28 October 2018

In Search of the Truth: How you make Judgements or Conclusions...

"Intelligence analysts should be self-conscious about their reasoning processes. They should think about how they make judgments and reach conclusions, not just about the judgments and conclusions themselves." --Richards J. Heuer, Jr.

What is truth and how can we know it?  Alternative hypotheses need to be carefully considered--especially those that cannot be disproved on the basis of available information.
When was the last time you worked on a challenge to disconfirm or disprove a hypothesis?   Our analysts do not have enough time out of their building.  They must start and end the process for "sense making" with using all of their senses, in front of and immersed in the hypotheses they are trying to disprove.

The data-driven mosaics before the people who are looking "Over-The-Horizon" (OTH) are vast.  In many cases, they do not need more aerial imagery, RF data, or more forensic information.  They just need more context and they must spend more quality time actually seeing, smelling, tasting or feeling the environments that they are or will be analyzing.

Who makes the best analysts?  Some would say those who have been there and done that.  Others would say, it is better to have people that are not biased and have never done that, yet have the opportunity to experience the environment being analyzed, long enough and close enough, to be able to create valid competing hypotheses.
So what?
false positive noun

Definition of false positive

: a result that shows something is present when it really is not
The test produced too many false positives to be reliable.  This is our greatest vulnerability and our search for the truth, must do all that we can do, to eliminate the possibility of false positives.

The mounting challenges and problem-sets before us, as "Operational Risk Management" (ORM) professionals is substantial.  Still to this day the gaps in fundamental knowledge on topics such as "Digital Forensics" are increasing.

The mobile sensors that we carry around in our pockets and purses have become the problem.  Now we have embarked on the mission to call upon the data from the Apple and Samsung devices for a search for the truth.  Are we seeking intelligence or looking for evidence?  There is an incredible difference.

And where does all of this data live?  Have you backed up your iPhone to iCloud lately?  Or perhaps you have an online account with your particular Internet Service Provider (ISP) where you archive your data for safekeeping.  Or maybe you have backed up our data to the multi-terabyte portable drive sitting on your desk.  The possibilities are endless.

In our search of the truth, how do you make judgements and reach conclusions...

20 October 2018

Linchpin: Who will you call?

Are you a "Linchpin" in your organization? The person who people may call the "Fixer", "Troubleshooter" or just plain "Rainmaker". Are you considered to be a combination of all three and indispensable?

By now, hundreds of thousands or maybe millions of people have read Seth Godin's book, Linchpin: Are you Indespensable.  They are now well on their way to becoming more self-aware of their position within their organization and the others they interact with on a daily basis. Are you just following instructions or are you a leader or an artist in your industry or company?

Operational Risk Management (ORM) Executives know who in the organization are considered "Linchpins". If they don't now, then it's time to learn who they are and why. Some of these people may even be outside the formal organization and it's imperative that you know who they are as well.


Because when the next major incident makes itself visible or when the Emergency Management Broadcast System breaks into the TV or there is a breaking story on the Radio show you're listening to, then you will know the correct "Linchpin" to deal with the risk category and situation that is unfolding before you.

So who are some good examples of Linchpins in your life or organization? The people who get the call to handle the problem, issue or opportunity in their particular category or area of subject matter expertise.

Each one of these people at their respective organizations or category, has been a "Linchpin" at a particular moment in history with the following characteristics articulated by Seth Godin in his book:
  • Charm
  • Talent
  • Perseverance
Seth does a great Venn Diagram on page 43 of his book that describes those who may have only two out of these three traits or areas of competency. If you only have Charm and Talent then you are a Prodigy. If you have Charm and Perseverance then you are a Princess. If you have Talent and Perseverance without Charm then this is pure Frustration. Yet if you have all three, then you are a Linchpin.

Now think about the people you know in your organization who have all three. These are the "Linchpins" that you want to know and you want to have at the tip of your call list.

Operational Risk Management that is effective and responsive may require the Linchpin to handle a dire situation or rectify a dispute or investigate an allegation or discover the right balance of art and science.

The road to becoming indispensable in your group, organization, unit or department may begin with some DNA, yet it is something that almost every human can aspire to become.

Search out the people in your organization who are Operational Risk Linchpins and find out a way to have them start teaching your most promising students, on how to achieve greater levels of charm, talent and perseverance.

13 October 2018

Cognitive Diversity: A Mile High...

On the eve of an early winter storm in Denver, CO USA, there is change in the air and the anticipation of a new blanket of fresh snow.  Hundreds of like-minded individuals with a common mission, steadfast purpose and glowing enthusiasm for innovation are gathered here.  This is the "Virtuous Insurgency."

The Defense Entrepreneurs Forum (DEF) is gaining momentum on so many fronts.  The crisp dialogue and the challenges for change are so distinct and even heart felt.  When you put this much "Cognitive Diversity" in one place over the course of 3 days, there is bound to be multiple examples of critical moments of brilliance and also social intelligence.

Maybe it's time you changed your "Chief Operations Officer" (COO) title to:  "Chief Outlaw Officer."

When was the last time you heard such intellect, witnessed such courage of ideas and even caught your eyes gathering a tear listening to people tell their vivid stories.  This is evidence of the organizational and cultural hurdles that we face each day to achieve our purpose, within a tremendous system designed for an era of arms races and so many decades past.

The United States Department of Defense (DoD) and the incorporated Intelligence Community (IC) are rapidly accelerating the pace of change and even celebrating their failures.  The question on many people's minds is this.  Are we too late?

When was the last time you as a CxO in your commercial enterprise, made the decision to assist our men and women serving our country, to better learn more about the daily business strategies of the private sector?  It's processes, the entrepreneurial factors and the continuous race for market share.

Have you created a strategic initiative within your commercial company, that invites outstanding fellows from our military and intelligence domains, for a Tour of Duty within your organization?

Why not?

You see, it is a 360 degree opportunity for the individuals in your firm to learn from these military and intelligence fellows, to gain new insights as they have become so skilled in their respective specialties and roles.

This learning works both ways and would provide those serving our country with vital experience and understanding of the idiosyncrasies of your industry sector and unique commercial enterprise.

There are current forms of this kind of work exchange fellowship going on across America now, yet it is now being optimized.  It is far from perfect for both stakeholders.

What is the right amount of time and at what level of seniority is the fellow brought in to the organization?  Six months, a year?  Who is the sponsoring department?  Engineering, Information Technology.  Business Development.  Accounting, Customer Service, Procurement, maybe it is even more than one.

You see, organizations today are asking for Veterans to consider their commercial company for employment and have specific recruiting events being marketed to those who have transitioned out of one of our military services.  Why are these companies waiting for someone with a DD Form 214?

Our organizations large and small should be creating the most ideal roles and experiences for these fellows now, so that they ultimately would like to return, once they have finalized their tour of duty with the military.

What is brought back to the inner core of the current state of our military industrial system are new ideas, new processes to be tested and the experiences of working in the private sector.

So how might we lead the commercial race to attract new found experts in asymmetric warfare to work along side those inside your Information Security department?  Who will lead the commercial race to attract new found experts in Geo-Spatial Intelligence to work with your Logistics, Disaster Recovery Planning (DRP) or even your Marketing department?  The possibilities are too numerous to imagine.
"Our U.S. nation state adversaries have optimized their defense and intelligence systems already.  The blur between commercial and military operations is hard to discern sometimes.  The speed to market and the "Cognitive Diversity" of those working on Quantum Computing and Artificial Intelligence is already well known."
One only has to peruse this recent report to ascertain why we are now behind the curve.  Yet our "Virtuous Insurgency" is on the correct trajectory.  Almost straight up...

06 October 2018

National Security: Cyber Infrastructure Risk...

Is your organization a threat to National Security? That depends on whether you own, install, and maintain Critical Infrastructure. When you hear that term, "Critical Infrastructure" what comes instantly to mind? A bridge, a road or some other shovel ready project?

Yes, the hard leap for many to get their head around is that your cell phone, TV and Internet connection are vital "Critical Infrastructure" and if you are a Verizon, AT&T, Sprint or large cable company in the United States; National Security is a top of mind issue.

Is it possible that our country is at risk because of the same "Risk Management" paradigm that has plagued the Financial Services industry? A lack of resources and focus to deter, detect, defend and document risks to our critical infrastructure, could turn into a systemic and interdependent threat to our national security.

How can you make the case for a 2008 era economic meltdown in the financial services sector, to be similar to the potential failure of the Communications, Information Technology, Water or Energy sector?

It's easy. Look at human behavior and to the motivators of greed, selfishness and just plain blindness to a "risk bubble" just waiting to burst. Who will be the next Bear Stearns, in the Communications Sector?

The truth is, that some Fortune 500 companies marketing departments, may have a larger budget than the information systems, internal audit department and the security department combined. When the nuts and bolts, concrete and plumbing associated with electronic commerce, banking, and just plain mobile communications come to a slow crawl or halt in it's tracks, the government will have to do the same thing all over again.

Bail out or restore the industry and the companies, who are the lifeblood of our Critical Infrastructure.

Our National Security is at stake and the owners and operators are still waiting for the right incentives to invest in robust maintenance and security programs, instead of just more marketing. After all, market share is what shareholders ask about, along with how many new subscribers you won or lost last quarter.

How often do we hear the question at the shareholders meeting, that asks about the amount of downtime, failed systems or customers without service, as a result of a "Glitch" or fried circuit board?

So how does the electronic critical infrastructure really impact National Security?  The Department of Homeland Security (DHS) has the lead.  The mission is to lead the national effort to secure Critical Infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community.

"The Office of Infrastructure Protection (IP) leads and coordinates national programs and policies on critical infrastructure security and resilience and has established strong partnerships across government and the private sector. The office conducts and facilitates vulnerability and consequence assessments to help critical infrastructure owners and operators and State, local, tribal, and territorial partners understand and address risks to critical infrastructure. IP provides information on emerging threats and hazards so that appropriate actions can be taken. The office also offers tools and training to partners to help them manage the risks to their assets, systems, and networks."

A culture of risk management is slowly moving it's way into the Board Room conversations and the CEO may be on notice, if the "Tone at the Top" is not focused on Enterprise Business Resilience. However, that "Tone at the Top" needs to go beyond the shareholder value conversation, to the National Security topic.

One only has to look further in a few places on the "Net," to better understand what the offensive cyberwarfare conversation is all about, as the Advanced Persistent Threat (APT) has evolved in the past few years.

Once you understand that many cyber incidents with our U.S. Critical Infrastructure are just a test, then you will realize that U.S. shovel ready projects need a new public service announcement (PSA), with a shock value of texting while driving.

The risk of a specific kind of behavior on the road or the critical infrastructure complacency within the corporate enterprise, can have the same results. We have already nationalized the likes of AIG, Freddie Mac and Fannie Mae after the last financial crisis.

Perhaps it time to do the same for Amazon, Verizon, AT&T, Sprint and others, who are vital assets in our National Security and have them report directly to the Pentagon...think about it.