Contributing to the cyber security conversation

 Business, Canada, IT Security, politics  Comments Off on Contributing to the cyber security conversation
Oct 162016

My firm, Institute X, responded and provided a paper to the Canadian Government’s Consultation on Cyber Security. It’s a considered white paper that assumes government should do what it’s supposed to do (public safety and security; and support Canadian industry). We suggest that an “unreasonably” high standard for cyber security and directed support toward the Canadian cyber security industry (e.g., national security-protected procurement) will benefit Canada on multiple fronts.

Download it here: institute-x-cyber-security-consultation-submission-oct-2016.


 Uncategorized  Comments Off on Intrapreneurshit
Jul 132016

Like long forgotten songs on a K-Tel compilation, Intrapreneurship, the notion that employees of large organizations can hustle and scramble like entrepreneurs to create innovation and radical growth, is back! Of course, its day in the 1980s sun was a failure. But today’s promise is the success of Silicon Valley’s disrupting wunderkind.

Should intrapreneurship actually catch on, again… it will fail. Again. Smart executives of targeted enterprises and government departments ought to remember why it failed before and take a pass this time. The flawed assumption is that entrepreneurs thrive in any environment. Except, everything that makes entrepreneurship admirable is suffocated in the low oxygen atmosphere of the large organization.

The entrepreneurship allure is palpable: a dream of agility, disruption, and outsized growth leading to dominion over new and even undiscovered frontiers. With unicorns on every horizon, it’s hard to ignore. But for large organizations, it’s a mirage that will squander resources and frustrate everyone.

The larger the organization, the more its strength weighs upon it. It can no more be an entrepreneurial entity than the growth business is a colossus bestriding the world. The pitch to turn an eighteen wheeler into a Tesla is ridiculous and counter-productive.

Large organizations need not ogle enviously at the upstart entrepreneurial organizations rapid, often false growth that captures market and media attention. Appreciate your own qualities. Large organizations are mostly slow and steady. They have to be. Oscillating around opportunistic pivots would rend the behemoth from seam to seam. A material mistake by a small business constantly changing anyway is bad but recoverable. A material mistake for a large organization could prove mortal (without government intervention). Demands of governance and responsibility befitting its stature command the organization to be circumspect. One role of large organization is to stabilize tempestuous seas.

Sounds banal compared to the romantic entrepreneur. But, this gummy stateliness belies vast virtue. Large organizations have the power to change markets and industries. That they may choose not to because they’re comfortable has nothing to do with intrapreneuring. The taxi industry did not have to actively ignore its suzerain being upended while focusing on rigging regulation. Moreover, a start-up did not succeed in digitizing music nor create the consumer smart phone industry. Apple did. Ultimately, large organizations control innovation and disruptive change.

Your favourite innovation guru will have written that when industries heave with revolution, some venture-backed entrepreneur has used a technology or method to disrupt a cozy environment. But even where that is the case, it’s because the large incumbents were sleeping. As often as not, industries are turned inside out because competitive, large organizations acquire or introduce changes to the competitive environment and evolve the marketplace. In effect, they reinvent themselves and their worlds.

This has little to do with being entrepreneurial. It has everything to do with being observant, smart, and courageous. These mark the entrepreneurial character but are not exclusive to it. Most organizations require innovation of some sort, not all need the peculiar and destabilizing qualities of the entrepreneur.

This intrapreneurship fad is but a means to a desirable end: innovation, which in turn leads to growth (and maybe reinvention). A large organization does not have to weaken its chances pretending to be something it is not and cannot be. Of course, large organizations should do things to remain vital and purposeful. But they should play to strengths.

Large organizations should get and be strong at anticipating changes to their world as has Royal Dutch Shell. They should strive to innovate. That will necessarily keep them apprised of near and distant (technology) innovations around them. Large organizations have the resources to do something better than be entrepreneurs: they can buy entrepreneurs—at the right time.

Large organizations have been known to get fat and lazy, ferreting out challengers, buying them, and burying their technologies to maintain control of their worlds. The world no longer allows that. Enterprises need to tack: don’t buy the start-up or growth company to shelve it; buy it to grow it and, maybe later, internalize it. I say maybe because the choice could be to shape the smaller organization to benefit from and provide benefits to the large organization. This is a different skill, but one a large organization could more probably create.

Many enterprise organizations would be better off creating a farm system of minor investments and expertise at observing real entrepreneurial action. Supporting and keeping them alive, all the while creating the internal conditions to ingest entrepreneurial output and do what enterprise organizations do best: serve scale.

Large organizations have to be stable, not ossified. An aircraft carrier is no PT boat. It is built for stability in even the roughest waters. To be the indispensible centre of many critical operations, ths largest of naval vessels must be stable. Necessarily, it doesn’t move nimbly. It would be absurd to expect it to operate like a frigate. But even with the responsibility to provide a dependable platform, the aircraft carrier and its personnel are always prepared and vigilant for stormy seas or competitive attack from the sky or under the waves—from other navies or even pirate flotillas.

Think about that. Maybe the idea of a carrier group fleet would serve large organizations well in structuring themselves to do battle in their own corporate oceans.

That grinding noise at Westminster Abbey? Charles Darwin rolling in his grave

 Uncategorized  Comments Off on That grinding noise at Westminster Abbey? Charles Darwin rolling in his grave
Feb 192015

A PowerPoint slide being “shared” and “liked” within LinkedIn says: “It is not the strongest of the species that survive, nor the most intelligent, but the one most responsive to change.” This is a corrupted Darwinian notion I first saw first in a Globe and Mail op-ed piece entitled, Why leaders must take a different tack when managing change, contributed by Symantec Canadian General Manager, Sean Forkan. His first-person counsel is not especially enlightening. But there is that one sentence at the end: “As the saying goes, ‘it is not the strongest nor the most intelligent who will survive but those who can best manage change.'”

So people appropriate and massage powerful thoughts for their own purposes. Why quibble with variations on the theme? It’s just convenient and relevant cribbing of inspiring words.

How can I be so nasty—or petty? To start, the phrase has no greater provenance than some unnamed hack contributor to a Web quotations page or creator of a PowerPoint slide. Try to find anything remotely like this quotation in Darwin’s writings, especially in On the Origin of the Species. Even Herbert Spencer, who actually coined the phrase “survival of the fittest,” never used this language. That smart people are willing to quote inspirational nonsense suggests a troubling lack of rigour. But I digress and, frankly, I don’t really care about that.

This plagiarism does, however, raise an idea that could rock what we, the chattering classes, hold dear about change (management) and innovation. If you read to the end, you might even re-evaluate what you’ve been told about innovation and innovators, such as Steve Jobs. Maybe you’ll just ignore it or malign me, which might be easier. Your call.

Start by really understanding the idea commandeered for this motivational meme. Darwin referred to evolutionary adaptation. In Darwin’s observation, species did not initiate change. “Fitness” was what best suited prevailing conditions through a process of selective adaption, admittedly over generations. And Darwin was silent on any propensity to or ability for managing the change required to adapt, as was Spencer.

This is critical because as we know them, the words “change management” or “fitness to change” or any other variation lend themselves to the opposite interpretation. The implication being that a good executive, or one following our published guidance and pursuing the motivational direction of the imitation Darwin, could positively conceive and purposefully direct change IF (s)he and the organization were fit to make such change.

That’s quite materially different.

To use this counterfeit quotation to give weight to change management “fitness” and still be true to Darwin’s brilliant idea, one is obliged to accept that change management is about adaptation. But adaptation is responsive not directive. In nature, those fit to survive are those that best adapt not those that are most fit to create change.

To recap, modelling on natural evolution via pseudo-Darwin is an excellent idea: evolution has about a billion years of successful experience. But it demands one appreciate that change management must be about adaptation, which is to say accommodation toward prevailing conditions. Prevailing conditions because nature does not evolve toward what doesn’t exist. It can only adapt to what does exist.

So, therefore, fitness or willingness or ability to change is nonsense at least as far as invoking quasi-Darwinian thought as support. These are a separate matter entirely and warrant a separate non-Darwin shrouded discussion. Of course, the premise for those discussions has to start with responsive adaptation instead of directive change.

That’s change management; but innovation compels change to a product, process, or people so it must be implicitly about change. We have to accept that. So the Darwinian notion of adaptation to prevailing conditions, as indicated above, has to hold for innovation as well. Buckle up. It means the innovation myth of your favourite business leader or guru may be in for some rough treatment.

Consider the evidence. IBM nearly went extinct until Gerstner’s adaptations made it fit to survive. Branson cannily adapts Virgin’s ethos to the conditions of various prevailing environments, experimenting to see where its adaptations best fit. For a long time, Nokia adapted successfully, transforming through industries and technologies. It stopped adapting and has all but gone extinct. Microsoft, which has prolonged some of Nokia’s “genes,” has a well-documented record of obstinately refused then aggressively conceding to adapt. Blockbuster is the archetypal non-adapter. The quality of the management of change or the willingness or ability to change in all of these instances was necessary—maybe—but not sufficient. The adaptations were the thing.

IF you’re still with me about fitness to survive being based on the success of adaptations to prevailing conditions, then we have to concede that an innovator does NOT create or step into some imagined future. The successful innovator actually adapts best to the prevailing market conditions. In other words, any start-up and Steve Jobs do nothing more(!) than adapt to conditions that already existing. Steve didn’t see the future; he saw the present whether that was Apple II, Mac, iPod, iPhone, or iPad. It is a present that everyone else simply can’t see the way that some people can’t see the symbolism or the theme in a book or movie, or the way that extinct species couldn’t “see” that they weren’t optimal for prevailing conditions.

For those that got this far, I apologize. Every metaphor fails at some point. Lesser people, and gurus, continue ramming home their notion as though it’s not happening. I won’t. Evolution and organizations changing or innovating are very different things that don’t track together at a certain point. But, my point is that the idea at the outset ought to be understood and followed. It can lead to fascinating revelations. Here are merely two:

  1. Adaptation is going on all the time. All people always adapt naturally. Those who don’t adapt are artificially denying nature. Adaptation is not a theory or a strategy or a plan. It is action. If it works, you succeed. If you don’t, you adapt again. If it still doesn’t work. You become petroleum eventually. Therefore, in the big picture, change management is about allowing prevailing conditions to cause pain, letting natural adaptation happen, then doubling-down on those that show the most fitness.
  2. If you want to innovate, and evolution is your model for survival, you must be rapidly responsive not creative. You must provide, for a price, a means for your customers to best adaptations to prevailing conditions—because they may not.

I use “F-Words”

 Uncategorized  Comments Off on I use “F-Words”
Sep 122014

I use “f-words” in mixed company. Well-bred professional, management, and executive types recoil in disgust. One might think that they would be inured to f-words. But they seem to hold themselves above all that.

Of course, the most troubling f-word is not the one on the tip of your tongue now. This one sounds “eff” but starts “ph.” Try saying philosophy in the company of busy career people; just be prepared for rolled eyes and that piteous expression that says you just don’t get it.

Those blank faces better “get it” soon themselves. Our privacy and maybe even democracy could depend on it. After all, not every tectonic shift is as blatant as the revelations of Edward Snowdon or as arrogantly, publicly contemptuous as the Fair Elections Act. Pay attention to the every day stuff!

Today’s transactional immediacy of business and government work is not an historical novelty. There was no time when these practical people were more inclined to think deeply about what they were doing. What may be different now is the measure of disdain for anyone who challenges business or government plans and actions more deeply than what the pervasive “value proposition” pap answers.

If we refrain from contemplations of epistemology and such, and stick to ethics and the sunnier(!) side of existential questions, philosophy is about purpose. That has to be clarifying for professionals, and is about as close as most organizations get to schwerpunkt (a typically consonant-ridden German word that means concentration point or main effort).

When I say philosophy in this company, I often mean, “What do you believe?” Not as in, “We believe the world wants a device that will allow them to…” That’s actually, “We think…” Rather, as in, “We believe that people need to remain connected to other people; we believe our purpose is to provide devices that…” Despite reading and abiding by directives such as Start With Why (Sinek, 2011), this kind of descent to expose the core assumptions of “Why” is one nobody really wants to take.

So why is that kind of philosophical pondering held in such disregard?

First, it’s hard. It requires rigorous thought, due consideration, and alternative points of view. None of which is acceptable in an environment of HiPPO (Highest Paid Person’s Opinion) rules or unconsidered braying of partisan vitriol.

Second, it’s still hard. It demands a sense of right and wrong. That then presumes you might stand for something, ideally something that can be argued rationally from some principles. Rampant specialization and narrow awareness does not lend itself to this capacity.

Third, it’s unnecessary. After all, whether its Mill, Burke, Rousseau, or Jefferson, there are philosophies a plenty to choose from and no need to waste time on such things now.

Fourth, well… it’s hard. Given the preference for action—any action!—to indicate ability, quality, and value, taking time to muse over that action gets indicted as regressive to say the least.

It’s true that some fundamental underpinnings of philosophy are timeless—give or take a millennium, otherwise we wouldn’t still look to Plato. But other philosophy is more set in a time and place—give or take a millennium or continent, so it needs to be refreshed from time to time.

Given the rate society is evolving in technology’s wake, we need to take a little time to continually consider whether our core values remain operative in practice. At the very least, we should give a modicum of respect and an ear to those who do it professionally, casually, or within the confines of their daily toil.

The problem with not thinking about these things and, worse, discouraging those who will, is that these things are affected by rapid innovation and change anyway.

The seemingly outrageous privacy invasions by governments is not the product of a sea change in method. It was a steady dripping of unconsidered change that allowed the method to metastasize into what it’s become: something odious. And, it all took root in so many innocuous “consumer benefits.”

The outrageous bill that is to be the Unfair Elections Act (2014) is only possible because over time we have largely become so blasé about hyper-partisan drivel and the corruption of governance by politics that many people see nothing especially egregious about the bill’s content. And so it now threatens a foundation of our society. That represents six years’ effort on the part of Canada’s New Government.

So let’s all throw around the f-word until it’s so common that everyone does it. We’ll all be better for it.

IT Security and the rise of the Data Chemists

 Uncategorized  Comments Off on IT Security and the rise of the Data Chemists
Sep 072014

The days of perimeter protection for online security and privacy are dwindling. Those tried-and-true approaches for safeguarding data and ensuring organizational and individual data security are destined to the quaintness of punch cards. Relying on them as the paradigm of security for extensive or elaborate IT implementations that have a future is not wise. There is a better way.

The concept of perimeter security is inspired by the notion that if you put all your eggs in one basket then you have but one basket to guard and protect. It is a castle, high on a hill with thick stone walls and drawbridges over impassable moats. The stuff inside is safe because the bad guys are kept at bay. Until it’s not.

One problem with perimeter security is that it depends on meeting force with force. So attempts to breach firewalls and ports are met with clever shields and redundant blocks. That is not a bad thing; it’s just a recursive cycle that probabilities suggest will always end in breaches. Moreover, it hardly matters how strong the perimeter is: once there is a crack, everything is in jeopardy. Since things have to move across the perimeter to function properly, the perimeter is porous by design, raising the odds of compromise.

To deal with the hole-y perimeter and make it reasonable for individuals to pass we take cues from the Old Testament. The Gileadites augmented their perimeter, keeping out the Ephraimites by demanding everyone crossing the border say the word “Shibboleth.” To make an old story short, those that could not were obviously trespassers and were dealt with in a decidedly Old Testamentary way. The concept introduces the demand for secret password identification.

In prevailing IT security, a previously established password presented at the perimeter gets compared to the one held behind the perimeter walls. This system can be compromised on the outside by capturing the password or matchable token from the individual to whom it belongs. Alternatively, the store of passwords/comparables inside the perimeter is, in fact, a geometrically more valuable treasure.
This approach is ever-less effective. In fact, it is practically a law that the value of perimeter protection is inversely proportional to participant sophistication.

So, what is the viable alternative? In Introductory Financial Management many years ago, I was introduced to the concept of diversification. It refers to investing in assets of varying risk profiles so that the aggregate risk would be more readily predictable. There is a lot of calculus and probabilities math behind this, so it must be scientific. Those who avoid scientific language might be inclined to describe diversification as spreading the risk or not putting all your eggs in one basket.

Critically, the risk is inherent in the value of the asset itself. If data is the valuable asset and the risk is that its acquisition by unauthorized parties can result in privacy or confidentiality breach which could have significant financial impact, that sounds a bit more like securities. In which case, managing risk more like a financial wizard becomes sound policy.

This challenges a core assumption of today’s IT security, being that one can prevent breach from happening. In other words, we presume and measure from zero, trying to keep the needle there (like airline safety). After all, if there is a lot of valuable data in one spot AND breach will affect lots of data and people, ANY breach is catastrophic and must be prevented. This base notion results in a course of action that takes us along the path that IT security has followed thus far.

What if that presumption were inverted? Instead, accept that there will always be (many) breaches. Then the goal cannot reasonably be to prevent them all, but rather to make them small, unprofitable, and essentially meaningless. In other words, diversify the risk away. This different starting point will result in a different approach. (That is the intent of encryption, but it should be quite evident that encryption alone is necessary but not sufficient in the cyber-security arms race.)

Take this idea further. What if there were no stores of meaningful aggregated data? It would not be worthwhile to penetrate the challenging security of an online service if there were nothing useful to acquire. Nobody would bother to break into a bank vault for one bar of gold. The crime doesn’t pay. Such a circumstance would require CIOs and security specialists to become “data chemists.” It is nothing less than alchemy—in reverse. Take gold and turn it into lead (or its elemental components). The real magic is in the owner being the only one able to reconstitute it into gold—when needed.

So, where does this leave us? Unfortunately, without specific answers; but with an idea for alternatives in the post-perimeter IT security world. The next wizards of security and privacy will succeed when they courageously change the metaphor and the starting point for their practice.
Start soon though: Our privacy and confidentiality depends on it.

“User Experience” is nonsense

 Business, Management, organization, stupidity, Uncategorized  Comments Off on “User Experience” is nonsense
Sep 022014

God damn Steve Jobs! It’s hard to dredge from memory or history another huckster who left behind such a legacy of dreck. Jobs was a tireless promoter who innovated relentlessly and—as legend would have it—single-handedly changed the face of the consumer world from personal computing to animated movies to music consumption and mobile telephony/computing. Love it or hate it; he did it.

But that’s not what I mean. The detritus in his formidable wake is all of the half-baked nonsense that others less capable have picked up. Where for Jobs the result if it would be a gastronomic delight, in other hands it becomes fast food. Nowhere is this more evident than in the Web world.

You see, Jobs was a man with vision, drive, and—to switch metaphors—the skills of a utility fielder. He was a showman and marketer with a sense for the appealing. He was an evangelist and salesman with a feel for the con. He was an industrialist with a grasp of production. And, allegedly, in his later tenure, became something of a strategist and commanding agent of change. What this adds up to is a well-rounded entrepreneur who knew inherently that even though he was reducing a complex mix of ingredients to a single catchy phrase, there was a lot of magic going on.

Those who worship at the alters of his several business religions are not so well versed. They do not appreciate that, just to hold the mystique for single-minded people like them, Jobs oversimplified and reduced to an aphoristic sound-bite, very complex conditions. They don’t get that Steve Jobs was a sophisticated carney and they are his marks.

Why do I rant? Because I am now fed up by the noxious and excessive blather from all levels of so many organizations about consumer experience or customer experience. Don’t get me wrong: such concern is paramount, or at least it will be until it proves unprofitable and therefore unacceptable to the stock market. To satisfy the customer—to make him or her or it categorically happy with your wares is fundamental to loyalty, repeat business, referrals, buzz, and ultimately revenue if not profit. And there is truth to the causal connection between the visceral experience with a product/service and the good outcomes noted above.

That said, the ham-handed Webheads roll this all up under the aegis of user experience. And then they reduce all of that holistic business complexity to what would properly be limited to user interface. When gullible and complicit executives support the cause user interface gets conflated with customer experience and the absurdities begin.

“So what’s the problem with that Mr. Pedant?” You ask. Not much except for how the UI (user interface) people—interaction designers really—get up on their hind legs and throw their weight around with the support of improbable, linguistic overreach. All of a sudden the interface carries dominion over all other possible aspects of customer experience. For instance:

  • A customer’s preconception of the product, from which his/her experience is anchored, starts with the ads and promotion. Shouldn’t Marketing Communications be in charge?
  • A customer’s sense of proportional value and the resulting positive/negative experiential feeling is critically related to the price paid. Why wouldn’t Pricing get the last word?
  • In the highly probable event of a problem with the product/service/Website, how the various customer service channels respond has enormous impact on customer experience. Why then does Customer Service not hold sway?
  • Let’s not overlook that an offering simply working (or not) has a clearly enhancing or detracting effect on one’s overall impression. So it seems that Operations ought to be the final arbiter of customer experience.
  • All this without even considering that the product group determines market need and value, and orchestrates all the above-noted constituent players and more—including the interface designers—to create and provide an offering to please customers and fill the company coffers.

Let’s agree that customer experience is valuable, but that it is the complex output of many inputs. Even if you make the dubious causal leap that customer experience equals success, it may or may not recognize that ultimately success is profit. And on this it merely muddies the simplicity to note that while touting the experience, Steve Jobs could shave Lincoln’s beard off of a penny. (Maybe that has had a little to do with Apple’s commercial success…)

To blithely dictate that user experience equals customer experience is wrong to begin with. To push that further and allow customer experience, which is actually now equal to user interface, to be the start and end or at least the dominant element of commercial input is simplistic, naïve, and unduly credits user interface (i.e., design) with too much.

Besides, isn’t this kind of hyperbolic overextension what “Marketing” is all about? Does nobody care that now Marketers have no real purpose let alone dominance?

Holacracy… old wine new bottles

 Business, Management, organization, society  Comments Off on Holacracy… old wine new bottles
Aug 292014

Found this article in the Globe and Mail (Say goodbye to hierarchy, hello to holacracy) about the disappearance of hierarchy at some “cool” businesses (such as Zappos). It’s essence is per the following definition:

Holacracy is a social technology or system of organizational governance in which authority and decision-making are distributed throughout a fractal holarchy of self-organizing teams rather than being vested at the top of a hierarchy

Since it’s only been in existence since 2007 and seems to be favoured by new economy, technology-based businesses and not-for-profits, it might be a little early to tell whether there is broad merit in the approach. Having self-contained, self-directed units makes complete sense and aligns with many features of nature and certainly of “Complexity” and “Emergence” theories. I’d say generally I’m in favour with the caveat that there are limits to its relevance.

Take the military, for instance and as a deep-relief example of where hierarchy is necessary. While it makes sense that battalions or platoons or fleets or squadrons, in combat, be enabled with self-direction over their own activities to achieve clear goals (this is fundamental), you can’t run an army that way. That kind of organization needs, at its broadest levels, timely and ongoing coherence in purpose and action fast. Holacracy would tend toward incoherence in the short run, though it might be more valuable and effective in the long run. So, organisations that need to be coherently directed toward a possibly fluid goal with a minimum of evolutionary trial and error as the holocratic parts bump into one another might not be right for this structure.

That generally describes large enterprises of the money making or other variety. But even as I type this I wonder if the issue is not black and white but many shades of grey. That is holocracy at one level does not mean hierarchy at another. Perhaps there is harmonious combination of these two structures that would be generally applicable. Maybe that’s been considered by the creator of the idea and/or its various evangelists, including Ken Wilbur.

The article I’ve tagged makes the point but, truth be told, I didn’t read it that closely to know whether it only mentions government or dwells on it. There is a statement to the effect of this being how government works and isn’t it ironic that after so long being told government should be more like business, it’s business that is now being told to be more like government… is? I don’t know about that, but again it could be the degree of magnification. Yes, government departments and agencies do operate as holon. So in that respect, I get it. But, within those departments and agencies I’ve yet to see anything but wicked, rank-respecting, bloated and unwieldy hierarchy.

There is, however, one area of government that is definitely holacracy. That is the confederation as Canada is structured with its provinces being largely independent parts loosely held together by the national centre (federal government), and as Switzerland is with its cantons being practically distinct and unrelated units. These work to greater and lesser degrees. One can find wonder or horror in the structure depending on what you choose as a focus.

In any case, it smells a bit like old wine in new bottles. Nostalgia being dusted off and sold for more than its worth. Harumpf.