Onward!

Office Automation: Time to Wonder...

It was located near the corner of Red Hill Avenue and Bell Avenue in Tustin, California and our ground floor offices were complete. We were the first tenant in this new modern business park.

You could never miss it driving down Red Hill, as our view across the road was the massive Tustin Blimp Hangar #1 in the near distance, today a historical landmark.

As a newly promoted Orange County District Manager, now after several years with a territory of high rise office buildings off Wilshire Blvd. in West Los Angeles, it was a great arena of new career opportunity in a growing business segment of the “Office Automation” industry.

Just inside the front door of the office we had our greeting desk and waiting area, our demo room was just to the left, and then straight ahead was a hallway door that led to the sales “Bull Pen” and to the rear of the building.

This is where our company service technicians area and our other tech support offices were located near a rear entrance.

It also included space for our growing high technology innovation business, to add dozens of new sales and support employees to serve the growing business areas in Orange County of Irvine, Newport Beach and Costa Mesa.

Within the year, we would soon come to hear the merger news of our national company Lanier being acquired. Harris Corporation of Melbourne, FL was our new owner and we were now on a rapid strategy to compete with Wang and new competitors in the growing “Office Automation” industry. By the start of the 1990's, Lanier accounted for about 1/3 of Harris Corporation's revenues.

What is that? Office Automation?

You know, the beginning of the IBM PC LAN networking of Word Perfect Word Processing, Lotus 1-2-3 and dBASE.

The lawyers, insurance companies, defense industrial base juggernauts such as Northrop, McDonnell Douglas and the financial services business community had also discovered other tech innovation to eliminate the historical secretarial typing pools and even the fax machine.

It was named Novell NetWare.

"At its high point, NetWare had a 63 percent share of the market for network operating systems and by the early 1990s there were over half a million NetWare-based networks installed worldwide"…

Imagine what is was like for our Sales, Support and Tech personnel in those days. So busy and so incredible. Even our “Happy Hours” off PCH at the “Rusty Pelican” were epic!

So what!

Well, those were the days of true business innovation.

Our Monday Morning Sales Meetings were at 8:00AM sharp, and then at 8:30AM our 1-1, 15 min sessions followed behind closed doors with each Sales Rep, to discuss their next weeks priorities and last weeks activity. See you next Monday!

Our Sales Reps were working on a straight commission and for their first 60 days their compensation was a draw against any monthly commissions earned. If you were in the “Hole” after 30 days, you were put on a Performance-Improvement-Plan (PIP). If you were still not meeting your sales quota in 60 days, you were fired.

When you have experienced any dialogue with an employee to notify them that this Monday will be their last day, it is never comfortable and always emotional.

Even after 20 or 30 notice meetings over the forthcoming years as a District and Regional Manager, helping another tear filled sales rep carry their “Bankers Box” to the parking lot next to that active Marine Corps Air Station El Toro (ICAO), it was never routine. Helicopters and the roar of jets were always in the background.

So many of these same dedicated people, went forward in their work careers to other competitors and excelled in their jobs. Maybe it was just meant to be.

When one career door closes and then another one opens before you, take a minute to smile. And Wonder.

Within a few more years and some other career moves in the OC, our own family was packing up our San Clemente house. Mom had a wonderful opportunity back East and with our 6 year old Daughter and 5 year old Son, we told them we were leaving their friends in their Capistrano Unified School District and headed to the Langley School District along the Potomac River in Northern Virginia. We witnessed even more small tears that day.

Soon thereafter, walking through the thick woods and along the dirt horse trails near our home one sunny September Saturday, with the sound of the “Great Falls” in our ears, little did we all know what was soon to launch on the global technology horizon.

Netscape.

"Marc Andreessen, the leader of the team that developed Mosaic, left NCSA and, with James H. Clark, one of the founders of Silicon Graphics, Inc. (SGI), and four other former students and staff of the University of Illinois, started Mosaic Communications Corporation. Mosaic Communications eventually became Netscape Communications Corporation, producing Netscape Navigator."

Now it was time to truly Wonder…

Aspiration: Life Achievements...

Your future will depend on how well you master innovation and certain disciplines in life.

How you alone decide to continuously learn and apply these effective rituals will make all the difference.

How many times have you repeated some of these same tasks, same rules, or same endeavors in order to achieve the goals that have been set for you or that you alone have set for yourself?

Many famous books have been written about finding your purpose, “Your Why”, yet what is it that drives your aspirations because you excel at some God given talent.

Having a talent that is discovered by your parents, a teacher or some other mentor or coach is only just the beginning.

Growing up in small town America or a little suburb outside a large U.S. metro city is the place you first learn about any potential talents you were born with.

It is not until you leave it and venture beyond your own locality to see the rest of the world outside your own neighborhood, that you will discover your ambitions, and what real talents you would like to pursue.

Who will you trust to be your instructors, coaches, your mentors, your colleagues and your institution, company, organization, agency or service for building and accelerating your disciplines as you grow older?

Will you choose a venture introduced by a parent, a coach or someone you want to be like some day? Will your choice to learn a particular skill or area of knowledge change your life trajectory forever?

Yes it will.

The focused skills and the area of knowledge you choose to pursue will become your path to the future.

One truth is, you must find yourself “Doing” far more time than just time “Thinking”. 

Getting out of your own local domain, doing more into the unknown with others, will gradually build new valuable skills and your growing knowledge.

Perhaps more important, it will build more real experiences. Experience is what you choose to do and you combine this with your life aspiration. The strong desire to achieve something great.

You will continuously make choices to create opportunities or challenges. How you learn from these truly creates your portfolio of life and career experiences.

Where have you traveled? Who have you trusted? What have you learned? Why did you decide to gain experience in _ _ _ _ _?

Always remember. How will your aspiration and experience achieve a positive good and greatness with others you care about?

Remember the day you look in the rear view mirror and see your Mother and/or Father shedding a tear while waving at you, as your life is accelerating into the future.

Will you make a positive difference…Godspeed!

Mechanisms: For Continuous Risk Monitoring...

Years ago working in concert with fellow risk professionals within the ranks of an international organization off Route 123 in Tysons Corner, our “Team Leader” was briefing us in a small conference room on the 5th floor at 8:00am.

One of the systemic problems at large institutions including organizations like this one is keeping your finger on the pulse of all "Risk Indicators". Unfortunately for SVP's and other executives in the corporate hierarchy, the organizations middle managers are creating a potential layer that impedes the best "Early Warning System" you have at your disposal. 

She continued her dialogue with substantial hand gestures as she circled our long table in the middle of the room:

“When problems surface here on the front line or in the "Cube City" down in Information Systems, sales or operations, the normal agenda is for the employee to go to their direct supervisor to raise the "Red Flag" or disclose the incident. And the first behavioral response by the Middle Manager is to keep it quiet. Fix it before anyone else finds out. Keep it under wraps until damage control can be implemented.”

When you are the head of Enterprise Risk Management, you need truth mechanisms to bypass and eradicate the barriers filtering data, your intelligence, incidents and overall hunches.

There is no magic system or process that will solve it all. The only way to attempt at breaking through this layer of social and organizational dysfunction is to circumvent it.

Design a continuous risk monitoring system that shall be implemented and operating anonymously 24/7. Do this if you require the correct people in the upper echelons of executive management responders to “Feel, See and HEAR the Pulse" of any risk hotspots in the enterprise.

These hotspots translate into "Risk Indicators" from the sources themselves, people who know what's going wrong and know the truth.

A Continuous Risk Monitoring System (CRMS) is an automated human feedback and problem identification mechanism for detecting organizational risks.

It allows leaders of large enterprises to quickly identify problems and incidents of all kinds within their company. 

Call it a sophisticated whistle-blower system or suggestion box if you will, but that is exactly what it is, on steroids.

The ideal system would emulate communication patterns in small groups which is often a major ingredient in successful teams.

It would also run on the existing iPhones, computers and networks of the organization such as applications like Slack, Teams or Wickr.

Think about how long it takes today for data and information to percolate and bubble up from the places in your organization that are considered "Current Risk Hot Spots”.

The point our Team Leader was emphasizing is that for far too long we have been playing the old telephone game. You know, the one that you played as a kid sitting around the kitchen table or on the floor in a circle.

"One person starts and whispers into the ear of the person to their right. Just a sentence or two. By the time the message gets around to the 3rd or 4th person, now the data is dramatically different than the original. It's been interpreted, edited and even sanitized."

As the current CEO, walk down and visit the person who is in charge of your anonymous electronic suggestion box or the mandated legal “Whistle-Blower” program at your own organization.

Is it the Chief Risk Officer (CRO) or Chief Security Officer (CSO) in your own HQ or perhaps an HR Manager in another state or country?

Ask them to print out the “Activity Log” for the past 30 days. Ask yourself how you might work with your front line leaders to develop an encrypted innovative solution that can't be filtered, changed or deleted.

Now you might be on your way to detecting the real story, in real-time…

July 4th: Protecting and Sharing Information...

Information and the transparency of information will continue to be at the center of investigations on Wall Street, the Defense Industrial Base (DIB) or any other highly regulated Critical Infrastructure industry.

"Who knew what when" is the mantra being repeated in various command posts and within task forces who are responsible now for insuring the safety and security of future employees of these firms but also the national security of the U.S..

"Insider Risk" of leaked information is at an all time high, whether you are in the "C" suite in Manhattan or the "Situation Room" on Pennsylvania Avenue. 

Information is the lifeblood of any highly functioning organization whether in the private sector or government agencies. Protecting that information of leaks to third parties who do not have a need to know, is the crux of the "Insider Trading" cases on Wall Street or even the comments made within the confines of the situation room during Bin Laden's operation.

So why do people want to tell another person something that they know is forbidden? Why do they risk sharing information with the media or others who may not have a legitimate reason to know the information?

And what about the opposite? Withholding information from the public or others who have a need to know the information, especially if it will save lives or keep the country out of harms way.

The decisions to tell or withhold information has serious consequences in either case and requires a mechanism for making sure that humans know when it is right and wrong.

Unfortunately, we live today in a world of information warfare and information operations that spans the globe from Hollywood to Kabul or London to Hong Kong.

So what?

The "Human Factors" motivation for withholding or sharing information has been studied for decades if not hundreds of years. The gratification one receives from telling another a secret only known to one person or a few provides the stimulus.

Whether that human gratification is the result of seeing someone else in pain or suffering, surprise or elation doesn't really matter. Recognizing that humans thirst for information is relentless when it comes to being first, or to gain power can provide you with the understanding to better prepare your organization for "Information Operations" (IO).

Effective Operational Risk Management (ORM) begins with understanding information and ends with protecting or sharing information.

It's your challenge to determine what is real truth and what is just another narrative to influence your perception as a human being.

As we approach our 247 years of “The United States of America”, read our Declaration of Independence…

Happy 4th of July!

Operational Risk: A Continuous Journey...

Back then, it was a quick and easy way for you to become your own publisher on the WWW, of what ever you wanted to write, show or discuss with others that maybe you had never known before.

It was the beginning of Fall of 2003 and a new Internet product set was gaining traction on the World Wide Web.

In those days, Google named it “Blogger” and to this day, you also may still create your own Blog.

It was a moment when you realize that maybe others might enjoy reading what you had to say about specific topics. Maybe not.

So this journey began with a focus on all things in the arena of “Operational Risk” and trying to manage those risks in your life that were not directly under the financial category. A vast jigsaw puzzle of continuous testing and verification.

The “Big Four” accounting firms and the largest Management Consulting firms such as McKinsey & Company were the leaders here on a global stage.

If you too have been one of those people that has a bunch of composition books in a box in your closet and are your journals of the day, you might have a sense of what the “Blogger” trend was all about in the early 2000s.

So this transition from just journaling to blogging at operationalrisk.blogspot.com was born 20+ years ago this September to capture the thoughts, ideas and comments on:

“Operational Risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. The definition includes legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes exposure to litigation from all aspects of an institutions activities.”

The composition books for writing the periodic thoughts, ideas, news and other global events from this writers perspective, was now headed online and there for all of us to read.

There was no longer a need for all those composition journaling books taking up space in a closet or the garage attic, in that little brick house near Reston in Northern Virginia.

So what?

Once you exceed the 1000+ entries over a span of a 20 year period, it gives you insightful context on your chosen subject area: Operational Risk Management.

Operational Risk in your business environment, in your own life is always going to be present. The question is, will you acknowledge it and do your best to try and manage it?

So whether you ever become a digital online “Blogger,” or you just continue to keep putting all of those hand written journals in a box under your desk does not really matter.

Who cares?

Until your particular learning, your continuous discovery, innovation, expression and your mindful thought could actually be a purpose you alone enjoy.

Whether you are writing about your latest recipes in the kitchen, or your side-gig business as a women’s clothing "Fashion Stylist" or documenting family adventures on vacation or even on the subjects of other human interests on space exploration, our Earth ecosystem and even future trips to Mars some day.

Your words and your story of passion on the topic or knowledge is the key. A persistent pursuit of being more knowledgeable and reliable. The person or subject matter expert that you want to continuously become into the future.

Perhaps most importantly, your words and facts may have helped someone else along their path. Someone learned something new. Someone you will never know, reduced their own "Operational Risks" or their company or their employees or even their own families.

So in closing this blog article today, just remember a few key items:

1. Update your digital device in your hand to that latest iOS X.X version. Ha Ha.
2. And while you are at it, train some more people at your school, office or work on “Insider Threat”, “Run, Hide, Fight”, “Business Continuity Management”, “Disaster Recovery”, or the emerging pandemic of digital “Ransomware”.

Learn how to use those life saving tools like the AED and the Tourniquet in that White box hanging on the wall in the hallway…and Never Forget!

Onward!

Asymmetric: Deer in the Headlights...

It was June of 2021 when the iPhone buzzed and the CxO requested a briefing on this growing threat on the horizon. Ransomware had already been gaining traction for years.

Human behavior has been repeating itself since the beginning and once again, this "Corporate Executive" was no different.

“We need a briefing on what we need to do at “Our Company” to avoid being attacked by this ransomware hacker!”

The response was immediate. “The Executive Report is ready for you now and the Executive Team whenever you all are together in the Board Room, yet when will you have just 30 minutes for our local Information Security Team to brief you today?”

Have you ever encountered a boss who had that “Deer In The Headlights” look on their face when they were asking for your assistance?

Did you see the “CBS Evening News” last evening they yell!

“CLOp, the ransomware gang responsible for exploiting a critical security vulnerability in a popular corporate file transfer tool, has begun listing victims of the mass-hacks, including a number of U.S. banks and universities.”

For those of us who have been operating in this business for a few decades, the behavior of uninformed corporate citizens to the continuous threat vectors in our world is never going to cease.

As Digital First Responders we then communicate with a few key messages to executive management in the “C” Suite, yet not all at once!

As you will learn, you have to communicate a measured yet continuously deliberate set of message facts over the course of a week or two, for people to slowly comprehend the vast landscape of the business problem they are now in:

• Critical infrastructures are those systems and assets- whether Physical or Virtual – that are considered so vital to the United States that their incapacitation or destruction would have a debilitating effect on security, national economic security, national public health or safety, or any combination of those matters. 
• As Ransomware Attacks continue to grow, organizations need to improve their security posture to protect against an attack. Better security requires implementing appropriate security controls and ensuring that effective crisis management and employee education are in place. 
• The landscape of how we work has changed. We must assess vulnerabilities in a new way and with increased due diligence. 
• The cost of a cyber attack is often significant for organizations large and small, and we must strengthen responsiveness and reduce behaviors that may open vulnerabilities in the future. 
• Public Private Partnerships of Critical Infrastructure organizations
with CISA.gov and FBI.gov are vital to enhance our U.S. National Security.

Once you have effectively provided these top 5 bullets to your executives, then the real work shall begin:

THE RANSOMWARE CRISIS

The current ransomware crisis can be attributed to the following factors: 

1. History of Inaction
2. New Tactics
3. Rapid Technology Deployment / Innovation without Security & Resilience
4. Safe Harbors for Criminals

Since you are a “Digital First Responder”, try to remember your audience is still learning the vast and pervasive implications, of what many of us have been fighting since the dawn of the Internet and our growing “Asymmetric Warfare”…

OPS Risk: Global Digital Spring...

Over a decade later since the Arab Spring of 2011, our planet has witnessed the growth of personal mobile communications and the explosion of the Quantum "Internet of Things".

The utilization of wireless mobile communications and its intersection with social media apps in our emerging nations civilian environments is here to stay. 

How these latest digital consumer-based applications have been now leveraged for situational awareness (GPS) and information operations is exploding across the emerging nations, where the mobile Internet is now gaining even more ubiquitous use.

What this also means for our risk managers in the C-Suites of major technology companies is a heightened sensitivity and awareness to the ways your tools and capabilities could be utilized in the hands of the wrong end user.

No different than the early days of unleashing certain web tools like Metasploit, to help understand our digital vulnerabilities within the confines of the corporate enterprise.

These same new open-source “App tools” could be utilized by nefarious cyber forces to quickly exploit the unknown weaknesses in our own U.S. government and corporate network systems.

Yet like many inventions by our mission-driven mankind, they can be used for good and simultaneously for evil in the hands of a certain person.

Operational Risk Management in the high technology sector (Ai?) will be just as much of an imperative for continuous compliance as the manufacturing and international shipment of products from Barrett or the manufacturers of Detcord.

The "Export Control" compliance mechanism is here to stay and companies who operate in the new age of emerging social media via mobile technologies, will need more effective OFAC internal controls.

Operational Risks may exist within the business processes that you use with your international sales and business development organization.

When was the last time you had a compliance-based OFAC discussion within the ranks of the C-Suite at your new emerging technology company?

Are you fully funded by the VCs and ready to sell your new encrypted FinTech or social media app for Android to the world?

Innovative organizations need to make sure that part of the roll out strategy, encompasses the effective conversations with the correct government departments.

This is also to determine the right process and the online tools available to better understand where and who you can sell your products to outside of the United States.

The worlds last “Arab Spring” and the next organized movement utilizing social media and satellite mobile Internet technologies that include encrypted messaging, GPS and live video, shall be even more closely scrutinized by internal compliance officers and the regulatory watchdogs domestically and abroad.

Yet the most effective internal management tools going forward, may just lie in the same ones used by your own Mother and Father growing up.

The ethical and the growing moral arguments in many cases can have a dramatic impact on young people at an early stage in their lives, as you hand them their first mobile phone as a parent.

Perhaps it is still not too late to remind and reinforce and to emphasize the fact that our exponential High-performance computing (HPC) cyber environments, are powering nothing more than the digital mirror image of the physical world we already know about. Both Good and Bad.

Our future of effective enterprise Operational Risk Management (ORM) online and the effective compliance with potential legal sanctions, may well begin with a heart-to-heart conversation at your next company executive retreat or “All-Hands” fire side chat meeting...