Be Brave: Courage to Experience Fear...

“We’re all afraid of something.  Some have more fears than others for reasons too various to quantify and examine.  The one we must all guard against is the fear of ourselves.  Don’t let the sensation of fear convince you that you’re too weak to have courage.  Fear is the opportunity for courage, not proof of cowardice.  No one is born a coward.  We were meant to love.  And we were meant to have the courage for it.  So be brave.  The rest is easy.”  —p. 206. Why Courage Matters by John McCain

What are you waiting for in your life?

Making decisions to do or act on a daily or weekly basis takes courage.  When was the last time you did something that was foreign or even fearful to you?

Before you had courage, did you ever think about how it would hurt if you fell off your bike.  And when you did, yes it did hurt.  Did you get back on and ride home with tears in your eyes?

Before you had courage, did you ever think about asking for permission to leave home for a night out with a friend without your parent beside you?  Did you ever have a curfew of 10:00PM and arrive back home at 9:55PM with your mother sitting in the kitchen with the light on?

Before you had courage, did you ever worry that someone would reject you if you called them on the phone to ask them for a business appointment to introduce your company or product?

Before you had courage, did you ever fear investing in your future by saving 10% of every paycheck to put in a savings/investment account?

Before you had courage, did you ever fear learning how to debate on stage or give a presentation to an audience about a topic that you had become an expert in?

After you realized that after every attempt to engage with your fears, you learned and adapted for the next attempt and gained a little more courage each time.

Of course you did.

So what are you waiting for and why are you hesitant to get out there.  To try it.  To make your call or send your message.  Or save for your future.

After you learn to be more brave and love to practice to alleviate your fears your life will change for the better.

Your courage to live and to love experiencing fear will make all the difference in your life.  Get out there!

Life Journey: Mission Accomplished...

 Remember that particular time and place when you were sitting with family having a coffee or “Hugo Spritz” enjoying the new mission view?

Then it comes over you and that feeling of peace and joy is joined by a few small tear drops…as you lift your sun glasses to wipe them away, and you say a short silent prayer.

Your current happiness and thankfulness is what this life is all about.  After so many years of hard work, challenges at home and in your career it all seems unreal.

You are now on a new mission with your long loved spouse to live your life dreams and explore new experiential learning.

Whether it is in the cities along the rivers in foreign countries or in the mountains in your own USA state does not matter.  Get out there!

"If you are exploring new places, new cultures and establishing new Relationships on your journeys  you are well on your way to continued Results and new Rewards (R3)."

Think back on all the hours you worked and were clocking out after the sun went down in another city.

What about all the quiet hours on airplanes or hotel rooms on weekly travel all alone.

It is now time to focus on what and who you truly love.  To enjoy your new found life experiences and to be so grateful each day.

Think about how you got here and who was by your side each time you were challenged or celebrated.

The older you get in life the more you realize that someone is watching over you.

Experiential learning begins to develop new disciplines and skills that will forever assist you in your life.

What will you learn and who will you learn with?

Surround yourself with all the right people that already have the skills you are pursuing and you will soon achieve the results you are after.

REPEAT.

After enough exercises, evolutions, classes, hops, billets, missions or sessions the rewards will start to appear.

LEARN.

Utilize these rewards in such ways that you are continuously investing them for the future.

REPEAT.

Now look out at your view today and take another sip on that drink.  Raise your cup and look up…

Digital RubiCON: The Fifth Domain...

Operational Risk Management is a continuous process in the context of our rapidly expanding corporate environments. What is one example?

People traveling to emerging markets to explore new business opportunities or new suppliers that will be connected by high speed Internet connections to the supply chain management system. These boundaries of managing operational risk, have not only expanded, they have become invisible.

Ru·bi·con

1. a river in N Italy flowing E into the Adriatic

—Idiom

2. Rubicon, to take a decisive, irrevocable step

This "Digital Rubicon" before us, to take on a more "Active Defense" in navigating the risk across international waters of e-commerce, privacy and legal jurisdictions will forever shape our future.

The decisions made on what constitutes an adversarial attack in the cyber domain, will not be as easy as the dawn of the nuclear age. Policy makers today have to weave the potential implications into a sophisticated decision tree that crosses the complex areas of intelligence, diplomacy, defense, law, commerce, economics and technology.

The new digital "Rule Sets" are currently being defined by not only nation states but the "Non-State" actors who dominate a segment of the global digital domains.

The same kinds of schemes, ploys, communication tactics and strategies are playing out online and what has worked in the physical world, may also work even better in the cyber-centric environment.

Corporations are increasingly under estimating the magnitude of the risk or the speed that it is approaching their front or back door steps.

The private sector is under tremendous oversight by various regulators, government agencies and corporate risk management. Yet the "public-private" "tug-of-war" over information sharing, leaks to the public press and Wikileaks incidents has everyone on full alert.

As the government has outsourced the jobs that will take too long to execute or that the private sector already is an expert, operational risks have begun to soar.

As the private sector tasks morph with the requirements of government you perpetuate the gap for effective risk mitigation and spectacular incidents of failure.

Whether it is the failure of people, processes, systems or some other clandestine event doesn't matter. The public-private paradox will continue as long as the two seek some form of symbiosis.

The symbiotic relationship between a government entity and a private sector supplier must be managed no differently than any other mission critical resource within an unpredictable environment.

Once an organization has determined the vital combination of assets it requires to operate on a daily basis, then it can begin it's quest for enabling enterprise resiliency.

The problem is, most companies still do not understand these complex relationships within the matrix of their business and therefore remain vulnerable.

The only path to gaining that resilient outcome, is to finally cross that "Digital Rubicon" and realize that you no longer can control it.

The first step in any remediation program, is first to admit the problem and to accept the fact that it exists.

Corporate enterprises and governments across the globe are coming to the realization that the only way forward is to cooperate, coordinate and contemplate a new level of trust...

C²: Continuous Continuity in the Enterprise...

Many enterprises today understand the myriad of potential threats to its people, processes, systems and structures. It stands to be better equipped for sustained continuity. 

Business Crisis and Continuity Management (BCCM) is a dynamic change management initiative that requires dedicated resources, funding and auditing.

Certainly the largest organizations realize that the risks are taking on different forms than the standard fire, flood, earthquake and hurricane/twister scenarios. These large catastrophic external loss events have been insured against and the premiums are substantial.

What it is less easy to analyze from a threat perspective are the constantly changing landscapes and continuity postures of the many facets of the organization having to do with people, processes and systems.

The many sources of significant loss events are changing as we speak. Here are a few that should not be overlooked:

• · Public perception
• · Unethical dealings
• · Regulatory or civil action
• · Failure to respond to market changes
• · Failure to control industrial espionage
• · Failure to take account of widespread disease or illness among the workforce
• · Fraud
• · Exploitation of the 3rd party suppliers
• · Failure to establish a positive culture
• · Failure in post employment process to quarantine information assets upon termination of employees

Frankly, corporate directors have their hands full helping executives managing risk and continuity on behalf of the shareholders.

The risk management process will continue to have as big an impact on the enterprise as other key functions because shareholders will be asking more questions about the changing landscape of managing risk for corporate governance.

Since effective BCCM analysis is a 24/7 operation, it takes a combination of factors across the organization to provide what one might call C², or “Continuous Continuity”.

A one-time threat or risk assessment or even an annual look at what has changed across the enterprise is opening the door for a Board of Directors worst nightmare.

These nightmares are “Loss Events” that could have been prevented or mitigated all together.

Most of the best practices talk about a BCCM plan that will be periodically updated. Periodic is not continuous. Change is the key factor here.

What changes take place in your organization between these periodic updates? How could any organization accurately account for all the changes to the organization in between BCCM updates? The fact is that they can’t.

This will change over time as organizations figure out that this is now as vital a business component as Accounts Receivable. The BCCM will become a core process of the organization if it is not already, dynamically evolving by the minute as new change-based factors take place in the enterprise.

As new or terminated employees, suppliers and partners come and go into the BCCM process, the threat profile is updated in real-time. This takes the operational management that much closer to C², or “Continuous Continuity”.

So what?

Boards of Directors have the responsibility to insure the resiliency of the organization. The people, processes, systems and external events that are constantly changing the operational risk landscape become the greatest threat to an enterprise.

It’s the shareholders duty to scrutinize which organizations are most adept at “Continuous Continuity” before they invest in their future.

Business Resilience: Beyond Readiness…

The continuity of your telecom operations is an operational risk that in many cases is underestimated until a significant business disruption occurs. When telecom is down, this means a combination of voice and data services that serve your business enterprise may not be available. The resilience of both the voice and data communications is the holy grail of continuity of operations and disaster recovery professionals on a global basis.

Business Resilience and the ability to effectively anticipate or absorb the impact of an incident, whether man made or as a result of a natural phenomenon differentiates your suppliers. When is the last time you tested your Tier I service supplier for a mission critical business process to determine the ability to keep their voice and data services running during a time of crisis?

And maybe more important, is your own enterprise Incident Command system survivable so that you can provide voice leadership to your "Incident Commanders" where ever they may be located?

As we approach the middle of the Hurricane season here in the U.S., you can understand why having energy to power systems is an important aspect of most COOP discussions. This simple yet valid argument for back-up power has been going on for a decade or more.

When it comes to planning for the next Hurricane Katrina or the "Tip of the Spear" overseas operations readiness, resilient business organizations need to implement robust planning, exercises and systems to be able to overcome the operational risks that are before them.

Power blackouts are the catalyst for many risks to the critical infrastructure including Transportation, Internet, Voice communications and even those services that you take for granted like pumping gas at the local petrol station or emergency services at the local hospital. 

September is DHS Preparedness Month in the US and the focus is once again on the physical readiness of our nation.

Cyberspace as we know it is so embedded into most of the mission essential aspects of business today that our readiness factor needs to go well beyond redundant power supplies and battery back ups for power. 

Cyber-Readiness is a key component of any organizations plan to stay resilient in the face of a Distributed Denial of Service Attack (DDOS) and other cyberspace exploits that disrupt our operations.

Do you think you're spending too much time with your team planning and training? You haven’t.

Success in your organization doesn't happen because everything goes according to the plan. It happens because you were prepared when things go wrong.

"The organizations whose team has planned for every possible scenario and trained together in live simulations will become the most successful in their strategy execution. Their missions will be accomplished on time and within budget."

Incidents of different severity and frequency are happening around you and your organization every day. Would your employees know what an incident looks like let alone know what to do next to mitigate the risk to them and the organization?

9/11/2025: Never Forget...

Where were you on 9/11/2001?  Do you remember…

What this day is about every year beyond these memories, is the renewed vow of vigilance. A time to revisit all the reasons why you have made the decisions you have since that Tuesday morning in America so many years ago.

Never forget that day. Never forget why you wake each morning.

9/11 vigilance is about being adaptive. It is about resilience. For those of us who have never paid the same price as those who have served, supported and are the mothers, fathers, brothers, sisters or relatives of those who have, we can never know or really feel what they have. We can only pledge our vigilance in continuing our respective missions.

Most of all. The mission is not America's alone and the entire planet understands this. As they teach the history of 9/11 in the schools of New York City, Haiti, Chile, Pakistan, India and even Saudi Arabia, what do you think the lesson is about?

If it is not about vigilance and resilience, then we are doing our children a disservice. We must be preparing them for the future threats that this globe will be facing in the years and decades before us.

Whether it is the wrath of "Mother Nature" or the evil planning of ordinary people does not matter. We can never predict exactly the day the hour or when and where the next attack will occur.

Whether it will impact our buildings, bridges, rivers, schools or the Internet is unknown. If all of us on this 3rd rock from the sun, have done our job teaching our kids about vigilance and resilience, then we should all be able to have a peaceful nights sleep.

Devoid of nightmares.

"Remember that Tuesday in September across the globe for the lessons we have all learned since that infamous day in New York City, Washington, DC and Shanksville, Pennsylvania."

For the children, teach them the truth…

Proactive Measures: Beyond the Perimeter...

Operational Risk Management requires both proactive and passive measures that encompass a comprehensive organizational strategy. Odds are that you have devoted a majority of your time and resources to this point on the passive mode of preparedness and defense. A reactive and alert oriented focus. The time has come to change the priorities and to increase the allocation of strategy on the "Active Measures." Why?

Stuxnet is and was ground zero for a new generation of digital infrastructure cyber weapons.

The attribution game is still going on with several suspects on who actually developed, tested and deployed "Stuxnet." This is not as important as the realization that sitting back and waiting for the next variant or hybrid cyber weapon to attack your critical infrastructure assets in passive mode.

"The most advanced organizations are now taking the "Proactive" stance to not only detect changes in their environment in a more real-time mode, but they are starting to hunt down the attackers."

There is a decision point where you realize that the passive mode will not buy you time nor will it redirect your attackers to other more vulnerable assets. Your organization will continue to operate with the goal of serving your clients, members or customers yet simultaneously a "SpecOPS" team of internal experts will be monitoring, measuring and exercising tactics to legally neutralize the threat before them.

Commercial and non-governmental entities are creating the means and the capabilities to deter, detect and document who is attacking their digital systems and where they can be found. This intelligence is being shared within the private sector organizations to determine fingerprints, modus operandi and other evidence that is required to effectively hunt down the attackers. The next challenge will be how to package this and make sure that the proper authorities are notified in a timely manner.

There is no longer a solution that is wide enough or in depth enough to be distributed across a whole spectrum of companies or organizations. The answers will be specific, customized to the unique environment and infrastructure that comprises a particular enterprise.

In order for that specification to be developed internally and provided to the correct people, you have to have the internal mechanisms in place to know in real-time what is changing and how fast it is changing from the normal state.

Is your view beyond your own perimeter? Are you looking for the anomalies that are over the horizon and could impact your network soon? It's one thing to look at the changes to your own perimeter but what about the intelligence on providers and ISP's somewhere on the other side of the planet? Do you know where your packets are going and how they are being routed?

"In a savvy Operational Risk Management enterprise, the "Corporate Intelligence Unit” (CIU) is alive and thriving."

A proactive intelligence-led investigation doesn't begin with a phone call from someone who say's, "My system is down" or "What does this Blue Screen mean”?

It doesn't start when your VP, Research & Development suddenly leaves the company for no apparent reason. Intelligence-led operations will continue to be the aspiration of many, yet only possessed by a few.

operational risk