Vigilance is The Name of The Game...

President George W. Bush logged a victory in 2006 when the U.S. House of Representatives renewed the USA Patriot Act, a law that gave the FBI expanded powers to investigate terrorism after the Sept. 11 attacks.

When was the last time as a CxO in your organization that you reviewed the law? Here are a few of the renewed provisions:

>Section 201 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to terrorism.

>Section 202 Gives federal officials the authority to intercept wire, spoken and electronic communications relating to computer fraud and abuse offenses.

>Subsection 203(b) Permits the sharing of grand jury information that involves foreign intelligence or counterintelligence with federal law enforcement, intelligence, protective, immigration, national defense or national security officials

>Subsection 203(d) Gives foreign intelligence or counterintelligence officers the ability to share foreign intelligence information obtained as part of a criminal investigation with law enforcement.

>Section 204 Makes clear that nothing in the law regarding pen registers an electronic device that records all numbers dialed from a particular phone line stops the government's ability to obtain foreign intelligence information.

>Section 209 Permits the seizure of voicemail messages under a warrant.

>Section 212 Permits Internet service providers and other electronic communication and remote computing service providers to hand over records and e-mails to federal officials in emergency situations.

"Whether you are a government or a small business you must have a layered and defense in depth approach to the safety and security of your enterprise. You have to monitor insiders, gather intelligence and keep an eye on foreign competitors."

Key people in your organization are key targets for a spectrum of threats both physical, economic and digital. When is the last time you saw a CEO, CFO, CRO or Board Member walk down to the INFOSEC department and ask the team if they had all the tools and resources they need to do their jobs effectively.

And if they did raise their hand and say they could use some help with solutions to help combat all insider threats including intellectual property leakage, vendor collusion, financial fraud, and customer data loss. You might recommend they look at the FedRamp Marketplace.

The leaders of a medium-size community bank, Fortune 500 enterprise, Private Sector Critical Infrastructure company and local city government still have the same thing in common today as with George W. Bush 18 plus years ago…

Veterans Day 2024: Our Father U.S. Marine...

 Growing up as the first son of a U.S. Marine officer, you learn much of what it means to be a Veteran.

Loyalty. Dedication. Perseverance. Discipline. Trust. Integrity. Valor.

On this November 11, 2024 it is Veterans Day in the United States of America. A day in America to pause and to acknowledge those who made the decision to serve, in a branch of our Armed Forces.

As a young man approaching graduation of high school the Vietnam War was in full swing and conscription was a weekly discussion around the dinner table. Will your number be called?

The defense of an entire country requires a tremendous number of people to operate at home and across the entire globe.

Some veterans had the opportunity to travel across continents and were stationed in foreign countries. Our men and women were sailing across oceans on the surface and others deep undersea. They were flying whenever and wherever needed to go head-to-head with the evil people and forces in our world.

Veterans from around the USA put their lives in the hands of our country to protect our loved ones and our way of life here.

Veterans who have served our nation honorably have a real understanding of what it means to sacrifice, to work beyond exhaustion, to feel proud of becoming an expert in skills, knowledge and special activities experience.

In years past, as our colleagues waited for the hospital van to arrive on the shore of the Potomac River inside Ft. Belvoir, we prepared for the weekend warriors who wanted to go fishing.

The 501c3 we volunteered to assist would come each weekend over the summer to teach Ft. Belvoir veterans to fly fish or just try and catch a fish on that day. In the sunshine, outdoors and outside the hospital.

Years later, on one weekend when Dad was in his mid 80’s, we drove down I-95 to Quantico VA to visit the National Museum of the Marine Corps.

He could not believe all of the memories coming back to him. 90 Minutes later, as we pulled out of the parking lot to Fuller Road, we looked to the right and saw the entrance to the base where he had attended Officer Candidate School (OCS).

“Let’s go in there he commanded”. So as we approached the gate and pulled up to the Guard, then we said: “This U.S. Marine would like to enter and to drive through the base where he learned to become a First Lieutenant.

The guard asked, “Let me see your Drivers Licenses”. “OK, go ahead he said as we then drove through the gate.”

This is when it really started to sink in. Where and why our Dad learned all about being a leader of U.S. Marines and soon thereafter a devoted Father.

"On this Veterans Day in America, we say thank you."

For all that you have done to protect the American people and our United States to keep us safe…and to learn to serve with pride...

Onward Together: Teams Navigation...

 Before you were wise, you just acted out from pure thoughtlessness. You tried to fix situations without truly understanding the problem-set.

At some point in your life long experiences you might read a passage or paragraph in a book or online. Perhaps it is in a room where you are listening to someone preach, or a guest speaker for an event you are attending.

Then the feeling starts to come over you. You are thinking about what you have just encountered and now you start to wonder. Your mind is asking more questions.

After this encounter and as you say to yourself I belong here, in this place with these people, you are on your way to new insights.

As you begin your journey towards new problem-sets to create solutions that will benefit others you care about, you will then start to believe in your direction.

You will be listening and questioning. Over and Over. You will then create a test to determine if your hypothesis is clear.

You will be testing and observing. Over and Over. You will then adapt and change your solution to ensure it is even more reliable. You are an "Innovation Navigator"...

"Reliable in different places. Reliable in different situations. Reliable with different people using your prototype solution."

So what?

After you have talked to enough people you belong with and then you believe that you have the correct solution, then you shall discover the real change in behavior.

As you continue to navigate your life solutions journey “Always Be Ready” for the time, place and person we sometime have named the saboteur.

Will you encounter an act or process tending to hamper or hurt the mission? Sabotage can be destructive or obstructive actions by others to change you.

Being prepared today for the unknown in the future. Using knowledge gained by continuous testing and observation.

Learning and adapting in order to survive the continuous change ahead of you will not be easy.

Who is your most trusted team mate or partner to do it together?

Find the person and build the team of true professionals as soon as you are able. Communicate.

Communicate. Face-to-Face. Observe each others behavior.

Navigate, Change, Test, Adapt, Endure. You are on a life long journey of discovery, learning and wonder…

Onward Together!

Acknowledgment: Forever Grateful...

When was the last time your true business accomplishments were being acknowledged and your personal character celebrated?

As we all watched the 20+ people assemble in the banquet suite facing the Pacific Ocean last evening, you could tell they were all so excited to see the surprise on her face, as she walked into the room at 6:00PM.

The point in your work timeline when you are transitioning from one key role to another and have proven your results is a good place to reminisce and to listen to those who admire and trust you.

Hearing others who are your peers and fellow colleagues stand up over dinner and explain why you are someone they have learned from and that they have valued your leadership, will always be a remembered milestone in your life.

Two out of Ten people in a room, are exactly who the “80/20 Rule” science and “Pareto Principle” are all about.

If you want to find and recruit 4 people to your team, then do the math on how many will not make the final cut.

It is just so refreshing to see a group of professionals all celebrating one of their own:

“The Pareto principle (also known as the 80/20 rule, the law of the vital few and the principle of factor sparsity) states that for many outcomes, roughly 80% of consequences come from 20% of causes (the "vital few”).”

The statistics and the “Moneyball” math is what truly sets you apart as a multi-million dollar producer from those with just the fundamental skills.

As your recognition stories continued from your colleagues into the evening there were plenty of laughs and also a few tears that filled the room. Then she just smiled at us.

How might you ever become close to the 2 people out of 10?

Some might say you are just born into it, it’s all in the DNA. Others would say you have to train, repeat and train harder in order to excel at your particular chosen profession.

Coaches and researchers and professional trainers would all have various opinions on what the ratios should be, to find that next Gold Medal Winner or Scientific Scholar or Sales Leader or even a BUD/s school graduate.

Yet that alone does not make the person that others truly admire, beyond their God given skills or training outcomes.

It is something else. “Extreme Ownership” of the organizations problem-sets and the dedication to finding relevant and timely solutions.

When you finally find the right formula and you find yourself in the spotlight someday being acknowledged and celebrated by your peers and close colleagues, say it to yourself in all CAPS:

“IT WASN’T EASY AND “I REALLY EARNED IT”…It has been a good run...

Onward and Godspeed!

Resilient Future: Curious Observation...

On this vibrant and chilly Fall day, facing West towards the mountains, as the sun rises behind us a few bright star-like lights shine for just a few minutes.

These reflections are from the bright morning sun shining off home windows near Evergreen Meadows some 40 miles away, yet just perfectly in our vision, starts our day ahead.

The tree leaves are actively changing colors and signals to us to now begin to prepare for the changing environment ahead.

In other work or government assignments, perhaps you and your project team have been measuring your environment. Have you been checking your “Threat Management App” this moment for the detection of more serious anomalies this minute.

Being actively observant in nature and your own organizational environment could be the real difference between loss or growth. In your life, you must “Always Be Ready”.

Your ability to continuously increase your resilience to changing temperatures in nature and also the change in temperament of your organizations beneficiaries, will make a significant difference.

As you think about your role, your position and the current project you are now assigned to, the question remains: Who are you serving?

There is change in the wind and you must prepare now, you shall be proactive in your thinking over the horizon, so that you also can anticipate the future outcomes.

How might you spend more time in curious dialogue with your respective beneficiaries to better understand their point of view, their particular requirements and their current temperament?

The problem-set before you requires valuable time, brain power and resources to determine the validity of your current hypothesis.

In the path forward, most researchers, analysts and scientists would probably say that if you have not changed your hypothesis, then you have not used enough data or time to ascertain the true reality of the problem at this point in time.

How might you analyze more data from various sources faster with little error so that you arrive at a valid “Trust Decision”?

Being proactive is not being forceful. Being proactive is being curious. It is a mission of discovery and building wisdom.

Your future actions are a factor of your problem-set and the ability to accurately solve it with a solution defined by your curious observation.

There is change in the wind before us and we must “Always Be Ready”…

Pain or Joy: Change Management 101...

Habits are hard to change.  It takes discipline and continuous perseverance.

When was the last time you changed something that increased your revenue?  Your health.  Or your safety and security.

Change and managing change whether in the corporate ranks of your Fortune 500 Global Enterprise or back in your own personal life at home is a true challenge.

Before you even thought about what you needed to change in your business or your own life, you probably have encountered one of two experiences:

• Pain

• Joy

Which one of these two experiences have you recently encountered?

You see, our human behavior is quite predictable and it is usually one of these two motivators in life that will change your behavior.

Educating yourself and others you care about requires that you sometimes utilize one of these motivators in order to initiate new change.  Let’s begin with “Pain”.

These realities are exactly what the evil in our world today continues to prey on.  Those individuals who are unable or unwilling to change, and to manage change in their lives.

“It is really very simple. In the foreseeable future, we will not function as a global society without the Net and the immense digital resources and information assets of our society. The addiction is established—commerce, government, education, and our neighbors offer no option other than to require that we rely upon digital information in making decisions. But we will not function successfully if the war for control of those assets is lost. The battlefield, however, is the one on which trust is to be gained or lost—trust in the information we use, trust in the infrastructures that support us, and trust in the decisions we make in a digital world.”  Page 19 - Achieving Digital Trust | The New Rules For Business At The Speed Of Light  - Author Jeffrey Ritter

In your own digital life, these habits may be as simple as using the same password on multiple accounts that each of us rely on, each day or each week of our lives.  You know who you are.

As the continued use of “Ransomware” remains so pervasive across the globe and is utilized by so many criminal gangs and nation states, each one of us must consider our personal and business habits.

At home and at work.

It is now time to change.  It is time to change your digital habits so you may avoid the pain and continue to have even more joy in your life.

Take action.

Start a new habit now of changing the weak password on your bank accounts.  Make it 20 characters, and make it random.  Easily addressed when you "Use a Password Manager App".  Then set a reminder to change it on January 1, April 1, July 1, and October 1 of each year.

“Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets.

The threat actor first emerged in 2021 as a ransomware affiliate for the Sabbath ransomware operation. Later they started to deploy file-encrypting malware from Hive, BlackCat, LockBit, and Hunters International gangs. Recently, they have been observed to deploy the Embargo ransomware.

Storm-0501's recent attacks targeted hospitals, government, manufacturing, and transportation organizations, and law enforcement agencies in the United States.” —BleepingComputer

After you have successfully accomplished this simple task in your business and in your own personal life, remember:

The “Pain” of doing this simple “Change Management” step in your life, will help bring you continued “Joy” for so many years to come…:)

Godspeed!

RENS: Growing Your Enterprise...

 There he was, in the early morning light, prancing along outside the fence line just seventy-five feet away.

The young “Buck Deer” with his adolescent antlers stopped and glanced over at the house, just to acknowledge that he saw us sitting on the deck.

As Fall arrives and kids are back in school, it seems as if the pace of work and the demands on peoples time starts to take its toll. Be aware.

Years ago, as some wise people developed the systems and programs around the acronym RENS, they knew from years of experience on the front lines of true battle why it was so vital to success:

• Recruiting
• Education
• Networking
• Sharing Information

This is the high level context for what your daily activities shall be focused on each day, of each week of each month this year.

"How might you design your program, your systems, your time allocations towards these four key components of your enterprise?"

The original designers knew that each organization is unique and therefore, provided an acronym to keep you on track. Easy to remember, harder to implement effectively on a consistent basis.

If you advertise as one example, for a particular event and you ask people to RSVP, how do you respond after they fill out your form, full of personal contact details?

If they actually attend the event and take the time to see and hear all about your X or Y, how do you respond after they leave and think about what they heard and experienced at your event?

Do you follow-up or do nothing?

At a recent weekly event the guest speaker and very wise man broke down the Recruiting part of RENS to further to three simple steps:

• Belong
• Believe
• Behave

First, if you haven’t created an event where people immediately feel like they belong there, that you too believe in many of the same things they do, you will have a rough time ever getting to the last “B”.

How might you get other people to behave in a certain way?

The tough part about RENS is, that if you are not executing 100% on the effectiveness of your “Recruiting”, how will you ever get the opportunity to Educate, Network and then Share truly vital Information?

Perhaps even more difficult, how will you ever get good people to join your "Just Cause"?

As the “Young Buck” glanced back at us one more time as he went around the tall Spruce tree, we smiled and waved…

Critical Infrastructure: OSINT to the Rescue...

Over the past decade our U.S. Critical Infrastructure has become even more vulnerable.

Why?

In the early days of the commercial Internet 2000-2001, there were several dozen of us working in a Rosslyn building on Wilson Boulevard in Arlington, Virginia to answer our growing Fortune 500 and government clients questions of “Who”, “What”, “Where and “How”.

We already knew the answer to “Why”.

The 24/7 Internet crawler algorithms our techies engineered were doing their intended tasks and retrieving Terabytes of data on a 24/7 basis for our further human analysis.

All of this was well on its way before the more sophisticated use cases of the Internet for the implementation of the Banking infrastructure, Retail transactions and Telecommunications were in place.

The systems and infrastructure we now call “Critical”, was just in its early stages of iP maturity.

Remember, the iPhone was not invented until around 2007!

Afterwards and yet even more vital to this day, you might think about your own organizations “Operational Risk Management” (ORM) objectives and tasks into three key categories:

• Human
• Physical
• Cyber

Over the course of your companies legal, compliance and security organizations conducting regular “Threat and Hazard Identification and Risk Assessment” (THIRA) activities and rules, the reality begins to set in.

The Board of Directors are still asking, "How can we as people address the exponential growth, change and remediation without more automation, software and systems?"

"This is when new companies were born to build the software to help humans keep a better eye on the risk management of our growing Critical Infrastructure."

As new software companies were born to address THIRA applications, some people began to feel like it all had NOT been solved.

Asymmetric Warfare today, not only includes our “Nation States” across the globe, but also Black hat “Hacktivist” organizations and individual people. In every country with the Internet.

Evidence of these individuals and groups growing existence are still the “Why” for your own organizations THIRA activities.

This also includes the “Why” for our US Homeland Security organizations such as CISA and others in the National Intelligence and Law Enforcement arenas.

Perhaps even more vital, are the private organizations who are still in the business today of “Open Source Intelligence” (OSINT) since the dawn of the Internet…

Remember: Imagine Our Resilient Future...

Where were you on the morning of September 11, 2001?

In the middle of our mutual “Information Security” and data privacy dialogue over breakfast on the ground floor restaurant of the Reston Hyatt, we both suddenly over heard the peoples commotion and muddled cries.

In the adjacent bar area others were watching the morning television news and were witnessing the continuous replay of an airliner crashing itself into one of the New York City World Trade Center Twin Towers.

We jumped up to walk around the corner into the room and saw the growing shock on peoples faces, as they hurried out the door to pick up or go check on their loved ones.

Then we saw the 2nd plane hit.

Walking back into pay our bill a few minutes later, both of us looked at each other and realized what this meant. Or did we?

Like some other days across your life, this particular morning in America was full of confusion, emotion, tears and fears.

Soon thereafter, driving away from the Reston Town Center near Dulles (IAD), in the distance to the East as the morning sun was rising, you could now see the billowing black smoke rising from the Pentagon burning.

Over the next decade, much of our thinking on our true vulnerabilities as a nation would come before us to solve.

Before 9/11, there were few aviation engineers thinking about reinforced and secure cockpit doors on commercial airliners.

The evolution of “Homeland Security” over the next decade included new buildings and technologies up and down Chain Bridge Road in Northern Virginia.

Predictive Intelligence and Color-Coded warning levels was now focused more on peoples thinking and behavior, not just about flying objects over a country border.

Asymmetric Warfare would become a National focus.

Certain kinds of fertilizers such as "Ammonium Nitrate" would soon be taken off the shelf of local gardening centers and wholesalers in our farming communities and locked up.

Information Technology was now to become a force multiplier. Business Continuity Planning (BCP) was now a mandate. What if?

Operational Risk Management (ORM) was the new normal.

After 9/11, there were new travel innovations like TSA PreCheck. Where even to this day, only one photo ID is required to apply in pre-enrollment, as they take your fingerprints and your photo to match up with vast government databases.

In using another ID travel service years before, CLEAR, even a retina scan was taken in order to back up fingerprinting and two photo IDs.

As we approach our next 9/11 ceremonies around the United States this September 2024, take a few minutes yourself to “Never Forget”.

Acknowledge the vital missions of all those serving who are in uniforms, all those in semi-formal suits, ties and dresses sitting around the conference table and the tireless shifts of analysts and tech people behind the screens who are on continuous watch.

24x7.

Now just 23 years after that historic morning in New York, NY, Arlington, VA and Shanksville, PA, we shall all continue our next year of Citizen Vigilance, our National Resilience and our continuous Freedom as true Americans.

And on this Wednesday September 11, 2024, sitting outside on your own back deck or patio watching another sun set or the moon rise, think about how you too will achieve a more resilient journey into the Future…with those you love.

Godspeed!

Volatility: Enemy #1...

Organizations implement Operational Risk solutions to lower "volatility" in earnings growth and return on capital. The focus on volatility is because no institution likes to see peaks and valleys in their earnings or their return on capital. A steady and consistent growth curve without "Volatility" is the goal by many steadfast organizations.

Contrary to the goal of minimized "volatility" there are also those who feed off of the chaos and the large swings between these highs and lows in the marketplace and with specific companies in vital sectors of the financial economy. Will a Blueprint for Regulatory Reform be the answer?

As a hedge fund investor, can you explain what the strategy is for your investment fund? Do you know what your money is being invested in? Does your hedge fund manager provide transparency on calculating your return on funds invested? What was the reason you invested in alternative investments to begin with?

Carrying this analogy to the operational processes within your organization, the goal is to keep the processes running smoothly. When people or systems deviate from the agreed upon "Rule Sets" then change ensues along with the volatility of the performance measures.

Errors, Omissions and systemic "glitches" are the catalysts to volatility that creates fear, uncertainty and doubt. Do you understand the Math? When the process gets to this stage and people don't trust the rules anymore, you are on the brink of a failure and impending loss, in dollars or peoples lives.

Operational Risk Management is a discipline that is emerging in corporate ranks because it has already proven that it saves lives. The regulators and inspector generals are going to demand it.

The "Rule Sets" of playing business in the financial, health care and energy sectors are not the only ones being subjected to this increased scrutiny and renewed focus on OPS Risk.

Lessons learned are being discussed in the ranks of the U.S. Treasury Department and the Department of Defense all relating to the failure of people, processes, systems and or external events.

Whether you utilize Operational Risk Management (ORM) in the Defense Industrial Base or in the Financial Services sector it's important to revisit what it is NOT:

Operational Risk is Not:

• About avoiding risk
• A safety only program
• Limited to complex-high risk evolutions
• A program -- but a process
• Only for on-duty
• Just for your boss
• Just a planning tool
• Automatic
• Static
• Difficult
• Someone else’s job
• A well kept secret
• A fail-safe process
• A bunch of checklists 
• Just a bullet in a briefing guide
• “TQL”
• Going away

The goal of Risk Management is not to eliminate risk, but to manage risk so the mission can be accomplished with minimum impact. We manage risk to operate, not avoid risk as a means to prevent loss.

Operational Risk is all around us and now ready for prime time focus in terms of strategy execution, implementation and measurement...

Always Be Ready: Follow Your Heart...

Waking up to a glorious sunrise in any new town across the USA is inspiring. Today is another one of those days.

The long journey you have been on all these years is full of hardship, yet full of faith.

“Never Forget” the Americans and true professionals that have endured our asymmetric threats and continuous vulnerabilities.

People, Processes, Systems or External events. We must continuously and “Always Be Ready”…

After all of these years of hard work, to many hours standing or waiting in airports and now seeing the finish line, or the minutes winding down on scoreboard clock.

Even just the smile this morning from a cherished loved one after hours of research and keyboard time, you know why.

Before you were old enough, the reasons for the early mornings or the significant travel did not seem worth it.

The journey was constantly in question. The competition too challenging.

"Yet in our America, most anything is possible. With hard work and dedication. With the right colleagues, coaches, mentors and instructors you too are well on your way."

You are here for a reason and all the years, days, hours and minutes devoted to your own particular journey are soon to be known.

Maybe it is that smile when she wakes up and sees you. Maybe it is that laugh when he is watching “Paw Patrol”.

Or maybe it is walking hand-in-hand with your wife or husband on another early morning in your new neighborhood, or somewhere else in the United States of America.

On this Sunday in America, say another silent prayer looking at our flag waving in the wind, while the birds are chirping and a dog is barking with a siren in the distance.

Are you going to compete today? Will you be ready?

After you make it to your own finish line, look up…

Enterprise Resilience: Compete or Die...

Enterprise Resilience is the road to competitiveness. It is the global answer to many of the Chief Security Officers (CSO) who have faced the troublesome battle of selling more "Fear and Doubt" to the Board of Directors.

When Deborah Wince-Smith stood up on the stage at the 21st Annual Security Briefing at OSAC November 16th, 2006, her words were music to our ears:

“It is undeniable that the world has gotten more risky. Businesses now function in a global economy characterized by increasing uncertainty, complexity, connectivity and speed. Managing this rapidly changing risk landscape is an emerging competitiveness challenge—a challenge that demands resilience: the capability to survive, adapt, evolve and grow in the face of change.”

“Globalization, technological complexity, interdependence, and speed are fundamentally changing the kind of risks and competitive challenges that companies— and countries—face.”

“Failure, whether by attack or accident, can spread quickly and cascade across networks, borders and societies. Increasingly, disruptions can come from unforeseen directions with unanticipated effects.”

“Global information and transportation networks create interdependencies that magnify the impact of individual incidents. These types of risk demand new methods of risk management.”

Thinking back to those days, was this a way for the Chief Security Officers (CSO) of the Fortune 500 to finally shift their thinking from just security protection to something less macho?

How could "Resilience" become a platform for a mind set shift to justify new funding?

"After all, now we aren't trying to scare people into the low probability high impact incidents anymore and are focusing in on the high probability incidents, that may have enough impact to cause a significant business disruption."

What are the incidents and areas of risk that insurance won't touch these days?

If the insurance companies can write the policy to give you peace of mind, then is this necessarily an area that you can ignore because you have transferred the risk to someone else? Maybe not.

Being agile, ready and capable of a quick recovery is what competitiveness is all about, on the field, on stage or around the table in the Board Room.

Working towards control and protection while fear builds in the back of your mind makes you stiff, depletes your energy and creates doubt.

And when you are operating a business or standing on the tee of your first sudden death hole on any PGA weekend, you better have resilience.

The business equivalent to homeland security and critical infrastructure protection is Operational Risk Management (ORM)—a domain that many executives see as the most important emerging area of risk for their firms. Increasingly, failure to plan for operational resilience can have “bet the firm” results.

We all know that it costs lot's of money to have any systems downtime, that's why so many dollars have been invested in Disaster Recovery (DRP) and other Business Continuity Planning (BCP). Delta?

Yet is this the kind of resilience that is going to make you more competitive to seize more opportunities? The economics of resilience are more than investing for the likely or unlikely information systems incident that will attack your organization tomorrow.

The threat of “Tort Liability” and the loss of reputation remains top of mind these days with every major global company executive.

The threat is real and increasing at a faster rate than many other real operational risks to the enterprise.

Litigation from regulators, class actions and competitors has given the term Legal Risk new emphasis and meaning.

Once corporate management understands the need for a "resilience" mentality in place of a "protection" mental state, a new perspective is found.

Investing in the vitality, agility and competitive capabilities of the organization sounds and is more positive.

It alleviates the fear of doom and gloom and inspires new found innovation.

The future of your organizations longevity and in it's adaptability can be achieved with a new perspective. Compete or die.

Enabling Global Enterprise Business Resilience is just the beginning...

Operational Risk: People, Process, Systems & External Events…

When was the last time your team presented their plan to execute your next major milestone in your important project?

As you lean back in your chair and hear the “What”, “Why”, “Where”, “How” in the bullets and pictures on each of their presentation slides, you might be pleased with what you see.

Now, what is the alternative plan for this particular operation? Just in case.

The more you experience change and the real setbacks of your intended goals, achievements or anticipated outcomes, the realization occurs that you will need a “Plan B”.

You know, a back-up plan. Perhaps you even may need a fail-safe:

fail-safe

adjective

1: incorporating some feature for automatically counteracting the effect of an anticipated possible source of failure.

What is your universal unlock code? What is your alternative plan? How will you ensure the safety, security and service of your intended game plan today?

Unfortunately in business and in any other highly engineered or sophisticated operation that is vital to your growth and success, you will need to create an alternative plan.

Operational risk is defined as the risk of loss resulting from inadequate or failed processes, people, and systems or from external events. These risks are further defined as follows:

* Process risk – breakdown in established processes, failure to follow processes or inadequate process mapping within business lines.

* People risk – management failure, organizational structure or other human failures, which may be exacerbated by poor training, inadequate controls, poor staffing resources, or other factors.

* Systems risk – disruption and outright system failures in both internal and outsourced operations.

* External event risk – natural disasters, terrorism, and vandalism.

The definition includes Legal risk, which is the risk of loss resulting from failure to comply with laws as well as prudent ethical standards and contractual obligations. It also includes the exposure to litigation from all aspects of an institution’s activities.

How will you ensure the safety, security and service of your intended game plan today?

The teams who incorporate comprehensive Operational Risk Management (ORM) into each daily process, shall achieve their goals and will outperform the competition…

Breakpoint: Mastering the Future...

In the early days of any startup business, be prepared. You as an innovator, entrepreneur, or just plain engineer, designer and project manager know what being prepared means.

Or do you?

The pace of change, communications and human emotions reach their extremes in the early stages of most business growth.

Are you ready and prepared to deal with the amount of new challenges you shall now face as each day unfolds before you?

Before you understood what starting and running a new business is really all about, you may have thought for a moment how exciting it would be.

Then one day it begins to dawn on your colleagues, your investors and your potential customers that this idea has some flaws.

The business marketplace you have chosen has not yet arrived at what the real problem-set is, that your particular solution truly solves.

Or is it something else?

You see, it all comes back to the pace of change and the ability for some people to master the new skills, the new vision or the new outcomes unfolding before you.

The more rapidly you and your startup team accelerate upwards and forward to achieve that breakpoint, the sooner you will hit that next part of your own particular growth curve:

Breakpoint and Beyond: Mastering the Future Today

“Assists in predicting and mastering industrial, social, political, and personal change by tracking the pattern of major "breakpoints" in human history and revealing the great truths hidden in them”

As you now stare at the gallery of people on your next “Teams” or “Zoom” session, remember that you are on a real mission together.

After you understand that running a new business involves a tremendous amount of time and resources to get people to perform the way you imagined they would, this is when the breakpoint in your “S” curve takes place.

Are you there yet?

When you and your team start exploring the changes around your startup hypothesis then you are now utilizing the new data, the new feedback and the new human factors into your future achievement.

Keep your chin up.

Now that you have changed your design/prototype, changed your people, changed your market analysis and even changed your purpose for existence, you are mastering your future success…

Godspeed!

Preface: Growing Up in the USA...

 As we approach our 248th year celebration of the country named the “United States of America”, think about it with open eyes as you look at our flag waving in the wind on the morning of July 4th.

One of 193 countries in the United Nations on our globe today, our country has become a sought after destination for so many others in the world to see and to actually experience.

Why?

Being born in the USA, our school Principal at our “Riverside Elementary” would get on the speaker system at 8:30AM sharp. Our “Pledge Allegiance” each morning was sacred as we all would stand in our classrooms:

"I pledge allegiance to the flag of the United States of America, and to the republic for which it stands, one nation under God, indivisible, with liberty and justice for all.”

Little did any of us truly know at that point in our lives, how precious these words would eventually become to us. Some before we were all grown adults.

It would dawn upon us all decades later, as our team was sitting around our tables with other fellow INSA members in a 2nd Floor conference room on North Stuart Street in Arlington Virginia. Our local professionals had a new important project before us.

Our Homeland Security Intelligence Council (HSIC) had started to tackle the definition of “Homeland Security Intelligence” and we would later develop 16 key recommendations in our 20 page White Paper.

It was finally published in September 2011 and ten years since so many Americans had died on 9/11 and so many others who would fight in the wars international and thereafter domestic.

“Homeland Security Intelligence is information that upon examination is determined to have value in assisting federal, state, local, tribal and private sector decision makers in identifying or mitigating threats residing principally within U.S. borders.”

Intelligence to Protect the Homeland...taking stock ten years later and looking ahead...

Now after returning to our USA once again with your own overseas travel behind you, reach into your pocket for that dark blue "US Passport" with the Eagle emblazoned on the front in Gold and read these words once again on page one:

“The Secretary of State of the United States of America hereby requests all whom it may concern to permit the citizen/national of the United States named herein to pass without delay or hindrance and in case of need to give all lawful aid and protection.”

In 2024, this Independence Day, reflect on all that you have learned and now earned, as a US Citizen protecting our country and as a true proud American.

In 2024, this Independence Day, reflect on all that you have learned and now earned, as a US Citizen protecting our country and as a true proud American.

 “Never Forget”…

Enterprise Security Risk Management (ESRM)

Years ago, “The Gartner Group” has identified three major questions that executives and boards of directors need to answer when confronting information security issues:

> Is your security policy enforced fairly, consistently and legally across the enterprise.

> Would our employees, contractors and partners know if a security violation was being committed?

> Would they know what to do about it if they did recognize a security violation?

In today’s wired world, threats to the information infrastructure of a company or government agency are not static, one time events.

With new ransomware, XaaS, viruses, vulnerabilities, and digital attack tools widely available for download, a “complete information security solution” in place today can easily become incomplete tomorrow.

As a result, a security architecture solution must be flexible, and dynamic.

Presently, news of digital-threat events tends to spread through the computer security world in a “grapevine” manner. Threat information is obtained from websites, e-mail listservs and countless other informal sources.

This haphazard system is incomplete, and therefore raises concern when evaluating the damaging, costly effects of an aggressive, systematic digital attack.

A comprehensive security solution requires the careful integration of People, Processes, Systems and External events.

It shall allow correlation and implementation of a “layered” defense coupled with a firm application of risk-management principles.

To fully protect electronic information architectures, an organization needs current intelligence and analysis that allows constant adjustment and fine-tuning of security measures (e.g., firewalls, intrusion-detection systems, virus protection) to effectively defend against a rapidly changing landscape.

"Threats and vulnerabilities relating to computer networks, websites and information assets must be addressed before an attack occurs. Awareness and the ability to make informed decisions are critical."

How "Proactive" are you?

In short, as the electronic economy plays an increasing role in the private and public sectors, organizations must take advantage of the resulting new opportunities for growth and gains in efficiency and productivity.

Realizing these gains depends on an organization’s ability to open its information architecture to customers, partners and, in some cases, even competitors.

This heightened exposure creates greater risk and makes an organization a more likely target for attack (e.g., information and monetary theft, business disruption).

Furthermore, the cost of critical infrastructure failure climbs exponentially in relation to increasing reliance on increasingly integrated systems.

Your goal into the future is to provide the organization with the following Information Security value propositions:

1. A System with Best Practices to Establish, Implement and Monitor Compliance.
2. Early Warning & Awareness for the Entire Enterprise.
3. Relevant Decision Support.
4. Trusted Threat Information/Analysis.
5. Actionable Threat Countermeasures.

And remember, a Single Enterprise Security Risk Management System (ESRM) will not solve the operational risk problem without the right processes and the correct people to implement such a solution...