Sunday, November 3, 2013

Confluence



I like the TED talk recently given by Hetain Patel. A artist and a linguist who joined Yuyu Rau a dancer who brought a new perspective for me in delivery of an astounding idea. The talk first of all was very refreshing to see how two people from  two very different cultures (a British Indian Gujarati and a Chinese) came together to deliver this.  I love this kind of confluence. Its heart warming to see how cultures around the world are melding...even if its at a slow pace it is so cool to see this happening especially when excellence is produced. Apart from that the content of the talk was also invigorating to the fact that we learn from imitating in the context and assemblage and convergence of culture  language, heroes and identities that we surround ourselves or grow in. This begins from childhood and goes well into adulthood; in fact it may be a quest in finding our own identity. If you haven't watched it on TED here's the embedded video.  Enjoy!



Thoughts,

Sam Kurien

Reasoning and Understanding.

From my journal entry on 09/01/2013
-------------------------------------------
The story of Henry Humidor is an interesting introduction to the world of reasoning re-written here from the "The Little Blue Thinking Book" by Brandon Royal  who adapted it from a story that appeared in New York Times.

Henry Humidor purchased a box of very rare, very expensive cigars and insured them, among other
things, against fire.  Within a month, having smoked his entire stockpile of cigars, he filed a claim against the insurance company. In his claim, Henry stated the cigars were lost "in a series of small fires". The insurance company refused to pay citing the obvious reason: He had consumed the cigars in the normal fashion.

Henry sued and won!

In delivering the ruling, the judge agreed that the claim was frivolous. He stated the man nevertheless held a policy from the company in which it had warranted that the cigars were insurable and also guaranteed that it would insure against fire, without adequately defining what is considered to be an "unacceptable fire" and was obligated to pay the claim. Rather than endure a lengthy costly appeals process the insurance company accepted the ruling and paid Henry $15,000 for the rare cigars he lost in the fires....

But....

After Henry cashed in the check, the insurance company had him arrested on 24 counts of arson! With his own insurance claim and testimony from the previous case used against him; Henry Humidor was convicted of intentionally setting fire to his insured property and was sentenced to 24 months in jail and $24,000 fine.
------------------------
Welcome to the wonderful world of reasoning :)

Classical reasoning states there are four mindsets - Realist, Idealist, Analyst and Synthesist. Practicality and emotion in varying degrees in people will categorize them into either one of them strongly. Of course this can even go back and forth in varying degrees based on circumstances. At least this is my observational
opinion. However a good thinker should use each mindset in creative ways. Holistic integrative thinking merging analysis with right brain imagination will help you be that "Good thinker". Sadly the place I grew up in (India) didn't allow for this kind of thinking in the classroom especially when there are 50 to 60 in each class. The United States seems to be following suit in process based learning in public, charter and private schools this is sad indeed. I believe as we are so prone to process oriented linear thinking we want everything to be standardized, its easy if its in a box and that is what our fast food culture demands. We however have to step back and think and re-think. Yesterday on my other blog I wrote about understanding stating the example of Lincoln who convulsed for not understanding the meaning of the word "demonstrate". I want to end by quoting Solomon in the proverbs : "In all this my son gain "understanding" and it will go well with you." (paraphrase mine).


Saturday, March 9, 2013

Design Engineering in Furniture

David Fletcher is UK based industrial/furniture designer.





...and some space saving cool intelligent furniture Design

Thursday, March 7, 2013

Unlearn, Unlead & Then Lead

Unlearning and un-leading (I just made that word up as I got spellcheck error) is unnatural for leaders especially C-level leadership.  Leaders are hardwired, fused with their learning/experiences of the past into their brains. The areas of business acumen, time tested management principles and process practices  they have acquired over the years are hard to let go. And it is hard to let go your experience & unlearn what you have already learnt. I believe with technology, evolution/erosion of business models and changing marketplace and design dynamics shifting rapidly its important to unlearn faster and keep a clear mind in absorbing how wisdom can show a different way. It may turn out to be a innovation or seizing a opportunity that creates a niche, or demolition and rebuilding can only come from unique insight. For CIO'/CTO's you want to be vulnerable with other business leaders inside your enterprise as well as outside to keep an open mind moving from being technology distributor to becoming a strategic counselor. I like this latter word because it means going out and conversing with other business leaders, listening and listening more and asking a lot of questions. Revealing up front you don't  know much but are willing to listen and unlearn and then learn again through unlearning. It almost shows that you are weak but believe me this is a powerful technique.

When its comes to subordinates, teams and the departments your lead - ,unlead first meaning listen and keep listening and make yourself vulnerable to the point of acting dumb. Almost opposite of giving orders and showing who is the boss!. The objective then is to move from just collecting and analyzing data to taking an outside-in approach. There are outside data available compare with internal data your staff is telling you about and then merge for effective decision making. Leading will follow. The prevalent popular ideas of big data and making sense of crunching large amounts of data it to get unique insights is nothing but I call the process of waiting and using wisdom for making decisions.  Finally the last part is to delegate and empower effectively so you can set aside time to dream, engage leadership to know their dreams and give insights to propel their vision. Unlearn, Unlead and then lead!!

Thoughts,

Sam Kurien


Monday, February 18, 2013

Vendor Management for Application Security - Best Practices


Managing enterprise risk in organizations is getting complex every day as 65% - 70% of software's used by an organization are from outside vendors. The ecosystem's of vendor-supplied software ranging from desktop applications to cloud solutions and in between all of the heterogeneous mix of applications used to manage the enterprise's network increasingly demands that CIO's  take care of Governance and Risk Compliance practices seriously. Yet the amount of man-power required and capacity in existing IT staff is less than ideal with all the stuff they are asked to do on a daily basis. We live in an age where vendor supplied applications run the operations of a business with heavy exposure for the organization towards security vulnerabilities, liabilities and risk.


A PWC study I read in 2012 said that less 1 in 5 enterprises conduct security assessment's on their vendors even when an average typical enterprise may carry 300+ vendor applications in their enterprise portfolio. Also right now as I go through the requirements of PCI DSS, SOX and HIPAA mandated privacy and security controls it is shockingly painful that organizations are liable to extend their security controls on vendor supplied applications for compliance and policy requirements.Ultimately as requirement states you are responsible not your vendor!

It is true enterprises have traditionally lacked the efficient methods of analyzing security of the applications vendors provide... but shouldn't there be a process put in place (as most organization's IT shops don't have IT staff or margins in time) to sufficiently whet vendors and applications before they are deployed in the organization. Some thoughts I have in terms of what can become best practices would be to manage vendors and put a process in place for security audit of applications better would be the following: (I am aware loads of this has been written on vendor life-cycle literature's but these observations come form possible improvements I am trying to make in my little world)

1. First of all  take an inventory of Vendor Applications in your organization. Streamline the vendors and minimize inter-dependencies. This way also minimize the number of vendors if possible.
2. Create a vendor matrix which assigns assurance levels based upon critical-ness  of that application and its need in the enterprise.  Some call this Assurance level of what are up times based upon the importance of the application. A simple example would be email - which means your exchange server needs to be up 100% of the time or if you are using an external cloud provider like Google mail - from a SAAS based provider what is assurance levels they provide. For major players this may not be a problem but if you are using smaller shops this may be a significant consideration as you construct your vendor matrix based upon high need of applications against it assurance levels.
3. A security policy team that invites members from other areas of the organization that have a primary say and know how's/why's of the software solutions they constantly use should be part of the vendor evaluation process.
4. Determine ahead of time what type of security testing your system admins' are going to do for deploying or procuring of the said software application.
5. Can the primary users of the software that form your evaluation team create a report from their perspective of  +'s and -'s of the software.
6 .Finally make notes of the track record of your vendor's  in terms of support maintenance, price negotiation and other value add information they give in a timely manner regarding licensing, new features, training security alerts etc etc.
7. Ask the vendors for test reports, vulnerabilities past, present and future, remediation, fixes made by the vendor development teams.
8. Evaluate all software vendors at least four months before your budget cycles and get long term commitments (3 or 5 years if possible).

These steps are not rules but some common observations I have made in terms of practice.

Thoughts,

Sam Kurien


Thursday, February 14, 2013

Disrupt or Be Disrupted!

As competition in the free market increases every day - business models and business strategies continue to evolve. Innovation will drive disruption in business models from players that will disrupt the current practices of existing business's in order to create a niche in the marketplace. The challenge for existing business's is to continue to disrupt or die in this game. Famous examples of a disrupter was Netflix who with its innovative web content streaming for movies, TV shows and a robust supply chain resulted in the closing down of traditional movie rental shops like Blockbuster and Hollywood Video. However players like Amazon, Hulu, Google have entered in as disrupters in this space threatening the very disrupter (Netflix) and stopping their march of web-media delivery domination. It seems like it is a familiar pattern the disrupter comes into the market with an innovation, flys high for a while and then gets disrupted with evolving market and technological changes. As a CIO I feel the pressures of evolving strategies, changing the game plan from time to time (though it makes your internal staff and management discomfortable) I believe it comes with role to warn colleagues of "conventional thinking. CIO's have to recognize when competitive strategies (tested and proven) can become inherent weakness. This inherently becomes a pattern of thinking that develops over the course of time as management gets into the practice of "this is/was always the way its done here". This creates myopia and inertia that brings the organization's to complete stand still. CIO's who confine their interests and practices only to leading technology and improving business processes will surely not make any significant impact in their tenure. They need to constantly have an entrepreneurial spirit, have the ability to tinker and experiment, know the heart beat and pulse of your customers and stakeholders and reduce unhealthy interdependencies. The four things I just mentioned need to be taken apart one by one:

Entrepreneurial Spirit: This is the ability develop a peripheral vision where if we can help the bottom line by distinguishing yourself with a innovative product or service that brings value add you will survive and thrive. For example when Walmart couldn't enter the financial services market as a regular bank they joined hands with American Express to create Bluebird credit cards.

Experiment: Top managers who allow for experimentation encourage innovation. The Post It note innovation at 3M, or the ad's appearing in Google Mail are examples of management allowing for experimentation. It is to recognize that most of them will fail but some will succeed. It's about allowing for a culture of trying out different things and then measuring what worked and what didn't.

Know the heartbeat of Your Customers & Stakeholders: When you have middle players or vendors that separate you directly from your customers or stakeholders either build mechanisms that give you good feedback or eliminate them so you can avoid not knowing what your customers or stakeholders. You cannot afford this.

Eliminate Interdependencies: If you have business partners who are in the same field avoid the interdependency. For example Netflix has all its content delivered through Amazon cloud services, now that Amazon has entered the same space the interdependency is not good. Google had to delink from Apple because they want to be major dominant player in the mobile space. Avoiding interdependencies in your supply chain is also very important if a supplier is threat or in direct or indirect competition.

Thoughts for today,

Sam Kurien



Friday, January 4, 2013

Three takeaway's - maybe 4!

Last night was revisiting a talk by Seth Godin on Tribes. Some important takeaways for the new year as I post this first post of 2013.

The new way of leading is about:

1. Challenge the Status quo - Why are we doing this?
2. Create a Culture (Tribe). People want you to step up and lead.
3. Commit to a philosophy in believing in people and empower them to achieve. The few strong believers you have in your (idea/philosophy/mission/vision)- they will take it forward!

Lastly - Figure out the people part and the technology gets a whole lot simpler.

Thoughts,

Sam Kurien