26 August 2012

OPS Risk: Choosing Service Over Self-Interest...

Accountability and ownership are two vital elements of any operational risk professionals mindset if they are to accomplish real results.  In order to gain this mindset as a professional, you have to be able to work along side others, who have these engrained into their character and DNA.

What are you accountable for in your team or organization?  You are accountable for the stewardship of your particular mission at this point in time with a clear vision of the results that are envisioned.  You are not accountable to anyone but yourself and the team you have assembled for this particular set of tasks and outcomes.  The Operational Risks that you will encounter and those that you decide to mitigate or avoid are entirely up to you and your team, long before you set out to accomplish the mission.

Do you have ownership of the results desired?  You must have ownership of the operational risks that may and will occur if you and your team are to survive whatever known and unknown challenges may come your way.  Who are some of the best of the best in the profession of Operational Risk Management over the past few decades?  Neil Armstrong and Buzz Aldrin are just two:

Of course, it was less than a year later that Armstrong himself would make the biggest step. After a three day trip to the moon, Armstrong, Aldrin and Collins entered lunar orbit on July 19. On July 20, Armstrong and Aldrin began their descent towards the surface inside Eagle, the lunar landing module. The flight to the surface did not quite go as planned. During the descent several alarms from the flight guidance computer distracted the astronauts. The onboard computers were inundated with extraneous radar information, but the alarms were determined not to be a problem. 
But Armstrong also noticed he and Aldrin were flying faster than expected across the lunar surface and were likely going to overshoot their landing site. As the Eagle passed 1,500 feet above the surface, Armstrong saw they were heading for a crater. He thought this might be a good option as it would have “more scientific value to be close to a large crater.” But the steep slope and big rocks did not provide a safe place to land. 
As they continued to fly over areas covered with large rocks and boulders, Armstrong took over control of the Eagle and continued flying it manually. He was able to use his training from the LLTV to maneuver as they continued to descend to the surface. But all of the maneuvering was using up propellant. At 200 feet above the surface, Armstrong finally was able to find a place to land. 
Aldrin: Eleven [feet per second] forward. Coming down nicely. Two hundred feet, four and a half down.
Armstrong: Gonna be right over that crater.
Aldrin: Five and a half down.
Armstrong: I got a good spot.
Aldrin: One hundred and sixty feet, six and a half down. Five and a half down, nine forward. You’re looking good. 
As they passed 75 feet mission control in Houston determined the Eagle only had 60 seconds of fuel left. Armstrong says he wasn’t terribly concerned about the low fuel situation, “typically in the LLTV it wasn’t unusual to land with 15 seconds left of fuel.”
About 40 seconds later Armstrong made a final few maneuvers before announcing the landing was complete. 
Armstrong: Shutdown.
Aldrin: Okay. Engine stop.
Houston: We copy you down, Eagle.
Armstrong: Houston, Tranquility Base here. The Eagle has landed.

Think about your team.  Is the boss dictating from the top on your every move or are they side-by-side with equal accountability and ownership of the results of the mission.  NASA puts rock star top gun pilots behind the controls of lunar missions for a good reason.  It is because they know that they are not in control, ultimately the pilots are working together.

So if you find that in your next corporate or organizational project that the boss from afar is telling you what to do at every moment, it's time to eject.  A true Operational Risk professional understands the mission and the desired results.  They have accountability and ownership of the tasks necessary to achieve the results.  Their stewardship of the project, with their fellow team members will be able to adapt to any changing environment or sudden challenges.

If you are the boss that has responsibility for the team and the successful outcome of the mission, what have you done to enhance each of their skills, knowledge and experience to deal with operational risks?    You may be asking at this point "How" do I do this?  This isn't about giving you suggestions or to show you where it is working and how to do it.  This is about service before self interest and your ability to think of yourself as an equal on the team.  Just one more vital asset with the same sense of accountability and ownership for the overall mission.  That's it.

Your team needs you as one more set of brains, hands and talents to solve the operational risks that will be on their way.  How you behave and perform in light of these new found challenges, may very well be the one thing that determines whether your team lives or survives.
To serve.  To be safe.  To know what freedom feels like.
Author, Peter Block - Stewardship - Choosing Service Over Self-Interest
Neil Armstrong was a true Operational Risk Professional...God speed.

12 August 2012

Travel Risk: Adaptive Survival Instruction...

Travel risk to corporate executives is on the rise. Even if you are not an executive who can afford the services of personal body guards and armored cars, there are some prudent ways to mitigate the risk of traveling to the global hot spots.

The Mission

Travel safety is becoming more of a main stream issue with savvy operational risk managers. In fact, the likes of some new firms are emerging by former FBI or other law enforcement heavy weights. The fact is, most of these so called travel safety courses are being taught from only one side of the equation.

In a world of global commerce, CSOs are often tasked with building their company's corporate travel safety programs. The job calls for a proactive approach to educate employees about precautions they can take to stay safe, whether they're the CEOs of multibillion-dollar conglomerates who fly on company jets that land on secured tarmacs or rank-and-file staff riding in commercial airline coach.

The Take-Away

Business has to be done in some of the most dangerous places on the planet, even when it comes to being exposed to kidnapping, terrorism and corrupt governments. Our advice is to make sure your instructor transfers skills to people on "how" to detect, deter and defend against the attackers. Not just the "What to do".

The how is not easy to teach unless you have been there and experienced it. One of the reasons why most CEO's are "Age Experienced" is that it takes time to acquire enough leadership lessons. It does not happen in a week or a month or even a few years. Learning the skills to survive in strange cities, cultures and countries requires instruction by age experienced and "Quiet Professionals". Much of this instruction is about training people to be "Adaptive."

Personnel threat management is a prudent risk mitigation solution. This combination is one key strategy to reduce the operational risks associated with key personnel in your organization. Individuals whose occupations place them at risk may include people with access to valuable proprietary information or holders of high level security clearances, the wealthy and those responsible for their safety.

Comprehensive "Adaptive Survival Instruction" for international business executives is a primary mission for OPS Risk leadership because it saves lives.

04 August 2012

SCRM: ICT Supply Chain Risk Management...

What is your private sector enterprise doing today to improve your ICT Supply Chain Risk Management (SCRM)?  Cyber-espionage campaigns have been operating for years across the ICT domains and are exposed every year in the trade press to John Q. Citizen, soon after "Black Hat" and "Defcon".  Once again, the origins of these sophisticated and viable adversaries are located inside nation states.

The head of U.S. Cybercom continues to emphasize to the White House and Capitol Hill, the need for more effective legislation to modify behavior on the cyber security of critical infrastructure.  For many who remain committed to the silent war and the warriors who are fighting it each day on a 24 x 7 basis, they know the operational risks associated with this modern day battlefield.

Do you know where your information is today?  No, not your "Personal Identifiable Information" (PII), but the crown jewels of your latest Research and Development project.  Or the details on the "Merger and Acquisition" (M&A) activity associated with your cash cow law firm client.  Guess again, because you may not be the only one who now has copies of these trade secrets or confidential and proprietary information.  Bloomberg's Michael Riley and Dune Lawrence capture some of the discussion that follows:
The methods behind China-based looting of technology and data -- and most of the victims -- have remained for more than a decade in the murky world of hackers and spies, fully known in the U.S. only to a small community of investigators with classified clearances. 
"Until we can have this conversation in a transparent way, we are going to be hard pressed to solve the problem," said Amit Yoran, former National Cyber Security Division director at the Department of Homeland Security." 
Yoran now works for RSA Security, Inc., a Bedford, Massachusetts-based security company which was hacked by Chinese teams last year.  "I'm just not sure America is ready for that," he said.
The Information Communications Technology (ICT) supply chain is at risk and the days are numbered until our final realization that this issue is far past the policy makers control.  Is this an operational risk that we have done all we can do, to mitigate the impact on our U.S. national security?  Everyone should know the answer to this question.

The complexity and the complacency of the problem continues to plague those who are working so diligently to fend off the daily attacks or counterfeit micro-components.  The strategy is now morphing as we speak, from defense to offense and the stage is being set for our next generations reality of global cyber conflicts and ICT due diligence.  Richard Clarke and others are beyond the ability to say much more than they already have so far.

So where are the solutions?  Where are the answers?  They can be found very much in the same way organizations, companies and nation states realized what was necessary to deter, detect, defend and document operational risks to their institutions for the past several decades.  The science has changed rapidly but the foundational solutions remain much the same using these six factors:

  • Identify
  • Assess
  • Decide
  • Implement
  • Audit
  • Supervise

These six factors of your respective "Operational Risk Management Enterprise Architecture," is the framework for these solutions.  The ability for these to continuously operate within your enterprise will determine how effective you are in surviving what Richard Clarke and others have predicted for a long time.  Dave Aitel captures much of the issue before us in getting the private sector to get it right in making changes to its defense:
The key hangup for this bill is that its solution is unprecedented. Until now we've never viewed private industries, like FPL, Duke Energy, Exxon and NASDAQ, as being responsible for the nation's defense. But that's just what this bill does -- it recognizes "critical' industries like energy, transportation, emergency services and financial networks, as the new targets in the cyberwar battlefield and requires them to upgrade to military-style defense. This won't be easy, but it's the right thing to do. For the first time ever, rival nations now have the ability to launch relatively easy "kinetic" attacks on U.S. soil, complete with plausible deniability. This is the new world we live in.