Delivering Certainty in an Uncertain (IT) World

Special thanks to eGroup CEO Mike Carter whose post on this topic prompted me to write my own.

Retired General Michael Hayden, the former Director of the CIA and NSA, attended the second-annual ZertoCON conference this week as a keynote speaker. His topic of choice, risk and risk management, came as no surprise given his decades of experience in the field. One surprise did come later, though, during my conversations with several customers and partners on Gen. Hayden’s thoughts on the classic risk equation:

Risk = Threat x Vulnerability x Consequence

Specific to the information technology field, the surprise for me was the high number of people and organizations focused on blanket approaches to threats and vulnerabilities as opposed to a more targeted strategy. The problem I have with the generalized posture is that threat, as General Hayden likes to say, “is asymmetrical and all advantage goes to the attacker”. You can detect-and-deny the threats you know. You can patch the gaps you know. I say this having invested in exactly the same way back when I was the one with the budget! But there are always new tools, new attack vectors, new bugs, and more bad actors. Not to mention that the latest and hottest projects in technology right now – the joining together of automation, artificial intelligence, and machine learning systems – means we will soon face an exponential increase in the types and volumes of threats to people and information. Will, not may.

Suddenly that blanket approach doesn’t seem like it could ever big enough, but we sure keep throwing money at it.

I’m not advocating we ignore threat mitigation as an organizational strategy. After a week at ZertoCON where we had several sessions on Ransomware and unpatched vulnerabilities, I won’t say we should abandon vulnerability mitigation either. But threats increase, always. And vulnerabilities? The next zero-day exploit is lurking right around the corner. But can we direct our limited resources instead of the blanket approach?

It turns out we can. Consequence, unlike our other two variables, can be rather accurately qualified and quantified. What happens if this system is breached? What happens if we lose access to that data? Is it a $1,000 loss? A $10,000,000 loss? A brand impact? Just a grouchy business unit that is otherwise unaffected? Once you identify those real outcomes that loss might lead to, map out where you are spending your resources, and ask yourself do those mappings still make sense? Or should you be shifting resources around and investing in ways that take a targeted approach to addressing your risk profile?

Spending time and money attempting to address threats and vulnerabilities without first understanding consequence is a losing game. Assess the consequences of application and information loss first and you’ve got the beginnings of a sound strategy. Only when you know the consequences – the impact of losing an application or losing control of or access to your data – can you hope to properly direct your resources as you work to deliver certainty in an uncertain world.

Improving your presentation skills


Whether you’re working through a fix with a customer as a support analyst, negotiating for greater budget as a technology leader, or proposing a technical solution to a business problem as an IT solution vendor, you are presenting. Your goal in any presentation is to build genuine trust with your audience and then leverage that trust toward mutually-successful outcomes. You fix the problem and have a happy customer leave you a 10 out of 10 on a feedback form. You sell your product and turn your customer into a champion who goes on to refer many of their contacts to your company.

One of the most effective ways to build trust is to speak from the place your audience speaks from instead of from your own.

One way to speak from the place your audience speaks from is to understand their language and make it your own. The benefits of speaking a shared language are researched and well-documented far better than I can do here. Instead, I offer some simple tips that I follow to drive maximum value:

  • Learn about your audience. In Support this can mean looking at the customer’s information in your company’s database. In Sales you may reference LinkedIn and other tools. In Marketing consider building an understanding of your different ideal customers, also known as creating “personas”.
  • Keep your words simple. Simple words are often the most successful.
  • Avoid expressions, idioms, other “local” language, but adapt to your audience where possible.
  • When you must use jargon, start from your audience’s language.
  • Challenge your audience to share in your language as you share in theirs.

A practical example where we can combine the last two points to greater effect is to use your audience’s language on one slide and immediately follow that with a slide that only contains your own relevant jargon. This leverages your audience’s perspective to guide them to your own. In this way you can successfully move to a shared language.

Edit, edit, edit. Whether you are writing, presenting from slides or a whiteboard, or speaking on the fly, you can edit. Sometimes you’ll only be able to edit forward, for example in tech support you may not speak with that same customer again but you can edit forward by reflecting on that conversation in order to identify improvements for your next conversation with the next customer.

If you feel weak at editing, consider engaging with people and brands on Twitter, where you are locked to 140 characters. I’ve got 20 years of creating and presenting business and technical content for internal and external audiences. 6 to 12 months of engagement on Twitter were all that was needed to change not just my language but the reception of my writing and my speaking. Enforced brevity is a powerful educational tool!

Letters from my mother

While I’d like to think I’m pretty personable, I’m not very personal. I’d offer a life history but it will have to suffice to say that, having grown up in a family of small business owners and surrounded by local farms that I worked on from a young age, I’m often focused on work wherever I may be at the time. A few years ago I was told by a former co-worker, now a good friend, that I need to open up more, and with Mother’s Day around the corner I thought I might try something new.

My mom died a few years ago after losing a battle with cancer and so Mother’s Day has been a little tough ever since. I spent some time last night looking through our correspondence over the years and thought I would share a few gems.

She was a small business owner for decades. In the Spring of 2005 she had just received an e-mail from a local IT firm trying to win her business. This was her reply:

Will you send info to my son so that he can review for me? He manages IT professionally and you’ll need to win him over to win me over!


Jim did eventually win me over, although it did take him quite a few months of convincing.

Four and a half years ago I told her I was getting married. This elicited her usual “happy dance” along with a big hug. Later that same day, however, her mind turned to the tax implications. Of course. For those missing the joke she had been an accountant and bookkeeper for about 25 years and had probably also had a couple glasses of wine at this point.


Remember there is ABSOLUTELY NO REASON to get married for tax purposes as Congress did away with the ‘Marriage Penalty” years ago..AND when the MARRIAGE PENALTY did exist.. it was married couples that were being penalized !!!

BEFORE, I would have recommended that you NEVER get married… as 2 singles got better tax breaks than a married couple !!

…historical info: the ‘marriage penalty’ wasn’t such a big issue when grandpa & grandma were young BUT, almost no women worked !!! Then, came the 60’s, 70’s etc… and as women got more and more educated and realized that they did, indeed, have a brain !!
MOST of them went and got jobs!!

I DEFINITELY need to advise you that BEFORE you get married…. BOTH OF YOU see a premarital counselor for a few months!!!!


…and thank you Mom for always being on top of my finances.

Last but not least, when the dot com bubble popped I was in a bit of a rut. I’d had some good success in that era – nothing close to Silicon Valley money but shortly before the pop I’d built a ton of small biz websites, IT systems, and software tools and was aiming to use that portfolio to launch a career out west. By this point a lot of that work had dried up and I wasn’t sure what direction to take myself. We had a lot of other family in construction which seemed to be solid and I was considering dropping out of the technology field.

Sean… you are at least SIX YEARS younger than your next youngest relative. Dad and I worked really hard to make sure you had lots of opportunities. None of us oldies in the family accomplished half of what you have at your age…. your cousins do what they do because that’s what they are good at. You are good at computers. Dad was good with computers… he got to work on stuff for the space station!! Stick with it!!!

PLUS.. if anyone’s throwing this around and getting you down I want to know.. you should never feel either inferior or superior to anyone. Just be you.


“Get back to work” – Mom.

…and you know where my work ethic comes from.