Technology First Blog

Mind The Gap: The Latest on Labor

Marla Halley — Thu, 26 Mar 2026 18:05:42 GMT

I’m sure you have heard the trending news by now……the United States is experiencing a labor shortage that is affecting many industries like manufacturing, logistics, healthcare, transportation and agriculture^{^[1]}. This news has been reported in regional newspapers, business magazines as well as trade journals. These industries should sound very familiar to you as they are all very much in demand in most markets across the country. What is causing this shortage? What can employers do about the shortage? The cause is a result of several different factors like our nation’s aging population, low unemployment, people opting out of the workforce, working conditions, skills gaps and the school to job pipeline. There is good news in many of these causative factors. Employers across the country still have a lot of control with many of the factors leading to shortages, and they can grab the bull by the horns with robust workforce planning for their company.

Workforce Planning Primer

The Society for Human Resources Management advocates for all companies to practice the art of workforce planning^{^[2]}. There is no specific formula for assisting with workforce planning because every company has very different needs, based on their culture, their strategic plan and their goals and objectives. With this said, your company can develop a workforce plan that can assist in guiding your company to a robust workforce pipeline that will better position your company for accomplishing your goals and objectives. The steps in the planning process are very straightforward:

1.     Conduct a supply analysis.
2.     Conduct a demand analysis.
3.     Conduct a gap analysis.
4.     Formulate a solution (plan).

The purpose of the supply analysis is to ensure your company knows the regional and national suppliers of potential employees for your company. This analysis should look at the numbers available and skills and should also look at demographics to include generational representation. This analysis will help your company with projections for the future based upon retirements and resignations, and it can also assist in examining different types of workforce that can be tapped into (e.g. new graduates, upskilling of current employees, veterans, people with disabilities, older adults, reentered citizens, and new Americans). Through the examination and utilization of all of these categories, you can create a very resilient workforce for your company.

The demand analysis will help you to design your future workforce composition. This is where your strategic plan will come in handy to ensure you are recruiting your required skillsets in response to your new and expanded business. This is the analysis where you are asking yourself about the skillsets and experience that you need in your company in all of your positions. You’ll want to review your job descriptions very closely to ensure they are accurate and offer your company ultimate flexibility.

The gap analysis makes a comparison between what you said you need in your demand analysis and what is available through your supply analysis.

Last but not least is your solution analysis. Your solution should include how you plan to recruit to meet your needs, as well as plans for upskilling current employees and potentially tapping into new resources that maybe your company has never tapped into in the past.

Easy to find Labor Resource

One readily available resource in every market is students at all levels of education. High School through Graduate Students across the country are looking for work-based learning opportunities that will help them to discern their appropriate career choices. In Ohio, we are really lucky to have about 400K High School students in our State and close to 400K College and University students. Imagine if we could keep the vast majority of these students in our State. Our labor shortage in Ohio would be long gone!

Cassie is President of The Strategic Ohio Council for Higher Education (SOCHE), a non-profit organization that specializes in assisting employers to recruit, train, employ, develop, and manage interns. After 59 years in business, SOCHE knows that today’s interns are tomorrow’s workforce! If you’re looking for talent, let SOCHE help connect you with your next generation of workforce. Reach out to soche@soche.org or www.soche.org.

^{^[1]} https://www.uschamber.com/workforce/understanding-americas-labor-shortage

^{^[2]} https://www.shrm.org/topics-tools/tools/toolkits/practicing-discipline-workforce-planning

Closing the Accountability Gap: Why Automation and Cyber Risk Transfer Must Evolve Together

Marla Halley — Sun, 01 Mar 2026 16:25:29 GMT

AI is no longer experimental. According to the 2026 Software Lifecycle Engineering Decision Maker Survey, 76.6% of organizations are actively using AI in development workflows, with another 20.4% evaluating its implementation. Only 3.1% remain disengaged. [ 1]

Automation and AI have reshaped how we build, deploy, and protect software. From speeding up code delivery to enhancing threat detection, these systems promise speed, consistency, and scale. But automation isn’t infallible—and when it goes wrong, because it has, the consequences ripple across entire industries. This raises an important question: who is accountable when automated systems fail, and how should we rethink risk transfer in response?

When Automation Fails at Scale

In July 2024, a routine security update triggered a global technology outage that left millions of Windows machines unusable overnight. A flawed configuration update for the widely deployed endpoint security agent caused systems to crash into boot loops, disrupting airlines, hospitals, broadcasters, banking systems, and emergency services.

The root cause? A bug in the internal validation process—a tool meant to ensure updates were safe. Instead, it mistakenly allowed a defective update to reach customers’ systems. This wasn’t a cyberattack. It was a failure of automated testing and quality assurance.

The fallout was vast even with a swift response. While many systems were restored within days, the financial toll on individual organizations was significant. Delta Air Lines alone claimed hundreds of millions of dollars in losses due to canceled flights and operational chaos. The scale of disruption underscores a fundamental truth: automation amplifies both benefits and failures.

The Illusion of Infallible Automation

Automation is often sold as a panacea. It promises faster releases, fewer human errors, and continuous delivery at scale. But experts have noted that automated validation systems are still software, and therefore still prone to defects. As one analysis observed after the outage, automation tools can miss edge cases or malformed data exactly because they operate within predefined assumptions.

In the 2024 incident, the content validator allowed a defective configuration file to pass through because its own logic failed to spot the mismatch. This gap illustrates an important point: automation inherits the limitations and blind spots of its creators and its design. No matter how sophisticated, automated testing can only check for what it’s designed to anticipate.
Equally consequential is the practice of deploying updates globally without staged rollouts or “canary” testing that limits blast radius. Had the faulty update been deployed to a small subset first, the outage might have been contained before it became global.

Accountability in a Fragmented Risk Landscape

Traditionally, software vendors deliver products with liability clauses that limit financial exposure. Customers bear much of the operational risk when something goes wrong. This model assumes vendors won’t be at fault too often, and that organizations will manage their own risk through internal controls, testing environments, and contingency planning.

As dependency on third‑party tools increases across businesses, the lines of accountability grow blurrier, and ecosystem risk grows.

From Insurance to Guarantees: Shifting Risk Transfer Models

One emerging response in the cybersecurity ecosystem is the integration of financial risk transfer mechanisms alongside technical tools. Traditional cyber insurance policies have long been used to shift risk—covering costs associated with breaches, ransomware attacks, and business interruptions. These operate reactively and often exclude systemic or vendor-related failures.

In contrast, some companies have begun offering guarantees or warranties backed by insurance that tie performance outcomes to financial protection. For example, one deep learning-based cybersecurity provider teamed with an insurer to offer a performance guarantee with ransomware warranty coverage up to millions of dollars—signaling confidence in both product effectiveness and risk mitigation.

Similarly, cyber warranty programs embedded with solutions now exist where customers receive financial backstop in the event of qualifying incidents. This helps to cover forensic costs, legal fees, or response activities.

These approaches represent a shift from purely technical performance to outcome-based assurances, essentially placing some level of financial accountability on the provider when specific guarantees aren’t met.

Why This Matters Now

The cyber insurance market itself reflects a changing risk calculus. Claims have surged, particularly around ransomware and third-party failures, pushing insurers to tighten underwriting and scrutinize vendor risk more closely. In some cases, insurers now demand continuous monitoring and proactive threat mitigation as prerequisites for coverage.

Meanwhile, hybrid models that blend warranty and insurance help bridge gaps between technical defense tools and financial resilience. They push organizations—and the vendors they work with—to think beyond feature checklists toward shared accountability for outcomes.

A Framework for Shared Accountability

As digital systems continue to grow in complexity and interdependence, organizations need a framework that acknowledges both technical and financial aspects of risk.

•      More granular vendor commitments increase trust in product performance.

•      Integrated risk transfer ensures incidents don’t derail business continuity.

•      Retaining human oversight ensures automation enhances judgment.

•      Continuous feedback turns failures into systemic improvement.

Bridging Promise and Trust

Automation and AI have immense potential to drive efficiency and scale, but their unchecked use can mask latent risks. As the industry evolves, true accountability will come from aligning technical performance with shared financial responsibility and risk management frameworks.

Closing the accountability gap isn’t about eliminating automation. It’s about designing systems, contracts, and risk policies that recognize the shared stakes of all parties involved—vendors, customers, insurers, and regulators alike.

About the Author:

Michael Benzinger, Vice President, Director of Engineering for Cardre Information Security.

^[1] https://futurumgroup.com/press-release/ai-reaches-97-of-software-development-organizations/?utm_source=chatgpt.com

Resilience in Manufacturing: How Octoplant Helps You Recover Faster and Operate Smarter

Marla Halley — Thu, 26 Feb 2026 20:42:15 GMT

Manufacturing environments are becoming more automated, more connected, and more complex than ever before. While this progress unlocks efficiency and productivity, it also introduces new vulnerabilities. When something goes wrong on the plant floor, the speed at which you recover can mean the difference between a minor disruption and a costly production shutdown.

Common Problems That Disrupt Production

1. Downtime caused by missing or outdated program backups
A machine goes down unexpectedly. The maintenance team investigates and discovers the PLC program has been modified at some point—but no one knows when, why, or by whom. Worse, the only backup available is months old or incomplete. Production stops while engineers scramble to rebuild or recover the correct version. What should have been a quick fix turns into hours—or even days—of lost output.

2. Untracked PLC or robot changes
On a busy shop floor, multiple technicians, engineers, and contractors may access control systems. Without a centralized way to track changes, small adjustments can create big problems. A line that ran perfectly yesterday suddenly behaves unpredictably today. Without an audit trail, troubleshooting becomes guesswork.

3. Audit and compliance challenges
Whether driven by internal standards, customer requirements, or regulatory bodies, many manufacturers must demonstrate control over their automation assets. When documentation is scattered across personal laptops, USB drives, or outdated servers, preparing for an audit becomes stressful, time-consuming, and risky.

4. Knowledge loss due to employee turnover
Experienced technicians often carry critical knowledge about machine configurations and program changes. When they leave, retire, or change roles, that knowledge can disappear with them. The next time an issue occurs, teams may struggle to understand how systems were configured or why certain changes were made.

These scenarios are more common than many organizations would like to admit. The good news is that they are also preventable.

Building Resilience with Octoplant

Resilient manufacturing operations are not just about preventing downtime—they are about recovering quickly and confidently when issues occur. This is where Octoplant plays a critical role.

Octoplant is designed to centralize, secure, and manage automation assets across the entire plant. Instead of relying on scattered backups and manual documentation, manufacturers gain a single source of truth for their control programs and configurations.

Here’s how Octoplant helps companies improve resilience and reduce time to recovery.

1. Automated, reliable backups
Octoplant performs regularly scheduled backups of PLCs, robots, HMIs, and other automation devices. This ensures that the most recent, validated version of each program is always available. When a failure occurs, maintenance teams can quickly restore the correct version—eliminating guesswork and reducing downtime.

2. Full change tracking and audit trails
Every change to a control program is tracked. Teams can see who made the change, when it happened, and what was modified. This visibility simplifies troubleshooting and ensures accountability across the organization.

3. Centralized version control
With Octoplant, all automation programs are stored in a centralized, structured repository. Instead of searching through multiple laptops or network folders, engineers can instantly access the latest approved version. This reduces the risk of loading outdated or incorrect programs during recovery.

4. Faster troubleshooting and recovery
When something goes wrong, time is critical. Octoplant provides immediate insight into program differences, recent changes, and system status. Maintenance teams can quickly identify the root cause and restore operations—often in minutes instead of hours.

5. Knowledge retention across the workforce
By documenting changes and storing programs centrally, Octoplant captures institutional knowledge. Even when employees leave or retire, the system retains the history and context needed to keep operations running smoothly.

From Reactive to Resilient

In modern manufacturing, disruptions are inevitable. Equipment fails, changes are made, and people come and go. The difference between a fragile operation and a resilient one lies in preparation, visibility, and control.

Octoplant gives manufacturers the tools they need to move from reactive troubleshooting to proactive resilience. By ensuring that every automation asset is backed up, tracked, and recoverable, companies can protect production, reduce risk, and maintain confidence in their operations.

When downtime strikes, resilience isn’t just about getting back online—it’s about how fast and how confidently you can do it. With Octoplant, recovery becomes a controlled, predictable process.

About the author:

Mike Rolfes is an account manager at ATR Automation. ATR Automation has been providing industrial automation and electrical engineering solutions since 1956. As we have grown with the development of our community over the last 60 years, we have become the trusted name for industrial automation software in the region.

To learn more about Octoplant, please reach out to ATR Automation. I can be reached at michaelrolfes@atrautomation.com or (513) 353-1800 ext. 5037.

Modern Identity Security: What Actually Stops Attacks

Marla Halley — Mon, 26 Jan 2026 20:49:37 GMT

As organizations rapidly move applications and data to cloud platforms, cloud identity providers have replaced the network perimeter as the primary security boundary. Compromising a single account can provide broad access, making identity one of the highest-value targets for attackers.

Multi-factor authentication (MFA) was once the most effective defense against account takeover. Today, it remains necessary—but it is no longer sufficient without additional steps.

What MFA Was Built to Prevent

Traditional phishing attacks focused on stealing credentials. Users were tricked into entering a username and password into a fake website, which attackers then reused to log in to the real service.

MFA disrupted this model. Even with stolen credentials, attackers could not complete authentication without access to the second factor. For years, this significantly reduced phishing-related compromises.

That protection assumed attackers were outside the authentication flow. Modern attacks no longer operate under that assumption.

How Adversary-in-the-Middle Attacks Bypass MFA

Adversary-in-the-Middle (AiTM) phishing shifts the attack from credential theft to session theft.

Instead of sending users to a fake login page, attackers proxy the real sign-in experience. The victim authenticates to the legitimate service and completes MFA normally. Behind the scenes, the attacker relays all traffic and captures the resulting session token.

Session tokens prove that authentication has already occurred. Once issued, they allow access without requiring the password or MFA again. If an attacker steals the token, MFA is effectively bypassed.

A Typical AiTM Attack Flow

The user receives a phishing email designed to create urgency.
Clicking the link routes the user through attacker-controlled infrastructure.
The attacker proxies the real login service.
The user enters credentials and completes MFA.
The identity provider issues a session token.
The attacker captures and replays the token to access the account.

From the identity provider’s perspective, the attacker’s session is valid. Authentication already succeeded.

Why Traditional MFA Falls Short

Most MFA methods—SMS codes, authenticator apps, and push approvals—can be relayed in real time. AiTM attacks exploit this by forwarding challenges and responses between the victim and the real service.

Because the session token is issued after MFA is completed, MFA alone does not prevent token theft or reuse. Defending against AiTM requires controls that either prevent token capture or limit token usability.

Controls That Actually Reduce Risk

Phish-Resistant Authentication

FIDO2 security keys, passkeys, and certificate-based authentication are resistant to relay attacks. These methods cryptographically bind authentication to the legitimate service and cannot be replayed through a proxy.

Device-Based Access Controls
Requiring trusted devices adds a second enforcement layer. During the login process, the identity provider does an additional check to validate it is a trusted device and not an attacker’s proxy server.

Session Token Protection
Short session lifetimes, token binding, and continuous access evaluation reduce the value of stolen tokens and limit attacker dwell time.

Continuous Detection
Identity Threat Detection and Response (ITDR) tools identify anomalous behavior such as unfamiliar devices or impossible travel, enabling rapid containment when prevention fails.

Conclusion

MFA is no longer a complete defense against modern identity attacks. Adversary-in-the-Middle demonstrates that attackers can bypass authentication by stealing sessions instead of credentials.

Effective identity security requires layered controls that reflect how attacks occur: phish-resistant authentication, device trust, hardened sessions, and continuous monitoring.

Identity is now the perimeter. Defending it requires more than a second factor.

About the Author

Chaim Black is a Cyber Security Manager at Intrust IT. He is focused on delivering resilient security operations. He leads day-to-day security team execution while strengthening internal security posture and compliance. Chaim also serves as President of InfraGard Cincinnati, part of the FBI-private sector partnership advancing information sharing and cyber risk awareness.

Signature-Based Detection Is Losing the Arms Race, And AI Is Accelerating the Problem

Marla Halley — Mon, 26 Jan 2026 20:16:20 GMT

The shift in offensive operations over the last 18 months is unlike anything the industry has seen before. AI isn't coming for defenders, it's already here. And to make things worse, attackers are using it to outpace traditional security controls at a rate that should concern everyone.

Here's the reality: signature-based detection was always playing catch-up. It works by recognizing things that have already been seen; file hashes, known-bad strings, IOCs pulled from last month's incident. That model assumes attackers are reusing tools and infrastructure. They're not. Not anymore.

Polymorphism at Scale

Polymorphic malware isn't new. What's new is how trivially easy AI makes it to generate variants. A red team operator can take a loader, feed it through an LLM-assisted obfuscation pipeline, and produce hundreds of unique builds that share zero static indicators. Different hashes, different string tables, different control flow. Same capability.

From an offensive perspective, this changes engagement dynamics completely. Payload development and evasion used to consume significant amounts of time. Now, generating AV-bypassing variants is almost a commodity task. If authorized red teams can do it with limited resources, assume actual threat actors, with more time, more money, and no rules of engagement, are doing it better.

The tooling exists to test payloads against defender solutions in automated loops. Spin up a sandbox, drop the payload, check detection, mutate, repeat. Iterate until clean. That's not theoretical, it's how modern offensive tooling development works.

Why Behavioral Detection Has to Be the Focus

If static indicators are unreliable, what's left? Behavior.

Malware can change its code, but it still must do something. It needs to establish persistence, move laterally, touch credentials, call home. Those actions leave traces that are harder to obfuscate than a file hash.

Competent defenders should be watching for:

Process lineage that doesn't make sense (Word spawning PowerShell spawning cmd.exe)
Authentication patterns that deviate from baseline (service accounts logging in interactively, lateral movement spikes)
Memory behaviors associated with injection techniques
Network traffic that violates expected protocol norms

Good detection engineering focuses on these patterns, not on "did we see this exact hash before." The best blue teams aren't hunting for tools, they're hunting for tradecraft.

IOCs Need to Get Smarter

Most IOC feeds are noise. A hash gets burned within hours. A C2 domain is useful until the next rotation. If a detection strategy depends on someone else seeing the attack first and publishing indicators, it's always behind.

The IOCs worth investing in are behavioral: specific API call sequences, registry key patterns associated with persistence mechanisms, authentication anomalies, protocol misuse. These tie to what the attacker is trying to accomplish, not what tool they happen to be using today. That's the important distinction.

Anyone building custom offensive tooling knows that changing source code is easy. Changing objectives is not. Credential access is still required. Lateral movement is still required. Exfiltration is still required. Detect those actions, and the operator gets caught regardless of what the payload looks like.

AI Works Both Ways

Defenders have access to the same technology. Machine learning models that baseline normal environment behavior and flag deviations are genuinely useful when tuned properly and fed good telemetry. The challenge is operationalizing them without drowning in false positives.

The environments that cause the most problems during offensive engagements are the ones with mature detection engineering programs. They're correlating endpoint telemetry with identity logs and network traffic in near real-time. They're running adversary simulations that mirror actual attacker behavior, not checkbox compliance exercises. They're hunting proactively instead of waiting for alerts.

The Uncomfortable Truth

Prevention won't stop every breach. That's not defeatism, it's operational reality. Attackers only need to be right once. Defenders need to be right constantly.

The goal isn't perfection. The goal is making attacker operations expensive, noisy, and slow enough that detection happens before objectives are achieved. That means investing in detection engineering, building response capabilities that actually work under pressure, and accepting that security stacks will fail at some point.

AI is making attacks cheaper and faster to produce. The response isn't more signatures; it's better detection of the behaviors that signatures can't catch.

Author:

Anthony Cihan is the Senior Principal Cybersecurity Engineer at Obviam where he leads offensive security operations and security assessments. He holds a BS is Cybersecurity and Information Assurance, the OSCP and OSWP, and has published multiple offensive security tools such as the PiSquirrel wiretap/implant and the Spellbinder SLAAC based IPv6 attack tool.

The 2026 Tech Leader Playbook: Top 5 Priorities for the Next Wave

Marla Halley — Tue, 23 Dec 2025 15:24:05 GMT

The technology landscape is shifting at an unprecedented pace, driven primarily by the rapid maturity of Artificial Intelligence. For tech leaders—CIOs, CTOs, and CISOs—2026 isn't just another year; it's a pivotal moment to move from experimentation to enterprise-grade execution. Success will be defined not by the technology you adopt, but by how strategically and responsibly you embed it at the core of your business.

Here are my top five priorities that will define the winners in 2026 and beyond.

1. Establish Comprehensive AI Governance and Ethics

AI is no longer a fringe tool; it's becoming the operational fabric of the enterprise. This widespread adoption, especially of Generative AI and autonomous agents, elevates the need for robust governance.

Leaders must prioritize building a comprehensive AI governance framework that moves from policy to operation. This framework is essential for managing risk, ensuring compliance, and building customer trust. Key actions include:

Define Responsible Use: Implement clear, regularly updated policies for how employees can and cannot use AI tools, with a focus on data privacy and intellectual property.
Ensure Data Provenance: As AI models rely on vast datasets, establishing digital provenance, proving that your data and AI outputs are genuine, traceable, and compliant is critical.
Build-in Transparency: Design AI agents that can document and explain their decisions, allowing for essential "human-in-the-loop" review and accountability, especially in high-risk applications like hiring or customer service.

2. Modernize Infrastructure for an AI-Native Future

The existing IT infrastructure, often burdened by years of technical debt, cannot support the demands of AI on a scale. AI models require massive compute power, high-speed data pipelines, and a flexible, low-latency environment.

A core priority for 2026 must be the modernization of systems and the transition to an AI-native platform. This means:

Cloud Foundation: Doubling down on a full-stack, cloud-first approach that provides the necessary scalability, agility, and specialized AI supercomputing platforms.
Data Readiness: Creating a robust "data factory" with strong data governance to ensure the quality, security, and interoperability of the data that feeds your AI models.
Edge Computing: Leveraging edge computing capabilities, often via IoT, to process AI-driven data closer to where it's generated (e.g., manufacturing floors, smart cities) for real-time decision-making.

3. Elevate Cybersecurity to Preemptive Resilience

With AI-powered attacks becoming faster and more sophisticated, standard perimeter defense is insufficient. Cybersecurity is no longer an IT operational task; it's a board-level risk concern.

Tech leaders must shift their focus to preemptive cybersecurity and a culture of resilience:

Zero-Trust Security: Fully implementing a zero-trust model across the organization, which assumes no user or device is trusted by default, minimizing the risk of internal breaches.
AI-Driven Defense: Utilizing AI security platforms for proactive threat detection, anomaly scoring, and automated incident response to combat AI-enhanced reconnaissance and supply-chain attacks.
Upskill Every Employee: Cybersecurity remains a human problem. Prioritize company-wide, continuous training that focuses on phishing, identity management, and the risks associated with deepfakes and synthetic content.

4. Redesign the Workforce for Human-AI Collaboration

The conversation around AI is shifting from job displacement to workforce transformation. Successful leaders will recognize that the competitive advantage lies in creating human-AI hybrid teams.

The priority here is to cultivate the human skills that AI cannot replace and redefine roles for the new era:

Reskilling and Upskilling: Make continuous learning a strategic imperative, training employees in data fluency, AI implementation, and prompt engineering. The most valuable professionals will blend technical AI fluency with critical human skills like creativity, emotional intelligence, and long-term strategic thinking.
New Roles and Career Paths: Establish new career pathways for roles that manage, monitor, and design AI systems, such as AI Ethics Officers and Agent Orchestrators.
Focus on Human Judgment: Use AI to eliminate mundane tasks, freeing human workers to focus on high-value activities that require complex judgment, empathy, and strategic decision-making.

5. Drive the Shift to Composable and Adaptable Architectures

In a world defined by rapid change and intense competition, the traditional, monolithic application structure is a liability. Large, interconnected systems are slow to update, difficult to integrate with emerging AI capabilities, and prevent the business from responding quickly to market demands.

Tech leaders must make the strategic priority a shift toward a composable enterprise built on modular, adaptable systems. This approach emphasizes flexibility, speed, and reuse:

Adopt Modular Architectures: Prioritize the full transition to microservices, containerization, and API-first design. This allows developers to quickly assemble and disassemble business capabilities (e.g., payment processing, customer login) as market conditions or new AI tools require.
Invest in Integration Fabric: Deploy a modern, robust integration layer (like an event mesh or sophisticated API gateway) that allows data and services to flow seamlessly between core legacy systems, cloud-native applications, and third-party vendor platforms. This is the glue that enables true agility.
Empower Fusion Teams: Move away from siloed IT and business units. Establish cross-functional "fusion teams" that blend business experts with low-code/no-code developers. These teams can rapidly assemble existing components to create tailored applications without waiting for lengthy, centralized IT development cycles.

About the Author

Parag Pujari is the Chief Information Officer (CIO) of Jurgensen Companies, where he oversees all technologies, IT strategy, IT operations and drives digital transformation initiatives to enhance business performance and efficiency. Parag has a distinguished background in IT leadership, specializing in areas such as cloud computing, ERP, cybersecurity, and enterprise architecture. Parag is crucial in aligning Jurgensen Companies’ technological capabilities with its long-term strategic business goals.

Red Flags in Professional Relationships: Lessons from Hiring Technology Leaders

Marla Halley — Tue, 23 Dec 2025 15:04:39 GMT

I hire technology leaders for a living, so I do a lot of interviews. There are some attitudes that consistently raise red flags. These are behaviors to be cautious about in professional collaborations of any sort. Watch out for them when vetting vendors, negotiating partnerships, or considering a new job. And most importantly, avoid these behaviors yourself.

Speaking poorly of former colleagues, partners, or customers

This is perhaps the most common and damaging one I encounter. When a candidate casually disparages a previous boss as "incompetent" or a former team as "lazy," it immediately sets off alarms. First, anyone who gossips will gossip about you. If they're willing to breach confidentiality or loyalty with past relationships, what's to stop them from doing the same when they move on from your organization?

Trust is foundational in tech leadership—sharing sensitive strategies, handling team dynamics, or collaborating on high-stakes projects all require discretion. A level of confidentiality is assumed. We need to feel safe to be imperfect. In innovative environments, mistakes happen as part of experimentation. Badmouthing absent parties erodes psychological safety; it signals that errors will be weaponized rather than learned from.

Nobody can see the whole picture. Deference to the unknown is a sign of maturity. Perhaps the former colleague had unseen constraints—resource limitations, personal challenges, or higher-level directives. Mature professionals show humility by withholding judgment, opting instead for curiosity: "I wondered if there might have been factors I wasn't aware of."

Blaming others for failures

Flag number two is blaming. Externalizing failures when addressing a setback lacks nuance and appreciation of complexity. Tech ecosystems are intricate delays often stem from interdependent factors like ambiguous requirements, shifting priorities, or uncontrollable dependencies. Leaders who oversimplify by pointing fingers miss the systemic view needed for effective problem-solving.

Accountability is non-negotiable in leadership. Owning outcomes, even when not directly at fault, demonstrates integrity. Blamers often avoid reflection: "What could I have done differently to mitigate this?" Blame reveals a missed growth opportunity. Those who blame others stagnate, while reflective leaders evolve.

Casting a lost promotion or reduced scope as a betrayal

This last one is a little more obscure, but I still hear it regularly. It emerges when discussing reasons for leaving a role. Candidates will frame being pushed to a smaller team, budget cuts, or shifted responsibilities as personal victimization—"They promised me X and then pulled the rug out."

This kind of attitude reveals entitlement over adaptability. In dynamic tech landscapes, scopes evolve due to market shifts, funding rounds, or pivots. Resilient leaders view these as realities to navigate, not betrayals to resent. Even if it does hurt to be trusted with less responsibility, taking it as an attack reflects poor emotional regulation. Reacting with bitterness suggests difficulty handling ambiguity or disappointment gracefully—qualities essential for leading through uncertainty.

A victim mindset fosters resentment, reducing willingness to invest in the team's success when conditions aren't ideal.

These red flags aren't about perfection—no one has a flawless history. They're about patterns of immaturity: low self-control, ego-driven responses, and combativeness over curiosity. In contrast, professionals who earn trust speak with goodwill, own their part, appreciate complexity, and adapt without grievance.

As you build your network—whether hiring, partnering, or job-seeking—pay attention to these signals. They imply how someone handles conflict, uncertainty, and relationships. And that awareness cuts both ways: self-reflect to avoid exhibiting them yourself. Practice pausing before critiquing absent parties; frame past experiences with ownership and nuance; view changes as opportunities rather than injustices.

In leadership, especially technology, trust compounds success. Spot these flags early, in yourself and others, and steer toward collaborations that build it rather than erode it.

About the Author:

Aaron Davis is a seasoned leader and talent acquisition expert. With a career spanning over two decades, Aaron has built and led successful teams across various industries, including tech staffing, software development, healthcare, & real estate investment. He founded Reliant Search Group in 2019 and still enjoys connecting business leaders with critical talent. Aaron hosts the "Being Built" podcast, where he shares insights on business growth and leadership.

Five Cybersecurity Trends Every Leader Needs to Know for 2026

Marla Halley — Fri, 28 Nov 2025 13:32:32 GMT

Cybersecurity in 2026 is at the center of digital transformation. AI-driven threats, expanding attack surfaces, and global regulatory shifts are rewriting the rules of risk management. Leaders who understand these dynamics will shape organizations that thrive in a world where security is inseparable from innovation. These five trends highlight the changes shaping cybersecurity and why acting today sets the stage for long-term growth.

1. AI: The Double-Edged Sword

Artificial intelligence has become a pivotal force in both offensive and defensive cybersecurity operations. Threat actors are increasingly leveraging generative AI to craft highly convincing phishing campaigns and other social engineering attacks at scale. According to SentinelOne’s 2025 report, phishing attacks surged by 1,265% year-over-year, largely driven by the adoption of GenAI in attack workflows. In response, defensive AI systems are employing behavioral analytics and predictive modeling to detect anomalies and mitigate threats in real time, aiming to counter the growing sophistication and volume of AI-enabled attacks.

The implications extend far beyond phishing. Gartner predicts that by 2027, AI agents will reduce the time it takes to exploit account exposures by 50%, dramatically increasing the speed and scale of credential theft and account takeover attacks. This trend highlights a critical shift toward automation in cybercrime, forcing organizations to rethink response strategies and invest in adaptive security models that can keep pace with evolving threats. Organizations that fail to anticipate this shift risk facing attacks that surpass traditional defenses, leaving critical systems exposed in a matter of minutes.

2. The Rise of Zero Trust Architecture

Zero Trust Architecture (ZTA) has transitioned from conceptual to operational, now embedded across critical sectors like finance, healthcare, and government. It mandates verification of every access request, independent of origin or device. Micro segmentation and continuous authentication are considered foundational practices. Gartner predicts that by 2026, 10% of large enterprises will have a mature and measurable Zero Trust program in place. This trend highlights the growing focus on building resilient security frameworks to counter evolving cyber threats.

3. Rising Risks in Operational Technology

The rapid expansion of connected Operational Technology (OT) devices is introducing new vulnerabilities across enterprise and industrial environments. These systems, which control critical processes, are increasingly interconnected, making them attractive targets for cyberattacks. To reduce risk and maintain operational continuity, security teams are prioritizing measures such as firmware integrity checks and network segmentation.

Large-scale environments like smart cities and industrial systems face heightened exposure because of the sheer number and diversity of connected devices. According to IBM’s Cost of a Data Breach Report, the impact is significant: in 2025, 15% of organizations experienced OT-related breaches, and nearly a quarter of those incidents caused direct damage to OT systems or equipment, with an average cost of $4.56 million per breach.

This expanding attack surface demands a shift toward asset-centric security models and real-time monitoring to prevent lateral movement and supply chain compromise.

4. Endpoint Detection and Response: The Frontline of Cyber Defense

In many cases, endpoints serve as the most accessible target for attackers. In a world of hybrid work and distributed networks, attackers often target laptops, mobile devices, and other endpoints as their primary entry point. Traditional antivirus tools, designed to detect known signatures, cannot keep up with advanced threats such as fileless malware, credential theft, and AI-driven exploits.

EDR takes a proactive approach by continuously collecting and analyzing data from every endpoint on the network, including processes, performance metrics, network connections, and user behaviors. By storing this data in a centralized cloud-based system, EDR enables security teams to identify anomalies quickly and respond before attackers can move deeper into the network. When a threat is detected, EDR can immediately isolate the compromised device, preventing further spread and minimizing impact. IBM research shows that 90 percent of cyberattacks and 70 percent of breaches originate at endpoint devices, making robust monitoring and response capabilities a top priority. Organizations that rely solely on traditional antivirus remain vulnerable to modern attack techniques. To maintain resilience and respond quickly to threats, EDR should be a core component of every security strategy.

5. Preparing for the Quantum Era

Post-Quantum Cryptography (PQC) introduces cryptographic algorithms designed to withstand the computational power of quantum computers, which threaten to break traditional encryption methods like RSA and ECC. Instead of relying on current mathematical problems vulnerable to quantum attacks, PQC uses lattice-based, hash-based, and multivariate polynomial schemes that remain secure even in a quantum-driven world.

The urgency for PQC adoption is growing as organizations recognize the long-term risk of “harvest now, decrypt later” attacks. Sensitive data encrypted today could be compromised in the future when quantum computing becomes mainstream. Gartner predicts that by 2029, advances in quantum computing will render applications, data, and networks protected by asymmetric cryptography unsafe, and by 2034, these methods will be fully breakable. Similarly, a Forbes Technology Council report highlights that quantum computing is now considered a top emerging cybersecurity threat, prompting U.S. policymakers to push for immediate preparation across both government and industry.

PQC allows organizations to strengthen their encryption for the future while maintaining efficiency and compatibility with existing systems. By integrating quantum-safe algorithms into existing systems, businesses can maintain compliance, secure cloud environments, and protect IoT ecosystems against next-generation threats. This shift transforms cryptography from a static safeguard into a resilient, adaptive defense for the quantum era.

Conclusion

Cybersecurity in 2026 is about staying ahead of threats before they emerge. AI-powered defenses, Zero Trust principles, and quantum-resistant cryptography are becoming standard practices for organizations that want to remain resilient. The companies that treat security as a core business strategy will be best positioned to protect assets, uphold compliance, and foster sustainable growth.

Strengthen Your Cybersecurity Strategy

At The Greentree Group, we help organizations protect critical data with comprehensive cybersecurity solutions. We work with federal, state, local, and commercial clients to identify threats, prevent vulnerabilities, and strengthen system security. Contact us today to take a proactive step toward securing your business.

About The Author:

Mackenzie Cole is an Analyst at The Greentree Group and a proud Wright State University alum, specializing in marketing strategy and analytics. With a passion for turning insights into impactful campaigns, Mackenzie has worked on a variety of multi-channel marketing initiatives with a focus on technology, creative storytelling, and connecting with local communities through purpose-driven marketing.

Your Roadmap to CMMC Compliance: Key Steps for Defense Contractors

Marla Halley — Thu, 16 Oct 2025 18:08:48 GMT

As cybersecurity threats grow more sophisticated, the U.S. Department of Defense (DoD) has taken decisive action to protect sensitive data across its supply chain. The Cybersecurity Maturity Model Certification (CMMC) is now embedded. For organizations in the Defense Industrial Base (DIB), this is not just a regulatory shift—it’s a strategic imperative.

Why CMMC Matters

CMMC is a tiered certification framework designed to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI). Whether you're a prime contractor or a subcontractor, if you handle either type of data, you must comply.

The program includes three assessment levels:

Level 1: Annual self-assessment for FCI.
Level 2: Self or third-party assessment for CUI.
Level 3: Government-led assessment for highly sensitive CUI.

Why Compliance Is Urgent

The final CMMC rule (32 CFR Part 170) took effect December 16, 2024, and the acquisition rule (48 CFR Part 204) becomes enforceable November 10, 2025. Non-compliance can result in:

Disqualification from DoD contracts.
Legal risks under the False Claims Act.
Reputational damage.

Contractors must affirm continuous compliance in the Supplier Performance Risk System (SPRS), and all requirements flow down to subcontractors.

Building Your Compliance Roadmap

Achieving CMMC compliance is a journey and is not a point-in-time process. Breaking this workload down into actionable steps is critical to maintaining focus. Here’s a phased approach:

1. Understand the Framework:

Familiarize yourself with CMMC’s structure, domains, and practices. Map requirements to NIST SP 800-171 controls, and clarify whether your organization handles FCI, CUI, or both.
Another critical element is to review cloud providers and other connected systems begin to identify shared responsibilities through a Share Responsibility / Customer Responsibility Matrix.

2. Readiness Assessment:

Determine your required CMMC level. This can be done through a review of your current contracts or through a conversation with your contract officer.
Review your current policies, procedures, and technical configurations. Documentation is key in achieving and maintaining CMMC compliance.
Conduct a gap analysis to identify areas needing improvement. Engaging with professionals who can provide guidance and expertise is crucial to help identify true gaps and to align business processes

3. Planning & Resourcing:

Develop a Plan of Action & Milestones (POA&M) to address gaps. This should be done at the objective level. This should also include prioritizing and budgeting for remediation.
Assign clear roles, define workflows, and identify necessary technology. Having a project manager or subject matter expert assigned to your compliance journey is essential.
Engage with certified experts and ensure internal ownership of compliance. The implementation of controls and objectives can be confusing. Having an expert that can give you advice and solutions will ensure that your interpretation of how you are meeting the controls does not cause you issue when it comes to an official assessment.

4. Implementation:

Update policies and procedures. Documentation is key in achieving compliance. Having clearly documented policies and procedures that address specific controls is necessary. Engaging with policy experts to ensure solid documentation is highly recommended.
“Document what you do, do what you document”
Enforce access controls. A key component of CMMC compliance is ensuring that only authorized users have access to the system and, furthermore, have access to CUI.
Deploy technical safeguards like encryption, a SIEM, MFA and endpoint protection.
Establish incident response and change control processes. Make sure that these processes are followed and that there is an audit trail so that the assessor can be provided with evidence.

5. Continuous Monitoring:

Treat compliance as an ongoing effort. This includes documenting reviews, auditing processes, defining audit logs and audit review processes, and constantly ensuring that documentation is in line with implementation.
Use tools like SIEM and other alerting mechanisms to assist with audits of controls and objectives.
Keep your POA&M updated as risks to your environment and compliance posture evolve.
Avoid superficial compliance and conduct mock assessments to uncover gaps.

Preparing for the Assessment

Don’t just check boxes—tell a defensible story. Your System Security Plan (SSP), POA&M, and supporting documentation should clearly demonstrate how controls and objectives are implemented and enforced.
Use real-world examples to show how controls are implemented. Be prepared to guide the assessor through your implementation and compliance.
Conduct mock assessments to uncover gaps before the official evaluation. It is always a good to check with designated experts to be sure you are in alignment. Contracting with a C3PAO (Certified 3^rd Party Assessment Organization) to conduct a mock assessment before your official assessment will allow for you to correct any known deficiencies before they are officially recorded.
Embed compliance into daily operations through automation and regular staff training. CMMC compliance is a culture shift for the entire organization.

Real-World Lessons

A case study from ProStratus highlights the value of a structured approach:

Conducting a thorough gap analysis and building a tailored POA&M.
Embedding compliance into daily operations and culture.
Ensuring that documented policies and procedures are clear, outline “actual” implementations and used throughout the organization.
Go into the assessment being able to prove all 110 controls and 320 objectives. You should not go into the assessment with a POAM.

Common Pitfalls

Over-reliance on generic templates
Neglecting documentation
Lack of internal ownership
Treating compliance as a one-time project
Trying to complete this journey alone.

Success Factors

Leadership buy-in. A C-Level champion is absolutely necessary for success.
Clear documentation that identifies addressed controls and objectives.
Proactive security culture that addresses ALL employees and avoids siloing security and compliance to a “team.”
Treating compliance as a strategic advantage. The amount of time and energy that is necessary for achieving CMMC Level 2 is enormous, but this is also an opportunity to set your organization apart from competitors and assure primes and officiating bodies that you are serious about protecting sensitive data.

Bottom Line:
CMMC compliance is not just a regulatory hurdle—it’s an opportunity to strengthen your organization’s security posture and stand out in the defense contracting space. Start early, build a culture of compliance, and leverage expert guidance to ensure success.

###

About the Author

ProStratus is a CMMC Level 2 certified managed security service provider, delivering secure IT solutions across the Defense Industrial Base. Thomas Saul is the Director of Security and Compliance for ProStratus and is a Certified CMMC Assessor (CCA) who specializes in helping organizations operationalize compliance and building cybersecurity into daily operations.

Pillars for an Autonomous Future

Marla Halley — Thu, 16 Oct 2025 18:03:33 GMT

Navigating the Shift to Smarter, Self-Running Experiences

Customer experience, or CX, is the sum of every interaction a customer has with your brand, from the first app notification to the final thank-you email. It's not confined to call centers; it's the seamless thread weaving through every touchpoint in a business, shaping loyalty in an era where expectations soar. Imagine a world where these experiences don't just react to needs. They anticipate them, resolve hiccups before they arise, and evolve effortlessly without endless human intervention. That is the autonomous CX landscape on the horizon, where AI doesn't replace people but amplifies them, touching every corner of operations in retail, finance, healthcare, education, and beyond. As industries race toward this future, four foundational pillars—strategic vision, quality assurance, training rigor, and mechanical integration—stand out as the blueprint for success. This is not just theory. It is an unfolding story of transformation, from today's reactive support to tomorrow's predictive powerhouses across all customer-facing channels. Let's dive in, exploring how these pillars build resilient, engaging journeys that keep your audience hooked and your operations ahead.

Pillar 1: Strategic Vision, Charting the Course Beyond the Budget

Every great shift starts with a map. In the rush to AI, too many leaders fixate on tools and costs, missing the bigger picture: Where is your CX headed in an autonomous era? Strategic vision demands asking bold questions. How will AI evolve your client interactions across apps, in-store visits, and virtual consultations? What seamless experiences will set you apart by 2030?

Picture customer hubs evolving from fragmented silos into dynamic ecosystems, where normalized, profiled information fuels multi-agent systems. Front-line AI handles routine queries in chatbots or kiosks, escalating to specialized "supervisors" that tap deeper insights, handing off to humans only when nuance calls for it. This is not about slashing expenses. It is about directional transformation, prioritizing long-term client loyalty over short-term wins in every business domain. Without this north star, deployments falter into chaos. Engage your teams by co-creating these roadmaps. Start with workshops that paint vivid "day-in-the-life" scenarios, turning abstract strategy into tangible excitement for non-technical staff and data-driven insights for technical experts.

Pillar 2: Quality Assurance, The Glue Holding It All Together

In an autonomous world, consistency is not optional. It is the heartbeat of trust. Quality assurance ensures every AI interaction feels polished, reliable, and human-touched, even when it is not, whether in a drive-thru order or a personalized email campaign. Think real-time coaching: Scripts, prompts, and oversight that mirror elite outsourcing teams, grading interactions on sentiment, flow, and resolution.

Envision transcribing 100 percent of interactions to forge knowledge repositories, not just for compliance, but to train behaviors that delight across channels. In high-stakes sectors like finance or education, this pillar prevents drift. Tools for consistent reporting flag anomalies early, like a customer's frustration spiking mid-conversation on a mobile app. The payoff? Frictionless experiences that boost retention business-wide. To keep readers riveted, frame quality as a narrative hero. Share anonymized "before-and-after" stories in your internal comms, showing how one overlooked metric turned a complaint cascade into rave reviews, resonating with CXOs eyeing ROI and frontline teams craving simplicity.

Pillar 3: Training Rigor, Building AI That Learns Like Humans

Autonomy thrives on adaptability, and that is where training rigor shines. Gone are static models. Enter AI that ingests personas—style guides and prompts tailored for customer-facing finesse—while undergoing relentless coaching cycles. It is like raising a digital apprentice: Start with zero knowledge base, feed it transcribed dialogues, regional dialects (hello, Southern US inflections), and iterative feedback to refine accuracy in emails, chats, or voice assistants.

This pillar powers the story's turning point: From clunky bots to intuitive agents that personalize on the fly, like suggesting "your usual sausage biscuit" based on geolocation and past orders during an in-app upsell. For resource-strapped teams, like nonprofits dodging DIY pitfalls, lean on accessible platforms for workflow training and agent licenses, bypassing unguided tools that promise quick fixes but deliver frustration. Make training engaging by gamifying it. Leaderboards for "best anomaly hunts" (spotting order errors via license plates) turn compliance into collaboration, preparing workforces for a job market craving self-motivated learners over rote specialists—appealing to technical builders and visionary leaders alike.

Pillar 4: Mechanical Integration, The Engines of Seamless Automation

No autonomous tale is complete without the machinery that makes it hum. Mechanical integration weaves robotics and edge tech into the fabric of CX, handling the grunt work so humans focus on magic, from warehouse fulfillment to personalized retail recommendations. Dual cameras spotting menu items with yes/no precision? Edge-localized machine learning slashing voice latency to milliseconds? Headset analytics canceling noise while monitoring volume trends? These are not gadgets. They are the plot devices propelling us forward.

From burger-flipping arms streamlining prep to shelf-scanning bots enforcing planograms with image-code smarts, this pillar scales repetition into reliability across supply chains and service desks. Autonomous prototypes in quick-service spots run end-to-end robotic ops, while manufacturing cameras enforce glove checks for safety. Early costs are low, but watch for upticks as efficiencies compound, like cloud trends on steroids. Hook your audience with demos. Virtual tours of edge-powered point-of-sale systems surviving outages prove how mechanical muscle delivers outage-proof speed and sparks innovation across retail, healthcare tele-health, or beyond, bridging the gap for non-technical users with visuals and CXOs with scalability metrics.

Weaving the Pillars into Your Autonomous Story

These four pillars are not silos. They interlock to narrate a compelling arc: From data chaos to predictive bliss, reactive fixes to proactive delight in every customer touchpoint. High-level steps to get started? First, audit your data for strategic alignment. Second, pilot quality-focused transcriptions in one channel. Third, roll out persona training with regional tweaks. Fourth, integrate mechanical pilots for latency-sensitive tasks. Fifth, cycle through refinements, benchmarking against 5-year adoption curves.

The risks? Deepfakes from mere minutes of media, fraud via unchecked access, or cost swings from unchecked scaling. Counter with multi-factor authentication, anomaly detection, and vigilant oversight. The reward? Unified channels yielding hyper-personalized, resilient CX that captivates customers and empowers teams, positioning every forward-thinking business for enduring success.

As we edge toward this autonomous horizon, the question is not if, but how boldly you will lead the change. Dive deeper into these pillars to craft your organization's next chapter one where CX isn't a department, but the defining edge of your entire enterprise.

####

About The Author

Bill Magnuson is a seasoned leader in technology transformation, with a strong background in driving innovation, strategic growth, and operational excellence. He combines business acumen with tech expertise to help organizations modernize, scale sustainably, and deliver greater value to customers.

Compliance And Risk-Management Are Part of Cybersecurity Too

Marla Halley — Tue, 23 Sep 2025 18:16:13 GMT

Organizations tend to think that if they deploy EDR (Endpoint Detection and Response) solutions on their workstations, they are “safe” from malware. While EDR is a powerful tool in detecting and responding to threats, it’s only one piece of a much larger cybersecurity puzzle.

True Cybersecurity isn’t just about technology—it’s about governance, process, and accountability. Compliance frameworks like NIST, HIPAA, PCI and GDPR aren’t just bureaucratic checkboxes; they provide structured approaches to managing risk, protecting data, and ensuring resilience. Even your basic Cyber Insurance policy requires your thoughtful responses to Self-Assessment Applications and proof of compliance. Risk management, meanwhile, helps organizations identify vulnerabilities beyond the technical layer—such as third-party risks, insider threats, and operational weaknesses.

Without a strong compliance and risk management foundation, even the best technical defenses can fall short. Cybersecurity must be holistic, integrating people, processes, and technology. Organizations that treat compliance and risk management as core components of their security strategy are better positioned to prevent breaches, respond effectively, and maintain trust.

Why are we so concerned about Cybersecurity?

We all hear the headlines about data breaches and the pain they cause in terms of lost privacy, lost revenue while systems are recovered, and expensive recovery costs. Look at these recent statistics, and just think of the recent major breach in our own backyard with Kettering Health Network:
- “It takes organizations an average of 204 days to IDENTIFY a data breach and 73 days to CONTAIN it” (Bonnie). In the case of Kettering Health Network, the breach may have gone undetected for up to six weeks (Bruce), and back to full operation in 3 weeks (Alder).
- “74% of all breaches include the human element” (Bonnie).
- “12% of employees took sensitive IP with them when they left an organization, including customer data, employee data, health records, and sales contracts” (Bonnie).
The reality in today’s environment is that email-based “Business Email Compromise” (BEC), or “Phishing” now causes 36% of Cybersecurity breaches (Spys). These types of compromises are aimed at getting a user to divulge the username and password for a critical resource like their email. In many environments that depend on a cloud-based infrastructure like Microsoft 365 (or Google Workspace among others), gaining access to your email also gives access to OneDrive and Sharepoint data the user has access to. Premises-based systems with on-site servers are not immune to compromise either. Attackers target these systems with downloaded documents or programs designed to deceive users into opening or executing them.

Note above that “74% of data breaches involve the human element.” Thus, we need to protect the resources that users have access to and train them how to detect and respond to these compromise attempts.

So what’s the right path?

As an MSP, we recommend a layered approach to security and compliance for overall risk management. Even the way cloud resources such as Microsoft 365 are implemented is important to the overall security of an organization.

Before moving into advanced Compliance and Risk-Management solutions, it’s important to first review the workstation and server basics that serve as the foundation for enhanced security, compliance, and risk management.

Workstation (Endpoint) Basics:

Microsoft 365 Premium or equivalent accounts for advanced security and compliance features such as Microsoft Defender, Purview, Azure Active Directory and Intune.

Patch Management – MSP Management provides additional oversight into Patch Management to better control the patch process and allow oversight and additional approval for those occasional times when Microsoft releases patches with unexpected side-effects.

Endpoint Detection and Response (EDR) -- continuously monitors endpoints for evidence of threats and performs automatic actions to help mitigate them. Do note that EDR is only monitoring the endpoints themselves.

Backup for Microsoft 365 Email, OneDrive and SharePoint. By default, Microsoft provides no “backup” of your Microsoft 365 data (email, SharePoint and OneDrive) -- only a guaranteed level of service. Thus, a backup solution is needed to protect your data.

Server Basics

For clients still using servers, those resources need to be protected as well – to at least the same degree of protection as the workstations. Servers need to be deployed with similar Patch Management, EDR and backup solutions. Servers should have complete immutable and secure backups to enable granular file restores as well as “bare-metal” restores for disaster recovery.

Better Security

Protecting the “network”

Building on the basic protections at the workstation and server level, additional protections need to be deployed to further protect your resources. While EDR-based solutions will detect and respond to a great majority of “downloaded” compromises, EDR won’t detect those cases where an attacker gains access to your cloud-based data, or other important external websites.

MDR/XDR solutions add to the “endpoint” EDR. MDR is “Managed Detection and Recovery” and adds real-time analysis of cloud-based environments as well as integration with EDR and other devices such as firewalls and other network devices. MDR digests data from all these platforms in real-time, analyzes and provides automated and human response as necessary. Thus, MDR solutions provide a much more proactive, real-time solution for a much broader view of the entire network.

Web Filtering

Web Filtering solutions provide the ability to “categorize” web activities and allow or deny access to categories of websites based on an organization's needs. Most solutions also have the built-in capability to automatically deny access to known “command and control” or known infected systems that are a primary source of actual malware. The web filtering solutions thus provide an additional level of protection by preventing access to a malicious website that a user may inadvertently access through an email link or document that references an external site to download malware.

Protecting the Human Resources

Since the Human Element is still a primary weak point in Cybersecurity defense, we suggest training and testing the users, to provide them the knowledge tools they need to combat breach attempts. Regular Cybersecurity awareness training generally leads to a 70% reduction in security-related risks (Keepnet). A regular regime of monthly targeted short training videos, slide decks or other web-based materials on pertinent topics such as how to spot phishing attempts, social engineering, safe surfing and password management helps keep people more aware and less apt to fall for a phishing or other breach attempt. Furthermore, regular simulated phish messages, configured to bypass filtering can test the users to see how they actually perform against phishing attempts.

So where does Compliance and Risk Management come into play?

All the above topics relate primarily to prevention. All this is fine and good until the prevention measures fall short. At some point, no matter how many blocks are put in place against malware, something will slip by. A breach to almost any organization can prove catastrophic.

Cyber Insurance is becoming almost mandatory for any business to protect their assets in the event of any sort of breach. The challenge is that many organizations complete the Cyber Insurance questionnaire by checking boxes—without confirming that proper procedures or evidence are actually in place. For example, a common question is: “Have you implemented strong password policies?” Simply telling employees to use strong passwords isn’t enough to qualify as a valid “yes.”

If a breach occurs, your insurance provider will expect proof that all conditions were met. Without it, your claim will likely be denied.

Recent studies show that more than 40% of Cyber Insurance claims go unpaid—most often because of incomplete, inaccurate, or misleading information provided on the application (Asaff).

The Cyber Insurance questionnaires are treated as factual statements. If discrepancies are discovered during a claim review, they can become grounds for denial of coverage.

Going further than Cyber Insurance, many organizations are subject to federal, state, and industry regulations that put further compliance requirements on organizations. For instance, any organization dealing with medical data is subject to stringent HIPAA regulations. Any financial-related organization is subject to FTC Safeguard regulations. Any organization that handles credit cards is subject to PCI requirements. Many of these regulations carry very stiff penalties for non-compliance and in the event of a breach, can be disastrous to the organizations if they aren’t diligent in their policies, procedures, controls and evidence.

So how do you ensure compliance?

To fully protect your organization, any Cyber Insurance policy requirements as well as further federal, state and industry regulations must be strictly met. The various protections mentioned earlier for endpoints, servers and network are only a starting point. Compliance is more than just completing a checklist saying you are doing everything needed. Organizations must have clear policies in place, acknowledged by all relevant employees, along with procedures and controls that put those policies into action. Equally important is maintaining ongoing evidence to demonstrate that these measures are effective.

Compliance isn’t a one-time task—it’s an ongoing process that requires continuous testing, monitoring, and review to ensure lasting protection and effectiveness.

Regular network scans (quarterly is best, or at minimum annually) that automatically analyze the environment for Patch Management, stored personal information (PII), weak passwords or poor password management, and out-of-date software can provide excellent data on a regular basis. Automated analysis of a cloud-based environment provides valuable information for further review or action.

Additionally, maintaining a regular cadence of policy creation, review, and employee acknowledgment ensures that the entire organization has clear documentation and procedures in place. Recommended or required policies may include:
- Acceptable Use Policy
- Access Control Policy
- Remote Access (work from home) Policy
- Backup and Recovery Policy
- Vendor Risk Management Policy
- Security Awareness Policy

One of the most important policies then becomes an Incident Response Policy and Procedure (IRPP) that defines how your organization will respond to a variety of incidents as well as a Written Information Security Plan (WISP) that provides the full suite of documentation that can be used to prove compliance to any regulations that apply to the organization.

These policies need to be backed up with procedures and acceptance/acknowledgement by all pertinent staff members

A platform that combines appropriate regulation selection, their required policies and controls, automated third-party scanning (internal and external vulnerability analysis including endpoints, cloud environment and internet interfaces), accepted policy templates, automatic policy acceptances, automated and manual evidence collection and WISP creation makes compliance and risk management easier, faster, and far less stressful for your organization.

Conclusion

There are not many companies or organizations that can truly say they don’t need Cyber Insurance at a minimum. Many organizations are subject to further regulatory requirements (HIPAA, PCI DSS, CMMC, FTC Safeguards and others) that require not only the very basic Cybersecurity protections but also require further compliance with very specific controls to ensure the IT environment is always as secure as possible. Compliance can be very difficult, but the risk of non-compliance is huge, whereas non-compliance can put many companies out of business.

About the Author

Barry Hassler is the founder and President of Hassler Communication Systems Technology, Inc (HCST), a business IT Managed Services Provider based in Beavercreek OH. HCST serves the greater Dayton and Springfield Ohio area (and beyond), specializing in managed IT services, Cybersecurity and risk management, Microsoft 365 cloud services, backup solutions and disaster recovery, and Voice-over-IP (VoIP) telecommunications. Barry is a certified compliance consultant.

References and Supplementary Materials

Hoffman, Zack. “Cyber Insurance Challenges: Why Premiums Are Rising, and Coverage Is Harder to Obtain | CyberMaxx.” CyberMaxx, 23 Oct. 2024, www.cybermaxx.com/resources/cyber-insurance-challenges-why-premiums-are-rising-and-coverage-is-harder-to-obtain.

Scroxton, Alex. “Data Breach Class Action Costs Mount Up.” ComputerWeekly.com, 24 Apr. 2025, www.computerweekly.com/news/366622911/Data-breach-class-action-costs-mount-up.

Palatty, Nivedita James. “64 Cyber Insurance Claims Statistics 2025.” Astra, 27 June 2025, https://www.getastra.com/blog/security-audit/cyber-insurance-claims-statistics/.

Palatty, Nivedita James. “81 Phishing Attack Statistics 2025: The Ultimate Insight.” Astra, 19 August 2025, https://www.getastra.com/blog/security-audit/phishing-attack-statistics/.

Bonnie, Emily. “110+ of the Latest Data Breach Statistics [Updated 2025].” Secureframe, 3 January 2025, https://secureframe.com/blog/data-breach-statistics.

Spys, Denys. “Phishing Statistics in 2025: The Ultimate Insight | TechMagic.” Blog | TechMagic, 4 Aug. 2025, www.techmagic.co/blog/blog-phishing-attack-statistics.

Alder, Steve. “Kettering Health Resumes Normal Operations for Key Services Following Ransomware Attack.” HIPAA Journal, 13 June 2025, www.hipaajournal.com/kettering-health-ransomware-attack.

Bruce, Giles. “Kettering Health Says Data Breached in Ransomware Attack.” Becker’s Hospital Review | Healthcare News & Analysis, 28 July 2025, www.beckershospitalreview.com/healthcare-information-technology/cybersecurity/kettering-health-says-data-breached-in-ransomware-attack.

Keepnet Labs. “2025 Security Awareness Training Statistics.” Keepnet Labs, 23 July 2025, keepnetlabs.com/blog/security-awareness-training-statistics.

Khalil, Mohammed. “Cyber Insurance Claims Statistics: Inside the Stats on Denials, Costs, and Coverage Gaps.” DeepStrike, 29 June 2025, deepstrike.io/blog/cyber-insurance-claims-statistics.

Asaff, Kate. “Think You’Re Covered? 40% of Cyber Insurance Claims Say Otherwise.” Portnox, 23 May 2025, www.portnox.com/blog/compliance-regulations/think-youre-covered-40-of-cyber-insurance-claims-say-otherwise.

3 Steps to Improve your Software Productivity AND Work-Life Balance

Marla Halley — Wed, 20 Aug 2025 14:33:46 GMT

Software leaders face immense pressure. You’re expected to deliver high-quality products under tight deadlines, all while managing costs and keeping your team from burning out. Bugs, missed deadlines, scope creep, and unrealistic demands are often seen as part of the job.

If this sounds familiar, you’re not alone. In a recent Lighthouse Technologies survey of 110 software leaders, 27% reported experiencing burnout—a direct result of constant rework, late nights, and endless firefighting.

Many leaders accept this as the status quo, but it doesn’t have to be your reality. There is a better way! You can transform your team’s productivity and restore their work-life balance, allowing them to focus on what truly matters most—both at work and at home. Sound too good to be true? Here are three steps to get started.

1. Stop Managing Symptoms. Start Uncovering Root Causes.

Quality issues, missed schedules, and productivity challenges aren’t solved by throwing more people or hours at them; they’re solved by uncovering and addressing the root causes.

Consider a 250-person development team we worked with. They were five years into a two-year project—stuck in beta, drowning in open defects, and unable to release. Frustration was high for everyone, from customers to developers to executives.

Our initial Root Cause Analysis uncovered a shocking number of findings — 475 to be exact. One of the most critical? A high volume of overly complex code. Cyclomatic complexity, a measure of the number of unique paths through a piece of code, is a leading indicator of risk. Fragile code with high complexity is difficult to test, hard to maintain, and a breeding ground for bugs, and this complexity is a core reason that when a developer goes in to fix a bug or make an enhancement they likely break something that previously worked.

A code module with 10+ branches is considered fragile.
Modules with 51+ branches are considered untestable.

This client had 1,655 complex modules, representing 9.5% of their entire system. This wasn’t just a technical problem; it was a business problem.

ACTIONABLE INSIGHT: Complex code = Fragile code.

Use tools like SonarQube to regularly monitor cyclomatic complexity. A good goal is less than 1.5% of your software modules have complexity greater than 10.

2. Close the Defect Loop & Restore Confidence

The same team was discovering 22.1 new defects per day—but fixing only 20.3 per day. To make matters worse, their bad-fix rate was 25%, meaning every fourth “fix” broke something else.

The result? An ever-growing backlog of bugs and sinking delivery confidence. This isn’t just about an overloaded team; it’s about a broken system that erodes customer trust, developer morale, and leadership’s confidence in their team.

ACTIONABLE INSIGHT: Track your defect backlog and bad-fix rate over time. A high bad-fix percentage signals broken processes that need urgent attention—not just more testing.

3. Establish clear release exit criteria

Why does release readiness matter? We all want to know how well the software will work once it is released and how many issues our customers are likely to discover. Most companies simply plan 30 days of testing for major releases regardless of the number of defects being discovered. If you imagine that your team found 10 defects/day for the last 5 days, it’s bloody likely they will find 10 more defects on the 31^st day (if they are allowed to continue). To improve release readiness, we need to track and report on defect data so management can make informed release decisions.

As an example, the below graph shows the team's predicted defects—worst case (blue), best case (green), and actual (black). By their scheduled release date (Feb 19 – the vertical, black dotted line), the team had discovered far fewer defects than expected. In fact, they had been discovering 5 defects/day for the past two weeks and the rate was steady. Additionally, they were approximately 100 defects short of the plan. Fewer bugs might sound good, but it’s often a red flag for insufficient testing.

Without this data, the client would have released a bug-ridden product, leading to customer frustration and more firefighting. Instead, they used the data to justify pushing the release and empowering their team to get creative with testing (see the blue oval).

The result? They released a system their customers loved, and the team not only got to celebrate their first win in what felt like forever, but also reclaimed their nights and weekends.

ACTIONABLE INSIGHT: Whether doing manual or automated testing, a tester’s job is not to execute test cases; it's to find unique defects. Encourage your team to think creatively and critically. This will empower your team, improve company culture, and lead to better software!

You Can’t Manage What You Don’t Measure

This transformation didn’t happen by chance. It happened because the team stopped guessing and started measuring. By shining a light on the root causes—not just the symptoms—they were able to:

Resolve production issues
Improve customer satisfaction
Restore delivery confidence
Finally breathe again

You don’t have to choose between delivering great software and protecting your team’s work-life balance. With the right data and processes, you can achieve both. That’s why at Lighthouse Technologies we live by the principle: you can’t manage what you don’t measure. If you’d like to improve your quality, schedule, productivity and work-life balance, let’s have a conversation and explore this together.

Special Opportunity for Technology First Members

Project managers know the triple constraints of quality, schedule, and cost are inextricably tied together. As we have helped software teams improve for the past twenty years, we realized that culture also plays a crucial role – the team must have psychological safety to raise issues and bring ideas forward. Our Software Performance Benchmark is designed to baseline your team’s current quality, schedule, cost, effort, and culture Key Performance Indicators (KPIs). From there, we baseline these KPIs against industry data to help you identify opportunities for improvement and chart a data-driven path forward to success. Remember – You can’t manage what you don’t measure.

The Software Performance Benchmark is normally only $10,000, but for Technology First members, we are offering it at a 50% discount. Not only that, if we don’t find at least a 20% improvement, it’s a full money-back guarantee. If you're ready to stop managing symptoms and start solving problems, reach out to us at team@lighthousetechnologies.com!

About the author: After nearly two decades as a software developer and test engineer for the U.S. Air Force, where he built automated testing platforms and helped his team achieve CMM-3 certification, Jeff Van Fleet discovered his passion for transforming how software teams work. He founded Lighthouse Technologies to help organizations boost productivity, rescue struggling projects, and manage complex implementations through streamlined processes and agile practices. Outside of work, he enjoys hiking, baking bread, telling Dad jokes, and cheering for Penn State and the Pittsburgh Steelers—all while prioritizing balance as a husband and father.

Workforce Development: Personal Attributes, Skills, and Competencies MUST Work Together

Marla Halley — Thu, 14 Aug 2025 14:12:40 GMT

I am experienced in delivering value to companies via projects and programs. This profession has led me to be extremely involved in the Project Management Institute (PMI) organization. As the Co-Chairman of developing the PMI Business Analysis Practice Guide 2.0, I led a team charged with defining and refining how skills and competencies shape professional excellence. I worked with an international team and led a lot of interesting discussions about roles and how the skills needed to perform were ever changing. We ended up with a document that complements other PMI standards by providing detailed techniques that can be used in conjunction with broader project management frameworks. This has led to several thoughtful discussions with like-mined professionals on “how do we develop the Workforce?” to meet ever changing environments to deliver value.

But in applying those Business Analysis practices in real-world technology and business environments, I realized there was a missing piece. Skills and competencies — while critical — don’t fully explain why some professionals excel and others plateau. The difference often lies in personal attributes: the enduring qualities like adaptability, resilience, and integrity that influence how a person learns, applies, and sustains their capabilities.

The strength of an organization’s workforce is not built on skills alone. It’s the synergy between personal attributes, competencies, and technical and soft skills, all working within the framework of a strong corporate culture, which drives lasting success. If you want to develop a workforce, you must foster an environment that thrives on personal growth.

Understanding the Three Building Blocks

Figure 1 Building Blocks Illustrates the relationship between Individual skills, competencies, and personal attributes. The center of this relationship is the corporate culture. If you do not live daily value of personal growth and workforce development. We can break down these building blocks into 3 categories.

Figure 1 Building Blocks

1. Skills – The Practical Abilities

Skills are the specific, teachable abilities that can be measured and improved. They can be technical (e.g., cloud architecture, data analytics) or soft (e.g., negotiation, presentation skills). While essential, skills alone don’t ensure role success — they need to be applied within the right context.

This is the basis for a change management skills gap analysis exercise. It can include technical skills, people skills, and business acumen. Acquiring literacy of an external domain (such as AI) may also represent an opportunity for workforce development.

2. Competencies – The Integrated Capabilities

Competencies are broader than skills, combining knowledge, technical ability, and behaviors. For example, the competency of cybersecurity leadership includes threat analysis, incident response, communication under pressure, and ethical judgment. Competencies reflect not just what someone can do, but how they consistently perform.

This is an area where roles don’t matter, but the functions do. For example, a person may be assigned a role as a project manager but performs a lot of business analysis in defining the project “definition of done”. Sending the person to training on business analysis will help their overall competencies as a change agent for the organization.

3. Personal Attributes – Human Foundation

Attributes such as resilience, curiosity, empathy, and integrity influence how individuals approach challenges, adapt to change, and engage with others. These traits are often more difficult to teach, but they determine how effectively a person develops and applies both skills and competencies.

This is an individual trait, and you cannot teach it or force it on an individual. What you can do is encourage it. Critical attributes in workforce development might include individual commitment to personal and professional growth, curiosity, and relating something that seem extraneous to their personal sphere of influence.

The Corporate Culture Connection

Corporate culture shapes — and is shaped by — the way these three elements interact.

A culture of continuous learning encourages employees to develop new skills regularly.
A collaborative culture fosters competencies like teamwork and cross-functional problem-solving.
A values-driven culture reinforces personal attributes such as trustworthiness and accountability.

When culture and development are aligned, organizations create a self-reinforcing cycle: employees gain the capabilities they need, apply them effectively, and model behaviors that strengthen the culture for the next generation of talent.

Why It Matters for Workforce Development

Workforce development is important for evolving your team to meet challenges in the workplace. Investing in the team, both formally and informally, is an intangible benefit. While pursing a production issue, the team feels free to relate previous like experiences can generate a story that illustrates the problem better than volumes of technical documentation and YouTube video. Some of these intangible benefits include:

Higher retention due to stronger employee engagement.
Better adaptability to new technologies and market shifts.
More effective leadership pipelines with candidates ready to step into critical roles.

This holistic approach turns workforce development into a strategic advantage rather than a reactive necessity.

Practical Steps for Leaders

Steps for your workforce development really need to be a conscious sustainable activity. It’s not just putting together bullet points in January to sit on a shelf gathering dust until the next January when you dust them off and change a few words and you’re good to go. And it doesn’t have to involve an elaborate HR campaign. I recommend you work with each member of the team and fill out a simple 4-quadrant card.

Review this quarterly, or maybe even monthly. This is not a career pathing exercise, it is a personal growth exercise.

Many corporations punt on growth by telling individuals you are in charge of your career and we won’t give you a career path. This approach to workforce development is how to grow yourself. And to you nay-sayers that argue “if we develop them, they might quit and go to another company”. That is a risk, but they may do that to go to another company because they don’t feel valued due to lack of development.

The End Goal

My journey from writing about skills and competencies in the PMI Business Analysis Practice Guide 2.0 to exploring their interplay with personal attributes reinforced a vital truth: technical excellence alone isn’t enough.

You can be taught technical tools and various business processes, but to develop the workforce, you need to develop a corporate culture that considers skills, competencies, and personal attributes. Not consider workforce development but as an investment. AI can’t replace personal attributes of curiosity and telling a story of an experience to clarify a situation.

The real magic happens when an organization intentionally aligns skills, competencies, and personal attributes within a culture that values and develops all three. That’s where capability meets commitment — and where organizations create lasting impact. To quote the Ohio State Football Legend Woody Hayes, “You Win with People”. Your organization needs that perspective when it comes to Workforce development.

About the author: David Davis is a recognized thought leader and seasoned Program/Project Manager with over 20 years’ experience leading large-scale business transformation, process improvement, and change management initiatives. He is skilled at bridging strategy and execution, fostering stakeholder trust, and driving measurable benefits through disciplined agile practices, benefits realization, and cross-functional collaboration.

VMWare | Broadcom: What you need to Know

Marla Halley — Fri, 01 Aug 2025 19:05:31 GMT

There’s lots of “noise” about this newest and latest change to the program… the 2^nd in 18 months… so lots to unpack……

1. Potential Service Disruption

Many smaller VMware Cloud Services Providers (VCSPs) are being removed from the program unless directly invited by Broadcom.

Only 14 providers in the U.S. remain in the program.

If your current provider wasn’t invited, they can’t renew or extend contracts after October 31, 2025. If you are still in contract, then you are fine until the contract expiration… then the statement above takes effect.

Depending on your renewal date, this could result in an urgent need to migrate or risk service termination if you're with an unapproved provider.

2. Increased Costs

Broadcom has already made major pricing changes this year.
- Minimum core purchases jumped from 16 to 96
- Late renewals now face a 20% penalty
Customers may now be forced to switch to larger, authorized partners, who may charge higher prices or minimum commitments that smaller users can't justify.

3. Forced Migrations or Consolidation

If your provider is no longer supported, you may need to:
- Migrate to an authorized VCSP,
- Rebuild parts of your environment if white-labeled services were used (these end Oct. 31),
- Switch platforms, such as:
- 1. Hyperscalers: Azure, AWS, GCP
  2. Alternatives: Nutanix, OpenStack, KVM

Each of these paths carries operational risk, potential downtime, and cost.

4. Loss of Trusted Relationships

Many customers built long-term relationships with regional or boutique partners who offered:
- Custom support
- Flexible pricing
- Tailored cloud environments
Now, many of those partners are excluded from the VMware ecosystem—leaving clients scrambling for alternatives.

5. Confusion & Uncertainty

Broadcom has made several changes in rapid succession (product packaging, licensing, now partners).
- Customers are struggling to keep up and are unsure:
- Who their provider reports to now
- What future pricing or support looks like
- Whether staying on VMware is sustainable
In Summary:

If you're a VMware user, especially through a small or regional partner—you may be impacted by:
- Contract expiration with no renewal option
- Rising licensing and support costs
- Migration headaches
- The need to quickly find a new, approved provider

Next Steps:

Work with a trusted partner to understand ALL your options to start planning a transition or evaluating alternatives before October 31, 2025.

About the author: Seth Marsh brings over 30 years of hands-on IT industry experience, having lived through transformative eras—from the rise of mobile and cloud to the evolution of the OPEX model. His well-rounded background spans the full spectrum of tech sales, including leadership roles at a global security provider, VAR and manufacturer representation, and direct sales—giving him rare insight into every side of the channel.

Myth vs. Reality: Bridging Ohio’s Tech Talent Gap with International STEM Graduates

Fri, 11 Jul 2025 15:49:17 GMT

In Ohio’s evolving tech landscape, organizations face a common and growing challenge: finding and retaining skilled STEM talent. STEM represents fields in Science, Technology, Engineering and Mathematics. Disciplines within these fields are varied and may include jobs in management information systems (MIS), artificial intelligence (AI), cybersecurity, analytics, supply chain management (SCM), economics, computer science, and engineering.

Ohio employers can overcome this talent-gap hurdle by critically considering a rich and readily available talent pool among international students from local universities with STEM degrees. Employers’ hesitation usually emanates from concerns about visa limitations or perceived short-term employment windows. However, as someone who works closely with these students, I’ll dispel these myths and explain their long-term value.

The Facts: Nearly Four Years of Work Eligibility Without H-1B Sponsorship

At Wright State University for instance, we graduate several international students each year from our STEM-designated programs and currently have over 1,000 graduates on Optional Practical Training (OPT). These students are not just academically strong; they are fluent in global business practices, technologically skilled, and eager to contribute to the state’s economy.

More importantly, they are legally eligible to work in the U.S. for nearly four years after enrollment without needing an H-1B visa initially. Here’s how:

Curricular Practical Training (CPT) allows students to intern with local businesses in the Miami Valley region prior to graduation for up to 12 months.
Optional Practical Training (OPT) provides 12 months of full-time work authorization post-graduation.
STEM OPT Extension grants an additional 24 months to graduates of STEM-designated programs like MIS.

That adds up to three years of full-time post-graduation work, plus internship time during their degree. All of this can be managed without H-1B sponsorship, a key point many employers overlook.

Local Talent, Global Perspective

These students are already here in Ohio and live in our communities. They study and work under the guidance of faculty and staff committed to equipping them with cutting-edge, career-ready skills. I’ve watched these students excel in hands-on analytics projects, design complex systems, and solve real-world problems through internships and capstones with local companies.

Also, they bring onboard a global mindset, linguistic diversity, and cross-cultural competency. These are qualities that are increasingly vital as Ohio’s businesses expand into new markets and serve increasingly diverse customer bases.

Myth-Busting 1: “Are there jobs in Southwest Ohio for International Students”?

A common misconception in southwest Ohio is that job opportunities, especially for international students are limited to government-related work at the Wright-Patterson Air Force Base, which typically requires only U.S. citizenship. However, this region is home to a growing number of private sector employers in IT, biotech, manufacturing, logistics, and healthcare, many of whom actively seek skilled talent regardless of nationality. Startups, mid-sized companies, and global firms across the Miami Valley region could benefit from international graduates’ talents. International students on STEM OPT are eligible to work for most private sector employers, provided the role is related to their field of study.

Myth-Busting 2: "But They’ll Leave Soon, Right?"

This is perhaps the most common misconception I encounter in conversations with Ohio business leaders: the belief that international students are only a temporary solution because of visa expiration or immigration hurdles.

Here’s the reality: most young professionals regardless of nationality change jobs every 2 to 4 years. According to the U.S. Bureau of Labor Statistics, the median tenure for employees aged 25 to 34 is under three years. Hence, even if an international graduate works for your organization during their full OPT period and then moves on, you are still receiving a better-than-average, return on investment. Furthermore, international students often demonstrate greater loyalty to companies that give them their first professional opportunity, especially in regions like Ohio, where the tech community is tight-knit and supportive.

Myth Busting 3: “Should I Sponsor visa immediately after hiring”

Many small and medium-sized organizations worry that hiring international graduates means immediately navigating the complexities of visa sponsorship. This is not the case. With up to three years of STEM OPT, you have ample time to assess an employee’s fit and performance. During that period, if you decide that the individual is indispensable, you can choose to sponsor them for an H-1B visa or green card. The most important insight is that that decision does not need to be made on day one or soon after hiring.

This “hire first, sponsor later if needed” approach gives Ohio companies flexibility and minimizes risk.

Why This Matters for Ohio’s Economic Growth

As Ohio continues to attract major investments in manufacturing, semiconductors, IT services, and logistics, the demand for specialized talent will only intensify. Companies like Intel are already transforming the employment landscape, and that ripple effect will be felt across the state.

Hiring international graduates from local institutions offers a homegrown solution to national workforce shortages. These students are trained here, adapted to Ohio work and social culture, and eager to stay and contribute. They represent a ready-to-deploy workforce that understands both global dynamics and local needs.

Practical Steps for Employers

Contact University Career Centers: Ohio universities have dedicated units such as Wright State’s Career Hub that assists employers with hiring students and understanding CPT/OPT processes.
Launch Internships via CPT: Hosting a student during their academic program gives you a no-pressure trial run and introduces your organization to emerging talent.
Educate Your HR Teams: Ensure recruiters and hiring managers are familiar with the work authorization options available to STEM students through CPT and OPT.

Final Thoughts: It’s a win-win for Ohio

Your company’s next data scientist, AI expert, or cybersecurity specialist, may already be in a classroom at your local university, learning, contributing, and ready to prove themselves.

Ohio educates thousands of brilliant international students each year, yet many leave the state after graduation for opportunities in tech hubs like California, North Carolina, and Texas. If we want to grow Ohio’s economy and compete nationally, we must work to retain this talent.

Hiring international graduates isn’t about replacing domestic workers. It’s about complementing the workforce and filling urgent skill gaps. These students bring innovation, drive, and a global mindset to local companies. Let’s give them a chance to help build Ohio!

About the author: Dr. Daniel Asamoah is the Chair and Professor of the School of Finance, Accountancy, MIS, and Economics at Wright State University. An expert in business analytics, big data applications, decision support systems in healthcare, and operations management, Dr. Asamoah has spoken at numerous conferences, including the annual meetings of the Decision Sciences Institute. His research has been featured in various prestigious journals, such as Decision Support Systems and Simulation.

Community Is Everything

Sun, 01 Jun 2025 12:42:30 GMT

As we step into summer, I’ve been reflecting on a simple, yet powerful truth: community is everything. Especially in technology—an industry that moves fast and transforms faster—being part of something bigger than ourselves is what keeps us not just informed but inspired.

Who are we?
We’re Technology First. A collective of professionals, innovators, educators, and leaders who believe that tech is not just about tools—it’s about people. We are the minds behind the solutions, the hands that build systems, and the hearts that understand how deeply technology shapes lives.

What do we do?
We connect. We share. We learn. Whether it's through our events, professional development programs, peer groups, or just the everyday conversations that happen between members, we create a space where ideas thrive, and careers grow. We support each other, we celebrate each other, and yes—we challenge each other to lead with courage and curiosity.

We're proud to play a part in moving the Dayton region’s technology community forward—helping organizations and individuals alike navigate change, spark innovation, and build a more connected future.

Why does it matter?
Because in this digital age, no one should have to navigate the complexities of technology alone. Whether you're a seasoned leader or just starting out, there is a place for you here. A place to ask bold questions. A place to find answers. A place to belong.

So, if you've ever found yourself wondering—How do I get more involved? How do I find my people in tech? —you're in the right place. Come to an event. Join a peer group. Volunteer. Reach out. There’s room at the table, and your voice matters.

Together, we’re not just advancing technology—we’re shaping the future of our region, one connection at a time.

Empowering the Future: My Journey as a Volunteer with Technology First

Thu, 01 May 2025 13:32:43 GMT

In the energetic and ever-evolving world of technology, the importance of community cannot be overstated. As a professional in the tech industry, I have always believed in the power of collaboration and support. This belief has driven my commitment to volunteer with Technology First, an organization dedicated to connecting, strengthening, and championing the tech community in the Dayton region.

Over past few years, I have had the honor of participating and volunteering at several conferences hosted by Technology First, including:

Ohio Information Security Conference (OISC) – A gathering of security professionals, analysts, and IT leaders discuss emerging threats, risk mitigation and compliance. A community that addresses security urgency head on.

Taste of IT – An energetic conference highlighting tech trends, innovations, and strategic insights. With multiple sessions that span everything from cloud computing to leadership development, it’s a place where innovation meets opportunity.

Dayton AI Day – Launched in 2025, Dayton AI Day looks into the future: artificial intelligence, machine learning, and data-driven transformation.

Volunteering at these events gave me the opportunity to explore sessions I might never attend otherwise. It’s been an experience that strengthens my technical insight and interpersonal communication.

The sense of belonging I’ve found through Technology First has provided me with a profound sense of empowerment. As tech professionals, we often find ourselves focused on our specific roles and department. But through this organization, I’ve connected with a diverse network of individuals who share a common goal: to advance technology. This commitment to education and access aligns with my belief that knowledge is power.

Networking and Collaboration Networking is a vital aspect of professional development, and Technology First excels in building these connections. It is a platform for attendees to engage in meaningful conversations, share their experiences, and explore potential partnerships. As a volunteer, I had the chance to facilitate introductions and witness latest ideas and collaborations. Connections that often lead to mentorship and career opportunities.

Continuous Learning and Growth Volunteering is not just about giving back; it’s also about personal and professional growth. Each event offers me a chance to learn about the latest innovations and challenges shaping the tech industry today. I continue to broaden my perspective and deepen my commitment to staying informed and adaptable.

Diversity and Inclusion are more than buzzwords; they are essential for innovation and resilience in technology. Technology First actively promotes these values, and my participation in events hosted by Technology First’s Women 4 Technology Peer Group has deepened my understanding of their importance. By volunteering, I help foster a more inclusive environment where everyone, regardless of gender, background, or identity, has the opportunity to thrive in technology.

My journey as a volunteer with Technology First has been deeply fulfilling. It has reinforced my belief in the power of community, education, and collaboration. By investing my time in this organization, I am not only supporting the growth of the technology in Dayton, but also helping others recognize their potential. I encourage my fellow tech professionals to consider volunteering. Together, we can create a vibrant and inclusive technology community that champions innovation and success.

Zhali Mejia is a GRC Analyst at CareSource with extensive experience in cyber risk management. Passionate about technology and community engagement, Zhali blends technical insight with a people-first approach to strengthen the organization's security posture. With a commitment to fostering collaboration and understanding among stakeholders, Zhali ensures that security measures are effectively communicated and implemented across all levels of the organization.

Protect Your Technology Investment

Thu, 01 May 2025 13:26:21 GMT

Over the past two decades in the IT world, holding various positions from programmer to IT leader, one constant has been the unrelenting pace of change. According to McKinsey, over 50% of organizations have now adopted AI in at least one business unit, and that number continues to climb each year. The recent resurgence of AI in the past few years has only accelerated this trend, bringing both promise and confusion. Amid the noise it can be difficult to know where to start and easy to get distracted by the latest “shiny object”. This is why taking an outcomes-based approach to AI and technology adoption is more important than ever. Aligning your investments with clear business objectives not only drives meaningful value but also ensures you’re working with the right partners and tools to protect your long-term technology investment.

Ramifications of Poorly Planned Tech Investments

Most organizations fixate on upfront costs such as licensing and implementation but also try to force solutions using tools they’ve already invested in, even when those tools are likely not the right fit. This mindset often leads to misalignment with business strategy, low user adoption and growing technical debt. According to a Boston Consulting Group study, 70% of digital transformation efforts fail to meet their stated objectives, often due to poor planning, lack of alignment, or underestimating the complexity of integrating new capabilities into outdated environments. We’ve seen platforms deployed without clear ownership, analytics tools that go unused because no one trusts the data, and entire initiatives stalled due to poor change management. These hidden costs don’t show up on day on, however they compound quickly. Protecting your investment means thinking beyond delivery day and building with the end in mind and ensuring your teams are equipped to evolve with the tools that they use.

Data Analytics – Harnessing the Power

Data Analytics and subsequent AI enablement is both a foundational capability and a force multiplier for any technology investment. Yet too often, it’s treated as an afterthought, something to “get to later” once systems are live. That approach leaves organizations with fragmented insights and missed opportunities. In my experiences, companies that emphasize that data must be intentionally designed around business outcomes from the start are always the most successful. This includes things like building scalable pipelines, establishing clear ownership, creating a culture of data literacy and fluency, and ensuring that the data is usable by those who need it. A mature analytics approach doesn’t just support reporting, it fuels agility, drives innovation and turns platforms like AI or cloud infrastructure into truly strategic assets. Protecting your investment means ensuring that your data strategy is built to deliver value now and evolve over time.

Case Studies – Current Client Examples

We are currently working with several companies in various capacities to help them navigate these rapidly increasing technology changes. In one example, there is a new CFO who quickly surfaced deep frustrations with a lack of reporting flexibility causing inaccurate financial reporting. This was mainly triggered by inaccurate data, with internal teams struggling to deliver timely and trusted insights. As a result, they are consolidating and modernizing their data architecture and ingestion standards to accommodate better internal and external reporting as well as centralize on a platform for future AI usage. This protected investment will enable them to also reduce technical debt, saving crucial dollars as they pivot to an outcomes-based model. We partnered with the office of the CFO to implement a new “Ways of Working” framework to increase the time to market, increasing reporting cycle times with more accuracy, and with alignment of the needs of executive leadership. More importantly, the organization is building a foundation for ongoing agility, one where data and delivery practices move in lockstep to support informed decision-making.

Myths that Commonly Undermine Technology ROI

Even with the best intentions, many organizations fall victim to myths that tend to erode the anticipated value of their technology investments. Three of these common myths are outlined below:

If we build it, they will come…

Launching a new platform or dashboard does not always guarantee adoption. Without clear communications, planning, user training and ongoing engagement, even the most well-designed solutions can sit unused. Adoption must be a part of the delivery plan from Day One!

Our data is so messy, we have no choice but to manipulate it…

This mindset stops progress before it even begins. The reality is: messy data is normal, and waiting for it to be perfect is a losing game. The real opportunity lies in embracing the mess, by putting the right strategy, standards, and tools in place to transform raw data into trusted, business-ready insights. Progress starts with what you have and engaging with your current data, however imperfect, is what drives maturity, trust and value. Every successful data journey begins with taking inventory, finding out what is actually useful and committing to iterative improvement.

We’ll add analytics in later, this project is too large

Deferring analytics to the end of a large initiative is one of the fastest ways to lose momentum and miss early wins. Embedding analytics from the beginning helps guide decisions, demonstrate progress, and ensure the final product delivers actionable insights, not just functionality.

Conclusion – Build with Purpose, Protect with Discipline

Technology is evolving faster than ever, and with that speed comes both opportunity and risk. Protecting your investment isn’t just about choosing the right tools, it’s about aligning those tools to real and measurable business outcomes. Designing for usability and adoption and ensuring data becomes a driver of insight rather than a source of confusion. As a delivery consultant, I’ve seen firsthand how purposeful strategy, pragmatic execution, and the willingness to challenge long-held myths can transform initiatives from costly experiments into long-term value engines. No matter where you are on your journey, it’s important to start with intentionality, because protecting your investment starts with making sure it was built to matter in the first place.

By: Brian Henn – Sr. VP of Solutions Delivery and Data Practice Director at Vaco by Highspring

What’s All the Fuss About Agentic Artificial Intelligence?

Tue, 01 Apr 2025 04:30:00 GMT

While Artificial Intelligence (AI) has been a hot topic for some time now, AI Agentics, an innovative new type of AI, is shaking up both the business and technology community. Harvard Business Review’s recent article What is Agentic IU and How Will it Chat Work?, said “From the early days of mechanical automatons to more recent conversational bots, scientists and engineers have dreamed of a future where AI systems can work and act intelligently and independently. Recent advances in agentic AI bring that autonomous future a step closer to reality.” Let’s dive into what it is, how it can be used and the pros and cons of Agentic AI.

What Is AI Agentics?

According to IBM, “Agentic AI is an artificial intelligence system that can accomplish a specific goal with limited supervision. It consists of AI agents—machine learning models that mimic human decision-making to solve problems in real time.” In short, AI Agentics are autonomous AI agents that can make decisions and take actions to achieve goals without human oversight. Think of them as super powered digital assistants, instead of just fetching your calendar or drafting an email, they can manage workflows, troubleshoot systems, or even negotiate deals.

These agents are built on advanced Machine Learning (ML) models, often leveraging Large Language Models (LLMs) like those powering ChatGPT, Grok or Copilot. The key differentiator from traditional AI is their agency, they’re not just reactive; they’re proactive. They can operate autonomously in complex, dynamic environments and can adapt based on feedback.

At Intrust IT, we’ve built Marissa, an AI agent that answers, analyzes and routes inbound phone calls to the proper place, freeing up our team to focus on higher value tasks for our clients. Marissa currently manages about 40 percent of all inbound phone calls each week and gets a little better week after week. Marissa is a tireless assistant that handles grunt work, allowing our team to provide more responsive advice and support for our clients. Marissa is a real-world example of Agentic AI at work providing significant business value for our company and our clients.

Marissa is just one example; the applications of AI Agentics are vast and growing for both business and IT operations. Here are some other examples:

A wholesaler uses an AI agent to negotiate with buyers, analyzing past deals, current inventory, and the buyer’s budget to propose optimized terms.
An e-commerce company uses an AI agent to analyze competitor prices, customer demand, and market trends in real-time, adjusting product prices to move more product or maximize profit.
A subscription service employs an AI agent to watch user behavior to predict cancellations then offer personalized incentives to reduce cancellations.
A healthcare provider uses an AI agent to scrub patient records and flag outliers.
A software company uses an AI agent to review code to find bugs and vulnerabilities and to suggest code optimizations.

The Pros of Agentic AI

AI Agentics bring a lot to the table including:

Efficiency: Tasks that once took hours—like debugging a distributed system or analyzing logs—can be done in minutes. Agents work 24/7/365 without rest or burnout.
Scalability: One agent can manage something that might need a team of humans, making it easier to manage growing workloads without growing headcount.
Proactivity: Unlike traditional automation, agents anticipate problems and act proactively.
Cost Savings: By reducing manual work, agents can lower operational costs.
Adaptability: With continuous learning, agents improve over time.

The Cons of Agentics AI

While there are many benefits, Agentic AI comes with serious challenges that must be addressed:

Complexity: Building and managing AI agents requires expertise in AI, technology and business. Debugging an agent that’s not working correctly can be difficult due to the “black box” like nature of AI.
Control: If an agent misinterprets its objectives, like aggressively cutting prices to drive revenue, it can cause big problems. Agents must be tested rigorously and thoroughly and rolled out slowly.
Security Risks: Agents with access to sensitive systems and data are potential attack vectors. A compromised agent could wreak havoc much faster than a human hacker and may fly under the radar.
Ethics and Accountability: Who can be held to account when an agent goes astray? The developer? The business? The agent itself? This evolving gray area can be tricky to navigate.
Upfront Cost: Developing or licensing advanced agents can be expensive and may bust the budget of small organizations.

Striking A Balance

The meteoric rise of AI Agentics is an opportunity as well as a challenge. For now, the key is augmenting, not replacing, human expertise. Start small. Deploy an agent for a low-risk task, then scale up as you refine its behavior and grow your knowledge and expertise. Pair agents with robust oversight tools—kill switches, audit logs, and human-in-the-loop checks—to mitigate your risk.

Why all the Fuss?

So, what’s all the fuss about AI Agentics? Agentic AI promises a future where costs go down and productivity goes up as repetitive tasks fade away. A future where professionals focus on innovation and strategy. These agents promise to transform how we manage organizations due to systems that are smarter, faster, and more resilient. But they also demand reimagining skills, processes, security, and accountability.

The bottom line? AI Agentics isn’t just a trend—they’re a powerful and rapidly growing toolset. Embrace them thoughtfully, and they’ll amplify and extend your capabilities. Ignore them, and you and your organization risk being left behind in a world where autonomy is the new normal. The fuss isn’t just hype; it’s a wake-up call. It’s time to learn what AI Agentics can do for your organization.

Dave Hatter – CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is a cybersecurity consultant and employee owner at Intrust IT. Dave has more than 30 years’ experience in technology as a software engineer and cybersecurity consultant and has served as an adjunct professor at Cincinnati State for over 20 years. He is a privacy advocate and an Advisory Board member of the Plunk Foundation. Follow Dave on X (@DaveHatter) for timely and helpful technology news and tips.

5 Things Every Tech Leader Should Stop Doing – Now!

Tue, 01 Apr 2025 04:30:00 GMT

The role of a technology leader is a balancing act of innovation, resource management, and strategic foresight. Yet, no matter how experienced or forward-thinking a leader may be, adhering to dated approaches and failing to adapt quickly can hinder an organization’s growth. Here’s what every tech leader should stop doing to ensure their organization thrives in an increasingly competitive technology landscape.

1. Sticking with Legacy

Legacy systems may feel reliable, but they carry hidden costs that can weigh heavily on an organization’s operations. Maintenance expenses, inefficiencies, and incompatibility with newer technologies can obstruct scalability and growth, creating short- and long-term competitive disadvantages.

Additionally, staying dependent on outdated systems can frustrate both employees and customers. Slow interfaces, limited functionality, and inefficiency in responding to demands affect productivity and satisfaction.

One key responsibility of a tech leader is to foster an environment of progress. This means phasing out legacy systems in favor of modern, scalable solutions. Migrating to the cloud, for example, offers enhanced agility and cost optimization compared to on-premise systems. Though transitions take effort and there is some inherent risk, the benefits far surpass the short-term inconvenience.

2. Under-Resourcing Cybersecurity

Cybersecurity is not a corner to cut, it’s a foundation to uphold. However, many organizations still fail to allocate adequate resources, often viewing it as an expense rather than insurance or, better yet, an investment. This approach can have catastrophic effects.

Powered by AI, cyber threats are more sophisticated than ever, ranging from ransomware attacks to end-user and insider breaches. Underfunding your cybersecurity initiatives creates vulnerabilities that bad actors will exploit. Not fully protecting your environment could mean loss of proprietary data, damage to your company’s reputation, and heavy financial penalties due to non-compliance with data protection regulations.

3. Delaying Adoption

It’s natural to fall into the trap of waiting until a technology trend “matures” or becomes “accepted” before exploring its potential, but technology does not wait. Delaying the adoption of emerging technologies, platforms, and services often places organizations at a competitive disadvantage. Companies that hesitate risk losing market share to faster-moving rivals who leverage innovation to streamline processes, reduce costs, or enhance customer experiences.

Take cloud communications, for example. Despite its widespread adoption across industries, some organizations continue to rely entirely on premise–based phone systems that long ago lost the modernization race with Unified Communications as a Service (UCaaS).

Early adopters of next-gen technologies have reaped the benefits of efficiency, scalability, and data-driven decision-making. Meanwhile, organizations that delay implementation often find themselves playing an expensive game of catch-up. Instead of assuming these advancements are “not ready yet,” adopt an agile approach that allows small-scale testing before rolling out.

4. DIYing Everything

“DIY” is a Midwestern staple, but the “DIY everything” approach is not scalable, or even sustainable in today’s technology landscape. When managing complex IT ecosystems dependent upon rapidly changing technologies, DIY is a recipe for bottlenecks and oversights. Tech leaders who insist on building proprietary solutions or choose to “go it alone”—out of budget-consciousness or a desire for control—often discover that the results can be less than desired and can be more challenging to scale, maintain, or integrate.

Outsourcing, leveraging third-party expertise, and collaborating with skilled IT partners can be an efficient and sustainable way to scale your team. These partners bring specialized expertise, allowing your in-house team to be more strategic with a focus on core business objectives. By stopping the impulse to “DIY everything,” tech leaders can increase internal bandwidth and resources, ensuring strategic priorities receive the attention they deserve. And, the IT team gets the attention it deserves!

5. Undervaluing Soft Skills

Traditionally, IT leadership has focused on technical expertise, certifications, and project-specific skills. While these are undeniably essential, overlooking the value of soft skills like communication, collaboration, emotional intelligence, and leadership can undermine overall effectiveness.

Tech leaders frequently engage with diverse stakeholders—from executive teams to end-users—requiring the ability to translate complex concepts across a broad spectrum of personas. Soft skills help bridge this gap, promote collaboration, and build trust. IT organizations led by individuals who emphasize both soft skills and technical expertise are far more likely to achieve cohesion and alignment across functions. Stopping the undervaluation of soft skills is a simple yet powerful move toward becoming a C-level, IT rock star.

Final Take

The demands of IT leadership are vast, requiring expertise across various segments of technology, processes, people, and systems. The greatest leaders are those willing to continually reassess their approaches and practices. By addressing these common pitfalls—sticking with legacy, under-resourcing cybersecurity, delaying technology adoption, DIYing everything, and undervaluing soft skills—tech leaders will pave the way for greater agility, security, and success.

Louie Hollmeyer is a seasoned B2B tech marketer with over 25 years of experience. With Advanced Technology Consulting (ATC), Hollmeyer serves as a hybrid marketer, business development executive and consultant, specializing in voice, data, cloud, cybersecurity, and data & AI services. ATC, located in Liberty Township, OH, is an independent IT consulting and professional services firm with access to an extensive portfolio of over 700 technology providers.

AI Isn’t a Trend, It’s Your New Normal

Tue, 01 Apr 2025 04:30:00 GMT

Tech leaders today, knowingly or unknowingly, are facing a critical choice: embrace artificial intelligence now or wait and risk falling behind. A.I. isn’t just a trendy buzzword; it's a transformative technology already reshaping industries. While 2023 is widely recognized as the breakout year for generative A.I. (thanks largely to tools like ChatGPT becoming widely accessible, the launch of Microsoft Copilot, and Google's Gemini/Bard integration into Google Search), major companies have been leveraging A.I. internally for years, refining the very systems and solutions we're seeing unveiled almost daily.

And with that comes exploration. Employees across sectors are independently exploring A.I. solutions, often without structured leadership support. This fragmented approach risks overlooking critical considerations like data hygiene, workflow integration, data privacy, and collaborative strategy development. Meanwhile, companies that have proactively adopted A.I. are already seeing strategic advantages.

Global A.I. spending is expected to exceed $300 billion by 2026, as highlighted bykeynote speaker Mike Menke at Technology First’s AI Day. Rapid advancements from GPT-1 to GPT-4 and upcoming technologies like Gemini Ultra illustrate that the AI landscape is evolving faster than ever. Leaders can no longer afford to observe from the sidelines.

For hesitant leaders, now is the time to start evaluating A.I.'s impact on competition, customer expectations, and internal processes. Conducting detailed assessments can help identify operational disruptions, data gaps, and competitive risks associated with delaying A.I. adoption.

Organizations already adopting A.I. should consider their actions a validation of their strategic foresight, positioning them for sustained relevance and agility. To maintain long-term success, continued refinement, transparent communication, and ongoing stakeholder engagement are crucial, alongside proactive adaptation to rapid technological advancements and associated risks.

For organizations currently adapting to these changes, successful A.I. implementation requires more than technological solutions. Tech modernization efforts demand effective organizational change management strategies. Employees may fear job displacement, making transparency and open dialogue essential. Clear communication about how A.I. will enhance, rather than replace, human work, combined with inclusive training programs, can alleviate concerns and foster a collaborative environment.

Clinging to traditional methods presents a significant risk. Even sectors once seen as insulated, such as retail and manufacturing, must embrace A.I.-driven improvements to stay competitive. Companies like Meta, Apple, Google, OpenAI, and Amazon have integrated A.I. deeply into their operations, setting new standards for industry expectations.

The term "A.I." may soon fade into routine usage, but its transformative impacts will persist. Leaders resisting A.I. adoption risk appearing stagnant, while proactive competitors shape the future of trustworthy A.I. use.

Companies slow to integrate A.I. strategically face long-term disadvantages. Leaders should begin by defining clear objectives, investing in employee education, performing impact assessments, and adopting robust change management strategies.

Practical steps for leaders to adapt to A.I. include:

Conducting impact assessments to identify A.I. opportunities and risks.
Forming internal working groups to explore A.I. systematically.
Implementing targeted employee training for A.I. literacy.
Encouraging transparent communication to secure employee buy-in.
Launching pilot projects to test A.I. effectiveness.
Ensuring data hygiene and adapting management practices accordingly.
Promoting cross-departmental collaboration for maximum insight.

Ultimately, success in A.I. adoption depends on effective organizational change management:

Clearly articulate how A.I. aligns with organizational goals.
Engage senior leaders early as champions of A.I. initiatives.
Maintain transparent and consistent communication.
Provide continuous resources and support for employee transitions.
Regularly monitor progress, measure impact, and adjust strategies as needed.

Leaders who act decisively today position their organizations to thrive in an A.I.-driven future. Regardless of whether your organization immediately adopts A.I. or your business opts to instead create policies to mitigate its usage, it's crucial to thoroughly assess your marketplace to understand how A.I. could impact your business positively or negatively. A.I. is here to stay, and comprehensively evaluating its implications ensures you're not left unprepared in an increasingly competitive landscape.

Hailey M. Clark is the Creative Marketing Specialist at The Greentree Group & Back To Business I.T. With over 20 years of marketing experience, she is passionate about supporting small businesses through digital innovation and strategic marketing initiatives.

A Guide to Data Security for Small and Midsized Enterprises

Fri, 28 Feb 2025 14:02:26 GMT

Whether you’re handling customer information, financial records, or proprietary product details, safeguarding that data isn’t just a compliance requirement; it’s critical to maintaining customer trust, brand reputation, and the overall health of your business. However, small and midsized businesses (SMBs) often face unique challenges, such as limited IT resources and tighter budgets, making data security all the more challenging.

Why Data Security Is Critical for SMBs

Brand Reputation and Customer Trust
A single data breach can undermine years of hard-earned trust. Small and midsized businesses often rely on close customer relationships and community reputation. Maintaining robust data security measures ensures customers feel safe doing business with you.
Regulatory Compliance
Various regulations like PCI and HIPAA require strict data protection. Non-compliance can result in hefty fines and legal trouble, creating significant financial strain for SMBs.
Preventing Operational Disruptions
Cyber attacks can cause severe downtime, impacting your ability to serve customers. Considering SMBs typically have leaner teams, recovering from a security incident can take more time, causing a ripple effect of lost revenue and productivity.
Competitive Advantage
In many industries, security assurances are becoming a key differentiator. Demonstrating rigorous data protection can help win new clients, particularly those who handle sensitive information.

Common Security Risks Facing SMBs

Phishing Attacks
Cybercriminals often use deceptive emails or messages to trick employees into divulging login credentials, credit card numbers, or other sensitive information. SMBs can be especially vulnerable because they may lack formalized security protocols or employee training programs.
Ransomware
Ransomware is a type of malicious software that encrypts your data, rendering it unusable until a ransom is paid. Smaller businesses might feel pressured to pay due to limited resources and backup systems, making them prime targets.
Insider Threats
Employees, contractors, or partners with legitimate access can inadvertently (or intentionally) expose or misuse data. SMBs often have flat hierarchies and broad access privileges, which can increase the risk of insider threats.
Unsecured Network and Devices
SMBs may rely on a mix of personal and company-owned devices, and employees might connect from unsecured networks. This creates multiple potential entry points for hackers to exploit.

Essential Data Security Best Practices

Implement Strong Authentication
- Use Multi-Factor Authentication (MFA): Adding a second verification step—such as a text message code, biometric scan, or app-based token.
- Limit Logins to Company-Owned IP Addresses: Configure access controls to allow remote access only from whitelisted IP addresses owned by the organization. This approach minimizes unauthorized login attempts by ensuring that only connections originating from your internal network or approved gateways can reach critical systems.
Encrypt Sensitive Data
- Data at Rest: Store files in encrypted formats, whether on-premises or in the cloud. Modern operating systems offer built-in disk encryption such as Bitlocker, and many cloud services include encryption features.
- Data in Transit: Use secure protocols (HTTPS, SSL/TLS) for data transfer, ensuring information is protected as it moves between internal systems or over the internet.
Regular Software Updates and Patch Management
- Automated Updates: Whenever possible, enable automatic updates to keep operating systems, antivirus software, and applications current.
- Patch Management Tools: If you have multiple devices or servers, consider a patch management solution that lets you schedule and track updates from a central console.
Frequent Data Backups
- Off-Site or Cloud Backups: Keep copies of critical data in multiple locations—ideally in encrypted, secure cloud storage.
- Test Recovery Processes: A backup is only as good as your ability to restore it. Run periodic recovery drills to ensure backups are functioning properly.
Network Segmentation
- Limit Lateral Movement: If a hacker gains access to one part of your network, you want to prevent them from moving freely to other systems. Segment your network to create isolated environments for sensitive information.
- Access Control Lists (ACLs) and Firewalls: Restrict network traffic between segments using firewalls and ACLs.
Employee Training and Awareness
- Phishing Simulations: Conduct regular phishing tests to help employees recognize suspicious emails.
- Clear Security Policies: Provide guidelines on handling data, using personal devices for work, and reporting potential threats. Clear policies help your team make secure decisions daily.
Endpoint and Anti-Malware Protection
- Robust Antivirus/Anti-Malware Solutions: Deploy reputable security software to monitor and block known threats.
- Device Management: Use Mobile Device Management (MDM) or endpoint management tools to enforce security policies on company- or employee-owned devices.

Getting Started with a Data Security Strategy

Conduct a Risk Assessment
Identify the most critical systems, data assets, and vulnerabilities. This will help you prioritize your security investments where they can make the biggest impact.
Create an Incident Response Plan
Plan out step-by-step procedures for handling security breaches or suspicious activity. Clearly define roles and responsibilities for your team and detail how you’ll communicate with customers, partners, and authorities.
Allocate a Security Budget
Assess how much you can realistically invest in data security tools, training, and personnel. Even modest budgets can fund essential solutions—like antivirus software, firewalls, and backup systems.
Train Your Staff
A security system is only as strong as its weakest link—often human error. Regular training sessions and easy-to-understand policies can turn employees into your first line of defense.

Conclusion

Data security is no longer a “nice to have”—it’s a critical component of running a successful and trusted small or midsized business. Cyber threats evolve daily, and SMBs must remain vigilant to protect sensitive information, maintain compliance, and keep operations running smoothly. By implementing strong security practices—like multi-factor authentication, encryption, network segmentation, and ongoing employee training—you can significantly reduce your risk profile and safeguard your business.

Remember: cybersecurity is a journey, not a destination. Stay informed about evolving threats and emerging best practices and continually refine your security measures. With a proactive and well-rounded approach, your SMB can secure its valuable data, build customer trust, and thrive in an increasingly digital marketplace.

Josh Barrett is the Co-founder of BlueHat, a technology success partner specializing in cyber security and IT services for the mid and small business markets. Josh graduated from UC with a degree in cybersecurity, has been a practicing professional for more than 12 years, Josh is CISSP certified.

Breaking Barriers: Empowering Professionals with Disabilities in IT & Cybersecurity

Fri, 28 Feb 2025 13:53:05 GMT

The technology industry is evolving rapidly, with cybersecurity and IT roles in high demand. Businesses across all sectors struggle to find skilled professionals to fill critical positions. Despite the abundance of opportunities, many talented individuals find themselves shut out—not due to a lack of qualifications but because of barriers unrelated to their technical abilities. Among the most overlooked are professionals with disabilities, who, despite meeting or exceeding job requirements, often face challenges securing interviews and job offers.

The Hidden Barrier: When Qualifications Aren’t Enough

At Phishbuster Academy, we frequently hear from students who have put in the effort to obtain the right credentials but still struggle to break into the field. There is one such student who recently came to Phishbuster Academy who truly stood out. This aspiring professional earned an associate’s degree in IT and even acquired CompTIA’s triple crown of entry-level certifications—A+, Network+, and Security+. By all accounts, this individual should be an ideal candidate for an entry-level IT or cybersecurity role. Yet, despite applying to numerous positions, he could not even secure an interview.

Unfortunately, his story is not unique.

Although this young man is fully capable and qualified for an entry-level IT position, he does have a disability. In a field that can be difficult to break into, for professionals with disabilities, they face additional barriers to employment often stemming from:

Employer misconceptions about their capabilities.
Rigid job requirements that do not accommodate remote or adaptive work setups.
A lack of focus on skills-based hiring, leading to missed opportunities.

These obstacles prevent companies from accessing a talented pool of candidates who are fully capable of succeeding in IT and cybersecurity roles.

The Role of Remote & Adaptive Work Environments

One of the biggest misconceptions in hiring is that IT and cybersecurity positions require a traditional office setting. In reality, many roles in these fields are well-suited for remote work and can be adapted to accommodate a variety of needs. With the right tools and policies in place, professionals with disabilities can thrive in:

Remote work environments, which allow for flexible scheduling and accessible setups.
Adaptive technologies when needed, such as screen readers, voice-to-text software, and specialized hardware.
Results-driven roles, where success is measured by skills and problem-solving ability rather than physical presence.

Despite these advantages, many companies remain hesitant to implement these hiring practices or invest in the necessary accommodations.

Consider the student mentioned earlier: He possesses the education, certifications, and motivation needed to excel in IT, yet he struggles to even get past the initial hiring stage. His experience reflects a broader industry issue that creates difficult barriers of entry. This highlights a crucial gap: while education and certifications lay the foundation, hands-on experience often serves as the missing piece.

How Employers Can Close the Gap

The IT and cybersecurity industries face a talent shortage, yet many capable professionals remain overlooked due to outdated hiring practices and misconceptions about disabilities. Companies that embrace adaptive hiring practices, flexible work environments, and skills-based evaluation will not only tap into a wealth of underutilized talent but also foster a more diverse and innovative workforce. It’s time for the industry to break these barriers and open doors—because talent should be recognized, not overlooked.

To bridge this divide and create more opportunities, companies can consider:

Adopt skills-based hiring: Focus on an applicant’s actual technical abilities.
Implement flexible and remote work policies: Make accommodations that enable all employees to perform at their best.
Support internship and job simulation programs: Provide structured, hands-on opportunities that allow these professionals to gain real-world experience.

When faced with a candidate who has the education and certifications that highlight his intellectual abilities and foundational understanding of key concepts, the only thing left to do is prove that they have the technical abilities to do the job. But how can this develop if no entry-level positions are offered? That’s where job-simulated programs become a game changer.

The Path Forward

That brings us to the next steps…where do we go from here? It’s not overly complicated, the path forward is essentially giving these candidates an opportunity to complete hands-on projects that simulate real-world job responsibilities. Adding in that last piece of the puzzle, projects that can highlight their technical experience and abilities. Especially in a state like Ohio, where programs like Tech Cred can make this type of training a reality by eliminating what is often a big concern – cost.

Justin LeBrun is the VP of Operations at Phishbuster Academy, an organization dedicated to providing hands-on cybersecurity training and real-world experience through job-simulated labs. With a passion for bridging the skills gap, he works to ensure aspiring professionals have the opportunity to build successful careers in IT and cybersecurity.

CMMC Final Rule: Key Changes and Their Impact on Defense Contractors

Fri, 31 Jan 2025 16:35:41 GMT

The Cybersecurity Maturity Model Certification (CMMC) program, designed by the Department of Defense (DoD) to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), has undergone significant updates between its proposed rule in December 2023 and its final rule in October 2024. These changes reflect the DoD’s effort to balance cybersecurity requirements with practical considerations for contractors. With the final rule taking effect on December 16, 2024, understanding these changes is critical for contractors preparing for assessment.

One of the most important changes in the final rule is the introduction of a clearly defined phased implementation plan. The proposed rule hinted at a gradual rollout but lacked specific milestones or timelines. The final rule addresses this by implementing a four-phase plan. Phase 1 introduces mandatory self-assessments for contractors handling FCI. Phase 2 brings in Level 2 certifications for select contracts involving CUI. Phase 3 extends certification requirements to high-priority programs through Level 3 assessments. Finally, Phase 4 marks the full implementation of CMMC requirements across all applicable DoD contracts. This structured approach ensures contractors have the time to adapt while the DoD scales its assessment capabilities. Initial estimates state that approx. 80,000 defense contractors require Level 2 Certification, so with the implementation of a phased rollout, the accreditation body and ecosystem should be able to stretch with the initial demand of assessments.

Flexibility for Level 2 compliance has also been enhanced in the final rule through the introduction of conditional certification. Under the proposed rule, contractors were required to fully implement all 110 NIST SP 800-171 Rev 2 controls before achieving certification. The final rule now allows for conditional certification if contractors meet at least 80% of these requirements, provided they address gaps through a Plan of Action and Milestones (POA&M). This conditional status enables contractors to bid on contracts while granting them 180 days to close security gaps. However, failure to meet this deadline results in certification expiration, demonstrating that while the rule allows flexibility, it does not compromise accountability.

The role of POA&Ms has been significantly refined. The proposed rule permitted their use but lacked clear guidelines on timelines and follow-ups. The final rule establishes firm deadlines, requiring all security gaps documented in POA&Ms to be resolved within 180 days. A POA&M closeout assessment is then mandated to verify compliance before final certification is granted. This change ensures that contractors address vulnerabilities promptly, mitigating the risks of long-standing cybersecurity weaknesses.

The certification levels themselves have been clarified in the final rule. While the proposed rule outlined the three levels of CMMC, the final rule provides greater detail on the assessment processes and their frequency. Level 1 now mandates annual self-assessments for contractors handling FCI, with results reported in the Supplier Performance Risk System (SPRS). Level 2 introduces a distinction between self-assessments and third-party assessments conducted by CMMC Third-Party Assessment Organizations (C3PAOs). For Level 3, which is required for contractors handling critical CUI, assessments will be conducted by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), with Level 2 certification as a prerequisite.

Another area of improvement is the tracking and affirmation of compliance. The proposed rule required annual affirmations from senior officials but did not elaborate on enforcement or tracking mechanisms. The final rule enforces these affirmations across all certification levels, with contractors required to submit them annually through SPRS. Failure to affirm compliance results in the automatic lapse of certification, reinforcing the need for continuous cybersecurity maintenance rather than viewing CMMC as a one-time achievement.

The integration of SPRS and the CMMC Enterprise Mission Assurance Support Service (eMASS) is another key update. While the proposed rule primarily relied on SPRS for self-assessment score submissions, the final rule expands this functionality. SPRS is now used for Levels 1 and 2 (Self) assessments, while eMASS is designated for third-party assessments at Level 2 (C3PAO) and Level 3. Assessment results are automatically transmitted to SPRS from eMASS, creating a seamless and centralized compliance tracking system.

Scoping requirements have also been expanded and clarified in the final rule. The proposed rule provided limited guidance on defining in-scope systems and the role of External Service Providers (ESPs). In contrast, the final rule introduces clear scoping categories, including Contractor Risk Managed Assets, Security Protection Assets, and Specialized Assets. It also requires ESPs to meet equivalent CMMC security requirements when processing CUI but does not stipulate ESPs obtain the same level CMMC certification of their clients. These changes enhance clarity and ensure that contractors appropriately define the scope of their cybersecurity efforts.

As the CMMC program evolves, contractors must prepare to align their cybersecurity programs with these updated requirements. The final rule reinforces the DoD’s commitment to safeguarding national security through a robust, scalable, and enforceable cybersecurity framework. For contractors, the path to compliance is not only a contractual obligation but a critical step in strengthening their resilience against cyber threats. Now is the time to act, ensuring readiness for the challenges and opportunities that the CMMC program brings.

Eric Parsley is a cybersecurity executive specializing in Governance, Risk, and Compliance (GRC). He is a vCISO for Expedient Technology Solutions offering cybersecurity focused MSP/MSSP Services. Eric holds a Master’s degree in Cybersecurity & Information Assurance and is a CMMC Certified Assessor.

How to Use CIAM to Elevate the Customer Experience

Fri, 31 Jan 2025 16:09:41 GMT

Digital channels, including websites, mobile apps, and social media, have become the primary touchpoint for establishing new customer relationships. In fact, 91% of adults ages 18 to 49 have purchased products or services online using a smartphone, according to Consumer Affairs.1 It’s crucial to make a good first impression during these customer interactions if you hope to build a loyal customer base.

This shifting dynamic creates new challenges and opportunities for businesses looking to attract and retain customers. The right customer identity and access management (CIAM) strategy can help you provide a positive customer experience.

What Is CIAM?

CIAM allows businesses to securely capture and manage customers’ identity and profile data and control what applications, services, and information users have access to.

The traditional approach to CIAM has tended to force the customer to provide as much information as possible at the point of registration and require them to log in with a username and password for every session. Taking this approach usually forces businesses to make user experience tradeoffs to secure how customers engage with their brand online.

Modern approaches to CIAM enable businesses to identify who their customers are and what applications they should have access to in a way that doesn’t require compromising convenience for security. By continuously assessing the trustworthiness of each customer’s identity throughout their session, businesses can dynamically adjust the level of authentication required based on real-time risk, making security visible only when necessary. This approach allows customers to securely engage with digital properties without encountering unnecessary friction.

CIAM can also help you streamline the end-to-end customer journey by making it easier to introduce single sign-on (SSO) for customers across all your digital properties, prompt customers for multi-factor authentication (MFA) for additional security only when necessary, and ultimately move towards secure, convenient passwordless authentication experiences.

How Can CIAM Deliver a Great Customer Experience?

CIAM elevates the customer experience (CX) by simultaneously reducing friction and building trust. Our 2024 Consumer Survey found that “security” (78%) and “ease of use” (76%) were the most important aspects of interacting with brands online, highlighting the importance of delivering both secure and seamless journeys.

Reduce Friction

With CIAM, you no longer need to push every customer through the same rigid authentication processes when they visit your site.

For example, if they’re registering for the first time, you don’t need to ask them to enter all their personal data immediately, you could just ask them to provide their email address and set a password, minimizing friction until they’re ready to make a purchase. When they decide to place their first order, then you can ask them for their address, payment details, and any other necessary information. At any given point in their journey, you’re only asking them for the information you need, so they can focus on their shopping experience, rather than filling in forms.

Similarly, when an existing customer wants to log into your site, you can make smarter decisions about how many authentication hoops you should make them jump through. For example, if they logged in successfully an hour ago on the same PC with the same IP address, and their mouse movements and typing patterns are the same as they were before, you might decide they don’t need to enter their password again. Modern CIAM systems allow businesses to fully configure the level of security required, and to specify the signals they monitor to achieve secure authentication.

Essentially, CIAM allows you to adjust the level of friction in your authentication experience appropriately, so customers don’t feel they’re being bothered unnecessarily.

Build Trust

When we talk about adjusting friction, the key word is “appropriately.” Zero friction is rarely the right answer from a security perspective, and it’s not always what customers want, either.

For example, imagine you get a login request that seems to be coming from an existing customer, but the IP address shows that they are in a different country and using an unknown device. In that case, you might decide to send an MFA request to make sure the customer is who they say they are.

Let’s say the request does come from a genuine customer. Perhaps they’re traveling overseas, and they’ve borrowed a friend’s device because their own smartphone won’t connect to the local network. In this situation, receiving an additional security challenge doesn’t feel like unnecessary friction. It’s reassuring for the customer because it shows them, you’re taking their account security seriously.

Only asking for the authentication you need, and always asking for authentication when you need it can prove to customers that the friction added to the experience is necessary, and you’ll find it much easier to win their trust.

What Are the Benefits of Improving CX with CIAM?

Utilizing CIAM to improve CX can unlock a variety of benefits that work together to improve business operations, reduce IT costs, and capture more revenue. Effective use of CIAM enables you to:

Boost Customer Acquisition and Retention: Businesses can acquire more customers with CIAM and progressive profiling by streamlining the registration process, asking for information over time rather than forcing new customers to fill out a long sign-up form before checkout.
Increase Revenue: By using progressive profiling, businesses can get to know their customers better while building rich user profiles to offer tailored experiences across every digital property. Unifying customer identity with existing Customer Relationship Management and Customer Data Platforms allows businesses to finely target cross-sell and up-sell offers.
Strengthen Customer Loyalty: By enforcing appropriate security measures in the right situations, CIAM shows your customers you are a trustworthy steward of their accounts and personal data.
Reduce Customer Support Costs: Effective CIAM gives customers more options for authenticating with your site, which means they are less likely to fail security challenges or get locked out of their accounts.

Mitigate Security, Privacy, and Fraud Risks: By replacing outdated perimeter-based identity checks with continuous authentication using real-time analytics, CIAM makes your customer-facing systems more secure.

Rich Keith, Senior Director, Product & Solution Marketing, Ping Identity has over 20 years technical and marketing experience in cyber security, IAM, AI/ML and big data analytics, and enterprise software including enterprise Java servers and transaction processing systems. Rich is a sought-after speaker at cybersecurity events worldwide. Prior to joining Ping Identity, Rich held senior positions at SailPoint (IAM), BeyondTrust (PAM), Oracle and Cofense/PhishMe. Rich holds a master's degree in Computer Science from California State University, Chico.

AI’s Next Chapter: What to Expect in 2025

Thu, 26 Dec 2024 18:14:15 GMT

As we gear up for 2025, I've been doing a lot of thinking about the advancements in generative AI over the past year. It feels like over the next twelve months we could see a shift in how we approach data, interact with AI, and ensure that we're doing it all in an ethical and responsible way. I've got some thoughts on why data quality is about to become a major focus, the ways agentic AI could change our daily interactions with technology as a whole, and why we need to make sure we're handling these systems with care. So, let's dive in and take a look at what I'm seeing on the horizon for 2025.

It’s All About the Data

The phrase “data is the new oil” has been commonplace over the past decade or so, but I predict 2025 is when we’ll actually start seeing it play out. As more organizations adopt and build generative AI systems, the need to ensure those systems are ingesting good, quality data becomes increasingly important.

The shift towards quality data isn't about having more data; it's about having better data. Generative AI models are only as good as the data they're trained on. In 2025, we’ll see a focus on data quality initiatives. This means organizations will be investing heavily in data cleaning, validation, and enrichment processes, moving away from simply hoarding vast quantities of information to curating high-value datasets. This commitment to quality will be a key differentiator for AI performance and the success of these systems.

Furthermore, the role of data stewards will become increasingly crucial. These individuals (or maybe even AI agents. More on this in a moment.) will be responsible for the lifecycle management of data – from its creation and collection, through its storage and use, to its eventual archiving or removal. Good data stewardship is about more than just governance; it’s about ensuring data is accurate, consistent, secure, and used ethically and responsibly within the context of AI projects. Without solid data stewardship, the most sophisticated AI models will still struggle, leading to biased, inaccurate, or even harmful outcomes.

One conversation I've had recently is about using AI to help employees with health insurance, like asking “What are my vision benefits?" and "What in-network eye doctors are near me?” Ingesting your health insurance policy into such a system may not seem like an arduous task. But your policies will change over time. New policies will need to be added, and expired policies will need to be removed. We can’t simply feed AI a bunch of data and call it day; we need processes for the removal of data as well. This illustrates the need for effective data lifecycle management programs.

Agentic AI

The way we interact with AI systems is set to change as the popularity of agentic AI increases. But what is agentic AI?

Generative AI like ChatGPT, Gemini, or Claude is kind of like a chef in a kitchen. You give them an instruction, and they can whip up a delicious meal. That’s where the “generative” in generative AI comes from; they generate content. But an agentic AI system is more like the restaurant manager, that not only can create new recipes but also decide what ingredients to buy, how to set the menu, and how to coordinate the kitchen staff. Agentic AI systems are focused on goals and outcomes, and they can act autonomously to achieve those goals without human interaction.

While agentic AI systems leverage the creativity of generative AI models such as ChatGPT, they differ in several ways. Primarily, these systems prioritize decision-making over content generation. Secondly, they operate autonomously, driven by predefined goals – like boosting revenue, improving customer feedback, or streamlining logistics – rather than requiring constant human instruction. And finally, these systems possess a more sophisticated ability to handle complex, multi-step processes, navigating data sources and initiating workflows without manual intervention.

Because agentic AI systems are designed to carry out specific, granular tasks, they enable greater specialization of roles compared to general purpose models like ChatGPT. Some agentic systems will have an “orchestrator” which can be thought of as the main agent that interacts with and instructs all of its downstream agents. Imagine this: An AI system is monitoring a salesperson's calendar, and before each meeting, it automatically prepares a brief with information about that customer. And not just any information. Relevant information like past purchase history, previous interactions with their team, and even business trends in their industry.

Responsible AI

“With great power comes great responsibility.” In 2025, organizations will no longer be able to treat ethical AI as an afterthought; it will become a core component of any AI strategy. This means proactively establishing clear policies to guide AI development, encompassing data privacy, transparency, and bias mitigation. This will require not just technical solutions but also a broader ethical commitment across all levels of an organization.

Beyond ethical considerations, robust governance of AI systems will be critical. This includes establishing clear lines of responsibility for AI outputs, implementing testing and validation processes to ensure the reliability of AI models, and setting up clear mechanisms for recourse when things go wrong. We can’t just deploy AI and hope for the best; we have to be good stewards of it. We'll see a growing need for specialized roles, such as AI ethicists and AI risk managers, who will be tasked with ensuring that AI is used responsibly and for the benefit of all stakeholders. The path to realizing the full potential of AI is paved with careful planning, robust oversight, and a dedication to building systems that are not just powerful but also trustworthy and ethical.

I've shared my predictions, but now I'm curious – what are you seeing on the horizon for AI?

Jason Clishe

Jason is a Google Cloud Platform solutions architect at CDW with 30 years of IT experience spanning delivery consulting, partner enablement, and sales engineering. His expertise includes cloud technologies, generative AI, and on-premises solutions, and he leads the design of innovative generative AI solutions on GCP Vertex AI.

AI and the “Whopper” of Change

Mon, 23 Dec 2024 18:14:13 GMT

In 1993, Burger King became revolutionary. They implemented a groundbreaking technology that changed the game, challenging both customers and workers with a new process: accepting credit cards. In this video reactions were split between fear, resistance, skepticism, joy, and convenience.

In 2024, what does AI have to do with Burger King? Everything. AI in our workplaces now represents the same disruptive factors: do I want to use AI or not? How will my employees start to use it? Will they implement it correctly? How do I even use this system? Do our workforce/customers/clients now have to make new choices?

¡Prohibido arrojar NADA dentro del sanitaro!

(It is forbidden to throw NOTHING down the toilet)

Just like how credit card payments date back to the late 1950s, AI’s roots trace back to the early internet in the form of 1:1 translation. In the early days of translation websites, the level of “thinking” a system could do was literal. For example, in language, "jaguar = cat," but "Jaguar ≠ car."

“I don’t quite agree with it, but a calculator for words is an interesting framing for ChatGPT,” said Sam Altman, CEO of OpenAI. Thanks to technological and algorithmic advancements, AI now can see the “forest through the trees.” According to TechTarget, ChatGPT has over 1 trillion transformer neural networks, enabling it to distinguish between a luxury foreign vehicle and a jungle cat.

With this powerful new “calculator for words,” what does that mean for the workforce? According to a recent market-data report, as it stands now, six out of ten occupations have more than 30% of activities that are technically automatable. As AI advances, instead of “cash or credit,” we might soon have to ask ourselves, “human or AI?” (assuming we are even given a choice…). Perhaps the best way to prevent AI from taking jobs is to embrace it and implement AI to do our jobs better.

Prompt Engineering? I call it “Prompt Writing”

Before my career as a workforce development consultant, I was a publishing intern, editor, writing tutor, and later an English Language Learner instructor (also, janitor, cook, mosquito control specialist, property abatement worker, and road construction worker—just to name a few).

When I first began using AI a few years ago, two thoughts immediately struck me:

I needed to stop using this system like a Google search.
Creating effective prompts requires finesse.

I quickly realized that I had to do a bit of writing to get the result I wanted from AI. For me in the moment, the term “prompt writing” seemed more fitting than “prompt engineering.”

There is no “e” in Ketchup

Through research and webinars, I discovered AI was full of interesting little quirks. For instance, some AI systems would confidently assert that there is no “e” in the word ketchup. Try it out today on ChatGPT, CoPilot, or Gemini without logging in—you might be surprised.

Paying attention to social media posts, I also noticed the same common AI buzzwords popping up again and again—like “dive.” Hey, everyone, let’s dive into the topic of prompt engineering, followed by an emoji. We must do better to keep language fresh, interesting, and most of all “human” even when using our fancy new word calculator. By telling AI which words not to use and giving it the proper context, we can disguise its “word calculator” tone and keep our writing more authentic.

Give AI a Job (While I Still Have Mine)

The “lightbulb” moment for me as an AI user was discovering the simple prompt structure of Role-Task-Format. Writing a great prompt starts with giving AI a job: assign it a role. For example, tell AI: Act as a sales rep, consultant, or data scientist. Giving AI the right context is essential to getting the best results.

AI knows a lot, but it doesn’t know what’s important to you until you tell it (you don’t know what you don’t know). Next, specify the task you want it to perform: Create a marketing email, blog post for Technology First, or session description for your Dayton AI Day presentation. Finally, decide on the format. Should it be 3–4 small paragraphs, a bulleted list, or something else entirely?

“Review the rough draft of this blog post and help me come up with a clever conclusion. Keep the writing style similar.”

Just as credit cards reshaped fast food transactions in 1993, AI is reshaping the workplace today. The parallels are clear: innovation challenges us to adapt, evolve, and make choices about how we engage with new technologies. Whether it’s using prompt engineering to enhance efficiency or approaching AI with a human touch, the question isn’t if AI will change the game—it’s how we’ll play along. I’m looking forward to meeting everyone at Dayton AI Day on Jan 15^th and hope to see you in my “Prompt Engineering…Basics and a Bit Beyond” session.

*This blog post was written by a human…except for the conclusion paragraph.

Nathan Floom is a Learning and Development Consultant in Sinclair’s Workforce Development Department. He works with a wide variety of industries to help leaders and teams become rock stars in their roles. He is a certified facilitator in Patrick Lencioni's "The 6 Types of Working Genius" and a qualified facilitator of the "AFS Global Up-Global Competence" program. In 2023, he was nominated for "Teacher of the Year" in Adult Education for the Southwest Ohio region. Nathan holds a BFA, an MA, and a certificate in Instructional Design from the Association for Talent Development. He is an Eagle Scout.

Reflecting on 2024: Building Connections, Strengthening Tech, Championing Innovation

Sun, 01 Dec 2024 15:00:00 GMT

Hello Tech Community!

As 2024 comes to a close, it’s incredible to reflect on how far we’ve come as a tech community. At the start of the year, many of us were focused on what lay ahead for technology—emerging trends, evolving challenges, and the innovations poised to shape our future. AI, anyone? Now, as we prepare to enter 2025, we can look back on all that’s been accomplished.

Connecting

This year, we strengthened connections across our tech community in profound ways. With over 50 events—including the Ohio Information Security Conference, Taste of IT, and two Digital Mixers—we created countless opportunities for professionals, students, and organizations to come together, share insights, and advance ideas. At the heart of our community are peer group meetings, a core member benefit that fosters collaboration and ensures the continuous exchange of knowledge.

Beyond events, we facilitated one-on-one connections between members, helping businesses and individuals find the right partners, resources, and solutions to drive their goals forward. To make connecting even easier, we introduced a new mobile app, putting opportunities to engage, network, and collaborate right at your fingertips.

Strengthening

Throughout 2024, we’ve navigated critical topics like cybersecurity, sustainable technology, and of course AI, while continuing to champion leadership and workforce development. We tackled tough questions, such as “What should every tech leader stop doing now?” and provided strategies for protecting and growing tech investments.

We often said 2024 was our year of experimentation. So, we launched the Emerging Tech Leaders program, introduced Workshops, and hosted three conferences – challenging ourselves to push the boundaries while ensuring our programs were designed to equip participants with the skills and tools to lead and adapt in a rapidly evolving landscape. Our Women 4 Tech Conference became an annual tradition, celebrating and empowering women in technology leadership.

Championing

Investing in our community and the next generation of tech leaders remains at the heart of our mission. This year, we raised over $9,000 for the Technology First Scholarship Fund at the Scramble for Scholarships, awarded more than $10,000 in scholarships to regional students, and inspired the youngest learners at the Boonshoft Museum of Discovery through our interactive Tech First Brixilated Mural.

Through initiatives like the Cyber Challenge and STEM Career Fair with the Girl Scouts, we’re introducing future leaders to careers in technology, while our Digital Mixers provided students with opportunities to connect with local employers and kickstart their tech journeys. These efforts ensure a strong pipeline of talent to sustain and grow our region’s tech community for years to come.

A Shared Commitment

Through it all, your commitment to advancing technology in our region has been the constant driving force behind our progress. Our community remained resilient and future-ready by focusing on sustainable practices, workforce growth, and innovative solutions. Together, we haven’t just adapted to change—we’ve led the way, positioning the Dayton region as a hub for innovation and economic growth.

The highlight of every year, for me personally, is watching our members come together—answering a call for help, lending a hand, and encouraging career advancement. These moments exemplify the strength of our community and lay the foundation for everything we achieve together.

Looking Ahead

As we look forward to 2025, we’re excited to continue this journey with you. Next month, we’ll share what’s on the horizon for the new year, including opportunities to connect, learn, and lead in ways that will keep our community thriving. We invite you to kick off the year right at Dayton AI Day on January 15, where we’ll dive into the practical applications and future of artificial intelligence.

But for now, let’s take a moment to celebrate all we’ve accomplished in 2024.

Here’s to shaping the future of tech—together.

#UniteDaytonTech

Melissa

Championing Tech: The Value of Volunteerism

Mon, 04 Nov 2024 14:41:51 GMT

Championing Tech: The Value of Volunteerism

For November's TECH CONNECT, a month dedicated to gratitude and giving, we’re highlighting three Tech First members who embody the spirit of service and community. Florence Renee Bacote from the Montgomery County Board of Commissioners, Jill Campbell with the Air Force Life Cycle Management Center, and Searsa Johnson of CareSource are among our most dedicated volunteers, lending their time and expertise to events like the Girl Scout Cyber Challenge and programs with the Boys and Girls Club in addition to Tech First conferences and events. Their passion for making a difference shines through in every project they touch. We sat down with Bacote, Campbell and Johnson to discuss what motivates their volunteerism and to hear their advice for those looking to get more involved.

Read on to be inspired by their commitment to giving back!

How did you first get involved with Technology First, and what inspired you to start volunteering?

Bacote: I first became involved with Technology First through my employer, Montgomery County, enrollment as an attendee of the annual Tast of IT Conference and then later as a peer member of the Women 4 Tech peer group. I have always believed that volunteering can have a real impact on the lives of others in need of assistance or direction which continues to help me realize that this impact is a part of something bigger than myself.

Campbell: There have been times in my life when I needed guidance or support and found it lacking, which has driven me to volunteer and give back to others. Volunteering offers me the chance to share my skills and expertise in ways that might benefit others and make a positive difference. I believe the knowledge exchanged through volunteering is incredibly valuable—every experience adds to my growth and understanding. Additionally, it’s rewarding to provide time and services to those who may not have access or the means to seek out this support on their own.

What has been the most rewarding part of your volunteer experience?

Bacote: I have really enjoyed giving my time, energy, and knowledge while connecting to others in the Dayton community. I have always enjoyed working with others and making new friends in an environment that promotes growth along with helping others learn and gain professional experience.

Can you share a specific moment or experience that stands out to you during your time volunteering?

Campbell: Being sought as an expert and leader while I was facilitating a session at Taste of IT! It was an honor to hear "I was told I needed to meet you." To be recognized by peers as a knowledgeable leader and, in this instance, to eventually have a job offer from [the volunteer interaction], was quite a satisfying experience!

What makes our volunteer community special, and why do you continue to give your time?

Johnson: Connection. My continued engagement is driven by connecting with the Technology First community and their caring and dedicated staff. It is vital to be part of a community that openly discusses cyber security and evolving technology.

How has volunteering impacted your personal or professional life?

Bacote: Volunteering has helped keep me keen on my communication, project planning, and teamwork skills. It has also helped me to make great connections and meet new people in the Dayton community.

Campbell: I have been humbled by the amount of expertise I’ve been exposed to and a substantial amount of my diverse knowledge and “career wisdom” has come from the interactions with the people whom I’ve met through volunteering. Also, it’s about the network – I can sincerely say that ALL – with the exception of TWO connections – on my LinkedIn network are people I’ve met face to face.

What do you see as the future of volunteerism, especially within the technology sector?

Bacote: The future of volunteerism in the technology sector will likely see a significant increase in digital volunteering, where people can use their technical skills remotely as more and more people are working in remote positions and not physically working in buildings in the community. I still hope there will be individuals who will still want to do “in-person” volunteering. There will always be a need for tech professionals with specific skills like web development, graphic design, and especially cybersecurity, whose technical knowledge can be more valuable when demonstrating or teaching these ideas in person with ability to give hands-on instruction or experience.

Campbell: The Dayton area seems to be skipped over in the areas of technology in regard to large events and connection to the surrounding areas. I believe the more volunteerism that occurs, the "louder" we can be, and the more connected Dayton will be. Dayton is a vast source of technological knowledge and should not miss out on what is happening around us. Lets all jump on the volunteering band wagon so we can participate in the opportunities that are happening!

What advice would you give to someone who is considering volunteering but hasn’t taken the step yet?

Johnson: What are you waiting for!?! For someone who is a true introvert and struggles with public speaking anxiety, volunteering with Technology First served as a steppingstone in building my confidence. These volunteering opportunities provided me a safe space to practice public speaking, enhance networking skills, and re-connecting with my peers. Sign up now!

As we wrap up this month of gratitude, we’re reminded of the incredible impact that dedicated volunteers like Florence Renee, Jill, and Searsa have on our community. Their stories encourage us all to find ways to give back, connect, and create lasting change.

Here’s to making a difference together!

Turning Conference Chatter into Client Conversions: How You Can Leverage Events for Business Development

Sun, 03 Nov 2024 15:00:02 GMT

Conferences. Are they just a whirlwind of half hearted networking, average coffee, and questionable after-parties? Not for me! I see conferences as a goldmine – a chance to unearth valuable insights, capture educational moments, and ultimately, boost my sales.

Here's the thing: most people attend conferences, passively absorb information, and then…crickets. But the real magic happens after the event. It's about taking those nuggets of knowledge and weaving them into your sales strategy.

Here's how to turn conference chatter into client conversions:

1. The "Hot-off-the-Press" Pitch:

● Identify Key Takeaways: Jot down the most impactful trends, innovative solutions, and industry challenges discussed.

● Craft a Timely Narrative: Incorporate these insights into my outreach. For example, "At the recent [Conference Name], there was a lot of buzz around [hot topic]. It got me thinking about how [your company] could help businesses like yours navigate this…" Be as specific as possible about how the learnings from the conference can apply to your specific prospects environment.

● Establish Thought Leadership: Sharing these timely insights positions me as an expert and demonstrates that I'm invested in staying ahead of the curve.

2. Name Dropping Done Right:

● Strategic Networking: Make a point of connecting with influential speakers and industry leaders.

● Leverage Connections: In follow-up emails, you might say, "[Speaker Name] made a great point about [topic] at [Conference Name]. It resonated with me because…" This adds credibility and context to your outreach.

● Build Relationships: Conferences are a breeding ground for genuine connections. These relationships can translate into warm leads and referrals down the line.

3. Content is King (and Conferences are the Kingdom):

● Repurpose Content: Leverage conference presentations, workshops, and keynotes to create valuable content for my prospects. Think blog posts, social media updates, or even short videos summarizing key takeaways. Don’t be afraid to take selfies or quick videos in the hallways.

● Offer Exclusive Access: Sharing exclusive insights or resources from the conference adds value to my outreach and incentivizes prospects to engage.

4. The Follow-Up Frenzy:

● Strike While the Iron's Hot: Follow up with connections and leads immediately after the conference. The event is still fresh in their minds, making them more receptive to my message.

● Personalize Your Approach: Reference specific conversations or shared experiences to make your outreach more meaningful.

Conferences are an investment – of time, money, and energy. But by strategically leveraging the learnings and connections, I turn that investment into a sales bonanza. So, the next time you're at a conference, remember: don't just attend, capitalize!

About NextStep Networking: NextStep Networking partners with schools to excite and empower students, businesses that make us think, non-profits that want to maximize their impact and government agencies that rely on safety and security. We will bring new ideas and find creative and innovative ways to help your business with technology. Built on a foundation of integrity and community partnership, we believe that helping other like-minded organizations prosper will pave the way to a better future. Join our mission of making a positive impact in the lives of those we serve.

The Future of Enterprise Communications and Technology

Fri, 01 Nov 2024 14:00:01 GMT

As 2024 draws to a close, the business landscape is evolving rapidly, especially in enterprise communications, technology, and economic trends. For companies to stay competitive, it is essential to remain informed and adaptable. Below, we explore the key developments and insights that will define enterprise communications in the year ahead.

Key Industry Trends in Enterprise Communications

AI’s Expanding Role in Customer Experience and Call Centers
Artificial intelligence (AI) continues to transform customer service and call centers by improving efficiency and personalization. Many businesses are integrating AI-powered tools to automate repetitive tasks, streamline interactions, and provide customized experiences. As AI becomes more advanced and accessible, its adoption will only grow, though the rising costs of implementation and maintenance remain a challenge. Maximizing the potential of AI requires leveraging its data across various departments—sales, marketing, and support—to create a seamless and integrated customer journey.

New Compliance Regulations for Financial Services
The European Union’s Digital Operational Resilience Act (DORA) will go into effect in January 2025, impacting financial institutions and their technology providers. These firms must meet rigorous cybersecurity and operational resilience standards, requiring gap analyses, improved risk management, and resilience testing. While DORA directly affects financial services, businesses in other sectors, including enterprise communications, will also need to prioritize securing their data and systems to stay compliant across industries.

The Evolution of Hybrid Work

Hybrid work models have become a permanent feature of the post-pandemic business world. Although some organizations aim for a return to full-time office work, many employees still prefer the flexibility of hybrid setups. The challenge for businesses is to sustain collaboration, productivity, and company culture in this environment. Investing in advanced video conferencing, collaboration platforms, and secure remote access tools will be critical for staying competitive and attracting talent.

Key Timelines and Regulatory Changes

January 2025: DORA compliance deadline for financial services and related industries. Ensuring cybersecurity and resilience standards are met will be vital to avoid penalties.

Challenges and Opportunities for Businesses

Economic Uncertainty
Inflation, layoffs, and commercial real estate challenges are contributing to an uncertain economic landscape. Businesses need to be agile, managing costs carefully while investing in technologies that will future-proof operations.

Rising AI Development Costs
While AI offers considerable efficiency gains in customer service and other areas, the costs associated with its deployment and maintenance are increasing. Businesses must evaluate the long-term return on investment (ROI) of AI solutions to ensure scalability and adaptability to future needs.

Evolving Communication Tools
The importance of video conferencing, collaboration platforms, and messaging apps has grown immensely. Companies should continually assess their tech stack to ensure they are using flexible, secure, and well-integrated communication tools that align with their broader business systems.

Strategic Recommendations

Invest in AI Thoughtfully: AI can be transformative, but strategic integration across departments is key. Focus on scalable AI solutions that deliver valuable data insights while integrating with existing technologies.
Prepare for Regulatory Changes: Businesses in finance and technology must align with new regulations like DORA. Regularly review cybersecurity protocols, third-party contracts, and resilience measures to avoid compliance risks.
Support Hybrid Work Models: Hybrid work is here to stay. To remain competitive, invest in technologies that enable employees to seamlessly transition between office and remote work, ensuring productivity and security.
Optimize Communication Platforms: Companies should consider consolidating communication tools that offer security, resilience, and integration with IT systems to ensure smooth operations.

Looking Ahead

The remainder of 2024 and early 2025 will bring both challenges and opportunities, including advances in AI and tightening regulatory landscapes. By staying informed, businesses can navigate these changes effectively. Balancing innovation with economic and regulatory readiness will be crucial for long-term success.

At NexusBlue, we are dedicated to helping businesses make informed decisions and adapt to the ever-changing enterprise communications and technology landscape. By acting now, organizations can position themselves for sustainable success and long-term resilience.

NexusBlue
NexusBlue specializes in rescuing, fixing, and reimagining business operations through enterprise communications, digital transformation strategies, and AI assessments. We help companies navigate the complexities of technology and regulation to drive lasting ROI in today’s fast-evolving business environment.

Cybersecurity Essentials for Small Businesses: A Comprehensive Guide

Tue, 01 Oct 2024 14:02:00 GMT

As a business owner, it’s easy to focus on growth, customer service, and day-to-day operations while discounting cybersecurity. However, in a world where 46% of cyberattacks target small and medium-sized businesses, maintaining a secure digital environment is not just important—it’s critical for survival.

This blog dives into the key cybersecurity practices for small and medium-sized businesses, to help you protect your organization from malicious threats and costly ransomware attacks.

Why Are SMBs a Target?

The answer lies in their limited cybersecurity infrastructure. While large corporations invest heavily in advanced security systems, smaller businesses tend to have fewer resources or budgets. However, just because your business is small doesn’t mean you have to an easy target.

Common Cyber Threats Facing SMBs

Understanding the types of cyber threats your business may face is the first step in building a strong defense. Preparing for security incidents is an important business practice. Here are the common attack methods cybercriminals use:

1. Phishing Attacks

Phishing remains one of the most popular methods used by cybercriminals use. These attacks typically involve fraudulent emails that use urgency, deceptive visuals and links, and impersonation to trick employees into clicking on malicious links or sharing sensitive information.

2. Ransomware

Ransomware attacks involve encrypting a company’s data and demanding a ransom to restore access. In many cases, businesses are left crippled for multiple days or weeks without access to their own information. Even after paying the ransom, there’s no guarantee the attackers will return the data.

3. Malware

Malware is malicious software that can infiltrate your systems to damage, disable, or exploit your data. This broad category includes adware, spyware, and viruses designed to cause harm or steal valuable information.

4. Weak Passwords and Credential Compromise

Weak, reused, or stolen passwords remain one of the biggest cybersecurity risks. A compromised credential allows an attacker to bypass security protocols and gain direct access to sensitive systems.

Small Business Cybersecurity Best Practices

Implementing robust cybersecurity measures doesn’t have to be overwhelming. Here are practical steps you can take to protect your business:

1. Use Multi-Factor Authentication (MFA)

Multi-factor authentication (MFA) requires users to provide two or more verification methods—such as a password and a security code—before gaining access to the system.

2. Regularly Update Software

Outdated software is a major vulnerability. Whether it's operating systems, web browsers, or specialized business software, keeping everything up-to-date is essential. Many updates contain patches for security flaws that have been identified.

3. Create Strong Password Policies

Ensure your employees are using strong, unique longer passwords for each of their accounts. Implement a password policy that requires complex combinations of letters, numbers, and symbols, and encourage regular password changes.

4. Educate Employees on Cybersecurity

Your employees are your first line of defense and greatest vulnerability. Provide regular training helps them identify current phishing scams, social engineering, and recognizing and reporting potential security breaches.

5. Conduct Regular Risk Assessments

A risk assessment helps identify areas of vulnerability. This involves a third party evaluating your current cybersecurity practices, identifying potential threats, and implementing strategies to address them. Regular assessments help you stay ahead of evolving threats and ensure that your defenses remain effective.

6. Backup Your Data

Data backups are critical to recovering from a cyberattack. Ensure that your business performs regular backups of all important data to an encrypted, offline location. This way, if you do experience a breach—such as a ransomware attack—you can restore your systems faster without losing significant data.

7. Install Firewalls and Anti-Malware Software

Investing in firewalls and anti-malware software is a non-negotiable aspect of cybersecurity. A firewall monitors incoming and outgoing traffic and blocks suspicious activity, while anti-malware software detects and removes malicious software before it can do damage.

8. Install Endpoint Protection

Every endpoint (laptop, mobile phone, tablet, etc.) that connects to the corporate network is a vulnerability, providing a potential entry point for cyber criminals. It is imperative for businesses to deploy endpoint solutions that can analyze, detect, then block and contain cyberattacks on remote systems.

9. Develop an Incident Response Plan

An incident response plan outlines the steps to take in the event of a security breach. This plan includes who to contact, how to contain the breach, what to communicate, and the order of systems to be restored based on their importance for conducting business. Regularly practicing incident response through simulations helps your team respond effectively when a real threat arises.

Additional Cybersecurity Considerations for SMBs

While the best practices outlined above are foundational, you can further strengthen your business’s security posture by considering these additional measures:

1. Mobile Device Management

As more employees work remotely or bring their own devices to work (BYOD), managing mobile security becomes critical. Implement mobile device management (MDM) software that enables your business to monitor, secure, and manage all employee devices that have access to company data. This allows you to enforce security policies and wipe devices remotely if they’re lost or stolen.

2. Secure Your Wi-Fi Networks

Unsecured Wi-Fi networks are an open invitation for hackers. Ensure your business’s Wi-Fi networks are encrypted, and consider segmenting networks for employees, guests, and business systems. This prevents unauthorized access and reduces the risk of data interception.

3. Perform Penetration Testing

Penetration testing involves simulating cyberattacks on your system to identify weaknesses before actual attackers can exploit them. Hire a cybersecurity professional to conduct these tests to provide recommendations on how to address vulnerabilities.

Free Small Business Resources

There are a number of free resources available from the federal government and the State of Ohio to reduce your risk to potential cybersecurity threats including:

Final Thoughts

By following these cybersecurity best practices, your company can create a strong digital defense and focus on what really matters—growth and success. Remember, being cyber aware means being cyber prepared.

Author Bio: As the CEO and Founder of Secure Cyber Defense, Shawn leads a dedicated team committed to safeguarding organizations across the entire spectrum of cybersecurity needs. From perimeter defense to secure network design, and vulnerability discovery to intrusion detection systems, Secure Cyber Defense offers comprehensive solutions tailored to meet the evolving challenges of today’s digital landscape. With over two decades of experience in cybersecurity and information systems, Shawn brings a wealth of expertise to the table. He specializes in leading security teams to bridge the gap between technology and business objectives, empowering informed decision-making that protects assets from both internal and external threats.

Taking These 4 Preventative Steps Can Reduce Your Cyber Risk

Tue, 01 Oct 2024 14:00:01 GMT

As Cybersecurity Awareness Month kicks off in October, it’s a great time to remind everyone at your company to practice cybersecurity awareness to protect against cyberattacks and data breaches. Of course, there’s no completely foolproof way to keep threat actors from attempting to infiltrate your network. But taking these four preventative steps can significantly reduce your cyber risk.

Use strong passwords

Using strong passwords is an easy way to safeguard your apps and digital accounts. At Pondurance, we recommend that users choose passwords with at least 16 characters including uppercase, lowercase, numbers, and symbols. Also, we suggest that users choose a unique password for each of their accounts and never reuse their personal passwords for company accounts.

Like most people, you probably have dozens of accounts with passwords, and remembering all those passwords is a difficult task. That’s where the use of a password manager comes in. A password manager program generates strong passwords, stores them, and autofills the passwords. That way, you don’t have to remember your passwords or write them down. But be sure to use a strong master password that you can easily memorize for the password manager account.

Implement MFA

Turning on multifactor authentication (MFA) can make it especially tough for a threat actor to access your accounts. That’s because MFA requires two or more factors, such as a password, PIN, or verification code, to authenticate your identity at login. The added layer of protection may be the single most important thing you can do to defend against threat actors. Your company should have MFA implemented on every device to avoid being vulnerable to exploitation.

MFA has even become a strict requirement to qualify for a cyber insurance policy. Increasingly, cyber insurers want to see that companies have MFA implemented on every device on a company’s network.

Identify phishing

The Pondurance security operations center (SOC) team ranks phishing as the top method of credential compromise for email users. During a phishing attack, a user gets an email from someone claiming to be a known, reliable source and is fooled into providing credentials, such as passwords, credit card numbers, or bank accounts. The team reports that phishing emails with a financial lure are common fraud schemes during tax season, and malware delivery via phishing emails is an increasing threat. FBI data confirms the team’s conclusions, showing that phishing/spoofing is reported over five times more often than any other type of cybercrime.

In past years, phishing emails were often easy to identify due to their awkward language and poor grammar. Today, it’s not as easy to distinguish a phishing email. Artificial intelligence (AI) services, such as ChatGPT, are now making phishing emails more difficult to detect because AI helps threat actors use convincing language and proper grammar in the email text.

To reduce the risk of an attack, the SOC team suggests that you set inbox rules to detect any unauthorized activity and provide user awareness training for everyone at your company. User awareness training helps your employees, executives, and board members identify phishing emails and learn how to report suspicious activity.

Make updates

Updates fill the gaps or vulnerabilities that threat actors look to exploit in operating systems, software, and apps. Making updates can fix security bugs, protect against malware, improve performance, and more. The cybersecurity team at your company should stay informed about newly disclosed vulnerabilities and perform needed updates and patches as quickly as possible to keep threat actors out of your network.

Conclusion

Making cybersecurity awareness a priority at your company can help you protect against cyberattacks and data breaches. Using strong passwords, implementing MFA, identifying phishing, and making updates are four preventative steps that can significantly reduce your cyber risk during Cybersecurity Awareness Month and all year long.

Author Bio: Mike has enjoyed a career of more than forty years of operations and sales experience in the information technology and cybersecurity industry at IBM, Siemens, Sprint, and AT&T as well as several smaller and startup businesses. He has spent the past twelve years at Pondurance helping organizations tackle the challenges of cybersecurity to better protect their clients and their hard-earned brand reputation. Mike is active in the Central Indiana Information Systems Security Association (ISSA) chapter and is a member of InfraGard, a partnership between the FBI and members of the private sector.

Emerging Tech Leaders: Unlocking Potential & Paving a Path for the Future

Sun, 01 Sep 2024 14:03:00 GMT

After the successful launch of Technology First's Emerging Tech Leaders program, we sat down with Coach Mike for an insightful Q&A. In this conversation, he delves into the inspiration behind the program, the pressing need to cultivate the next generation of IT leaders, and his thoughts on the evolving role of IT leadership in shaping the future.

Question: What inspired you to design the Emerging Tech Leaders program?

Coach Mike: It was a combination of a several things, but I think they all had the same underlying theme which was the massive gap in leadership and people-management focus in IT. We are a population of engineers and technical-minded people who have lived our lives relying on our logic and reason to solve everything. So often people are promoted into leadership positions and are never prepared or trained to digest and respond to the complexities of balancing technical decisions with the emotional needs of people and maintaining business relationships.

Question: What key skills and competencies do participants develop in the program?

Coach Mike: Over 12 weeks and six sessions, we explore:

participants’ leadership styles and values,
performance management and measuring success,
recruiting and onboarding,
relationships, alliances, and politics,
as well as looking at IT from a business perspective rather than from a technical perspective.

I could probably spend six-weeks on any one of those topics, but the goal is to provide participants with exposure to experiences that we don’t talk about often or hear about but haven’t gone through. Then, help the participants understand the mechanics of each topic. Each session in the course is designed to equip attendees with insights, new tools, and various perspectives on how to navigate complex situations when they return to their roles.

Question: How does the program's interactive, scenario-based approach enhance leadership learning?

Coach Mike: Consistently, people say “I’m a hands-on learner.” In fact, I can’t think of a single time anyone has ever said to me “I can’t learn anything hands-on; what I need is a good PowerPoint presentation.” As we cover these principles, we put participants in complex scenarios, and the scenarios compound over the program. By the end of the course, we’re able to look at a scenario and consider the results of an action, balancing the financial, emotional, and relational aspects and perspectives of our customers, teams, and leadership.

Most of the scenarios are not meant to be “solved;” it’s not even about finding a “right” answer; instead, it’s about managing complexities and understanding the impact of decisions.

Question: Can you share an example of a scenario participants might encounter during the program?

Coach Mike: We had talked about who we are as a leader and started to inspect our competencies and areas of growth, as well as how that aligned with the organization we are in. In the week this scenario was presented we were discussing performance management and measurement.

The class was asked to consider all aspects of the scenario and put together a plan.

The point is not necessarily to solve the situation, but more to consider – and manage - all the dimensions at play. There’s no “right” answer; the appropriate or productive actions to take can vary wildly depending on the organization’s expectations and principles as well as the managers personal management style and values.

Also worth mentioning is that this is one of seven possible scenarios that groups are given, and this is probably one of the less complex situations.

Question: What unique challenges do new and aspiring IT leaders face today, and how does the program address them?

Coach Mike: IT leaders experience many of the same challenges that plague other leaders, especially ones who are leading highly specialized functions. And like other leaders, one of the most common challenges is often lack of training.

What I see that is unique to IT is the perception that IT is nothing more than a service center for the business. Pair that with technology solutions being oversimplified and the entire vocation seemingly being “magic,” and we are often overlooked when key decisions are made. We’re brought in far too late or handed a solution which is not viable for various reasons. Our Emerging Tech Leaders program helps by addressing this potentially detrimental dynamic, putting an emphasis and awareness around building a strong professional network, building business alliances, presenting IT as a business solution in clear, relatable terms, and making the IT team easy to work with as a partner.

Question: How do peer group collaborations contribute to the learning experience?

Coach Mike: This is one of my favorite things about the program! Having a diverse mix of industries, experience, and company sizes has proven to be very valuable, enriching our discussions. There are perspectives that people in small companies have that can influence a department leader to think more broadly, such as customer impacts. Conversely, a larger business typically has a very broad range of controls and policies that small groups may not be aware of, but either need or will need, such as IT Security or DevOps.

Sharing perspectives on team culture, hiring practices and relationship building from various backgrounds helps broaden everyone’s understanding and approaches.

Question: How does the program help participants navigate the unique challenges of the tech industry?

Coach Mike: Tech can be a bit of a black-box and sort of magical to a lot of people, so one of the biggest challenges of working in tech is trying to relate what we’re doing to objectives that make sense to others and building confidence in our business partner. Our program focuses on giving participants the tools to navigate their work culture and figure out messaging that instills trust in their organization. Inspiring trust and comradery goes much further than a lot of buzzwords and generic communication strategies that are too vague to apply to complex cultures and relationships.

Question: What advice would you give to someone considering joining the next cohort?

Coach Mike: I’d advise them to just sign up! This isn’t your typical training. We don’t hand out scripts. Instead, we explore how to grow as leaders, peers, and team members.

You’ll develop a cohort of peers, work closely with them on common goals, share insights, and solve problems together. Every session we explore lessons learned since the previous session; demonstrating how the principles we discuss influenced real actions.

Question: How do you see the role of emerging tech leaders evolving over the next few years?

Coach Mike: Over the past few years, I’ve seen growth in “functional” leadership. Roles like Scrum Masters and Technical Leads as well as Senior Technologist and Architects are establishing themselves as valuable leaders to have at the table. Leadership is shifting from purely technical roles to business partners.

Some of the best leaders I have worked for were more skilled in project management and navigating relationships than in technical disciplines.

The best organizations are moving toward enabling leaders and managers to focus on career development, coaching, organizational relationships, coordination and planning. Ultimately, organizations that embrace autonomy and self-regulation, empowering leaders to navigate and collaborate - versus a hierarchical and/or matrix structure - will be leaders in their industries, realize increased productivity and deliver more success.

Author Bio: After decades in the IT industry, moving in and out of various technical and leadership positions, Coach Mike Czarnecki was introduced to a transformational leadership coach. Working with a coach changed his life and made him realize that his love of people and personal accomplishment could be more than a task that he was expected to do off the side of his desk. With nearly 30 years of experience in large, medium, and small business, as an individual contributor and leader, a full-time employee and consultant, an employee and business owner, Mike turned his passion into reality by adding IT coach to his resume.

Harnessing Generational Diversity: Strategies for Building a Future-Ready Workforce

Sun, 01 Sep 2024 14:02:00 GMT

For the first time in United States history, we have five different generations in the workplace.

Traditionalists – born 1925 – 1945
Baby Boomers – born 1946 – 1964
Generation X – born 1965 – 1980
Millennials – born 1981 – 2000
Generation Z – born 2001 – 2020

As an employer, the quicker you understand the skills and motivation each generation brings to your company the better. The interaction of these different generations is a valuable asset for your company. Working together, they can assist you in building the most productive and innovative workforce in your company's history. Each generation has unique lived experiences - ranging from the Great Depression and WWII to the Vietnam War, September 11^th and prolonged unrest in the Middle East, as well as many other important cultural and historical events.

These diverse experiences lead to varying values and expectations in the workplace. For these reasons, employers face challenges in setting up compensation and benefit systems as well as creating workplace cultures that reflect the needs of all generations. This is potentially the most challenging time in history for Human Resource professionals to build effective teams and for Leaders to guide them to ultimate success.

Understanding Experiences and Expectations: The first step to managing a multi-generational workforce is to understand each generation's experiences and expectations to best meet and address their needs. This infographic from Purdue highlights trends within each of the generations.
Strategy of Strengths: Once your company understands these generational differences, you can begin to build your workforce strategy in order to best incorporate the strengths of the different generations. A solid workforce strategy will help ensure sustainability, healthy growth, and success. This strategy can help you identify talent and skills gaps, forecast supply and demand, and ensure that you have the right people to meet your strategic objectives. Benefits of a solid workforce strategy include reduced hiring costs, fewer talent gaps, increased retention, and better management of risk.

There are several steps to building a workforce strategy and the process always starts with defining workforce needs based upon your strategic organizational goals. Next, analyze market trends for each need as well as your internal trends (e.g. retention, turnover). After you have defined your needs, evaluate your current talent and figure out how you can tap into other sources of manpower to fill your needs. It is always recommended that your workforce strategy is diverse and tailored to your specific company. Tap into the plethora of resources in our region including interns, new graduates, mid-senior level transfers, upskilling, and a diverse range of candidates including older adults, veterans, new Americans, reentered citizens, and people with disabilities. With a robust balance of employee sources, you can ensure a strong workforce as well as a deep bench of new employees.

3. Monitor & Adjust: After you develop your workforce strategy, it is crucial for your company to continue to assess your plan, your outcomes, and your success in order to make necessary adjustments to ultimately achieve your company’s goals.

Embrace the opportunities a diverse generational workforce presents to create a robust culture capable of tackling challenges and driving growth and success.

Author Bio: Cassie Barlow is the President of SOCHE, a non-profit organization that collaborates with Higher Education, K-12, employers and government in order to impact economic development through education and employment.

Finding Success in IT Leadership Without Deep Technical Knowledge

Sun, 01 Sep 2024 14:01:00 GMT

I recently presented at my company’s Board of Advisors meeting. After I shared several technical slides on progress, challenges, and next steps, a trusted board member observed that, while the information was good, I am not an IT leader: I am a “Business Leader who just happens to lead the IT function.” What a valuable and validating reminder! Valuable, because you should always deliver messaging from IT using a business framework—a fact I temporarily forgot in my excitement to share the impressive work my team had accomplished. Validating, because I don't have deep technical knowledge; but, while IT knowledge is important, you can be a great IT leader without knowing how to build a server or develop an application.

I have spent most of my corporate career leading enterprise project management offices (ePMOs).While most of those projects had an IT component, and somewhere wholly focused on IT, leading an IT group is another task entirely. By nature, the ePMO is controlled and predictable (I'm very good at planning and controlling—I often say that I am a control enthusiast ;)). But good planning and control will only take you so far in IT. The rest of the journey requires that you build a clear strategy, foster a strong leadership team, and stay aligned to the business’s mission.

When I was offered the VP of IT position at LION, I was excited about the role and knew that I could do it well. I must admit, though, that I didn't sleep much the first few months. There are many things that weigh heavily in IT: the seeming inevitability of cyber-attacks, being responsible for reliable and secure infrastructure, simply ensuring that every employee can do their job every day, and that's before the forward-looking innovation and AI activities expected from any business-focused IT group! When it comes to leadership, it is unreasonable to think that a single person would, or could, have a deep understanding of it all.

Perhaps because of this, it’s becoming common for IT leaders to have a general technical background but proven success leading teams. I believe that is due, in part, to the breadth of IT topics and the pace at which technology changes. So, while I'm still learning new things every day, I'm sleeping better at night. Here are a few things that have helped and that I would recommend to others.

Find awesome mentors: First and foremost, ask for help in the early days. Find mentors you trust, preferably outside of your organization like board members or people from your network. Take folks to lunch and ask them to share their own experiences. Listen intently and ask clarifying questions but recognize when you’ve heard enough. It’s easy to become paralyzed by a large amount of advice from great mentors, so once your brain is at capacity, trust your gut to create a cohesive strategy that meets the needs of your department. It doesn’t have to be perfect; your plan will evolve over time.

Identify your leaders: In the beginning, spend a good deal of time listening to your team. You’ll quickly learn who the natural leaders are and who is interested in a leadership position. Make a distinction between technical and people leadership, communicate the importance of both, and be sure people are in the right roles. More than anything else, identify great leaders who balance your own skills, put them in place, and trust them to do their job.

Become a deep generalist: To compensate for a lack of deep technological background, embark on a journey to become a deep generalist in all things IT. Join professional networks like Technology First, keep in touch with your mentors, read industry related articles, and sign up for newsletters that will keep you up to date on technology trends.

Focus on the foundation: Be sure you have a solid foundation on which to build your IT future. In today’s world, security is a key priority. Make sure that you have a robust cyber security posture that includes user training and awareness. If you don’t, or are unsure, hire someone to do an assessment. In addition, be sure your IT Service Management (ITSM) tool meets your needs and provides the data necessary for informed decisions. Finally, to achieve business goals, it is important to have a flexible and scalable infrastructure. Consider cloud solutions, integration software, and a data architecture that will help you quickly meet business needs.

Prioritize the work: As any good leader knows, there will always be twice as many things that you want to do than what you have the capacity, time, and money for! Prioritize the work and communicate the plan to your team so everyone stays focused on the most important things. I’m lucky enough to have a strong ePMO that helps us develop the project list and prioritize with consideration for business requests and overall strategy. If you aren’t as lucky, be sure to develop and communicate your own priority standard to set expectations across the board.

Stepping into the IT leadership role has been both challenging and rewarding. It has required me to shift my perspective to a broader business narrative, ensuring that IT's contributions align with the company's strategic goals. By embracing the mindset of a business leader, I've learned that successful IT leadership isn't about mastering every technical detail. It’s about guiding the team with a clear vision, fostering strong leadership within the team, and ensuring that our IT initiatives support the business's growth and resilience. Though IT is at the heart of modern business, the most important function of any IT leader is to connect the dots between technology and the business outcomes that drive success.

Author Bio: Apryl Van Oss joined LION in May 2019 and accepted the position of Vice President of Information Technology in August of 2023. In this role, Apryl is committed to building a strong team that is ready to optimize LION systems and processes for organizational growth, efficiency, and innovation. Prior to joining LION, Apryl spent over 20 years working in diverse environments and has established several successful enterprise-wide Project and Portfolio Management Offices across various industries including legal, business, healthcare, insurance, and manufacturing.

Empowering Tomorrow's Tech Leaders: A Vision for Workforce Development

Sun, 01 Sep 2024 14:00:00 GMT

As we navigate the ever-evolving landscape of the technology industry, I am thrilled to share our organization’s unwavering commitment to workforce development. Our mission is clear: to connect, strengthen and champion the technology community.

The Power of Skill Enhancement

In an era where innovation drives progress, investing in skill enhancement is paramount. Our programs, workshops, and leadership training initiatives empower individuals to upskill, reskill, and adapt to emerging trends. Whether it’s mastering cloud computing, honing data analytics expertise, or diving into cybersecurity protocols, we believe that continuous learning is the cornerstone of success.

Bridging the Diversity Gap

Diversity fuels innovation. We recognize that a vibrant tech ecosystem thrives on varied perspectives, backgrounds, and experiences. Our commitment to inclusivity extends beyond mere rhetoric. Through our Women 4 Tech conferences and peer group meetings, targeted outreach, scholarships, and partnerships with organization like NPower, Sinclair College and so many more, we are bridging the diversity gap. Together, we can create a tech workforce that mirrors the world we aspire to build.

Nurturing Future Leaders

Our vision extends beyond immediate skill acquisition. We are passionate about nurturing future leaders. Our Emerging Tech Leaders program connects seasoned professionals with aspiring talent, fostering a culture of knowledge-sharing and growth. And we celebrate the achievements of our current leaders at the annual Leadership Awards. We also invest in the potential of those who will shape the industry’s trajectory through annual scholarships to college students.

Industry-Driven

The tech landscape evolves swiftly, and so must our educational offerings. Our conferences, events, workshops and programs are designed in collaboration with industry leaders, ensuring that you are equipped with relevant, real-world skills. From agile development methodologies to ethical AI practices, our offerings prepare individuals to thrive in dynamic workplaces.

Your Role in Our Journey

You play a pivotal role in our journey. Your insights, support, and advocacy drive our initiatives forward. As we embark on this exciting path of workforce development, I invite you to engage actively, share your expertise, and champion our cause. Together, we can build a resilient, adaptable workforce that propels the technology industry to new heights.

Thank you for your unwavering commitment to our shared vision. Let us continue to shape the future, one skill at a time.

#UniteDaytonTech

Sustainable Technology: Extending PC Lifecycles with Cloud Solutions

Thu, 01 Aug 2024 13:21:05 GMT

Introduction

In today's rapidly evolving technology landscape, sustainability is a critical consideration. Balancing innovation with environmental impact is essential for organizations aiming to reduce waste and resource consumption. One area where sustainable practices can make a significant difference is in managing the lifecycle of personal computers (PCs).

The Windows Dilemma

Windows 10 End of life
As Windows 10 reaches its end of life – October 2025, organizations face a challenge. Many PCs running Windows 10 won't meet the hardware requirements for Windows 11, leaving users with outdated systems. The traditional approach would be to replace these PCs with new ones, resulting in increased e-waste and unnecessary expenses.

Instead, is it time to rethink your desktop strategy?

The Alternative: Cloud-Based Solutions
Amid the Windows 10 End of Life challenge, organizations must consider sustainable alternatives. Let’s delve into three cloud-based solutions that extend PC lifecycles and reduce e-waste:

1. Cloud PCs

Cloud PCs offer an innovative solution. By moving desktop environments to the cloud, organizations can extend the life of existing hardware. Here's how it works:

● Virtual Desktops: Microsoft's Azure and Windows 365 offer virtualized Windows desktops accessible from any device with an internet connection. With the ability to scale Cloud PCs up or down according to your needs, provide secure access from remote locations, and support key scenarios like bring-your-own-device (BYOD) programs, Windows 365 helps lower environmental impact [1].

2. Thin Client and Virtual Desktops

● Thin client such as IGEL OS: Instead of replacing hardware, consider loading a thin client like IGEL OS onto existing devices. IGEL OS is a lightweight, read-only operating system designed for secure access to virtual desktops and applications. It extends the life of older PCs by repurposing them as thin clients, reducing e-waste and saving costs.

● Virtual Desktop Infrastructure (VDI): Implementing VDI solutions allows users to access their desktops and applications remotely. By centralizing management and security, organizations can reduce the need for resource-intensive agents on individual endpoints.

Benefits of Sustainable Approaches
While virtual desktops are not a new concept, there’s a common perception that they’re an expensive solution. However, this doesn’t have to be the case. As we come full circle, let’s explore additional benefits of adopting a new desktop strategy:

1. Cost Savings: Avoid unnecessary hardware purchases and reduce IT management costs associated with maintaining multiple endpoints.

2. Environmental Impact: By extending PC lifecycles, we decrease e-waste and contribute to a more sustainable future.

3. Security: Read-only operating systems like IGEL OS enhance security by minimizing attack surfaces and reducing vulnerabilities.

Conclusion
As IT leaders, CIOs, and IT managers, embracing sustainable technology practices is not only responsible but also economically advantageous. By leveraging cloud-based solutions and repurposing existing hardware, organizations can extend the life of PCs, reduce costs, and contribute to a greener planet.

Remember, the future of technology lies in our hands—let's make it a sustainable one! ️ [1] [2].

Disclaimer: The information provided in this article is for educational purposes only. Always consult with your organization's IT experts before implementing any changes.

References:

Source: Conversation with Copilot, 7/25/2024

Author Bio: Todd Wind has 13 years in the technology consulting industry serving the Cincinnati/Dayton business community. At CPC, Todd focuses on helping clients deliver a fast, secure, reliable, and consistent experience to their employees as they access the applications and data needed to run the business.

Innomark Communications Promoting Sustainable Tech in Upcoming Facility

Thu, 01 Aug 2024 13:17:06 GMT

In 2023, Innomark Communications began working with a skilled team of architects and energy consultants to design a 96,480 sq. ft. building that maximizes efficiency and promotes sustainability in all aspects.

Why Wi-Fi6?

Innomark’s IT team decided to roll out Wi-Fi6 at this facility for increased capability, as well as energy-efficient features. One advantage of upgrading is faster connection speeds, which means better upload and download speeds and handling large amounts of network traffic more efficiently(Intel). This facility will house digital printing and finishing equipment, as well as a team of 64 operators, pre-media professionals, planners, quality assurance experts, shipping and packing associates, and executive leaders. To continue high-quality production, and collaborate across departments, our team needs reliable and fast connectivity throughout the entire plant. Wi-Fi6 is going to allow us to continue to grow our digital printing capabilities and maintain clear communication through our internal team and with clients.

Another important feature of this upgrade is improved security, specifically a system that implements increased password security. “This authentication method helps make passwords harder to crack by using a more sophisticated method of establishing the handshake with the Wi-Fi network. This added layer of security, coupled with stronger encryption, means Wi-Fi will have more robust security options than ever” (Intel).Cyber security is an important training topic at Innomark Communications. Currently, network and data transfer security is ensured through a combination of stringent firewalls, protocols, and SSL encryption. Wi-Fi6 will only add to the tools Innomark already has in place to maintain technology security.

Wi-Fi6 can also potentially increase battery life on devices. With Target Wake Time (TWT) technology, there is an efficient communication between the router and device regarding when to sleep and wake up (Intel). Devices will spend less time and energy searching for a wireless signal, which can enhance battery life. This makes Wi-Fi6 a more sustainable option than previous wireless standards.

LED Lighting

Along with our upcoming facility, all Innomarkfacilities had high-efficiency LED lighting installed to replace less efficient fluorescent fixtures and high bay warehouse and shop lighting. The decision to incorporate LED lighting and other energy-efficient equipment (HVAC/ humidity control systems, roofing materials, and advanced insulation) is a projected savings of 30.4% in the new Digital Facility alone. The neighboring facility, Innomark’s 62,000 sq.ft. Litho Print operation, reduced their annual electricity usage for lighting by 65%.

Recycling & Disposal of Old Technology

The Ohio EPA encourages business to recycle electronic equipment no longer in use because it can contain hazardous materials (Ohio.gov). Innomark works with certified Ohio organizations to recycle old technology, through re-use or proper disposal. From used batteries to old laptops and monitors, our IT team handles disposal in the responsible way and continues to track our recycling habits and hazardous waste. This assists with the company’s adherence to the environmental commitments of its customers.

Innomark Takeaways

After specifically designing this facility with sustainability in mind, the Innomark Management Team has taken a closer look at how we can implement these processes at other locations. Sustainable technology can be a starting point in decreasing a company’s carbon footprint.

Author Bio: Greg Frimming is the Director of Information Technology for Innomark Communications with over 27 years of IT experience. He has a passion for all things technology and has many family members who also work in IT. Greg is a Miami University graduate, specializing in Cybersecurity.

Economic impact of CMMC on Small Businesses and MSPs

Mon, 01 Jul 2024 14:00:02 GMT

The Cybersecurity Maturity Model Certification (CMMC) framework, developed by the Department of Defense (DoD), is designed to enhance the protection of controlled unclassified information (CUI) within the Defense Industrial Base (DIB) sector. This requirement is expected to be enforced starting in Quarter 1 of 2025, with a roll out of 5 years and having one-fifth of all DoD contacts requiring CMMC each year. We will explore the various facets of how CMMC compliance can impactyour company's economic health.

How do I know if I need CMMC?

All DoD contractors, sub-contractors, and support companies will be required to be at least CMMC level one. This isdetermined if the company has any Federal Contract Information (FCI). Then most contractors, sub-contractor, and support companies that have access to Controlled Unclassified Information (CUI)are requiredto be CMMC level 2. There is also level 3 compliance, but this is more limited and has much higher security and data control requirements.

The Cost of CMMC

Achieving CMMC compliance involves significant upfront investments. Companies need to assess their current cybersecurity posture, identify gaps, and implement necessary controls. This may include upgrading IT infrastructure, purchasing new security software, changing current corporate culture, and hiring cybersecurity experts. These expenses can be substantial, especially for small and medium-sized enterprises (SMEs). In addition, any company that is supporting a DoD contractor or subcontractor needs to be CMMC compliant. This includes Managed Service Providers that support the companies.

The cost to be prepared for a CMMC assessment can range anywhere from $20,000 up to the $100,000s, depending on the scope of the project. This is why it is critical to have a good scope of what is required to be protected. Such scoping projects need to be the first step to compliance and cost management.

In addition to the upfront cost, there is the cost of the assessment itself. This needs to be done by an independent third party known as a C3PAO (Certified Third-Party Assessor Organization). These costs can range from $15,000 up to the $100,000s depending on the scope and size of the company being assessed. The larger the scope, the greater the expected cost.

Then there is the ongoing cost of compliance. A company should expect ongoing costs of CMMC. These costs include maintenance of security environments, any secure cloud environments, and physical environments. These costs should be expected to be anywhere from $1,000 to $5,000 per month per user depending on needs, scope, and amount of CUI (Controlled Unclassified Information) being protected.

The Cost of Non-Compliance

If a company decides not to go after a CMMC compliance, they will not be able to go after DoD contracts in the future. It will also remove sub-contractors and support companies from being able to service those contracts and companies. For companies heavily reliant on defense contracts, failing to achieve CMMC certification can be economically devastating.

If you are an MSP or IT service provider to DoD-contracted companies, DoD rule 32, CFR 170, Section 170.19,paragraph 5 states, “If an OSA (Organization Seeking Assessment) utilizes an ESP(External Service Provider), other than a Cloud Service Provider (CSP), the ESP must have a CMMC certification level equal to or greater than the certification level the OSA is seeking.” The Cyber AB has confirmed that MSPs do fall under the ESP standard.

The Value of CMMC

Though CMMC has a high initial investment cost and a substantial continuation cost, there are many advantages to having a CMMC certification. Because of its high cost,it creates a barrier to entry for competitors, giving your company an advantage in the marketplace. It is also possible to increase your costs to the government at a rate that is reasonable to the increased burden on your company.

Bio: Ken Fanger is a CMMC Registered Practitioner and has been working on CMMC compliance since 2019. If you would like to learn more about CMMC or request our CMMC Explained, please reach out here: https://ontechnologypartners.com/dod-contractor-contact-form/. Follow Ken on LinkedIn here: https://www.linkedin.com/in/ken-fanger-42502b5/.

C-Suite Spending on IT is an Investment – NOT a Drain

Mon, 01 Jul 2024 14:00:01 GMT

For information technology (IT) to be considered a valuable investment by the C-Suite, it must be strategically aligned with the business’s key objectives. IT expenditures that do not align with these objectives become a financial drain.

Simply aligning IT with the business is not enough. The IT investments must deliver the promised results and provide appropriate returns on investment (ROI). Achieving this requires a closed-loop process. The IT organization must maintain a relationship with the C-Suite, allowing visibility into both current and future business objectives. This ongoing conversation necessitates trust and a high level of IT competency.

One challenge with alignment is the diverse perspectives within the C-Suite. While all are focused on advancing the business and guided by the same objectives, each executive views the path to success through the lens of their specific function. This diversity requires the IT organization to have a robust prioritization mechanism.

This prioritization is typically managed through the IT portfolio management process, which assesses projects based on business impact (e.g., alignment with key business objectives, payback period, ROI) and implementation difficulty (e.g., risks, likelihood of success). After agreeing on a prioritized list of projects, the IT organization must match available resources and investment capacity to these projects. It is crucial that all proposed investments are cost-efficient and perceived as reasonable by the C-Suite.

Building relationships and trust with the C-Suite is vital. When C-Suite members perceive IT estimates as too high, it is often due to a lack of understanding of the required integration with legacy systems or the extent of change management needed. Therefore, accurate and comprehensible estimates are essential.

During project prioritization, it is important to establish clear metrics for success. Success extends beyond mere implementation; it includes delivering the projected business value. The IT organization’s commitment to the C-Suite must be fulfilled. As an example, a CEO at NCR would always ask, “If I give you a dollar today, when will you return it to me?” He wanted an answer of less than a year, though he made exceptions for larger projects, emphasizing accountability for business value return.

The IT organization must have a process to evaluate investments six months to a year post-implementation, ensuring that the returns are meeting expectations. These returns can manifest as cost savings, reduced time to market, improved customer satisfaction, or increased revenue, all contributing to the entity’s bottom line. This process is often referred to as business value management.

In summary, success in collaborating with the C-Suite hinges on building relationships and fulfilling commitments. IT organizations need to understand key business objectives, align their investments accordingly, prioritize investments based on C-Suite directions, successfully implement projects, and ensure these projects deliver the expected business value. Consistently delivering business value to the C-Suite will dispel the notion of IT investment as a financial drain.

Bio: Don Hopkins is the Interim Dean of Raj Soin College of Business at Wright State University and former Chief Information Officer at NCR, SunGard Availability Services and International Game Technology. He also served as Vice President of Global Procurement and Supply Chain Management at both NCR and SunGard Availability Services and International Game Technology.

Mentoring Saves You Money

Mon, 01 Jul 2024 14:00:00 GMT

Finding qualified tech talent, especially at the junior level, can be a tough task. Employers are often spammed with resumes from candidates, and it can be difficult to filter through resumes and determine which applicants actually know their stuff. Talent teams are already spending countless hours trying to narrow down the applicant pool for higher level positions, and these entry level roles can add undue stress.

What’s a hiring manager to do?

Establishing a pipeline of junior level talent by creating a community of mentorship is not only financially beneficial for companies, but provides a more qualified, and often diverse, talent pool for years to come. The creation of a mentorship program also challenges development teams to make clear processes for onboarding new hires, which can help explain the work in a more concise, consistent way for employees across all levels. This results in new hires who are onboarded more quickly and efficiently, and who can begin making an impact much sooner.

How Can this Pipeline be Established?

For example, Code:Youprovides free training to adults aiming to transition into tech-related careers, and an integral piece of the program are the volunteer mentors who help students navigate their learning journeys. Qualified professionals who are already in the tech field work with students to help with troubleshooting, knowledge checks, and learning what it’s like to actually work in the tech field. Mentors get to watch their students succeed and build lasting relationships with them. This set-up has allowed for a life cycle of giving back, with former students coming back to mentor the program once they are more established in the industry.

Companies can intentionally structure their own development teams around mentoring by creating internal pipelines. Senior devs can mentor mid and junior folks, while mid-level employees looking to flex their leadership skills can mentor juniors or interns. By structuring their code, deployment process, and documentation around mentoring, companies can come up with processes that are easy to learn and explain for folks at all levels. This leads to clean code and well documented projects that anyone can contribute to, but requires a team buy-in to build out successfully.

Get First Pick of Talent

For example, at Code:You, mentors work with the same group of students for up to 20 weeks, allowing them to get to know their work ethics, skills, and unique backgrounds and interests. This relationship gives mentors the ability to pinpoint students who not only know their stuff on a technical level, but whose background and transferable skills would be a good fit for their company. Instead of sifting through a pile of faceless resumes, they have a pool of qualified talent at their fingertips, saving both time and money in their hiring process. Companies can mimic this model by bringing on early level talent for internships and using established mid to senior level talent to mentor and foster that talent.

Strengthen Your Team

Providing a strong mentor experience can allow companies to train students or potential employees in skills important to them. Instilling best practices from the get-go can allow for a shorter onboarding period and learning curve once a new hire starts, allowing them to make a more immediate impact.

Latecomers to tech can also be an excellent asset for your team, because they often bring other skillsets and/or industry knowledge to the table.

Sharpening Your Team’s Skills

Mentors are helping the next generation of tech talent grow into full-fledged junior developers. A mentor does not need to be an expert developer or have prior teaching experience. In fact, self-taught developers who are around the mid-level tend to be some of the best, because they know where students are coming from, and can provide a similar perspective. These leadership experiences can empower higher level developers to grow more in their own careers.

Have fun!

Day jobs can be a slog from time to time, even for those who genuinely enjoy what they’re doing. Mentoring adds back in some of the fun of what you do day to day. Helping students work through problems and create exciting new project ideas can help remind you why you got into the field in the first place. Getting more involved in the tech scene is sure to benefit you professionally.It will also surely provide personal benefits as well.

Creating a strong community of mentorship is not something that happens overnight, but the benefits are worth the hard work. According to a 2022 article from the Society for Human Resource Management (SHRM), employers estimate the total cost to hire a new employee can be three to four times the position’s salary. By cultivating a community of mentorship, your company can lessen those costs by finding talent that is not only a skills match, but a culture match, and set to succeed.

Bio: Shannon Sheehy is the Manager of Strategic Partnerships for Code:You, a non-profit program that has helped over 1,000 adults launch exciting new careers in technology since 2015. Through her role, she manages the careers team that assists program participants in finding jobs after completion of their training program. A Dayton native and graduate of Miamisburg High School, Shannon now resides in Louisville, KY.

Budgeting for the Cloud in 2025

Mon, 01 Jul 2024 13:00:00 GMT

Hello Tech Community!

As we gear up for another exciting year in the world of technology, it's time to talk shop about one of the hottest topics on every IT leader's mind: budgeting for the cloud in 2025. I'm thrilled to dive into this with you because, let's face it, the cloud isn't just a buzzword anymore – it's the backbone of modern IT infrastructure.

So, let's start with the headline news: Gartner's latest report predicts that by 2025, a whopping half of enterprise IT spending will be allocated to cloud technologies. Wrap your head around this figure: nearly $1.8 trillion – that's trillion with a 'T' – is expected to be spent on cloud services alone.

But before you break into a cold sweat thinking about budget overhauls and endless spreadsheets, fear not! I've got your back with a savvy roadmap to help you prepare for this cloud-centric future while keeping your budget in check.

Here's the lowdown on how to navigate the cloud migration and budgeting waters in 2025:

1. Know Thy Infrastructure:

Take stock of your current IT setup like a seasoned detective. What apps are you running? Where are your workloads chilling? Understanding your infrastructure inside-out is key to figuring out what's ready to make the leap to the cloud.

2. Show Me the Money:

Budgeting for the cloud isn't just about crunching numbers; it's about predicting the future (cue the crystal ball). Work closely with your finance team to map out the short-term migration costs and the long-term operational expenses. Remember, a little foresight goes a long way!

3. Craft Your Migration Strategy:

Rome wasn't built in a day, and neither is your cloud migration plan. Take it step by step. Decide which workloads get first-class tickets to the cloud and which ones can chill in the on-premises lounge a little longer. Oh, and don't forget to factor in downtime – nobody likes surprises!

4. Lockdown Security & Compliance:

Security isn't just a buzzword – it's your shield against cyber nasties. Beef up your security measures and ensure you're compliant with all the regulations lurking in the shadows. Trust me; it's worth the peace of mind.

5. Skill Up, Buttercup:

The cloud isn't just about fluffy white things in the sky; it's about empowering your team with the skills they need to navigate this brave new world. Invest in training and upskilling initiatives to ensure your squad is ready to rock the cloud like pros.

So, there you have it, folks – your roadmap to cloud success in 2025! Buckle up, because the journey ahead is going to be one heck of a ride. And remember, the tech community is here for you.

Until next time, stay curious, stay savvy, and keep pushing the boundaries of what's possible in tech!

Melissa

Melissa Cutcher
Executive Director
Technology First

Protecting Your Capital Investment

Sat, 01 Jun 2024 13:04:00 GMT

The Industrial Internet of Things (IIoT) and adjacent technology continues to have a profound impact on industrial processes, creating opportunities for product and service transformation. From intuitive graphic interfaces and intelligent device sensors to full-scale industrial workcells and more, successful technology integration is proven to optimize operations. That said, here are several concepts for companies to consider:

Install a Robot

An outside-of-the-box concept for many to consider, the adoption of robotic technology further enhances the IIoT ecosystem, driving further growth toward operational excellence. Where applicable, companies that successfully integrate and synchronize highly efficient robots with their current network of devices, including capital equipment, have discovered benefits such as greater production workflow, part quality, product throughput, operational safety, and return on investment (ROI).

A prime example of this is the integration of an industrial or human-collaborative robot to load/unload machined parts. A highly mundane and potentially dangerous task (depending on the part and environment), the combined use of innovative end-of-arm tooling (EOAT), easy-to-use electrical interfaces and flexible-yet-robust robots enables highly consistent part transfer. Not only is this reliable and consistent method of transfer ideal for protecting the integrity of capital equipment such as press brakes, but also, employee health and safety concerns can be substantially minimized. As an added benefit, workers can be redeployed to safer, value-added tasks for increased competitive edge. Applications for palletizing, pick and place, and welding are other labor intensive tasks that are frequently automated.

Execute Security Standards

Whether an industrial robot or another piece of machinery has been deployed, companies that integrate and synchronize equipment to an IIoT framework should understand the potential cybersecurity threats and vulnerabilities these machines (and others for that matter) can face. From exploiting weak passwords to ransomware attacks and more, there are a variety of ways “bad actors” try to disrupt operations. For these reasons, it is important for decision makers to take all necessary steps to ensure robot and enterprise safety.

Adhering to robot safety standards and industry best practices such as the Robot Security Framework (RSF) is suggested. Additionally, replacing default passwords with strong passwords, along with backing up robot and peripheral data at regular intervals is helpful.

Encryption and authentication techniques to protect data and communication may also be helpful to securely connect robots to necessary systems or networks. Protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) can aid in encrypting and authenticating data transmitted over the internet or other networks, while Virtual Private Network (VPN) technology can create a secure and encrypted tunnel between devices and a remote server. Public Key Infrastructure (PKI) may also be used to employ digital certificates and keys to encrypt and authenticate data.

“Hardening” devices and existing networks to withstand physical and logical attacks is also important. This process is done by applying security measures and configurations that disable and/or remove any service and feature that is not required for robot or device operation. This includes apps, interfaces, ports, protocols, etc.

Clearly defining internal roles and responsibilities for managing the robotic system (and inter-connected devices), when needed, is also ideal. While this is not a complete list of protocols and methods that may be used, it indicates that cybersecurity is a real threat that should be taken seriously, and proper precautions should be implemented to protect operational integrity.

Use Machine Monitoring

Many devices (CNC machines, robots, grippers, scanners, torches, etc.) can provide a wealth of information pertaining to equipment performance and operational trends. The ability to check, harness, and transform this data into actionable insights is extremely valuable for achieving the highest level of operational efficiency – as it enables data-driven optimized planning for key decision making.

That said, the implementation of a factory automation monitoring system that supports multiple brand devices and collects data in real time is suggested. From a manufacturing perspective, IIoT monitoring tools (along with product/part tracking) are helpful for detecting system errors, part defects and production bottlenecks.

Proven edge server solutions that use a leading OPC-UA interface to enable an integrated, intelligent, and innovative approach to data analytics are ideal. This allows decision makers to see what is happening at any point on the value creation chain. In turn, this helps to make informed choices that provide the ability to better manage supply chain complexity, maintain high-throughput production and execute strategic company goals.

Practice Preventative Maintenance

The key to peak performance operations is maintaining the health of a robot and other capital equipment. While the use of machine monitoring for predictive and preventative maintenance can play a large part in the life cycle management of automated tools, visual checks of a robot system should not be overlooked. From performing a grease analysis to monitor iron levels to doing a manual test to check for worrisome vibrations and gear noise, there are common assessments end users should perform to protect their robotic investment.

With any high-end purchase, it is always smart to invest in the value-added support programs available through the equipment supplier. Not only does this help ensure maximum asset performance, but also it provides prime ROI. Locking into an annual or extended service plan can augment a company’s preventative maintenance strategy, while ensuring issues are addressed in a timely manner to optimize uptime.

Whether protecting a robot or robot system purchase, maintaining the life cycle of another piece of capital equipment, these concepts should help build a solid foundation. As always, any questions should be directed to your robot supplier or equipment manufacturer – as this will provide the best source of information for moving forward.

Bio: Bill Edwards is Sr. Manager of Collaborative Robotics at Yaskawa Motoman, where he strategically oversees all aspects of collaborative robot planning, design, specification and approval. With over three decades of experience in engineering and project management, as well as control systems application and design, Bill is dedicated to developing safe, high-quality robots that foster greater production efficiency. He is a voting member for both the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI), where he serves on various industrial robot safety committees.

Protecting Your Technology Investment in the Face of Fast-Paced Changes and Security Threats

Sat, 01 Jun 2024 13:02:00 GMT

In today's rapidly evolving technology landscape, safeguarding your investment in technology is good business sense. With the ever-present threat of cyber-attacks to companies of all sizes and the need for scalability, businesses must adopt proactive measures to protect their assets while maintaining flexibility for growth. This article explores a concept called “continuous threat exposure management” and strategies to ensure scalability in the face of these evolving challenges.

Continuous Threat Exposure Management

Vulnerability Assessment: Scope for cybersecurity exposure
Develop a discovery process for assets and their risk profiles
Prioritize the threats most likely to be exploited
Validate how attacks might work and how systems might react
Mobilize people and processes

SUMMARY

Continuous Threat Exposure Management (CTEM) is a formal, proactive approach to identifying, assessing, and mitigating risks to an organization's digital assets. It involves continuously monitoring the organization's technology infrastructure, applications, networks, and data for vulnerabilities and potential threats. The goal of CTEM is to minimize the organization's exposure to cyber threats by identifying and addressing weaknesses before they can be exploited by attackers. The need for processes like CTEM in organizations of all sizes is an unfortunate reality of today’s world.

According to Gartner, the 5 major steps in CTEM are:

Vulnerability Assessment: Regularly scanning and assessing the organization's systems and networks to identify vulnerabilities, misconfigurations, and weaknesses that could be exploited by cyber threats.

The full vulnerability assessment process is an ongoing investigation of not only what ports might be accessible from the Internet, but also a complete scan of internal resources and what might be accessible to a “bad guy” if they do get inside the network. In years past, it was often deemed sufficient to do a scan of your company’s “public” footprint to see what ports might be open to internal resources and identify any misconfigurations or flawed security from that perspective. More recently however, since over 90% of cyberattacks begin with a phishing email, which ends up either compromising a local system, or a cloud email platform, looking at the technology from the perspective of the bad guy is the better approach.

Most organizations, especially smaller companies, may not have the internal resources or tools to conduct these types of scans internally. The use of an external 3^rd party resource which specializes in Cyber Security Penetration Testing is advised. Even MSPs (Managed Service Providers) find it wise to outsource this specialized service to 3^rd parties on behalf of their clients.

Threat Intelligence Integration: Incorporating threat intelligence feeds from various sources to stay informed about emerging threats, attack techniques, and indicators of compromise relevant to the organization's industry and technology environment.

Keeping up to date on everything technology related is a daunting process, and now we need to keep a close eye on Threat Intelligence as well. While there are many open-source, online resources that provide lots of up-to-date information on threats, keeping up to date on them is difficult, especially for small businesses.

The FBI’s InfraGard program is a collaborative product between the FBI (Federal Bureau of Investigation) and members of the private sector. Authorized users of the InfraGard program can share information, networks and educational workshops to keep up on threats relevant to 16 specific infrastructure categories.

There are also 3^rd party resources providing consolidated resources for vulnerability and intelligence.

Patch Management: Implementing a structured process for installing security patches and updates promptly to address known vulnerabilities in software, operating systems, and applications.

It is common knowledge that Microsoft, as one of the predominant software providers, releases their standard patches on “Patch Tuesday” -- the second Tuesday of each month. Patch Tuesday is the unofficial term for the day when Microsoft releases update packages for the Windows operating system and other Microsoft software applications, including Microsoft Office. In some cases, Microsoft will issue "out-of-band" updates for particularly critical security flaws, especially ones that are being exploited in the wild.

As Microsoft patches security vulnerabilities, it doesn't release those patches immediately. Instead, the company gathers those fixes into a larger update, which is released on Patch Tuesday.

Windows workstations and servers automatically (by default) check for updates about once per day. The average system should automatically download these updates quickly but may delay installation.

With the number of issues with Microsoft updates over the past several years, many organizations hold off on applying updates for a week or two, to make sure there are no issues noticed.

Security Monitoring: Using monitoring tools and technologies to continuously monitor network traffic, system logs, and user activities for signs of suspicious or malicious behavior that could indicate a security threat.

Network monitoring is crucial for small businesses to ensure the health and functionality of their computer networks. In today’s digital landscape, where businesses heavily rely on technology, having a robust network monitoring system is essential to find issues and potential threats. As small businesses often have limited IT (Information Technology) resources, it becomes even more vital to have efficient network monitoring in place.

Incident Response Planning: Developing and regularly testing incident response plans to ensure the organization is prepared to detect, contain, and respond effectively to security incidents when they occur.

Businesses should have a written plan that identifies those steps to take in an incident, including notifications to Cyber Insurance carriers, customers, and law enforcement. Preventive steps to keep business functionality include backup and recovery procedures to help a business recover and get back to normal operation as quickly as possible.

Risk Prioritization and Remediation: Prioritizing vulnerabilities and security risks based on their severity, likelihood of exploitation, and potential impact on the organization's operations, and implementing proper remediation measures to mitigate these risks.

The formal Continuous Threat Exposure Management (CTEM) process is an approach to identify, assess and mitigate risks to an organization's technology assets. While this approach is ideal in a perfect world, it does entail significant investments in processes and resources.

For smaller business without the internal resources for this process, a Managed Service Provider may be able to provide these services or coordinate with 3^rd parties for some of these steps such as Vulnerability Assessments, understanding threats, implementing Patch Management controls and Security Monitoring.

Bio: Barry Hassler is the founder and President of Hassler Communication Systems Technology, Inc (HCST), a business IT Managed Services Provider based in Beavercreek OH. HCST has been in business since 1991 and serves a variety of small businesses primarily in the Dayton and Springfield Ohio

Panetta, Kasey, “How to Manage Cybersecurity Threats, Not Episodes”, Gartner, 3 May 2024, https://www.gartner.com/en/articles/how-to-manage-cybersecurity-threats-not-episodes

The Overlooked Security Risk

Sat, 01 Jun 2024 13:00:00 GMT

Copiers (MFPs) and Printers are often forgotten when it comes to a company’s security policy. As IT professionals continue to invest time and money into tightening their cybersecurity, it is vital to include MFPs and Printers in their policy. Copiers of years ago were simple devices, not connected to a network and they only made copies. As technology has advanced, so have MFPs. These devices are just like any other device on your network and are a gateway to an enterprise’s most sensitive data.

According to a 2023 Print Security Landscape Survey by Quocirca, 61% of organizations have experienced a print-related data loss over the past year and 39% struggle to keep up with printer security.

Below are the top MFP and Printer security risks and how to mitigate them:

1. Physical Access: Documents left on the output tray pose a significant security risk. We recommend a “follow you” print strategy to enable the device to “hold” the job until an end user authenticates and releases at the device.

2. Default passwords: Factory preset credentials need to be changed by administrators.

3. Lock Down Scanning Access: MFPs are often used more for scanning than copying. Scanning should be locked down at the minimum to scan only to your company’s domain. To take it a step further, having users authenticate with their user credentials and enabling “scan to myself” is a best practice. If scanning isn’t locked down, confidential documents can be sent to “Gmail or Yahoo” addresses and your company wouldn’t even know it was sent.

4. Lack of Security updates: Your Vendor should work with you to ensure these devices have updated firmware and software patches.

5. Hard drive wipes: Before these devices leave your environment to either be shipped back to a leasing company or decommissioned, it is vital to wipe or destroy the hard drive.

6. Track and audit device usage: Many companies are investing in print management software to track who is using these devices and how they are using them. You can limit what a user has access to and have audit trails of how each employee is using the device.

7. Home office printing: With the trend of a hybrid workplace continuing to grow, it is vital to make sure that home office printers are configured and set up with the same security settings as your in-office devices are.

8. Standard security features on devices: Many devices now come with SIEM integration, Verify System at Startup, SSD Data Encryption, and Encrypted Secure Print. It is important to ensure that these security features are enabled and set up properly.

9. Cloud printing risks: Cloud printing services are on the rise, but it is important that your provider has robust security measures in place. End-to-end encryption of print jobs, reviewing activity logs and reviewing access control all need to be in place.

MFPs and Printers are an integral piece of technology in organizations, but if left unmanaged can pose a high security risk. Confidential data regularly moves between user’s PCs, Servers and MFPs/Printers, so it’s important to have a security plan in place to protect your print environment.

Bio: Leah Seymour is the Senior Sales Director for Modern Office Methods (MOM) and has 26 years of experience in the Office Equipment Industry. She specializes in working with IT Leaders in Healthcare, Manufacturing, Logistics and Higher Education to help them improve productivity, control costs and secure their devices.

Protecting Your Investments: It Begins & Ends With Your People

Sat, 01 Jun 2024 12:00:00 GMT

Building a technology organization involves substantial investments – from hardware, software, and cloud solutions to the critical processes governing, modernizing, and maintaining operations, not to mention the invaluable talent driving these initiatives.

Your investment in people is particularly crucial, as skilled personnel play a pivotal role in developing, managing, and effectively utilizing technology. Identifying, recruiting, and onboarding the right talent requires significant time and resources. However, the journey doesn't end there. Retaining these team members necessitates a strategic plan and continued commitment of time and resources.

Here's how your business can safeguard its investment in people:

Leverage Technology First:

Attend peer group meetings for insightful peer-to-peer sharing and learning.
Transform a peer group meeting into a one-on-one development opportunity by bringing a team member along.
Expand knowledge and strengthen networks by attending conferences.
Encourage subject matter experts (SMEs) to submit presentations at conferences, enhancing their speaking skills.
Foster collaboration by actively participating in our peer resource group forums.
Join a committee and contribute resources to give back to the community.
Share volunteer opportunities with your team to promote team building.
Nominate a team member for a Technology First Leadership Award and attend the event to support all finalists.

Prioritize Well-being and Development:

By prioritizing the well-being, growth, and development of your technology workforce, your business can ensure a resilient and motivated team that drives innovation in the dynamic technology landscape.

Connect, Strengthen, and Champion Your People:

The more you invest in connecting, strengthening, and championing your people, the more invested they will be in the career you're developing together.

As you focus on protecting your technology investment, take a moment to enjoy summer activities that energize you. We hope to see you at one of our upcoming Tech First events!

Melissa

What Every Tech Leader Should Stop Doing Right Now

Marla Halley — Thu, 25 Apr 2024 16:32:04 GMT

*SMACK!*

Stop it! Stop it right now!

*SMACK!*

We all know the classic Hollywood trope: the heroine stands her ground in front of the “false threat”. In the face of her unexpected authority and steadfast agency, that threat suddenly comes up short (and to great comic effect!). From there, what initially presents itself as an insurmountable obstacle to the heroine ’s journey transforms into a loyal and steadfast ally for the rest of the plot. Think: Dorothy and the Cowardly Lion, or Cher and Nicolas Cage, or Kagome and Inuyasha.

If only life would work like that. If only our work would work like that.

There are a lot of lessons to be pulled out of these stories: team building, change management, system transformation, etc. But there ’s a warning here, too. A warning that gets glossed over too often and leads to a lot of failed team building, change initiatives, and system transformations. The warning of the Magic Bullet Mentality - mistaking the resolution of the “false threat” for the solution of the real problem.

Everyone falls for the Magic Bullet at some time; most times, multiple times. “Do this one thing!” “Make this one change!” “Install this one tool!” Too often, especially in Information Technology, the Magic Bullet Mentality leads to buying and installing some very high-priced (and, therefore, high-visibility) tools that fail to live up to their promises. And what do you have to show for it all? A big hole in your budget, a burned out support team, and a lot of angry questions from your business leadership.

So, if we are all susceptible to the trap, how can we avoid this ‘magic bullet’ thinking? Even better, is there a way to rescue a deployment that obviously started with a ‘magic bullet’ in mind? There are three questions to ask, right now, to help:

1. Do you have a “Process Map”?

Process mapping might not be the latest buzzword, but it’s darned important nonetheless. And the sooner the process mapping is done around the existing tool, the better. That’s right; the existing tool.

Too often we’re so enamored with the promised benefits of the new tool, we want to skip to the end and not do the due diligence necessary to map out the work ahead. But how else can one ensure new tooling will successfully take over the job of the old one, if you can’t describe the work the old one was doing? You can’t. You need a baseline to measure against.

The Process Map as a baseline has another benefit. Once completed, a savvy project manager can take it, break it down into the individual components and efforts, and build a much more effective project plan. And a project manager with a proper project plan will be much more likely to succeed. Already started the project and don’t have the Process Map completed?

*SMACK* “Shame on you!” - Dorothy Gale, Wizard of Oz (1939)

2. Do you have a “Data Map”?

Data mapping is a newer buzzword, but it is not the same as a Process Map. A Process Map charts the relationships between business functions and processes. It provides insight on: which departments are responsible and accountable for what activity, who gets informed or consulted about those results, and what needs to happen before and after. A Data Map describes the flow of information between the various systems and technologies described in the Process Map, down to the individual data attributes.

Consider an example. Three teams work together to procure hardware and software assets: Vendor Management, Purchasing, and IT Service Management. Each uses different tools to do their jobs and coordinate using email, chat, and excel charts. The Process Map will show how these teams work together, and how a new ERP system could provide response and operational efficiencies. The Data Map would show that the Service Management team needs cost center codes and project number data in order to keep break/fix inventory separate from capital expensed equipment. And, come to find out, that new ERP system requires a whole separate financial module to be able to handle that demand.

Let me guess. You already started the project without a data map?

*SMACK* Snap out of it! - Loretta Castorini, Moonstruck (1987)

3. Have you done a “Feature Analysis”?

To be fair, the issue exemplified above could also have been noticed with a proper Feature Analysis. Nobody likes doing them, but the money and heartache that can be avoided by making sure the right tool is chosen cannot be stressed enough! A Feature Analysis goes beyond merely sitting through a boring sales demo, or copy/pasting the feature comparison from gartner.com . The Feature Analysis lays out the manufacturer’s plans and roadmaps for future features, prices out the cost of support services and discounts offered, interviews and investigates other customers’ satisfaction with the tool and implementation. The Feature Analysis will also draw direct connections between issues internal clients are having with their existing tooling and the features offered by all the other tools being considered.

Unfortunately, a Feature Analysis will not be of much good if the tool has already been purchased. But if you are still in the planning stage?

*SMACK* “Sit boy!” - Kagome, Inuyasha (2000)

BONUS QUESTION: Consider a third-party consultant?

The idea of bringing in a third-party consultant - in addition to the internal technical personnel, the manufacturer’s technical resources, project manager, stakeholders, etc. - gives the feeling of ‘too many cooks in the kitchen.’ However, if the installation project is already in flight and there is a high degree of “magic bullet” thinking, a third-party consultant can be just the solution.

The manufacturer’s provided resources are really there for one goal: to complete this installation to the client’s satisfaction (or contractual obligation). Usually, they will be running a script, checking boxes, and only provide specific solutions to specific technical challenges that arise. They will not be able to make suggestions surrounding process changes, data flows, internal responsibilities or external accountabilities. The internal team might know the ins-and-outs of the current platform, policies, and users. But they might not have the experience with large digital transformations and the challenges the new tooling will present.

A third-party, independent consultant can provide the experience and guidance to help both the internal and external teams succeed. An experienced consultant will have actively participated in a number of similar deployments (not just the tool in question, but competitors as well). They will be able to describe the usual mistakes and provide recommendations to the internal team and increase their change of success. At the same time, they can engage the tooling resources to effectively and efficiently ensure the tooling resources can overcome challenges in a way that ensures long-term success for the client (not just the installation). A third-party, independent consultant can also provide benefits in other areas as well: completing documentation, crafting training materials, building internal reporting to ensure the new tool stays useful.

Bio: Jeremy Boerger founded Boerger Consulting, to improve and promote the benefits of Information Technology Asset Management (ITAM) programs for medium and large businesses. He is a published author and sought-after speaker at technology expos, conventions, and podcasts around the world. His clients routinely see a one-third reduction in their software operations budget, usually within nine- to twelve-month timeframe.

Stop Hiding in Your Office

Marla Halley — Thu, 25 Apr 2024 16:19:36 GMT

In the tech leadership world, there’s this common trap we can fall into—hiding away in our offices. It's easy to do, especially for those of us who lean a bit on the introverted side. But here’s the thing: to really get the pulse of what’s happening in our field, we've got to get out there and engage with the people doing the actual work. Technology’s all about making things easier and more innovative for our teams, but there’s often a gap. Folks not living and breathing tech might not know about all the cool tools they could use, and us tech leaders might not see the creative shortcuts or workarounds they're using to get things done.

So, how do we bridge this gap? How do we get more in tune with the heartbeat of our companies? Here are a few thoughts:

Chat it up in the hallways: Seriously, just talk to people. Get to know the movers and shakers in your company. You’ve got to build some trust, so they'll open up about their daily grind. When you’re visiting different sites or meeting with customers, leave some room in your schedule for those chance hallway chats that can lead to gold. Find out what big problems they’re trying to crack and maybe, you can throw in your two cents about a project that might help them out.
Mix your teams: Have your tech folks spend some time shadowing the end-users. It’s eye-opening to see if the tools you’ve deployed are actually making life easier for them or if they're just sitting there gathering virtual dust.
Know your stuff: This one’s a given but keep digging deep into what your business systems can do. The more you know, the better you can jump into conversations with something useful to contribute.
Circle back on solutions: After you roll out a new tool or system, don’t just walk away. Check back in after a month or two to see if it’s really making a difference or if it needs a tweak here and there.

Getting out of your office and engaging with your team not only helps your tech team get seen as the go-to problem solvers but also makes your work a lot more enjoyable. It’s about building connections, understanding the real-world application of your work, and continuously improving things.

In short, stepping away from the comfort zone of your office and diving into the daily lives of those around you is key for any tech leader looking to make a real impact. It’s all about fostering a sense of community, being open to learning from the ground up, and using that insight to drive innovation and efficiency. Plus, it’s just a more fun and fulfilling way to work. Making those connections, understanding challenges first-hand, and seeing the direct impact of your solutions.

*****

Bio: Karen Kauffman is the Director of Information Technology at Precision Strip Inc. Karen has 35 years of experience in the IT industry, with 20 years of leadership experience. Precision Strip leads the industry in metal processing for the automotive, appliance and beverage can industries.

Unchecked Generative AI: An Amplified Insider Threat Tech Leaders Must Address

Marla Halley — Thu, 25 Apr 2024 15:18:40 GMT

If we were to view technological growth through a wide-angled lens, it becomes evident that advancements are significantly outpacing governance. This rapid progress presents tech leaders with a formidable challenge: How do you safely deploy Generative AI while maintaining data security? As a transformative force, Generative AI rockets innovation forward. Yet, from a data governance perspective, these AI tools also introduce great risks such as unintentionally birthing an amplified insider threat. This dichotomy makes vigilant oversight crucial. This article highlights the dual nature of Generative AI and proposes essential steps to harness its potential while ensuring a safer deployment.

The Double-Edged Sword of Generative AI: Innovation and Risk

Generative AI significantly bolsters one technological capability, serving as a uniquely clever assistant that streamlines creative processes and enhances data analysis. These advancements don't just open the door to a wide variety of innovative opportunities—they also add a layer of complexity to the management and oversight of these potent productivity enhancers. Without proper checks, the very features you value can quickly morph into formidable threats, leading to security vulnerabilities, misinformation campaigns, and unforeseen ethical dilemmas.

This nuanced challenge to privacy is enhanced by insider threats, which often stem from either human error or malicious intent. Sometimes, malicious attempts to compromise an organization can be inadvertently thwarted due to the perpetrator's sheer ignorance of what critical data they can access. However, in today's reality where data sprawl is rampant and permissions management becomes increasingly complex, Generative AI could unintentionally facilitate privacy breaches. Operating autonomously, it may grant unauthorized access or usage of sensitive information, escalating the risk of data breaches. To go a step further, as AI tools become more sophisticated and adapt within these lax ecosystems, they might inadvertently widen the impact of insider threats, accessing critical data that would otherwise remain undiscovered. Navigating these complexities requires tech leaders to practice stringent supervision of data stores, ensuring AI is employed within strict parameters to uphold privacy and safeguard data integrity.

Common Pitfalls of Unchecked Generative AI

The pitfalls of unchecked Generative AI are as varied as they are significant. Take, for instance, the case where a seemingly innocuous mistake by an executive assistant—sharing an executive folder via a collaboration link—became an open vault for anyone within the organization. This misstep led to a critical breach when a departing, disgruntled employee exploited the oversight. The worker harnessed the capabilities of a Generative AI Assistant, Microsoft Copilot, to ingeniously request and obtain sensitive data including executive compensation details, family trust documents, and personally identifiable information (PII) of the organization's leaders.

Such incidents underline the multifaceted nature of threats posed by unregulated Generative AI. They are not confined to the direct actions of the AI itself, but also encompass how it can be maneuvered to fulfill harmful intentions—especially when combined with human ingenuity and malcontent. This unpredictability of AI-assisted threats adds an intricate layer to the already complex challenge of safeguarding against data breaches, emphasizing the need for rigorous AI governance protocols within any enterprise.

Strategic Steps to Mitigate Risks

To effectively manage Generative AI and maintain security integrity, technology leaders should consider implementing the following strategic measures:

1. Adopt a Least Privilege Model:

Restrict access to data strictly on a need-to-know basis.
Regularly review and adjust permissions to minimize unnecessary access.

2. Establish Robust Ethical Guidelines:

Draft and enforce clear policies on AI's decision-making boundaries.
Create protocols for swift intervention if AI actions deviate from norms.

3. Deploy AI Monitoring Tools:

Implement systems for real-time oversight of AI activities.
Ensure traceability of AI actions to their sources for accountability.

4. Integrate AI Risk Assessments:

Incorporate AI threat evaluations into existing security frameworks.
Develop proactive strategies to respond to anticipated AI vulnerabilities.

5. Educate and Train Staff:

Conduct regular training sessions on the benefits and risks of Generative AI.
Promote a company-wide culture of AI awareness and responsible use.

These actionable steps provide a comprehensive framework for mitigating the risks associated with Generative AI, promoting ethical use, and fostering an environment of informed vigilance.

Charting a Safer Course: The Imperative of AI Governance

We truly do stand at a crossroads of innovation and responsibility. It’s clear that unchecked use of Generative AI tools presents formidable risks alongside their tremendous upside for productivity. The incidents and challenges we've discussed underscore how essential it is to take a proactive risk management approach when deploying Generative AI in your ecosystem.

To ensure the ethical deployment of AI, it is imperative to establish and uphold stringent ethical guidelines. These guidelines act as the compass that guides AI behavior, ensuring that it aligns with your values and ethical standards. Additionally, investing in comprehensive education and training programs is not just about risk avoidance but also about empowering your team to leverage AI responsibly and effectively.

By reinforcing these two pillars—ethical guidelines and continuous learning—you cultivate a knowledgeable and principled workforce. Strengthen your AI oversight and educate your teams on how to safely utilize AI tools. By taking these decisive steps, you will not only protect your organization but also position it to thrive, deploying AI with precision and security.

****

Bio: Ramone Kenney brings over 13 years of expertise in providing technology solutions to complex challenges. As Manager of Enterprise Accounts, specializing in Cyber Security for Varonis, he is instrumental in overseeing the deployment and implementation of robust data security measures. Ramone is committed to leading the charge in risk reduction initiatives, ensuring that his clients are safeguarded against ever-evolving digital threats.

Elevating Leadership and Bridging Digital Skills

Marla Halley — Wed, 27 Mar 2024 14:48:52 GMT

Embracing AI in Leadership

In November 2023, I presented to and spoke with a group of technologists on the topic of “Embracing AI in Leadership.” The mission was to open people’s eyes to the possibilities of enhancing their own growth potential in their leadership journey by utilizing Generative AI. This included real case studies, several Gen AI tools, and various prompting techniques. Where there were a few skeptics at the beginning of the presentation, in the end, they were converted into believers. Task completed? Well, I think this journey is and will be a work in progress for the foreseeable future.

My decision to delve into this topic was driven by multiple inspirations. First among them was witnessing the widening divide between the technologically empowered and the underserved. My journey from blue-collar sectors to the forefront of the tech industry has confirmed and validated the idea that there are boundless opportunities that technology can offer. Yet, it has also highlighted a stark reality: as technology progresses, the chasm deepens between those who continuously evolve with technology and those who remain disconnected. This disparity, especially with the advent of easily accessible Generative AI, is set to expand even more rapidly, distinguishing between the adopters of AI and those left behind.

Setting AI aside for the moment, Scott Klososky points out that we have an existing problem. Even amongst well-established organizations, there are digital skills gaps that incur massive hidden costs. I have witnessed this myself at multiple organizations over the past several years. For instance, many individuals remain reliant on their mapped network drives for accessing and managing shared content. Mapped network drives have been around for a very long time. At the risk of opening myself up to rebuke, I’ll go ahead and say it, this is old-school technology, pre-cloud, pre-OneDrive, and pre-modern-tech.

On one hand, some IT departments have invested heavily to ensure access to their mapped drives and shared content is seamless. On the other hand, many users experience frustration with the less-than-optimal method of working with their content, especially when on the move. What makes this worse is these same organizations have also invested in Microsoft 365 (M365), a comprehensive digital workplace. Yet 80% or more of users are still locked in their old-school processes that revolve around their mapped drives (these are my unofficial stats).

This scenario underscores a missed opportunity to leverage existing resources more effectively and highlights the pressing need to address the digital skills gap within the organization. As Scott points out, the organization is responsible for closing the digital skills gap or suffer the resulting cost of a lack of efficiency and effectiveness.

Get Your Digital House in Order

Switching back to the AI topic. If your organization already has a detrimental digital skills gap, you have some work to do as a technology leader. Embracing AI in Leadership is based on the idea that, conceptually, you can use generative AI to improve your leadership capabilities, including strategic thinking, future-scenario simulations, enhanced research capabilities, and potentially help you devise a strategy and plan for closing the digital skills gap in your organization. I took a few minutes working with ChatGPT to generate the following high-level strategy as a good starting point to consider.

Strategy Component	Action Items	Expected Outcomes
Baseline Digital Skills Assessment	- Assess to identify skills gaps. - Benchmark against industry.	- Clear understanding of skills gaps. - Identified improvement areas.
Customized Learning Pathways	- Develop role-specific pathways. - Utilize AI for personalized learning.	- Role-relevant skills improvement. - Higher engagement.
Leverage Existing Technologies	- Train with Microsoft 365. - Workshops for new tech adoption.	- Improved tool utilization. - Reduced outdated tech reliance.
Promote a Culture of Continuous Learning	- Reward learning achievements. - Foster knowledge sharing and mentoring.	- Learning as a core value. - Supportive learning environment.
Generative AI in Leadership Development	- Integrate AI for planning and simulations. - AI training for leaders.	- Enhanced leadership skills. - Better planning capabilities.
Continuous Feedback and Adaptation	- Feedback loops for learning effectiveness. - Update materials based on feedback.	- Agile adaptation to tech changes. - Skills aligned with goals.

Beyond the Skills Gap: Paving the Way for AI and Digital Innovation

This strategy lays the foundation for AI adoption and other technological advancements, while addressing the digital skills gap is crucial, it’s just one aspect. Organizations are embarking on extensive digital transformation, adopting advanced ERP systems, shifting to cloud-based development, enhancing cybersecurity, and establishing robust disaster recovery plans. Amidst these transformations, businesses strive to excel, balancing multiple initiatives seamlessly in their dynamic operations.

As a technology leader, prioritize delivering high-quality digital transformations, using AI judiciously to augment your leadership and ensure initiatives remain focused and effective, without diluting quality or mission clarity. At some point, your organization might consider tackling AI head-on. For example, evaluating viable use cases, considering deploying your own Large Language Model (LLM) internally, training or fine-tuning your models using your own proprietary data, and then figuring out how to production-ize AI solutions. As you prepare for this new initiative, find the right partner and hire or train the right leaders who can devote 100% of their effort to AI. You will need leadership, experience, and a team to tackle this new space.

In Conclusion

As we explore “Embracing AI in Leadership” and tackle the digital skills gap alongside our digital transformation efforts, the journey is both challenging and filled with opportunities. Fostering a culture of continuous learning and adaptability is key to not just bridging the digital divide but thriving in the era of rapid technological advancement. Our ongoing endeavor is to leverage technology to enhance our leadership, improve operations, and drive organizational growth in a world where technology continuously reshapes our landscape.

Bio: Kalen Howell has a master's degree in computer science from Franklin University and an MBA from the University of Dayton and has worked in the software development industry for over 20 years. Today, as CIO, Kalen leads a technology team, IT OPS, and Software Development, with huge digital initiatives rolling out to organizations across the US, Canada, and Mexico.

Making Generative AI Accessible: Anyone Can Do This

Marla Halley — Wed, 27 Mar 2024 14:44:41 GMT

My youngest son has no fear of technology and, until recently, no programming experience. That dramatically changed when his logistics professor asked his business school students to build an interactive digital map of the world depicting the sourcing, manufacturing, shipping, and receiving patterns for a fictitious, complex supply chain case study.

My son, in a few days, used an Excel data file and OpenAI’s GPT-4 to create and edit code in RStudio and build the interactive model. This exemplifies the democratization of skills previously accessible only to a subset of the population.

As a result, we are going to see an explosion of innovation as creative people around the globe tap into this power.

Applying AI to Solve Healthcare Problems

In healthcare, we've leveraged algorithm-based machine learning for years. Our primary applications in imaging studies have quickly identified tissue abnormalities, genetic assessments to understand the future risk of cancer, and predictive models to catch infections early so they can be treated before becoming life-threatening.

Generative AI is going to positively impact healthcare, and Kettering Health will see initial benefits in three areas:

Provider workload: Chart summaries can be automatically prepared to share with the patient or referring provider. Inbox assistants help the clinician quickly reply to patient questions.

Rare disease management: Analytics assistants will help clinicians find other patients with rare symptoms like the ones they are treating and help the clinician connect with that care team so a treatment plan can be developed.

Revenue cycle efficiency: Existing automation opportunities will be enhanced to increase the efficiency of burdensome diagnostic coding and billing processes.

Most healthcare organizations don't have the deep pockets needed to invest in this technology to be on the cutting edge. But the good news is that Epic (our electronic healthcare record systems partner) and Microsoft are making huge investments in generative AI.

Because of that, we can partner with our providers to prototype features in the three areas I listed to determine which are the most valuable, integrate them into their workflows, and then continue to learn as more practical applications are developed.

Our first serious venture into generative AI is to use it to assist our physicians to select the appropriate diagnosis codes while charting, saving time and increasing accuracy. We are piloting a solution in one of our hospitals—with plans to scale throughout our system’s acute locations.

It’s More Than Hype

This technology is exciting, and no one is completely sure of its future benefits. We’ve seen careless accelerated approaches to adopting AI lead many organizations, across all industries, into the troubled waters of IP law, copyright infringement, plagiarism, and even moral calamity.

However, as my son’s experience illustrates, the potential value is real.

I look forward to when more of us adopt these skills and move beyond generative AI applications that save time or reduce the burden of repetitive tasks to truly life-enhancing innovations for our community.

Bio: Eric Crouch serves as the Chief Information Officer (CIO) and Vice President for Information Services at Kettering Health. He oversees the strategic planning, implementation, and management of information technology and digital transformation initiatives. The people at Kettering Health serve in medical centers and outpatient locations throughout western Ohio and are dedicated to elevating the health, healing, and hope of the community.

What’s all the Fuss about Quantum Computing?

Marla Halley — Wed, 27 Mar 2024 14:36:21 GMT

Quantum computing is a massive leap forward in computational capabilities potentially revolutionizing whole industries and solving previously intractable problems. Quantum computing relies on highly specialized technology (hardware and algorithms) that takes advantage of quantum mechanics to process information in ways that would have been considered science fiction not long ago. Quantum computers can solve extraordinarily complex problems that even supercomputers can’t solve in a reasonable amount of time, like before the sun burns out. Let’s take a deeper look at quantum computing.

What is quantum computing?

Quantum computers use quantum bits, or qubits, as basic informational units. Unlike traditional bits which can represent either 0 or 1, a qubit can exist in a state of 0, 1, or both at the same time thanks to the quantum phenomenon known as superposition. This allows quantum computers to explore multiple possibilities simultaneously, and in conjunction with other quantum phenomena such as entanglement and interference, solve highly complex problems much faster than traditional computers.

The quantum theory of physics was born in 1900 when physicist Max Planck published his study on the effect of radiation on a “blackbody” substance. As a subset of quantum physics, quantum computing is a relatively new field. It began to take off in 1994 when Peter Shor developed a quantum algorithm for factoring integers with the potential to crack public-key encryption schemes such as RSA or ECC. Astounding progress has been made in the decades since, major milestones include:

1995: David Deutsch and Richard Jozsa demonstrate the first quantum algorithm that can outperform any traditional algorithm on a specific problem.
1996: Lov Grover invents a quantum search algorithm that sports a quadratic performance improvement over traditional algorithms.
2001: IBM builds the first quantum computer to execute Shor's algorithm.
2007: D-Wave Systems demonstrated the first commercial quantum computer.
2019: Google claims quantum supremacy by performing a random circuit sampling in 200 seconds versus 10,000 years on a state-of-the-art supercomputer.
2020: IBM announces quantum advantage by performing a financial portfolio optimization task in 2 minutes versus 6 hours on a state-of-the-art supercomputer.
2020: China achieves quantum supremacy by performing a Gaussian boson sampling task in 200 seconds versus 2.5 billion years on a state-of-the-art supercomputer.

2023: IBM announces plans to build a 100,000-qubit machine that will work alongside traditional supercomputers to achieve breakthroughs in drug discovery and other advanced applications.

Quantum computing technology continues to advance rapidly. Industry leaders such as IBM, Google, and D-Wave, as well as academic institutions and startups continue to push the boundaries of what's possible. Currently, most work in the field is focused on reducing error rates, developing error correcting algorithms, increasing the number of qubits, and improving qubit coherence times which is length of time a qubit can maintain quantum state.

Common Benefits of Quantum Computing

The advent of quantum computing brings a host of benefits including:

Speed: Quantum computers can solve certain problems exponentially faster than traditional computers. Shor's algorithm could factor a 2,048-bit number in about 10 minutes, versus billions of years on a traditional supercomputer. It’s worth noting that this has raised strong concerns about the future of encryption.
Efficiency: Quantum computers can solve certain complex problems with fewer resources than traditional computers.
Power: Quantum computers can manage more complex problems, even problems that were previously unsolvable.
Security: Quantum computing introduces new paradigms in encryption.
Innovation: Quantum computing enables breakthroughs by handling extraordinarily complex simulations and calculations that are impractical if not impossible for traditional computers.

Common Challenges of Quantum Computing

Quantum computing is not without challenges, including:

Hardware: Quantum computers are complex, expensive and difficult to build and operate. They currently require extreme cooling and specialized equipment to maintain the quantum states of qubits, making them impractical for widespread use.
Software: Quantum computing requires new programming languages, algorithms, and tools.
Threats: Quantum computing poses a significant threat to current cryptographic standards putting vast amounts of sensitive data at risk.
Technical Challenges: Quantum computing is an immature and rapidly advancing field. Error rates and qubit coherence must be overcome to fully realize quantum computing’s benefits.
Ethics: Quantum computing poses profound social and ethical implications. It creates the potential for new forms of power and influence, as well as new forms of harm, inequality, and conflict. For additional insights, check out this article from Deloitte “Quantum computing may create ethical risks for businesses. It’s time to prepare”.

How Quantum Computing Is Currently Used

Despite challenges and concerns, quantum computing has the potential to revolutionize industries including artificial intelligence, physics, medicine, chemistry, logistics, finance, cryptography and more. Current applications for quantum computing include:
Advanced simulations: Quantum computers could simulate the behavior of molecules, atoms, and subatomic particles leading to breakthroughs in the design of new materials, drugs, and energy sources.
Optimization: Quantum computers could tackle complex optimization problems that require finding the best solution from a vast number of possibilities. Examples include scheduling, routing, and planning.
Accelerating machine learning: Quantum computers could enhance the performance and capabilities of machine learning models through faster training, better accuracy, and less complexity.
Cracking encryption: Quantum algorithms like Shor’s pose a significant threat to data secured by current encryption schemes. Cybersecurity experts have speculated that adversarial nation state actors (APTs) are collecting as much data as possible now knowing that quantum computing will soon make it feasible to crack current encryption schemes and unlock vast troves of stolen data.
Improving encryption: Quantum cryptography promises strong encryption that will be virtually unbreakable. NIST has announced four post-quantum resistant encryption algorithms designed to withstand quantum attacks.

Conclusion: Facing Our Quantum Future

Quantum computing is a new paradigm that transcends the limits of traditional computing by harnessing the power of quantum physics to perform calculations that are impractical if not impossible for traditional binary based computers. While still in its developmental stages, quantum computing shows the potential to radically transform our world.

For technology professionals, quantum computing presents unprecedented opportunities and challenges. Understanding its principles, applications, benefits, and risks will allow us to play a pivotal role in shaping this technology, addressing ethical concerns raised by it, and developing secure, equitable access to quantum technologies.

The journey into the quantum future is just beginning, and its impact on society, science and the economy will be profound. It’s an exciting time to be alive and to be in tech as we now have the opportunity to shape this future and ensure the power of quantum computing achieves its most beneficial potential.

Bio: Dave Hatter – CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is a cybersecurity consultant at Intrust IT. Dave has more than 30 years’ experience in technology as a software engineer and cybersecurity consultant and has served as an adjunct professor at Cincinnati State for nearly 20 years. He is a privacy advocate and an Advisory Board member of the Plunk Foundation. Follow Dave on X (@DaveHatter) for timely and helpful technology news and tips.

Empowering Women in Tech through Skill-Based Education

Marla Halley — Tue, 27 Feb 2024 18:26:24 GMT

In the ever-evolving realm of technology, companies are beginning to realize that diversity and inclusion are critical factors for innovation and progress. Even with this new burgeoning era of understanding, it's clear that women, though brimming with potential, are still vastly underrepresented. Bridging this gender gap requires a concerted effort to empower, encourage, and lead women to pursue careers in technology. One impactful approach to this issue is through skill-based education, providing women with the tools and knowledge they need to excel in the world of tech. 

The Gender Disparity in Tech 

Historically, the tech industry has been male dominated, with women comprising a small percentage of the workforce. This disparity is not due to a lack of interest or capability of women but is often attributed to systemic barriers and societal stereotypes that discourage them from pursuing tech-related careers. From high school advanced math programs that historically target males to pop culture and media consistently showing only men as the tech guru sidekicks who help the heroes outwit the villains, the narrative to women and young girls has been, “technology is not the space for you.” 

The Power of Skill-Based Education 

Skill-based education serves as a powerful equalizer. By focusing on tangible skills and hands-on learning, women can build the confidence and competence needed to break through barriers in the tech industry. It allows women to equip themselves with coding prowess, data analytics finesse, and cybersecurity wizardry through online courses, coding bootcamps, and engaging workshops, with much less financial cost. 

Creating Inclusive Learning Environments 

Imagine this: vibrant communities, mentorship bonds, and initiatives celebrating the triumphs of women in tech. That's the environment we need to foster—one where diversity is not just acknowledged but celebrated. Educational institutions and organizations must actively break down biases within their curricula, ensuring that every woman feels seen and supported. 

Overcoming Stereotypes 

Let’s be candid; stereotypes often portray women as less suited for STEM fields, perpetuating the myth that certain professions are a man's world. But within the realm of skill-based education, we shatter these stereotypes, spotlighting the accomplishments of remarkable women who have not only excelled but thrived in tech. 

Building Confidence Through Hands-On Experience 

One of the key benefits of skill-based education is the emphasis on practical, hands-on experience. By working on real-world projects, women can gain the confidence and expertise necessary to navigate the tech industry. This approach not only equips them with technical skills but also develops problem-solving abilities and critical thinking—strong qualities for success in any role. Studies have long shown women hesitating to apply for tech roles, even when their skills rival their male counterparts. Skill-based education addresses this by providing a clear pathway for women to develop and showcase their abilities. As they witness the tangible results of their learning, barriers begin to break down, and confidence soars. 

Conclusion 

Let's dismantle the barriers, champion diversity, and celebrate the triumphs of women in tech. By investing in skill development and providing accessible learning opportunities, we aren't just shaping individual success stories; we're creating a platform for women to stand shoulder to shoulder, their brilliance resonating in every innovation and breakthrough. It’s time to make tech an inclusive space. It's time to harness the full potential of diverse talent and build a future where women are equally represented and celebrated in the world of technology, where their unique contributions produce of story of empowerment and achievement. 

From Imposter Syndrome to Empowerment: A Woman's Story of Growth in IT

Marla Halley — Tue, 27 Feb 2024 17:59:28 GMT

In the dynamic world of technology, authenticity is not just a choice; it's a superpower that propels women forward in their journey through challenges and opportunities alike. As a woman in IT, I've found that embracing authenticity has been the key to navigating the twists and turns of my career with unwavering determination and a commitment to staying true to myself. In this blog, I invite you to join me on a transformative journey of self-discovery, resilience, and empowerment in the ever-evolving field of IT.

Authenticity is the key to success for women in IT. By embracing our true selves, we unlock our full potential, inspire others, and drive meaningful change in the industry.

Amidst the challenges of my journey in IT, one of the most profound experiences was my transition from India to the US. Moving to a new country brought with it a host of challenges, including language barriers and the longing for family back home. These challenges quickly led to negative self-talk and resulted in me diminishing my own skills that I had acquired and learning that I’d received till that point.

Despite these obstacles, I embraced the opportunity with courage and determination, seeking out entry-level positions in IT while simultaneously mastering US English. Through perseverance and resilience, I overcame these challenges, created a version of myself that was able to start over, while building on strengths I already had and achieving my goals regardless of what challenges I had to surmount. This proved to me and others that authenticity knows no boundaries and that embracing our true selves is the ultimate path to empowerment.

Overcoming Imposter Syndrome: Embracing Opportunity and Change

"Always be a first-rate version of yourself, instead of a second-rate version of somebody else." - Judy Garland

I have held roles of Software Developer, Business Analyst, Technical Writer, Project Manager, Program Leader, IT Dev Team Manager, Agile Transformation Leader and PMO Director in various organizations in FinTech, Healthcare and Marketing industries. All this while organically growing by learning each skill at the most foundational level, by doing it myself.

As women in IT, we often face imposter syndrome, doubting our abilities and downplaying our achievements. But success comes from embracing opportunities and challenges, believing in us, and taking bold steps forward. Even if that means asking for the compensation we deserve, a promotion we have been eyeing, or applying for an opportunity we may have already talked ourselves out of, in our mind.

Along the way I found many mentors who I ingratiate myself to this day! For those reading this you know who you are, and I thank you from the bottom of my heart!

Continuous Learning, Mentoring, and Modern-Day Skills:

We find this world of IT constantly evolving and changing with rapid technical advancements. When we stop learning, we stop growing. In addition to the skills these roles have required, I have recently delved into the realms of Generative AI and Cloud Infrastructure Strategy. Continuously learning and adapting to modern-day technologies is essential in staying relevant and effective in the rapidly evolving field of IT. These skills have not only expanded my expertise but have also enabled me to contribute meaningfully to innovative projects and initiatives.

Along my journey in IT, I always look forward to giving back. I've had the privilege of mentoring four talented women in IT, guiding them on their paths while learning valuable lessons from their unique perspectives and experiences. This journey of mentorship has reinforced the importance of giving back and helping others achieve their goals. By lifting each other up and fostering a culture of support and collaboration, we can create a more inclusive and empowering environment for women in the tech industry.

A Leap of Faith: Balancing Education, Parenthood, and Career Ambitions

"The only limit to the height of your achievements is the reach of your dreams and your willingness to work for them." - Michelle Obama

As a mother and a woman in IT, I faced a pivotal moment in my career journey when I decided to pursue higher education while juggling the demands of motherhood and a full-time job. With my first baby just 13 months old, I embarked on the challenging yet rewarding journey of earning an MBA. Balancing late-night study sessions with diaper changes and boardroom meetings, I learned the true meaning of resilience and determination. Despite the obstacles in my path, I refused to let anything hold me back from achieving my goals. Along the way I did turn some naysayers into believers and friends by achieving precisely what I was told ‘I can’t do’!

Practical Tips for Embracing Authenticity:

1. Stay True to Your Values: In a fast-paced industry like IT, it's easy to get swept up in trends and expectations. Stay grounded by reminding yourself of your core values and beliefs, and let them guide your decisions and actions.

2. Embrace Vulnerability:Don't be afraid to show your vulnerabilities and imperfections. It's okay to ask for help, admit when you don't have all the answers, and share your struggles with others. Vulnerability fosters connection and empathy, making you more relatable and approachable.

3. Seek Mentorship and Support: Surround yourself with mentors, colleagues, and friends who uplift and support you on your journey. Seek out opportunities for mentorship and peer support, and don't hesitate to reach out for guidance when you need it.

4. Celebrate Your Achievements: Take time to celebrate your successes, no matter how small they may seem. Recognize your achievements, acknowledge your progress, and give yourself credit for your hard work and perseverance.

Seizing the Moment: Leading with Purpose and Passion

"Success is not about the destination but the journey of embracing opportunities and challenges along the way." - Angela Duckworth

Authenticity empowers us to lead with purpose and passion, embracing vulnerability and transparency in our interactions with others. By sharing our stories of growth and transformation, we inspire our colleagues and peers to embrace their authenticity, unleash their potential, and pursue their dreams with unwavering conviction. Bringing our whole self to work, being open and honest and leading with purpose and values has continuously proven to be the recipe for success in my career.

Conclusion:

As I reflect on my journey of growth and empowerment in IT, I'm reminded of the incredible potential that lies within each of us. By embracing authenticity, seizing opportunities, and staying true to ourselves, we can overcome any obstacle and achieve our wildest dreams. Together, let's rewrite the narrative of women in IT, one story at a time.

Ashima Sharma works is Senior Director IT at CareSource. Her expertise is in the field of PMO leadership, digital transformation, Agile development business analysis and change management. Ashima has over 20 years of leadership and strategy experience in the IT industry.

The Unparalleled Value of In-Person Conferences

Marla Halley — Tue, 30 Jan 2024 15:45:22 GMT

Why attend conferences?

In our current state of virtual interactions, overwhelmed by Zoom meetings and conference calls, the allure of in-person conferences may seem diminished. The hesitations around handshakes, proximity, and shared spaces are understandable, especially considering the prevailing concerns about health and hygiene. However, it's crucial to reevaluate the significance of attending conferences and consider making them a priority, period.

Networking Extravaganza

One of the most apparent benefits of attending conferences is the unparalleled opportunity to network with individuals you might not encounter otherwise. Conferences serve as a melting pot of leaders in specific fields, subject matter experts, and peers facing similar challenges or operating within comparable environments. The importance lies in the exposure to diverse experiences within our own fields, offering fresh perspectives on problems that may have seemed insurmountable. This exposure broadens our horizons, enabling us to learn new approaches and ideas that we might never have encountered in our routine professional circles.

The chance encounters, often referred to as "drive-byes," present themselves in the hallways, between sessions, and even during meal breaks. Some of my most enriching conversations and discussions on various topics have unfolded spontaneously during these breaks and lunches at conferences. These unplanned interactions have provided invaluable opportunities to broaden my network. Remarkably, the connections made in such informal settings have proven to be exceptionally beneficial over the years, even in situations where I hadn't anticipated needing that resource. These connections have evolved into some of my most trusted professional relationships, with whom I remain closely connected to this day.

Meeting Influential Leaders and Your Heroes

Conferences offer a unique opportunity to rub shoulders with influential leaders, industry titans, and even your professional heroes. Whether it's participating in a panel discussion, attending keynote addresses, or simply engaging in networking sessions, the chance encounters with individuals who have shaped your industry can be transformative and inspiring. The individuals you encounter at conferences are often considered experts and influencers within the conference's subject matter, and sometimes, even beyond. Reflecting on an experience at the BoxWorks conference, I found myself in the front row listening to Neil deGrasse Tyson. The impact of his wisdom, shared amidst the excitement of the crowd, resonated with me on a personal level. This profound experience would not have been as impactful had I not been physically present, feeling the collective energy in the room. Simultaneously, during the Women in IT sessions, I had the privilege of hearing Jill Biden speak. Her insights, especially on navigating personal challenges, deeply affected me. Engaging with her one-on-one after the session was an opportunity, I might have missed had I not attended the conference.

Continuous Professional Development

Conferences are veritable gold mines of knowledge, providing a unique platform to expand your expertise, learn from industry experts, and improve your skill set. Workshops, presentations, and interactive sessions offer hands-on experiences that go beyond the theoretical realm, fostering a continuous learning environment that can significantly contribute to your professional growth. The smaller group settings can allow for more interpersonal conversation and provide more opportunities for questions to be heard and discussions to be more conclusive. More than once, I have learned a different approach, a new application, or even a new technology I was not aware of that solves a problem my organization had been facing. Attending a conference allowed me to have an impromptu conversation with a vendor, another attendee, or a technology expert that I would not have even known to have sought out.

Insights into the Latest Trends

Staying ahead of the curve is essential in any industry, and conferences are the hotspots for unveiling the latest trends, innovations, and technological advancements. Engaging with thought leaders and industry pioneers provides a front-row seat to the future landscape of your field. These events serve as dynamic forums where groundbreaking ideas are discussed, emerging technologies are showcased, and visionary strategies are unveiled.

Conferences offer a unique opportunity to gain a deep understanding of the current market dynamics and where it's headed. Attendees often have the privilege of participating in discussions and sessions that delve into cutting-edge concepts, disruptive technologies, and transformative industry shifts. Keynote speakers, who are often influential figures with their finger on the industry's pulse, share invaluable insights into the direction of the market, helping attendees anticipate changes and adapt their strategies accordingly.

Moreover, these gatherings facilitate direct interactions with industry experts and innovators who are driving the latest trends. Networking sessions, panel discussions, and collaborative workshops create an environment where professionals can engage in meaningful conversations about the challenges and opportunities posed by emerging trends. These interactions not only provide theoretical knowledge but also offer practical insights on how to implement and leverage these trends in your specific professional context.

Conferences act as accelerators for staying informed about the newest methodologies, tools, and best practices that are reshaping the industry landscape. Whether it's the integration of artificial intelligence, the evolution of sustainable practices, or the latest advancements in digital transformation, conferences offer a comprehensive and firsthand view of the trends that will define the future of your profession.

Enhancing Your Professional Profile

Attending conferences isn't just about accumulating knowledge; it's about showcasing your commitment to professional development. Including conference participation on your resume demonstrates your proactive approach to staying informed, engaged, and connected within your industry. It signals to potential employers that you are dedicated to continuous improvement and staying abreast of the latest industry trends. It may also lead to topical conversation within an interview conversation that sets you apart from other candidates!

By immersing yourself in the immense opportunity of insights presented at conferences, you not only gain a competitive edge but also position yourself as a forward-thinking professional. These events empower you to become a trendsetter within your organization, bringing back actionable knowledge that can shape strategies, influence decision-making, and contribute to the success of your team or business. In essence, attending conferences becomes a strategic investment in your professional acumen, ensuring that you are not just keeping up with the latest trends but actively shaping and leading the way forward.

Jill Campbell is a seasoned IT leader known for her successful track record in crafting clear and compelling IT and Digital strategies. She is an expert in developing detailed transformation IT roadmaps, aligning IT organizational models, and optimizing business systems. She has excelled in leadership roles within both commercial and defense sectors and currently enjoys consulting in both higher education and non-profits.

The Transformation of Cyber Insurance

Marla Halley — Tue, 30 Jan 2024 14:46:33 GMT

Navigating the ever-evolving landscape of cyber insurance is something that we cannot rest on. As the year begins, most of us are looking into what this year holds. As we know, the rapidly changing landscape of IT is evolving and will always be presenting a myriad of challenges and opportunities. Among these, one significant change that is poised to shape the future is the transformation of cyber insurance. We will touch on the changing dynamics of cyber insurance and how the effects of these changes will impact organizations of all sizes.

As we are gearing up for this new year and moving 2023 to our rear-view mirror, some interesting things are occurring in all facets of IT. One factor that will become more and more prevalent in 2024 and beyond is what Cyber Insurance will cover and what will be changing in this space. One of the cornerstones of the insurance world, Lloyds of London announced in 2023 that they have a significant exclusion. They will refuse to cover “nation state attacks” and this move has caused a ripple effect that is impacting organizations seeking cyber insurance. Additionally, we have even seen certain clients denied cyber insurance which raises concerns about the sustainability of the cyber insurance landscape.

As we gaze into the future, it is becoming increasing evident that cyber insurance will fall into one of these distinct buckets:

Pricey Proposition- Premiums will soar past what they are currently with the number of cyber threats growing, the complexity of the threats, and ransoms increasing. Cyber Insurance companies are facing the risks and are likely to place the burden onto those getting insured, making this a costly investment.
Denial Dilemma- With the scope of coverage shrinking, organizations may face getting denied cyber insurance as criteria for approval will become more stringent.
Condensed Coverage- With cyber insurance coverage being reduced and some attacks not being covered from the get-go, some organizations will wonder what is point of being insured at all.
Independently Self- Insured- Facing expensive premiums, denials, condensed coverage, some organizations will consider self-insuring and taking on the risks of what those entails.

A recent cyber insurance policy, seen below, that took effect on January 1^st, 2024, shows exactly what organizations are up against when looking into cyber insurance.

If we are being honest what DOESN’T constitute “cyber warfare”? As the lines of cyber warfare are blurred, cyber insurance organizations will have to narrow down what they will and will not cover. As cyber insurance companies grapple with these nuances, organizations are left navigating a complex landscape where the terms and conditions are constantly under review. This will greatly impact both costs to the end-user, and at some point, users will have to decide IF they will choose to continue insurance coverage or not.

In conclusion, the shifting of cyber insurance in 2024 demands that organizations are informed of the changes and proactively looking at what the cyber insurance companies are doing. The trends indicate that higher costs, increased denials, and reduced coverage are coming. Navigating this requires a deep understanding of the evolving landscape, a commitment to robust cybersecurity practices, and a readiness to adapt to the changing norms within the insurance industry.

As we start the new year, organizations must critically evaluate their cyber insurance needs, reassess their risk tolerance, and chart a course that aligns with the evolving realities of the digital age. The journey ahead is complex, but with informed decision-making and a resilient cybersecurity strategy, organizations can navigate the challenges and uncertainties that lie on the horizon.

Seth Marsh is a security specialist with over 30 years of experience in the IT industry. Before leading Sales & Marketing at TMG, Seth led sales for a global full-service security provider and served as a VAR rep focusing on security during his last 12+ years specifically while working with Cisco. This breadth of experience allows him to understand clients’ needs and the ins and outs of the supplier and distribution side.

Managing Cyberthreats in 2024

Marla Halley — Wed, 20 Dec 2023 19:27:14 GMT

Whether an individual, a small business, or an enterprise – cybercrime doesn’t discriminate. All things “cyber” continue to grow, unfortunately including cybercrime (cyberattacks, cyberthreats, hacking, phishing, etc.). Follow along to learn what cyber challenges we are anticipating in 2024 and how you can manage.

Growth in Cybercrime

Cybercrime has been on a steep rise over the past several years. With ransomware and “data extortion” breaches making the news almost daily, attackers have turned these activities into profitable revenue streams that are unlikely to stop soon. While risks are at an all-time high, the task of protecting networks is becoming harder for businesses of all sizes. As we migrate to de-centralized cloud-based applications, the traditional “castle” method of defense with building walls around our most valued assets will no longer work.

The number of applications used by a typical organization has rapidly grown in the last few years. According to recent reports, organizations use 130 SaaS apps, which is up from just 16 five years ago. The problem is then compounded by bringing more and more of our devices online, which creates additional “attack vectors” for cybercriminal to target within our environments. Forecasts say there will be 41.6 billion IoT (Internet of Things) * devices by 2025. These include POS and entertainment systems, cell phones and computers, digital signage, printers and more. Not to mention, the software and firmware running these systems sit atop increasingly complex codebases.

So, what can you do?

Business size plays little part in who is or is not attacked. As the “business of cybercrime” has grown, there are now attackers that fit victims of every size. Unfortunately, there is no one-size-fits-all solution for this complicated problem.

Individuals and small businesses have limited financial resources dedicated to cybersecurity, making it crucial to prioritize and allocate resources effectively. As businesses grow and become more valuable, it is critical that they continue to increase their security posture at the same rate to address new risks and prevent increasing potential losses.

The Federal Trade Commission lists five principles of sound data security:

1.     Take stock: Inventory the office and know what information you have – where is it stored and who has access? What do those people or businesses do with the information they have access to?
2.     Scale down: Retain only what you need. The more information you hold the greater the risk that personal information will get exposed.
3.     Lock it: Providing the minimal amount of access needed to people and devices generally leads to better overall security. On your network, two things you can do are:

a. Using advanced firewall with security features like intrusion detection, content filtering and built-in malware scanning. This will help prevent customers and your team from mistakenly navigating to malicious websites and help stop already malicious devices from connecting back to their servers.

b. Segment your network to reduce the impact if there is a breach. Create smaller “Virtual Networks” (VLANs) in your environment to virtually split up which devices can communicate with each other. A common setup for small to midsize businesses might be to build four “virtual networks” like…

Network for devices that fall under compliance, like your POS systems.
Network for normal business devices, like a desktop computer or a laptop.
Network for your customers.
Network for all your IoT devices that don’t fall into one of the other categories.

4. Pitch it: If you don’t need it, get rid of it securely. Create a retention schedule and have appropriate disposal processes and devices.
5. Plan ahead: Create a policy and procedure regarding cybersecurity and invest in the correct technologies and partners if it’s not your expertise. Use reputable vendors for purchasing hardware and services, and stick with trusted brands – especially when it comes to internet connected devices. Many IoT devices found online are made by fly-by-night manufacturers and have been found to come with “backdoors” built in, but even those not compromised from the start are often not supported long term by the makers and become security risks.

And finally, never neglect your people. Even a perfect fence can’t work if someone accidentally leaves the gate open. So, invest in employee training and security awareness.

A few key practices to highlight: **
- Secure personal devices like laptops and phones, especially when in public places. Be sure to lock your screen if your computer is unattended, and don’t install software that isn’t authorized on work devices.
- Educate employees on the signs of a cyberattack, especially phishing, and the laws that apply to data they may handle.
- Make sure employees know who to turn to and feel they can come to you if an issue arises, it takes the whole team to fight these threats.
- Remove employee access if they are no longer with the company even if you don’t think the person is a risk. User accounts no one is using leaves the door cracked open for attackers.

As we approach 2024, individuals and businesses must be prepared to tackle the evolving cyberthreat landscape. Understanding the seriousness of cybersecurity, identifying your unique needs, and addressing the practices above are great ways to start.

*Stats found in Harvard Business Review: https://hbr.org/2023/04/cyber-risk-is-growing-heres-how-companies-can-keep-up

**Principles and practices found from Protecting the Unprotected: Data Breach Prevention and Response – A Guide for Businesses and Charities by Dave Yost

Jordan is a Senior Manager of Security and Cloud Services at Hawaiian Telcom, a company under altafiber’s family of companies. He has spent nearly two decades helping organizations implement technology to solve business challenges. Jordan has a Master of Science in Leadership and Management and has earned CSSP, C|CISO, and GCFA certifications. He will happily talk your ear off regarding anything with technology, organizational culture, or the best ways to cook meat with fire!

IT Staffing: Are You a Victim or Leader?

Marla Halley — Wed, 20 Dec 2023 19:11:09 GMT

The Crisis We Are In

The pandemic changed a lot!! Trust and confidence in IT have increased as a result of the support the organization received from IT when the pandemic was at the most volatile stage. Expectations for IT are also higher now as a result. While worker productivity was proven to reach, or even surpass, pre-pandemic levels for IT performance, attitudes and expectations of IT staff have also shifted as a result.

The "great resignation" emerged - and continues to some extent. IT staffing functions (both recruiting and retention) are in a state of "crisis" - whether it involves bringing talent in through the front door or preventing them from wanting to leave. While many organizations have adjusted as a result of living through the pandemic, many more have not - with some that are even still waiting for the "right time" to move back to old practices.

The staffing crisis is acute enough to put business goals and objectives at serious risk. While seemingly not a glamorous technology "trending" topic, it continues to rank as one of the highest areas of impact to IT organizations as we move into 2024 - certainly one of the top three across the majority of the 30+ CIO clients I work with and advise. Many CIOs are battling against antiquated HR-related policy and an organizational culture that works to their disadvantage. My repeated advice to my clients is not to get caught in the "victim" mentality - but to do more to lead the changes that might be necessary.

Staffing (recruiting and retention) as a Core Competence

Staffing is a multi-dimensional function - encompassing attracting, hiring, and retaining resources. Too many IT leaders are focused almost exclusively on the hiring function and ignore what it takes to attract and to retain the talent they need.

At the same time, workers’ expectations have shifted - whether as a part of living through the pandemic or as a function of the shifting norms and nuances of different generations - work-life balance is higher on the list of important considerations than ever. The CIO needs to have a strong partner in the CHRO (and support from above) to tackle some of the foundational elements that can positively impact the CIO's staffing functions.

IT leaders also need to better understand what factors influence the Employee Value Proposition (EVP) of the candidates and employees who are making decisions every day whether to join, stay, or leave.

Sourcing IT Candidates

Traditional recruiting channels do not continue to deliver as in the past while direct recruiting of experienced workers is more competitive than ever before. College Internships as a way of "sourcing" inexperienced candidates continues to change - with candidates entering internship programs earlier in their college years and receiving offers from potential employers much earlier than before. It's not unusual to see internships attracting sophomores and freshmen while organizations try to lock in earlier on students with potential.

As a result, non-traditional sourcing channels are gaining attention and interest. IT Apprenticeship programs have been growing in popularity - targeting "2nd career" candidates in their 30's and 40's as a way of introducing them to more entry-level IT functions such as help desk, deskside support, security monitoring, testing, and even early data analytics.

Also, focusing more broadly across all employee demographic categories is important. More formalized Women in IT programs with specific attention is needed to address the unique needs and interests of women as that demographic continues to see less candidates entering college IT curriculums. Also, DEI programs are getting more attention to address areas of interest that will help in attracting and retaining talent.

Retention

The economics and benefits of focusing more on retention efforts are clear. It is easier, less expensive, and less risky to retain a skilled employee who is performing well than to find a new one. Especially given that much of the job-at-hand is unique to the organization regardless of the core functions that underly the position (and are considered "transferable" skills).

Understanding what factors drive retention is often a gap for many managers. Putting too much emphasis on compensation is a common problem.

Likewise, assuming that certain retention factors are the same across all workers is another problem. While trends may seem to emerge across certain demographic dimensions (age, gender, nationality, etc.) knowing your employees well is the best way to know what factors are important to each one.

Some popular targets in the area of staff retention include developing programs and adjusting policy to:

o   Allow for flexible work arrangements (location as well as time of day) based on the position

o   Accelerate opportunities and timelines for career advancement

o   Expose employees to other technical (or functional) areas of interest that they aren't currently exposed to - and provide more opportunities for education that can be leveraged

o   Strengthen performance measurement programs in order to more accurately reward high performers, improve marginal performers, and remove non-performers

o   Reskill employees and business technologists to fill gaps created by the shift from legacy technologies to emerging ones

Bottom Line

The organization relies on the ability of the IT function, more than any other, to achieve its bottom line and to accomplish its goals and objectives - whether it's strategically transforming itself or operating in a business-as-usual mode of operations. IT leaders need to continually articulate the direct correlation between their ability to perform and "deliver" - and the business outcomes that their IT services are expected to enable or influence.

It should be a pretty straightforward value proposition when it comes to getting the attention (and at times the additional investment) needed to address the necessary changes or enhancement.

As IT leaders we need to take greater interest, control, and influence over something that is so impactful and influential to our success - and ultimately the success of the organization.

Paul Stoddard is an Executive Partner with Gartner’s Executive Programs. He works to provide expertise and guidance to his CIO clients as a trusted advisor to help them realize their strategic goals and achieve their business objectives. Paul brings 35+ years of a very broad IT background as both a technology consultant and former CIO at several large-scale firms.

Technology First Was the Place to Be in 2023!

Marla Halley — Wed, 29 Nov 2023 12:41:28 GMT

Technology First Was the Place to Be in 2023!

As the year draws to a close, let’s reflect on how our members lived up to Technology First’s mission to connect, strengthen, and champion the best-connected technology community in the Dayton region.

January

Our Peer Resource Groups began the year strong with our Annual CIO Forecast Panel. Board Chair Treg Gilstorf, the Chief Operating Officer for Smart Data and CNBS Software moderated a discussion with J.D. Whitlock, the Chief Operating Officer for Dayton Children’s Hospital, Jon Scruggs, Director of IT for Hobart Service, and Matt Coatney, Chief Information Officer for Thompson Hine LLP. Here is how you can get involved in a Peer Resource Group in 2024.

February

Our Digital Mixer was a big hit! We brought education and industry together to meet workforce needs. Many thanks to Partner Wright State University for hosting. Technology First Executive Director, Melissa Cutcher, was a guest on the podcast A Greater Dayton and shared why events like the Digital Mixer make Technology First such a relevant trade association. Here is how you can participate in the 2024 Digital Mixer.

March

If it’s March, then it’s time for our Ohio Information Security Conference. Over 300 attendees enjoyed two keynotes, six learning tracks, one CISO panel and over 30 exhibitors ready to help solve their biggest cybersecurity challenges. Here is how you can attend #OISC24.

April

Technology First members love to give back and a local Girls Who Code field trip to the GRILL (Gaming Research Integration for Learning Lab) was a fun way to do it. Featuring our mosaic mural, Technology First volunteers helped the chapter learn about systems engineering. Technology First members volunteer for a variety of events throughout the year. If you’d like to join us, here is where you find opportunities for 2024.

May

Speaking of volunteers, our Volunteer Appreciation Night at Poelking Lanes was a strike! The VIP Suite was the perfect place to eat, drink, bowl, and network. Thank you again to everyone who gives their time and energy to strengthen our community. Thanks also to the Technology First Board members who were able to attend and thank our volunteers in person. Here are your current Technology First Board of Directors for 2024.

June

Executive Director, Melissa Cutcher, was invited to participate in a panel discussion for the Dayton Area Chamber of Commerce’s Gen D Ignite program. For their Personal Strength and Profession Growth program day, Melissa coached emerging young professional leaders on how to build their networks. If you are interested in helping further Technology First’s mission to build for the future, here is how you can help in 2024.

July

We had an amazingly positive response to our Summer Networking Series, #UniteDaytonTech. Our first happy hour event was at Off Par Golf & Social in June and the tickets sold out. It was so much fun, we did it again. This time at Warped Wing Springboro and we packed the house. These events are free to members and are a great way to connect. Here is how you can become a member in 2024.

August

Workforce continues to top the list of concerns for our technology community, so we invited Partner, TEKsystems, to present on the State of talent at our Tech Forum. We have several articles regarding the workforce on our TECH NEWS page. Here is where you can read them in 2024.

September

This was a busy month for the community. The Women 4 Technology Peer Resource Group held their first conference, Own IT! Over 125 women gathered to network and champion empowerment. Also in September, you raised $8000 for the Technology First Scholarship Fund at our annual Scramble for Scholarship Golf Outing. Here is how you can contribute to the Technology First Scholarship Fund in 2024.

October

We kicked off the regular quarterly meetings of our newest Peer Resource Group, Workforce Development. We had a very interactive panel discussion on alternative recruiting channels. Everyone is welcome to participate in this group. Here is how you can attend discussions in 2024.

November

The 17^th Annual Taste of IT Conference sold out again this year. We met 470 of our closest friends at the intersection of tactics and trends and shared our knowledge and networks. We enjoyed a great morning keynote from Gary Sorrentino, Global CIO of Zoom, an engaging lunch panel discussion around Industrial AI, 24 breakout sessions, and solutions from 36 providers. Capping off the conference, we recognized technology talent from the Dayton region at our 10^th Annual Technology First Leadership Awards. Here is information for the conference in 2024.

Thank you to our Board, Committees, Partners, Sponsors, and Members for connecting, strengthening, and championing your community this year! We are already looking forward to what 2024 will bring!

The Privacy and Security Risks of “Citizen Development”

Marla Halley — Tue, 28 Nov 2023 16:13:27 GMT

The Privacy and Security Risks of “Citizen Development”

Marc Andreessen, founder of Netscape and a well-known technology investor, famously said “‘Software is Eating the World” way back in 2011 and it’s obvious now that he was right. We live in a Software Defined Everything (SDE) world where even your coffee maker is “smart”, and the trend of software in everything shows no signs of slowing down.In fact, it’s estimated there will be 76 billion Internet of Things (IoT) aka “smart devices”,each driven by software, online by 2025, and Microsoft has said there will be a whopping 500 million new apps built over the next five years.

All this software is driving the rapid digital transformation of our world and while the demand for software development has never been higher, it greatly outstrips the available supply. Gartner reported that demand for software development will grow five times faster than conventional IT departments and the average IT project backlog is between 3 and 12 months per Appian.

Compounding the issue is the growing shortage of software developers. Forrester has reported that there will a shortage of 500,000 developers in the United States by 2024 and IDC has reported the shortage of software developers may reach 4,000,000 worldwide by 2025.

To quench the demand for software development and to accelerate value delivery many organizations have embraced “Citizen Development”. Citizen Development democratizes software development by allowing “Citizen Developers”- individuals with little or no programming experience - to use low-code or no-code (LCNC) tools to quickly build and deploy software applications. LCNC tools are rapidly growing in popularity, Gartner predicts that by 2025, 70% of enterprises will use LCNC tools and LCNC platforms expected to reach $187 billion in sales by 2030 according to Research and Markets.

This is a fundamental shift in how organizations build and maintain software applications. Individuals without an extensive technical background can build business ready applications using visual interfaces and pre-built components with little or no coding required. Readily available LCNC tools such asMicrosoft Power Apps, Appian, Zoho, Quickbase, and Salesforce Lightning allow business professionals with domain knowledge to create applications tailored to their specific needs without waiting for or relying on traditional software developers in the IT department or at an external consulting company.

The reasons for the growing popularity of Citizen Development include:

Speed: Citizen developers can build and deploy applications very quickly compared to traditional approaches.
Agility: Non-technical people can meet business needs and address challenges themselves. Additionally, these solutions are typically easy to modify as business needs evolve.
Empowerment:Virtually any knowledgeable and motivated employee can contribute directly to digital transformation efforts.
Cost: Organizations can reduce their reliance on professional programmers, cutting costs and allowing better use of resources.
Innovation: Domain experts can quickly build prototypes or fully working applications with little effort or risk.

As a result of the exploding popularity of LCNC tools and the benefits they deliver, organizations of all sizes may find themselves leveraging LCNC tools. And while the democratization of software development can significantly speed project delivery and reduce demand on traditional IT departments, like many “Shadow IT” solutions that originate outside the IT department, Citizen Development introduces privacy and security concerns for organizations that employ it. For example, non-technical users might not be aware of privacy concerns or security best practices, leaving their applications more susceptible to attacks or leaks.Increasingly frequent and increasingly devastating cyberattacks demand that organizations understand and address these concerns. Let’s examine each in more detail.

Citizen DevelopmentPrivacy Risks:

Compliance Issues: Privacy regulations such as GDPR, HIPAA and CCPA require organizations to protect personal data. Lack of compliance creates the potential for large fines.
Data Leakage/Theft: Citizen developers may inadvertently expose sensitive data through misconfigured access controls, misconfigured platforms or by sharing data with unauthorized users. This can result in data breaches, regulatory fines, and reputational damage.
Lack of Encryption: Citizen developers may not understand and/or prioritize encryption when designing applications, leaving data vulnerable to interception or theft.

Citizen Development Security Risks:

Authentication and Authorization Issues: Citizen developers may not be aware of best practices to secure user accessor may not understand the sensitivity of data leading to unauthorized access and/or data breach.
Patch Management: Citizen developers may not keep tools updated with the latest security patches. This can leave applications exposed to known vulnerabilities.
Software Vulnerabilities: Citizen-developed applications may be missing proper security measures, making them susceptible to all-too-common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF).
Integration Risks: Integrating citizen-developed applications with existing systems can introduce security vulnerabilities that cascade across systems.
Backup and Disaster Recovery: Citizen developers may not understand the terms of service of LCNC platform-as-a-service (PaaS) offerings or prioritize continuity of critical systems which could lead to gaps in data protection and downtime.
Vulnerabilities in Third-Party Components: LCNC platforms often rely on third-party components and integrations whose lineage and security posture are unclear. Security vulnerabilities in third-party components can expose applications to attacks. This speaks strongly to the need for a Software Bill of Materials (SBOM) to understand dependencies and lineage.
Limited Testing: Citizen developers may not have the expertise or resources to conduct thorough security testing.

Organizations should ensure they address the following to reduce the risks of Citizen Development:

Training and Awareness: Require training programs to educate citizen developers about privacy and security best practices to ensure they take prudent steps to protect the privacy and security of LCNC applications.
Secure By Design: Security should never be an afterthought or retrofitted to existing applications. Ensure that citizen developed applications are secure by design. Involve security professionals to provide guidance and to design security into applications.
Access Controls and Permissions: Ensure that developers understand the sensitivity of the data they have access to and implement robust access controls and permissions commensurate with the data sensitivity. Regularly review and update permissions.
Integration with Identity and Access Management (IAM): Integrate LCNC platforms with organizational IAM systems to ensure that user identities are managed securely and consistently. For example, Single Sign On (SSO) with Active Directory.
Encryption: Encourage the use of encryption for sensitive dataat rest and in transit.
Regular Auditing and Monitoring: Continuously monitor and audit citizen-developed applications for unusual activity or unauthorized access. Implement automated alerts for anomalous behavior.
Centralized Governance: Establish a governance framework to centralize control over citizen-developed applications including approval processes, version control, maintenance, and compliance checks.
Vendor Assessment: Assess vendor security and compliance measures to ensure they meet organizational standards and compliance requirements. For example, review their SLA/SLO’s, ask for an independent SOC 2 Type 2 audit, and request a Software Bill of Materials (SBOM).
Data Lifecycle Management: Define clear data retention policies for citizen-developed applications.
Penetration Testing: Conduct regular penetration testing to identify and correct vulnerabilities.
Leverage existing resources: The Project Management Institute (PMI) has excellent vendor-agnostic educational resources and tools for Citizen Development. I recently completed the PMI Citizen DeveloperTMPractitioner course and recommend it for those looking to engage in Citizen Development. You can learn more here.

The advent of LCNC platforms has revolutionized the way software is developed and it offers immense potential for organizations seeking speed, agility and efficiency. However, the convenience and accessibility of citizen development brings inherent privacy and security risks that must be addressed proactively, and organizations should strive to strike a balance between fosteringCitizen Development and safeguarding sensitive data.

A well-executed citizen development strategy can empower employees, drive innovation, and significantly contribute to the overall success of digital transformation initiatives.By investing in training, robust security, trustworthy platforms and a good governance framework, organizations can leverage the power of Citizen Development while minimizing the associated risks.

Dave Hatter, Cybersecurity Consultant, Intrust IT – CISSP, CISA, CISM, CCSP, CSSLP, PMP, PMI-ACP, PMI-PBA, PSM 1, PSD1, ITIL

Technology Leadership in the Post-COVID World

Marla Halley — Sun, 29 Oct 2023 20:34:24 GMT

During the COVID pandemic, we experienced lockdowns, illness and death, loneliness, working from home, learning from home, disrupted supply chains, overtaxed health systems, non-stop media reports about COVID, and daily anxiety and stress. Although U.S. and global health organizations declared the end of the COVID public health emergency, the effects linger, including many workplace disruptions. Being a good leader of people in any industry means reflecting on social context and social disruptions and how our own leadership skills and style must adapt. Because every organization’s competitive advantage relies increasingly on technology in this age, it is even more important for technology leaders to pivot to changing workplace conditions. How are you adjusting in response to these disruptions?

1. Hybrid and Remote Workplace

For many roles in the workplace, we are not going back to the old way of working - physically in the office building five days a week, 8 am-5 pm. According to Forbes, of the jobs that can be done remotely, 7% of workers were fully remote before the pandemic, and in 2023, it is five times higher at 35%. Workers are very clear about what they expect from their employer, according to Forbes’ remote work statistics, “98% of workers want to work remotely at least some of the time and 65% of workers want to work remotely ALL of the time. Fifty-seven percent of workers would look for a new job if their current company didn’t allow remote work.”

But there are also downsides to remote work. From the same Forbes report, “69% of remote workers report increased burnout from digital communication tools, 53% of remote workers say it’s harder to feel connected to coworkers, and 23% of remote workers struggle with loneliness.”

Many large corporations have recently begun return-to-office mandates: Google, Meta, JP Morgan Chase, Amazon, Apple, Starbucks, Disney, Lyft, and Zoom. This has set up a conflict between what employees want and what employers want. Currently, organizations that can give workers some flexibility will be better poised for recruiting and retaining talent. If you do implement a mandate for in-person work, CNBC Leadership Insights recommends:

Explain the specific “Whys”
Look closely at individual and team performance data
Leave room for exceptions
Build flexibility in other ways
Watch for proximity bias
Be ready to lose employees

2. Stress, Trauma, Mental Health

There has been a measurable rise in negative emotions around the globe, including stress, sadness, anger, and worry, according to an annual measure by Gallup. The pandemic caused a spike in the world of unhappiness and we have not yet recovered.

In the workplace, Gallup finds that employee engagement dropped in 2021 for the first time in a decade and dropped again in 2022. Our workforce is unhappy and disengaged at record levels. Why?

CAUSE #1 – POST-COVID STRESS DISORDER -“Illness, grief, job loss, social isolation, uncertainty, and other pandemic-driven stressors have contributed to an increase in psychological stress,” according to Yale School of Medicine. There is a new disorder identified as Post-COVID Stress Disorder, which presents similar to PTSD including increased reaction to stimuli, avoidance, focusing on the negative aspects of a situation, incessant contemplation of negative events, and anxious arousal associated with memories of the COVID-19 pandemic.

CAUSE #2 – SOCIAL MEDIA - National Institutes of Health states that social media is strongly correlated with “anxiety, depression, insomnia, stress, decreased happiness, and a sense of mental deprivation.” This correlation is caused by the “negative impact on self-esteem through unhealthy comparisons, social media burnout, stress, lack of emotional regulation due to social media preoccupation, and development of social anxiety due to decreased real-life social interactions.” FOMO (Fear Of Missing Out) is a real thing, with real mental health consequences.

Because our workforce is seeing heightened stress and general unhappiness, leaders must be aware of, and manage, employee engagement and well-being.

3. Generational Disruption

In conjunction with disruptions related to the pandemic, Gen Z’s entry into the workforce is driving change, due to different norms and values regarding workplace atmosphere, culture, and support. By 2030, Generation Z will constitute about 30% of the workforce. While generational stereotypes are not 100% accurate for each individual, data from Johns Hopkins University indicates that, in general, “Baby Boomers sought job security, Generation X sought work-life balance and professional progress, Millennials and Generation Z are seeking greater Diversity, Equity, and Inclusion (DEI), greater flexibility, and a focus on ethics and social awareness of a company.” Gen Z is also seeing a lack of engagement at work leading to lower retention and higher levels of stress that impact work performance.

According to McKinsey, factors that motivate Gen Z to stay in a job aren’t the same as those for other generations. Gen Z, for example, considers compensation less important than flexibility, career development, meaningful work, and a safe, supportive work environment.

Have you heard of “Quiet Quitting,” “Bare Minimum Monday”, and “Time Blindness”? These terms, and the values they represent, may at first seem incomprehensible to older generations, but leaders cannot easily dismiss this if they want to recruit and retain a thriving workforce. Seek first to understand the different generations.

Artificial Intelligence (AI)

How will AI disrupt the workplace in the next ten years? Some industries and roles will be affected more than others, and leaders will need to be ready to reskill their workforce. McKinsey Global Institute reports that an increase in labor demand is predicted for health professionals, health technicians, and STEM Professionals (a 30% increase). A 15-20% decrease in labor demand is predicted for office support, customer service, and sales. In the fields of education and workforce training, business and legal professionals, creatives, and arts management, not a large change in demand is predicted, but a high change in work activities. “Workers in lower-wage jobs are up to 14 times more likely to need to change occupations than those in highest-wage positions, and most will need additional skills to do so successfully.”

These changes will not happen immediately, but leaders should begin preparing. Remember this famous quote from Bill Gates in 1996:

“We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten. Don’t let yourself be lulled into inaction.”

Reskilling your workforce is a strategic imperative and it is the responsibility of every leader and manager. Leaders will need to understand and embrace these shifts if they hope to adapt to the rapidly evolving new era of automation and AI.

In conclusion, technology leaders are surely already noticing these workplace disruptions. Great leaders will acknowledge these changes and will reflect on how their personal leadership style and skills must adapt. These are the leaders who will continue to deliver results and enable their organizations to be successful in this age of ever-increasing digitization.

AI for Successful Technology Teams: Steps to Achieve Excellence and Enhance the Overall Experience

Marla Halley — Sun, 29 Oct 2023 20:25:08 GMT

In today's fast-paced technology landscape, the integration of Artificial Intelligence (AI) has become a game-changer for businesses seeking to enhance internal and external customer experiences. For professionals well-versed in various aspects of the technology industry, understanding the simplicity of AI and the crucial steps required for success can be a significant advantage. In this blog post, we'll delve into the core concepts of AI, outline the key steps for technology teams to excel, and offer valuable tips for getting data sources right.

The Simplicity of AI
Despite its reputation for complexity, AI can be simplified into its fundamental components. At its core, AI is about teaching machines to learn from data and make intelligent decisions. For our audience of technology professionals, this means understanding that AI isn't magic, but a tool driven by algorithms and data.

Key Components of AI:

1.    Data: Data is the lifeblood of AI. Accurate, relevant, and diverse data is essential for training AI models. Ensure that your data sources are comprehensive and up to date.

2.    Algorithms: Algorithms are the brains behind AI. These mathematical instructions process data and make predictions or decisions. Familiarize your team with various AI algorithms and their applications.

3.    Model Training: Training AI models involves exposing them to data to learn patterns and make predictions. It's an iterative process that requires constant refinement. It is very important that the models being trained are consistent with your organization’s culture.

4.    Evaluation and Testing: Rigorous testing is crucial to ensure AI models perform as expected. Monitor their performance and fine-tune them as needed. Make sure that you include your customers in the evaluation and testing process.

Steps for Technology Teams to Succeed with AI

1.    Define Clear Objectives: Start by defining your AI project's objectives. What specific problem are you trying to solve, and how will AI help achieve this? Clear goals are essential.

2.    Assemble the Right Team: Form a cross-functional team with data science, software engineering, and domain knowledge expertise. Collaboration is key.

3.    Data Quality Matters: Garbage in, garbage out. Ensure your data is clean, relevant, and well-structured. Invest in data quality tools if necessary.

4.    Choose the Right Tools: Select AI frameworks, libraries, and tools that align with your project's requirements. Consider open-source options and cloud platforms.

5.    Iterate and Improve: AI is an ongoing journey. Continuously evaluate and refine your models to adapt to changing conditions and data.

Tips for Getting Data Sources Right

1.    Data Diversity: Gather data from diverse sources to minimize bias and enhance model performance.

2.    Data Governance: Establish clear data governance policies to ensure data integrity, security, and compliance.

3.    Data Preprocessing: Clean, preprocess, and normalize data before feeding it to AI models to improve accuracy.

4.    Feature Engineering: Craft meaningful features from raw data to enable better model insights.

5.    Data Validation: Implement rigorous data validation processes to detect and rectify errors early on.

In conclusion, AI need not be shrouded in mystery for technology professionals. By understanding its core components, following the right steps, and paying attention to data quality, your technology team can harness the power of AI to deliver exceptional internal and external customer experiences. Stay informed, collaborate effectively, and embrace the AI revolution to stay ahead in the ever-evolving technology industry.

Remember, AI is not just a buzzword—it's a transformative force, and you have the knowledge and tools to leverage it effectively.

Bill Magnuson is the co-founder and CEO of BindMyIT, a leading technology solution consulting company. With over 26 years of experience in the tech industry, Bill is passionate about harnessing AI's potential to drive innovation and improve customer experiences.

Treat Your Clients the Way You Want to Be Treated

Marla Halley — Sun, 29 Oct 2023 20:16:27 GMT

I am consulting with a client who outsourced software development for a new app. As her acting CTO, I have good insight into this relationship and the work they are doing. Let me start by saying, I am shocked by how poorly this vendor treats us. Our negative experience working with them has reminded me of the principle “treat others the way you want to be treated.”

The bad news is how difficult this experience has been. The good news is that it prompted me to write about how we should treat our clients, and frankly, how clients want to be treated in return. Whether you provide software services, cyber services, or plumbing services, I think you can relate to the following principles:

Set clear expectations – If you are a software shop and you say that you do Agile development, then explain what your definition of Agile is. Clearly explain your process, especially where and how you will engage the client, so they know what to expect (and what you expect from them in return). If you say you’re an Agile shop, then it should be pretty close to the Agile Manifesto. It most certainly should involve the customer/product owner setting priorities, having short sprints/delivery cycles, and frequent feedback/retrospectives. The main objective is to get feedback from the client early and often and adjust frequently. EXPLAIN YOUR PROCESS.

Communicate frequently, both good and bad – It’s always easy to communicate good news. “Hey, we’re ahead of schedule,” or “That went smoother than we thought it might.” But it’s crucial to deliver the not-so-great news. “It didn’t go as easily as we expected,” or “We just lost our senior developer.” When we have a problem, we all think that we can hide it and fix it without the client ever knowing. That might work some of the time, but your team knows what you did, and you just caused them to lie about what they got done during the sprint.

Meet with your client frequently. We recommend weekly. If you have two-week sprints, each week can alternate between a user story/requirements grooming session and a post-sprint retrospective. Use your grooming session to build rapport and understanding with your client and use the retrospective to share what you got done. Be open. Share what you planned to get done vs. what actually got done and have an open dialog about why.

Maybe you were too optimistic when you estimated the story points. Maybe you and your client didn’t do a great job grooming a particularly complex requirement. Maybe your testers uncovered a bunch of unexpected bugs. That’s a good thing. You’d rather find them now than later. Maybe two of your team members got sick. Who knows? But the point is to work together, develop lessons learned, learn the lessons, improve, and avoid repeating the same mistakes over and over. SHARE OPENLY.

Set and meet intermediate milestones – If you are running an Agile shop, this is easy. Set a sprint schedule and hold to it. Most organizations we work with use two-week sprints, and a critical key to success is to hold these dates rock solid. Don’t let the work cause you to slide the date! Another critical key to success is assuring you FULLY complete the work in the sprint. Not all the work you planned needs to be completed, but the work you say got done, must actually be done.

To achieve this, we recommend you set an immutable, unbreakable definition for Done-Done – This definition cannot be gray because if it is, then … Every feature. In every sprint. Is going to be questioned. Forever. Make it easy and clear to your team, your client, and your stakeholders. For us, the ideal definition of “Done-Done” is that you completed both the development and testing for a feature. Ideally, all bugs are fixed, but at a minimum, all critical and majors are corrected, and any minors or trivials are documented in Jira. DO NOT EQUIVOCATE.

Ensure the customer always has full control of their assets – Go through the process in the beginning of having your customer setup and be the administrator of GitHub, servers, database, and all other tools. Even though they might not have this skillset, you want them to know that they always have full control of everything they envisioned and paid for. Empower them so they can go elsewhere if they want. If you are open and honest and constantly improving, they won’t want to.NEVER HOLD THE CODE AS RANSOM.

Report progress against a plan – Customers rightfully want to know how long the project will take and how much it will cost. Build a plan and size the project up front. Show them your past productivity on similar projects so they can understand when you think it will be done. Ideally, share cost, schedule, and quality metrics vs. plan with your customer at each retrospective. Track and report your velocity every sprint so you can give them (and your team) confidence in hitting the deadlines. Are you delivering the expected story points/sprint? Are you finding more or less bugs each sprint? How much effort is going toward new features vs. bug fixes? Does the backlog estimate align with your velocity and meet your expected delivery date and budget? Do you have a management reserve built into your estimates? Collecting and communicating this information allows you to improve and provide your customers with ever-growing confidence in you. YOU CAN’T MANAGE WHAT YOU DON’T MEASURE.

Be honest and kind – If you mess up, own it, and fix it. Don’t try to hide things because it’s always a bad situation when the truth comes out. I think we all learned that lesson in kindergarten. And don’t charge the customer for your mistakes, training, or lack of experience. Be positive and kind in your communications even if you don’t agree with your customer. Explain why your opinion is different and have a dialog. Put yourself on the same side of the table as the customer and realize that you are both trying to successfully deliver this app. I know there are some less than reputable companies, but I think the vast majority of software shops want to deliver successful apps and want happy client references. TREAT YOUR CLIENT THE WAY YOU WANT TO BE TREATED.

I wrote this talking directly to software development companies, but it’s easy enough to flip the script and read these as the expectations you should have when buying software services. If you are in the market for a software development partner or have found yourself in a frustrating situation with one who isn’t performing where you want them to be, ask yourself how you want to be treated. Then, use your answers and the guide above to find a qualified partner who not only aligns with your needs as a company and client, but as a person.

We’d love to hear from you! Do these resonate with you? What have your experiences been? Please share your personal experiences so we can all learn and improve.

Jeff Van Fleet

President & CEO, Lighthouse Technologies, Inc.

After almost 20 years of developing and managing complex software/hardware systems for both commercial and Department of Defense (DoD) applications, Jeff founded Lighthouse Technologies in 2000 with the aim of delivering software systems on-time, on-budget, and on-quality while simultaneously building an intentional culture of caring, growing, and improving – A “Culture of We”.

NIST Makes Changes to their Cybersecurity Framework

Marla Halley — Fri, 29 Sep 2023 15:18:15 GMT

The NIST Cybersecurity Framework

NIST, the US National Institute of Standards and Technology, has released a new draft version of its Cybersecurity Framework (CSF). This 2.0 version of the voluntary Framework is the first refresh to the current 1.1 version released in 2018.

At a high level, the CSF is a set of guidelines intended to help organizations improve their cybersecurity practices and effectively manage their cybersecurity risks. By following the Framework, organizations can enhance their overall cybersecurity posture, minimize cybersecurity risks, and safeguard critical assets and data.

The Framework Core is a set of cybersecurity outcomes which are arranged by function, category, and subcategory. It also includes examples of how those outcomes might be achieved by providing implementation examples and references to additional guidance. It’s not a checklist to follow because the actions needed to achieve a cybersecurity outcome will differ by organization and use case.

Changes to the Cybersecurity Framework

Expanded Scope

The scope of the Framework has been expanded. The CSF was initially developed with the focus of protecting critical infrastructure such as banking and energy industries, but the Framework has been useful in other sectors from small businesses, education, to local governments.

Expanded Implementation Guidance

The updated version provides improved and expanded guidance on the implementation of the CSF. The use of Framework Profiles tailors the CSF for specific use case scenarios. Examples of Profiles include a specific scenario such as “How to Use the Cybersecurity Framework Profile for Connected Vehicle Environments,” or a more general topic of “Ransomware Risk Management.”

The Framework will also now include implementation examples for each of the function’s subcategories to help organizations use the framework more effectively. These examples are not contained in the main framework document but will be maintained separately in an online format called the NIST Cybersecurity and Privacy Reference Tool (CPRT). This will allow for more frequent updates to keep information current. This tool is currently in Phase 1 of its development and will be expanded as it matures.

New Pillar

The CSF has added a new pillar to the previous five main functions of identify, protect, detect, respond, and recover. The sixth pillar that was added is the Govern function. The new pillar focuses on the establishment and monitoring of the organization’s cybersecurity risk management strategy, expectations, and policy.

The Govern function isn’t an entirely new topic in the CSF. 17 of the 31 subcategory items in the Govern function have been moved from one of the other five functions. In addition to new subcategories being added an entirely new category was added related to Oversight.

One new focus is the emphasis on organizational leadership bearing responsibility and accountability for cybersecurity risk and an organizational culture that is risk-aware, ethical, and continually improving. It shows cybersecurity isn’t just a function of IT but rather needs to be a part of the organization’s overall governance and strategic planning.

Conclusion

The changes to the new (draft) version of the NIST CSF bring an expanded scope to include more than just “critical infrastructure” sectors. Framework Profiles / use cases help to tailor the Framework to organizational and sector goals. Implementation guidance for each of the Function’s subcategories helps organizations to use the framework more effectively. Finally, the addition of the sixth pillar of Govern shows the importance of the integration of cybersecurity into overall business strategy and oversight.

Marcus Thompson is the Founder and CEO of Expedient Technology Solutions, LLC, located in Miamisburg, OH. ETS is a cybersecurity-focused managed services provider bringing technology and cybersecurity solutions to area organizations. Marcus holds many cybersecurity certifications including the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

The Future State of Artificial Intelligence in The Workforce

Marla Halley — Mon, 04 Sep 2023 16:18:54 GMT

As organizations rapidly deploy generative Artificial Intelligence (AI) tools, many companies expect significant effects on their industries and workforces.

The latest annual McKinsey Global Survey on the current state of AI confirms the explosive growth of generative AI (gen AI) tools. Less than a year after many of these tools debuted, one-third of the McKinsey survey respondents say their organizations are using gen AI regularly in at least one business function. Amid recent advances, AI has risen from a topic relegated to tech employees to a focus of company leaders: nearly one-quarter of surveyed C-suite executives say they are personally using gen AI tools for work, and more than one-quarter of respondents from companies using AI say gen AI is already on their boards’ agendas.

What’s more, 40% of respondents say their organizations will increase their investment in AI overall because of advances in gen AI. The findings show that these are still early days for managing gen AI–related risks, with less than half of respondents reporting that their organizations are mitigating even the risk they consider most relevant: inaccuracy.

Darrell West, Senior Fellow, Governance Studies at the Brookings Institution, states that AI is likely to flatten many organizations due to its ability to automate work activities. Right now, most organizations have entry-level people who perform routine tasks, midlevel individuals who supervise them, and high-level employees who set the direction of the organization. That organizational structure will no longer be necessary. AI can automate many of the tasks performed by entry-level workers. Accounting features, purchase orders, and job requisitions are already being automated. Workplaces no longer need people who manually compile or analyze information.

As generative AI becomes more widely deployed, even more tasks will be automated. In addition, job supervision and assessment won’t need as much human oversight. Customers can rate employees on how well they perform basic tasks and allow people to get the services they want. Using data analytics and AI, companies can use the responses to weed out low-performing workers and reward their top individuals. The end result will be fewer layers of management and a smaller number of employees overall in the organization.

Image Source: McKinsey Global Survey on the current state of AI

Michael Chui, Partner, McKinsey Global Institute, states that there are some gen AI applications where the potential to have transformative impact really comes to the fore. For example, in research and development, some experiments using generative AI to support writing software code have shown very high levels of increasing productivity. But that doesn’t mean we’ll need a lot fewer software engineers, because the world needs more software. Generative AI also has the potential for improving the productivity of contact centers. Technologies that automate interactions with customers already exist. Generative AI has the potential for making these interactions feel much more natural.

Alexandra Samuel, digital-workplace speaker and co-author of “Remote, Inc.” states that as AI takes over routine tasks, there will be a temptation to cut the whole tier of entry-level employees. Summarizing documents, answering routine emails, writing basic computer code, and solving simple logistical challenges are all tasks that AIs can do about as well as an inexperienced human, and at much lower cost. But employers still need an on ramp for new hires. If you stop hiring entry-level employees, you’ll have to do all your midlevel hiring from outside the organization. And if every organization pares back on entry-level hires; it will get harder and harder to find experienced mid career talent anywhere.

That’s why it pays to cultivate your own long-term talent pool by hiring green employees, but rethinking how they are tasked and trained. Instead of piling your juniors with grunt work and trusting that they’ll learn through observation, assign them more challenging tasks, like drafting reports instead of just summarizing them. The explosion in AI research and writing tools means that kind of work is now well within the grasp of inexperienced hires. With more active coaching and mentoring, these green employees can grow into valuable colleagues, much more quickly.

###

Trevor Cobain is the Senior Business Development Manager for Alta IT Services. He has over 20 years experience providing niche talent opportunities to his clients.

How Do You OWN IT?

Marla Halley — Mon, 21 Aug 2023 19:31:28 GMT

For the first time in Technology First history, we are hosting a women’s conference. We are thrilled to bring this half day event to the Women 4 Technology community! The theme for this year’s conference is Own IT! As you can imagine, we’ve had several conversations over what Own IT means, and I was surprised by the variety of viewpoints.

For me, Own IT means:

Owning who I am, knowing my values, understanding my strengths, owning my personality type, and setting, and sticking to, my boundaries. It’s so important to be both confident in who we are and really owning who we are. I remember a time when I wished that I was five feet tall and weighed 100 pounds. It simply isn’t the way I’m built and today I’m okay with that.

Over the years I’ve taken a plethora of values tests and they pretty much stay the same: collaboration, honesty, trust, contribution, and participation to name a few. Knowing my values helps me stay aligned with what really matters, how I decide to spend my time and with who. If you haven’t taken a values test here is a pdf to get you started.

Several years ago, I read Strength Finders 2.0 by Tom Rath. It’s a quick read and then a quick online test. The feedback I received was invaluable! I learned my top strengths are achiever, learner, responsibility, deliberative and relator. Knowing this has helped me know where and how to best spend my time. I surround myself with people that have different strengths because together we make a great team!

Knowing my personality type has also clarified how I communicate and how I process. If you are familiar with Myers-Briggs, or MBTI, I’m INTJ: introvert, intuitive, thinking, judging. I know, introvert, me?! This one really helped me understand the reason I’m exhausted after a day of meetings and networking.

Boundaries! Man, these are tough! As I get older, I’m better at them but then there are times I think I can conquer everything, volunteer for everything, and do everything. Setting boundaries has become both necessary and a way to ensure I work on some sort of work/life harmony.

Owning IT also means, to me, taking responsibility for my actions and my team. Ensuring that my expectations are clearly communicated, and that we are all on the same page. If something fails, it’s my fault and my job to find out what I need to do to fix it. What processes and/or procedures need to be reviewed, reevaluated, and/or created to ensure it doesn’t fail again? It’s when I mess up and take responsibility, owning my actions, or lack of action.

So, I ask you, what does Own IT mean to you? Join us on Wednesday, September 27^th and share your point of view!

*********

Melissa Cutcher is Executive Director of Technology First.

Eat, or Be Eaten: The Importance of ITAM in Merger & Acquisition Activities

Marla Halley — Wed, 26 Jul 2023 19:23:08 GMT

It is one thing to grow a business through organically increasing market share through advertising and selling. It is another thing to grow by gobbling up (or being gobbled up by) your competition. The level of unmitigated chaos created by welding two different companies, with separate cultures, practices, and methodologies cannot be underestimated.

Unfortunately, some of this pain and suffering is self-inflicted, especially within the Information Technology (IT) department. Their job is to provide the electronic tools and talents necessary for modern businesses to do their business. That is why IT takes up such a large chunk of the overall budget. That is also why IT is a prime target for redundancy elimination when the two companies finally become one.

Why is it, then, that IT Asset Management (ITAM) is rarely ever mentioned, if at all, as part of the merger and acquisition (M&A) process? ITAM’s purpose is to achieve cost optimization of the hardware and software spend across the entirety of those assets’ useful life. Maybe it is because ITAM works behind the scenes and their impact is overlooked. Maybe your own ITAM program’s reporting accuracy has a poor reputation. Maybe the organization hasn’t prioritized ITAM tooling and training to ensure they are ready for the extra workload an M&A will bring.

Regardless of the reasons for past mistakes, let’s examine some ways you can avoid ITAM issues in future M&As:

1. Get Your ITAM Team Involved Right Away - The sooner your team knows about the company ’s plans and understands they will be front and center, the better. Don ’t wait for them to hear about it somewhere else. The last thing you want is for them to panic. Give them time to find and review their own tooling and knowledge gaps. This increases their chance for a successful outcome.

2. Help IT Security, IT Service Management, and ITAM Work Together - Cybersecurity and Service Management are usually top of mind. They are your go-to teams for surveying the acquired company’s technology stack. Adding ITAM provides a third, complimentary vision into the workings of the acquisitions IT operations. This can ensure all three teams have accurate and trustworthy reporting on any expensive services, vulnerabilities, or license audit risks.

3. Understand You ’ll Run Two ITAM Teams For A While - Each company ’s asset records and configuration items must be kept separate from each other until the combined group ’s service and license agreements are renegotiated. That means two configuration management databases (CMDBs) or managed data repositories (MDRs). Resist the urge to just smash the two systems together and hope for the best. Allow ITAM the chance to dig through old records, determine their validity, and ingest only the valid ones.

4. Control How Much Software Publishers & Service Providers Know About The M&A - Software auditors examine trade publications and press releases every day and delight in scheduling license audits at the most inopportune times for you. You and your ITAM team need to be ready for an audit notification the second your M&A plans go public. Have your audit defense playbook ready! And if you don’t have one? Well…

5. Don ’t Hesitate To Bring In Outside Help - Software publishers routinely bring in third-party software auditors to help them conduct their investigations. Third-party cybersecurity firms can provide experience and talent for the short-term needs the merging companies might lack. And some managed service providers specialize in providing temporary contractors to cover spiking IT support demands. I can assure you, there are specialized ITAM firms that can provide cost-effective and customized hardware and software licensing support until the merger completes.

M&As (and Divestitures, for that matter) can be exciting events. They don’t happen that often, like field trips and pizza parties when you were a kid. And that means your IT department could lack the experience necessary to ensure the smooth creation of the new organization. Just remember: your IT Asset Management team can help mitigate these issues, but only if they are brought in early enough to successfully apply their best business practices.

**********

Jeremy L. Boerger, the ITAM Coach, founded BOERGER CONSULTING with the idea of helping organizations “cut their software budget without buying less software”. He also speaks around the country to pass along his 20+ years ’ experience to the next generation of ITAM and SAM professionals. His book, “Rethinking Information Technology Asset Management,” is available at Amazon, Barnes & Nobel, and most other bookstores.

Keys to Successful Digital Transformation

Marla Halley — Mon, 03 Jul 2023 14:02:37 GMT

Every business is unique, so the specific blueprint to successful digital transformation varies. You will achieve your desired results if you tailor your approach to your organization's needs, industry, and market conditions. Here are some factors to consider.

Evaluate Current Strategy
- Target your investments: Companies spend big on digital transformation. Spend wisely. Prioritize security and privacy throughout your digital transformation efforts. Implement robust cybersecurity measures to protect your data, systems, and customer information. Ensure compliance with relevant regulations and standards. Technology is a key component, but you must invest in your people, processes, and customers.

Prioritize the business: Invest in a modern and scalable technology infrastructure that supports your digital initiatives. This may involve adopting cloud computing and integrating various software applications and systems. Technology stacks are evolving at a rapid rate, which causes businesses to want to chase after the next best thing. Always have the business at the heart of the transformation. Ensure it makes sense as it will ultimately have a wide effect on the business and is worth pursuing.

- Engage your workforce: Foster an agile and adaptive culture within your organization. Encourage innovation, experimentation, and a willingness to take calculated risks. Embrace new technologies, encourage collaboration, and empower employees to contribute ideas and drive change. Get input from your employees and seek out their perspective. They are performing current processes daily and can speak about them from firsthand experience.
Put People First
- Focus on the customer: Ultimately, digital transformation is about exceptional user experiences. Prioritize your customers throughout the transformation process. Gain a deep understanding of their needs, preferences, and pain points. Use this knowledge to design digital solutions that enhance their experience and deliver value. Map out your entire customer journey. It will provide a clear roadmap to help you build engaging customer experiences for your target audience.

Make it a collective effort: Ensure you have the right talent and skills within your organization to drive digital transformation. Identify skill gaps and provide training and development opportunities for your employees. Transformation can’t succeed in a silo. Business and IT teams must get on the same page, communicate, and create a shared vision before moving digital transformation strategies forward.
Be mindful with leadership: Choose leaders and representatives wisely to gauge the organization as a whole and help build a culture of learning and sharing to support business transformation.

Set Clear Expectations
- Start with the end in mind: Define a clear vision for your digital transformation and establish a strategy that aligns with your business goals. Determine what you want to achieve, whether it's improving operational efficiency, enhancing customer experience, or exploring new business models. Starting with a plan and building a roadmap will help you construct operational value streams and enablement runways. They will serve as the foundation for achieving true business and delivery agility.

Embrace disruption: Digital transformation requires strong leadership and effective change management. Engage key stakeholders, communicate the vision, and create a culture that embraces change. Leadership should inspire and drive the transformation, ensuring everyone understands the importance of digital initiatives. Whether environmental, geopolitical, technological or a public health crisis, the next disruption is coming. Create flexibility and resiliency within your company, so you do more than weather the storm. You grow, innovate, and thrive through it.

Define the business outcomes: Leverage data and analytics to make informed business decisions. Implement robust data collection, storage, and analysis processes. Extract insights from data to drive improvements, optimize processes, and identify new opportunities. Remember, no business initiative can thrive without being rooted in a quantifiable outcome that has an impact and meaning for the organization. It all starts with the unifying force of having tangible goals. Where do you want to go and how will you get there?

Digital transformation is an ongoing process. Continuously monitor and evaluate the effectiveness of your initiatives. If you embrace a culture of continuous improvement, iterate on your digital solutions, and adapt to changing market conditions and customer needs, then your business’s digital transformation will be successful.

TekSystems brings real-world expertise to solve your complex technology, business and talent challenges on a global scale.

Read The Full Article Here

Dashboards Are Just the Tip of the Iceberg

Marla Halley — Wed, 31 May 2023 12:39:08 GMT

“Without data, you’re just another person with an opinion,” business management expert W. Edwards Deming once said.

Well, how can you get “data” to go from an “opinion” to an insight and build a strong business entity that can sustain fierce competition and an unpredictable future? The answer is simple “IF” it is done right:

Invest in Business Intelligence (BI) solutions that are scalable and have an enterprise mindset.

One of the most common approaches to selecting and implementing a BI solution is when a CIO or top-level IT leader sees a demo of (fill in the blank BI tool…). They love it so much, they think ‘we just need to get it done!’ But wait, what about the backend part of this tool? Did the demo show how the data is curated? Did they show how scalable the data models are? The answer is:

‘We just need to figure out how to make it work!’

That is where BI engineers and consultants come in. Thinking only about the dashboard and not the backend at the beginning is an expensive approach and leads to frustrating implementation. Sometimes, you end up with both the new BI tool and the one you are trying to replace because the shiny new one is not working as well as hoped.

Having a user-friendly BI dashboarding tool is an important part of data analytics. However, more important than the dashboard is the data model and how scalable it is, so an organization can build it once and EVERYONE can use it in any dashboard they build.

A scalable enterprise semantic layer makes BI developers’ and analysts’ jobs a lot easier, and it is one of the factors of achieving BI implementation with “one source of the truth.” A smart business analyst that knows how to build a top-class dashboard does not necessarily know how create a data model, but having the enterprise semantic layer will eliminate that gap. Hence, data modelers are expensive for a reason, but that can be overcome with a build-it-once approach that does not require data analysts to also be data modeling experts.

Here is a common example: There are two dashboards representing an amount figure, (ex. last quarter’s sales) but they show two different values. After a long investigation, you end up with a third different value so the insights become three different “opinions.” The hardest part of this example is trying to explain to the leaders why enterprise data models are important so the analysts do not make the wrong tables join and show incorrect data that might have a consequential outcome.

In conclusion, most people can build a dashboard with little to no training if the data is coming from one table or an Excel file. However, to be an analytical savvy business, it is critical to invest in BI solutions that have built-in scalable enterprise semantic layers so there is “one source of the truth.”

*****

Salem Alsulaiman is a Business Intelligence Engineer and Technology First’s Data Analytics Peer Group Chair. He has more than 10 years’ experience in the Business Intelligence (BI) and data analytics space, implementing end-to-end BI solutions.

What Habits Are Holding You Back?

Marla Halley — Wed, 31 May 2023 12:29:29 GMT

People pleaser… Perfectionist… Being modest about your achievements… Failing to enlist others or finding your promotor… Does this sound familiar to you? Then you are in good company. We often see what we need to change but may not know how to make a change or just feel stuck.

I recently read How Women Rise by Sally Helgesen and Marshall Goldsmith in our book club at Sinclair Workforce Solutions with ten of my female-empowered professional coworkers. If you are a male reader and have made it this far, thank you for reading. Although this book was written for women, men can benefit from learning about these habits so they can help, coach, mentor, and advise their female team members, sisters, wives, or daughters.

When I first heard about the book, I was excited about the topic and the discussion that would follow. I was already familiar with Marshall Goldsmith’s book: What Got You Here Won’t Get You There. These books are similar in that they both have habits and steps for improvements to overcome these behaviors. They are both written based on what worked when you were new in your role or new in leadership is no longer working for you and identify what might be keeping you from your next promotion. The difference is that How Women Rise is written FOR WOMEN, and they use their stories and examples to explain each of these habits.

Women tend to see success in a different light than men. They also have different experiences at work that cause them to develop different habits and responses. If we understand what is getting in our way, then we can make a few simple behavioral tweaks, and we will be on our way to our next promotion. In general, we are far more open to change because we are more willing to consider how we may have contributed to the situation in which we find ourselves. It is important to understand your counterparts, especially if you are their leader, to help identify where they are stuck and become a mentor or promoter of their career paths.

What are the 12 Habits that Keep Women Stuck?

1. Reluctance to claim your achievements

2. Expecting others to spontaneously notice and reward your contributions

3. Overvaluing expertise

4. Just building rather than building and leveraging relationships

5. Failing to enlist allies from Day One

6. Putting your job before your career

7. The Perfection Trap

8. The disease to please

9. Minimizing

10. Too emotional

11. Ruminating

12. Letting your radar distract you

If you would like to read a little more about each habit, check out these summaries: Thrive Happier at Work.

It is a conscious self-awareness that is the first step to effective behavioral change. I have recently started a new position at a new company and feel I am in the next chapter in my life. When I looked at this list, I looked at it from this new position in life as well as where I came from. I identified several habits of which I was routinely guilty from time to time. Like my obsessive need to please people. Being a chronic pleaser is wanting to be liked by all; usually to the detriment of yourself. Rather, it is about finding your primary purpose in life. Then finding the balance between work-life integration to make time for what is truly important to you and your family.

Perhaps you, like me, are guilty of committing these habits over your careers or with certain work groups. For instance, how many times have you caught yourself saying: “little, tiny, or quick”? These are examples of minimizing yourself and your contributions. Have you ever fallen into the Perfectionist Trap? Are you stewing over your mistakes or so focused on details that you fail to see the big picture? Ruminating is when we over-critique ourselves and we spend the rest of the day thinking about how an interaction or presentation could have gone better. Then when we seek the feedback of our colleagues, we realize we were being much too hard on ourselves.

What’s Next? How to Break the Habit.

During our book club discussion, we referred to the guide, by the authors. We talked about each of the twelve habits and went around the room to share if this was a habit we identified with now or in the past. We also shared if this was a habit we wanted to stop or make a behavioral change. So, you may be asking where do I even start? The author gave three straightforward steps to break the habit.

1.     Start with one thing – We are so good at making lists for ourselves and continue to add to them as the day goes on. This time just start with one habit or make a To Don’t List. The authors suggest creating a goal and purpose and writing it out. For instance, “I help women recognize their greatest strengths so they can act with confidence and intention.”
2.     Don’t do it alone – Enlist in the help of others. Whether it is a coach or coworker. Make sure you choose carefully, and this person is someone you can trust. Be specific about what you want them to notice. Make your request as brief as possible. Lastly, set a time limit whether it is at a specific event or over the course of a few weeks.
3.     Let go of judgement – We tend to judge ourselves when we fall short of our expectations or not making progress as quickly as we would like. Women tend to be harder on themselves than men. It really is okay to say “Oh well, I messed up. Oh well, I am not perfect.” Remember each of us is a work in progress and be willing to embrace change.

Deep down we want to believe if more women like us become more influential, the world will be a better place. When we work in a mostly male-dominated industry it is tough to break these barriers and build a culture of supporting one another to get to the next level. It is important for women to celebrate the talents, attitudes, and behaviors that have helped them get where they are today. Even as we work to change those habits that are no longer serving us.

******

Nancy Percy is a Business Development Manager at Sinclair College in Workforce Development. She develops training programs to give organizations the upskilling they need to excel in their fields.

Leading And Managing In A Hybrid World

Marla Halley — Tue, 25 Apr 2023 17:03:57 GMT

Technology First sat down with Greg Muir, Director, Technology Operations Management at Premier Health, to talk about the risks and rewards of remote and hybrid workplaces. Here is our conversation.

Technology First (TF): Why are employers considering adopting a new remote work philosophy? Or, for employers who currently have one, expanding their remote work philosophy?

Greg Muir (Greg): Remote work has been around for years and in my opinion, the benefits are undeniable. When COVID forced the issue for many people, it escalated implementation and forced all employers to look at not only their short-term remote work philosophy to deal with COVID, but also to consider their long term plans post-COVID.

TF: Why is remote work top-of-mind for employers today? Why would they want to implement it?

Greg: First, to enhance employee satisfaction and engagement. Employees who have participated in successful remote work experiences would view stopping it as taking a valuable benefit away from them. People have seen that it can be effective, and they enjoy the benefits associated with working remotely. For example, the reduction of travel time alone allows for more work time for the employer and more personal time for the employee. A remote work option can be a difference maker when an in-office employee weighs staying in their current position against moving to a new employer who offers a remote work option.

Second, remote work can attract talent. Rather than recruiting workers from Dayton, Ohio areas that are within driving distance, we can consider employees in other regions, states, and possibly other countries, without the need for a move. This greatly increases our potential labor pool.

Also, employers can reduce their real-estate and office costs for their workforce that works remotely. Costs such as building acquisitions, space rental, and even utilities like electricity, heating, and air conditioning can create savings. So, in summary, there are benefits both to the employee and the employer.

TF: How do you effectively communicate with a hybrid or fully remote staff? For example, how do you ensure everyone is clear on strategies and goals?

Greg: That is something that requires a very deliberate effort. There is a strong need for tools like Microsoft Teams or Zoom. We need to have interactive discussions around how our work impacts the organization’s strategies and goals; it can be more difficult to recognize that impact working remotely. So, you need to constantly talk about that and keep it front of mind when you’re having team meetings and talking with employees. We need to use the 7x7 concept of communicating: 7 ways at least 7 different times. This can be calls, Zoom meetings, written communications, videos, webinars, even kudos for projects well done and how they supported our strategies and goals. When possible, there is value to in-person gatherings as well. Many times, we will have an in-person gathering with a remote option for people that can’t attend. For example, if they live across the country, we’ll conference them in, but I still believe that there is a lot of value in getting together and having that personal touch with employees.

TF: What are the risks of having remote employees? How are you mitigating them?

Greg: There are risks, but there are things that you can do to address those risks. Like always, we need to keep data security in mind. When you’re working from alternate workspaces, you have the potential for people to use insecure or public Wi-Fi, or someone may use an unauthorized device. To mitigate some of these things, you must have good policies and procedures in place. You also must implement security tools like private networks, time outs, and secure network connections.

You also must keep productivity in mind. One of the fears employers of remote workers have is losing productivity. You must make sure you have both clear goals and measurable outcomes documented. Standards for acceptable response times can help with this. For example, if someone emails or communicates via voicemail, then you must have standards in place for when you expect return communication.

It also helps to have consistency of remote work across the organization. What I mean by that is, you need to have Human Resources involved to help create policies and to provide transparency and clarity across the entire workforce. That way policies are consistent for everyone across the company and not under control of each department. For example, you can have single or multiple computing devices. If I work hybrid, then I could have a computer at home and a computer at work and you must have a policy for that. Also, if the employee has a problem, how are they going to get device support to help them through that problem? There are pieces that are the employee’s responsibility and parts that are the employer’s responsibility. It must be documented so that both parties understand what the employer provides as well as what the employee needs to provide.

TF: How has going hybrid added to your infrastructure costs? For example, are you paying for employees’ high-speed internet?

Greg: Employee high-speed internet is a requirement to work remotely with our company. It is the employees’ responsibility to make sure they have good internet connectivity in place, and they bear the expense for that. We thought that may be an issue early on, but honestly, we haven’t seen many issues because most people who want to work remote already have required internet access in place for their personal lives. We did have to put measures in place to strengthen our remote access. We had to increase circuits, add security measures, upgrade our security to the latest versions, and use dual-factor authentication. We also had to make sure these measures did not negatively impact our services that were already remote. For example, a lot of our radiologists are contracted and read exams remotely. We moved them to their own circuits so they would not be impacted when we added in a thousand employees at the same time. Before COVID, remote access was mostly for support purposes, for example, IT support, and clinicians used it to access records in the middle of the night. But it’s a different ballgame when you’re going to have people logged on, working, utilizing video, utilizing sound, and having 1200 – 1400 people on at the same time. This impacts your infrastructure, and you must ensure that you have capacity to handle the additional volume.

TF: How has the new arrangement affected Premier’s culture?

Greg: It has been affected. We constantly work to build an environment of trust and to stay connected to all our employees. To do that, we organize regular formal and informal team meetings with time for Q&A and feedback. We also use things like virtual kudos so we can do shout outs and we try to personalize those because there are many times in the office when you would see people in person and thank them for their help on a particular project or task, but, when you’re not seeing people every day, it makes it a little more challenging to do that. So, we’ve implemented some tools to do it electronically so that it notifies both the employee and their supervisor. That way they can get positive feedback from them as well as their supervisor. We also have Town Halls and forums with options for in person or virtual. Those are important for making sure that everyone understands the mission, strategy, goals, our progress, and emphasizing corporate values. With us, employee engagement is constantly a top priority. We work very hard to make sure our employees are satisfied. If there is an issue, we stay on top of it because it can snowball quickly when people are working remotely.

TF: How have you marketed a hybrid option to attract talent?

Greg: We have some, but there is always room for improvement. Some of our postings specify that remote work is an option, but I feel that we could do a better job on the front end to both market to and attract future employees looking to work remotely. So, rather than waiting for people to come to our website and apply for positions, we need to advertise to people that may not be in our area or may not know a remote option is available. For most employees, the ability to work remote some or all the time is very important when you’re choosing a job. And, like we talked about earlier, it gives us a much larger labor pool to pull from.

TF: How is the hybrid model accelerating your digital transformation? In other words, are the existing business processes, culture, and/or customer experiences better or worse with hybrid?

Greg: The hybrid model isn’t something that only our work force desires. What we’re seeing is that our customers have also shifted and many of them demand hybrid systems of care. So, we have a very active and growing telehealth program, and we are constantly implementing new programs that can improve both patient care and the customer experience. We need to be open both to patients that would rather be seen in person and offer remote solutions for our patients who prefer to be seen remotely. Today, many people want to get things taken care of from their telephone or from their iPad, so we need to be able to handle that as well from our end. Telehealth is a very important strategy for us as we move forward.

TF: Do you think a hybrid workplace is here to stay?

Greg: There is not a one size fits all answer to this question. I see some very large companies such as Tesla and Apple that are bringing employees back to the office while others are expanding their remote work options. So, I don’t think it’s the same answer for everyone. I believe that a hybrid workplace is here to stay because if you implement correctly, both the business and the employees can benefit.

From an employee perspective, remote work avoids commute time, it can be better for wellbeing, and it provides flexibility for family needs and other obligations. If used appropriately, it can help people feel more productive and connected to the organization because we’re considerate of their time. So, that 30-40 minutes to work and 30-40 minutes home can be used for either more personal time or to get more work done.

From the employer perspective, remote work can be a great recruiting tool, reduce expenses for office space, and, if used right, it can really create a more engaged workforce that’s closely tied to your organization. Employers must constantly work to build employee trust, encourage communication, and set clear expectations. You must make sure you have remote working strategies along with good tools, policies, and procedures to help team members stay productive, efficient, and connected while working from home.

For all these reasons combined, I believe that remote work, if you implement it properly, and you have the appropriate tools and controls in place, can be a win/win for both the employees and employers. So, while there are advantages and disadvantages, I believe that the pros outweigh the cons for a hybrid workplace. I think it’s here to stay.

Why The DOJ's Renewed Interest In Cybersecurity Matters To You

Marla Halley — Tue, 28 Mar 2023 17:56:34 GMT

Will cybersecurity-related enforcement efforts by the U.S. Department of Justice increase in the coming years? The answer is yes. How do we know? Two reasons. First, DOJ has been telling us to expect increased efforts, both generally and specifically as to cybersecurity. Second, they have backed up their words with action.

As a general matter, U.S. Attorney General Merrick Garland and Deputy Attorney General Lisa Monaco, have been explicit that they are prioritizing the investigation and prosecution of financial and corporate malfeasance. Early last year, for example, AG Garland told the American Bar Association that he “had seen the Justice Department’s interest in prosecuting corporate crime wax and wane over time. Today, it is waxing again.” His remarks reinforced those of DAG Monaco in the fall of 2021, when she announced the Biden administration’s intention “to better combat corporate crime.”

In addition to remarks like these, in October 2021 the DAG issued one memorandum and, in September 2022, a second memorandum, announcing revisions to corporate criminal enforcement policies, which apply very nearly across the entire Department and, as explained in further detail, include significant policy changes that favor stronger corporate enforcement.

More specific to cybersecurity, DOJ late last year entered uncharted waters when it tried, and the jury convicted, Uber’s former Chief Security Officer, on charges of obstruction of proceedings of the Federal Trade Commission and misprision of felony, in connection with his attempted cover-up of a 2016 hack of Uber. The case represents what is believed to be the first federal prosecution of a corporate executive for the handling of a data breach.

It is not just criminal cases; it is civil case as well. In a noteworthy development, DOJ announced in late 2021 its “Civil Cyber-Fraud Initiative,” seeking to hold accountable individuals or entities that put U.S. information or systems at risk. Though the initiative, DOJ made clear its intention to utilize the False Claims Act (FCA) to pursue cybersecurity-related cases against government contractors, subcontractors, and grant recipients. The FCA is the U.S. federal government’s primary civil tool to combat fraud against the government, as it imposes financial liability on persons and companies (typically federal contractors and subcontractors, to include Medicare, TRICARE, and Medicaid health care providers) who defraud governmental programs. In essence, DOJ is sending a message that it will not be afraid in certain circumstances to pursue even victims of cybercrime. As part of this initiative, DOJ last year announced significant settlements in two False Claims Act cases (Aerojet Rocketdyne and Comprehensive Health Services) related to cybersecurity deficiencies or misrepresentations, and more are expected.

Still Better Together in 2023

Marla Halley — Tue, 28 Mar 2023 15:38:51 GMT

This year continues to challenge most businesses. As we enter Q2, lingering issues of recession, inflation, supply chain problems, and talent shortages highlight how digital modernization remains critical to the success of our member organizations. Here are five technology trends to not only help you combat these issues but also propel your company forward on your digital modernization journey.

Full-stack Development

One of the most important trends I am monitoring is the increasing emphasis on full-stack development. With the rapid pace of technological change, it is increasingly important for companies to maintain a team of developers proficient in a wide range of technologies. This includes both front-end and back-end development.

Cybersecurity

As organizations continue to digitize their operations and rely more heavily on technology, the risk of cyber-attacks increases. Businesses need to invest in advanced cybersecurity measures to keep their systems and data safe.

DevOps

DevOps is proving to be another significant trend this year. It will be essential for companies to have a strong DevOps culture in place to ensure that new features and updates are delivered quickly and with high quality.

From chatbots and virtual assistants to autonomous vehicles and drones, Artificial Intelligence and robotics are already having a massive impact on industries like manufacturing, transportation, and healthcare. As these technologies continue to evolve, businesses will need to invest in hiring AI and robotics experts to stay competitive.

Snowflake

Snowflake is a data warehousing platform that allows businesses to store, process, and analyze substantial amounts of data in the cloud. As organizations persist in generating massive quantities of data, Snowflake, or similar platforms, is a technology that is essential in order for companies to grow.

If you are a technologist looking to stay ahead of the curve in 2023 and beyond, then look no further than Technology First. Here you will gain perspective on the latest trends through conferences, newsletters, special interest forums, and Peer Groups. We gather to share thoughts, ideas, opinions, plans, and solutions in a collaborative environment. The IT community is better when we work together. Connecting, strengthening, and championing members are the reasons Technology First exists. Please join me and get more involved in the organization this year. There are numerous ways to make a difference: volunteer for a committee, speak at one of our Peer Groups, and/or bring your team to events. Together, we can ensure our businesses are prepared for the challenges ahead for the rest of 2023.

Machine Learning Deployed For The Opioid Epidemic

Marla Halley — Mon, 27 Feb 2023 21:10:44 GMT

Dayton, Ohio, and the wider Montgomery County has seen its share of tragedy during the opioid epidemic. Ohio has been one of the 10 worst-affected states in America, and the Dayton region has seen Ohio’s worst fatality rates from drug overdose^{^[1]}. While a hospital or emergency room can treat an acute incident for a patient with a substance use disorder (SUD), the longer fight against relapse is often waged by other organizations. The Community Outreach Actions Team (COAT) was specifically created in Montgomery County to address the grave opioid situation. The Public Health Quick Reaction Team (QRT) seeks to identify at-risk individuals and get them enrolled in treatment. The efforts of this community collaboration saw overdose deaths fall from 566 in 2017 to 289 in 2018, a decrease of 59%^{^[2]}.

The Montgomery County Emergency Room Overdose Notification (MC-ERON) system has enabled Dayton’s Alcohol, Drug Addiction and Mental Health board, and Public Health – Dayton and Montgomery County to provide outreach services to residents who experienced an emergency hospital visit due to a drug overdose, since 2018. MC-ERON generates a daily list of patient health and contact information that can be used to mobilize outreach efforts that would minimize the risk of further overdoses and deaths. However, MC-ERON did not prioritize, nor indicate, which patients are at a higher risk for additional overdoses or death. To overcome this limitation, the MC-ERON risk-stratification model is designed to estimate a patient’s risk score based on their demographic information, health history, and previous drug-related encounters with law enforcement and the health system, then assign a priority level to that patient based on the score. The risk score is then used to bin patients into four risk ‘priority levels’ which is provided to outreach personnel to contact the most at-risk patients. By comparing newly discharged overdose patients to those who previously died in-hospital, risk stratification scores can be calculated and included in the daily notifications to ADAMHS and PHDMC’s QRT.

The MC-ERON Risk-Stratification model has been deployed to PHDMC peer outreach specialists since 2019, with high overall model performance (AUC in the range of 0.82 to 0.85). Since deployment, individuals who died during or after the overdose encounter were scored as "high-risk" or "high-priority". Those that died during their hospital visit would not have benefited from outreach after their overdose; however, these patients highlight that the scores reflect the level of risk. For the patients who died after the encounter, this data suggests they would have been accurately prioritized for outreach services.

Despite these analytical successes, the MC-ERON Risk stratification algorithm represents a mismatch between problems faced by users and the ultimate solution. For peer outreach specialists, by the time the QRT is activated, the individual is already in crisis and at risk; therefore, the individual's precise "risk" is less valuable than the information provided along side the score.

The MC-ERON Risk-Stratification model was created before Ascend had a robust user focus. While the model and insights are valuable for PHDMC epidemiologists, the target users- the peer outreach specialists - find the most value in the contextual data features that accompany the actual predicted "risk score”. This mismatch between problem and solution has limited the impact of the Risk-Stratification model, and possibly limited the impact that machine learning could make on an urgent community problem. For example, peer outreach specialists are looking for ways to identify individuals that would most benefit from their intervention. For example, a model that could identify the likelihood of an individual to seek treatment, or identifying those individuals experiencing substance "abuse" vs "use" as those who are "using", rather than "abusing", may benefit from more sustained outreach to address addiction and chronic use.

Not understanding the context of the problems faced by a user can lead to gaps and missed opportunities when creating a predictive model. Upfront discovery is key to understanding the business and user needs to build the right predictive model that addresses problems within the current systems. Always keeping the user's needs top of mind will deliver the highest value to the business and the end user of your analysis.

^{^[1]} https://journals.stfm.org/familymedicine/2018/june/bowman-2018-0131

^{^[2]} https://www.mcohio.org/2018%20Community%20Overdose%20Action%20Team%20(COAT)%20Annual%20Report.pdf

Are You Stuck?

Marla Halley — Mon, 27 Feb 2023 20:53:43 GMT

I’ve never been much for New Year’s resolutions. Instead, I like reviewing the previous year’s accomplishments, challenges, and outcomes. This year, I used an assessment wheel to evaluate different areas of my life:
- Career
- Fun and recreation
- Money and finances
- Physical environment
- Personal growth
- Health and wellness
- Friends, family, and significant others
As I considered all the aspects of the wheel, specifically regarding career, it helped me think about my:
- Skills
- Talents
- Work environment
- Opportunities for growth
- Current commitments
All great things to think about! Which led me to pulling down a book from my shelf, “How Women Rise,” by Sally Helgesen and Marshall Goldsmith. I read this book several years ago and absolutely LOVED it! The authors recognized women “face specific and often different roadblocks from men as they advance in the workplace”. So, as you look back on your 2022, and specifically your career, how are you feeling? Do you feel stuck?

Helgesen and Goldsmith ask these questions:
- Do you feel something is preventing you from moving forward or from leading the life you’re supposed to be living?
- Do you feel unable to break through circumstances that are conspiring to hold you down?
- Do you feel as if your contributions are not recognized or appreciated?
- Do you feel the people around you have no idea what you’re capable of achieving?

If you answered yes to most of these questions, then this book is for you! If, like me, you are wondering how to become unstuck, then reading this book will help you uncover the habits that hold you back from rising to your full career potential.

For a more gender-neutral point of view, read “What Got You Here, Won’t Get you There,” by Marshall Goldsmith with Mark Reiter. This book is a broader stroke on the question, “What is holding you back?”

I hope you unearth the habits that no longer serve you. I believe leaving them behind will get you further down your path to success. Please connect with me and let me know how you got unstuck.

You’ve got this! Together anything is possible!

Aligning Our Missions

Marla Halley — Mon, 27 Feb 2023 20:43:22 GMT

It has been my pleasure on behalf of the Strategic Ohio Council for Higher Education (SOCHE) to collaborate closely with Melissa Cutcher and Technology First for many years. Some of our earliest collaborations were through Cin-Day Cyber and Career Adventures Camp. As the President of SOCHE, my focus is on leading our organization in collaborating with K-12 districts, colleges, universities, and industry to transform the economy through education and employment. This mission focus has resulted in sitting in many meetings at tables with Technology First.

SOCHE’s workforce development mission set has led us to many collaborative initiatives with Technology First and its many members. This regular engagement between our organizations has led us to recognize the need for closer organizational alignment and I’m very excited that Technology First has asked me and SOCHE to the inner circle through their Board of Directors. Our organizational missions at SOCHE and Technology First are very closely aligned and have led us to work on the same project on multiple occasions.

Through SOCHE’s work on Technology First’s Board of Directors, we hope to increase our work together and further align our work for the benefit of workforce development of information technology professionals across the region, while we work together to build upon our region’s existing economic development prowess. Close relationships through SOCHE’s 22 College and University members and Technology First’s members can only help our region become the premier location for professionals in IT as well as for businesses who are looking for a new home.

Our region has the workforce needed for the future with over 400K college and university students and close to 15K High School students. Our next generation of working Daytonians is already here in our region and it is our job to show them the pathway to great careers. We can make this happen through our engagement in our schools as well as by encouraging our students to spend time in our companies learning about our many different industries. Over the next few years as we manage decreasing numbers of students in each of our schools it is imperative for all businesses to engage and ensure that we are assisting all students to achieve their potential with at least a high school diploma and potentially a post-secondary certification or degree. I look forward to working with all of you to continue to make the Dayton region a great place to live, work and play!

It's Time To Start Thinking Differently About CyberSecurity Training

Marla Halley — Tue, 31 Jan 2023 16:41:48 GMT

It’s no secret that finding and keeping talent in the Information Security space continues to be challenging for organizations.

We must continue to think differently about how we recruit and retain talent, what resources we utilize, and how we engage in the community.

Why Developing your teams is critical to building a robust security program:

Demands from regulations and cyber insurance require training as part of your business plan
It helps prepare your team and gives opportunities for more responsibilities and promotion – advancement

It helps with testing efficiency and knowledge within the area of expertise
Improvement of security knowledge/skills
Cross-training teams – to avoid single points of failure

Things for consideration in building a training program:

Blended Learning Programs – Meeting people where they are (not everyone learns the same way)
Funding Sources – Ohio TechCred as an example
Consider building out repeatable training programs that align with business needs

Finding Talent:

Creating Apprenticeships programs with current teams from other areas of the business
Creating Security Champions
Attending local conferences to find talent
Working with High School STEAM Programs
Engage with local Special Interest Groups

For the Ohio Information Security Conference, ReynCon will present “Building a Cybersecurity Culture: It’s Time to Think Differently About Training.” Join us at Sinclair Conference Center at 10:45 am on 03/01/23

Protecting the US Communication Supply Chain

Marla Halley — Mon, 30 Jan 2023 19:16:30 GMT

The United States' communication supply chain is a critical infrastructure that enables the country's economic and national security. However, it is also a vulnerable target for foreign adversaries looking to exploit weaknesses and gain access to sensitive information. In this article, we will discuss the importance of protecting the US communication supply chain and the steps that can be taken to do so.

One of the biggest threats to the US communication supply chain is the potential for foreign adversaries to introduce malicious hardware or software into the system. This can be done through various methods, such as compromising manufacturing processes or infiltrating supply chains. Once in place, these malicious components can be used to steal sensitive data, disrupt communications, or even gain control of critical infrastructure.

It is essential to take a multi-layered approach to Cybersecurity. Implementing network segmentation is one of the best ways to protect networks from foreign interference. This involves dividing a network into smaller segments, each with its own security controls. This makes it more difficult for attackers to access sensitive data and systems.

Another way is to be sure you have a good inventory of your network. What's operating on your network? Remember the CIS Controls and the two most important controls. Know your hardware and know your software. You can't mount any defense or response if you don't see what you have.

TikTok, the popular social media app known for its short-form videos, has become a household name in recent years. While the app has been praised for its creativity and entertainment value, it has also raised concerns about its potential security risks.

Another threat of TikTok is the potential for foreign interference. The app is owned by Chinese company ByteDance, which has been accused of censoring content and spreading disinformation. This has led to concerns about the app's ability to influence public opinion and political campaigns. How do you mount a defense against TikTok?

To protect the US communication supply chain, it is essential to implement strict security measures throughout the entire process, from the design and development phase to the final deployment. This includes conducting thorough background checks on suppliers and vendors and performing regular security assessments and penetration testing on all components of the system.

Another critical step is to increase the use of secure communication technologies, such as end-to-end encryption and security protocols. This can help protect against eavesdropping and other forms of cyber espionage. It's also important to have incident response plans in place so that organizations can quickly respond to any security breaches or disruptions.

The US government can also play a key role in protecting the communication supply chain by implementing regulations and standards for the industry. This includes setting guidelines for the design, development, and deployment of communication systems, as well as providing funding for research and development of secure technologies.

In addition, it is important to have international collaboration and information sharing in order to address the global challenges of the communication supply chain. The US government can work with other countries and international organizations to share information about threats and best practices and to coordinate efforts to protect critical infrastructure.

In conclusion, protecting the US communication supply chain is essential for ensuring the country's economic and national security. By implementing strict security measures, increasing the use of secure technologies, and working with the government and international partners, organizations can better defend against the threats of foreign adversaries and ensure the integrity of the communication supply chain.

I'll be speaking at the Ohio Information Security Conference in March and will go into more detail on how to protect and respond to these and future threats.

The Author: Shawn Waldman is the founder and CEO of Secure Cyber Defense in Moraine OH. Shawn has created one of the only local firms that 100% focuses on Cybersecurity and has built its own Security Operations Center. Shawn is a subject matter expert and thought leader on Cyber and speaks at conferences globally on the topic.

2022 Year In Review

Marla Halley — Mon, 28 Nov 2022 17:53:50 GMT

Connect, Strengthen, Champion, and a Partridge in a Pear Tree

We were torn between writing you an annual report or an end-of-the-year holiday newsletter. You know the type: That yearly three-page single spaced book full of family highlights that falls out of your best friend from high school’s glitter encrusted Christmas card.

Instead, we chose to give you a Top 12 List of 2022 in Review. You’re welcome!

January – We kicked off the year helping you get organized with a member-to-member benefit session with Organization Solutions. Our Peer Groups for Infrastructure/Cloud and Women for Technology began their new year’s programming together. We saw the birth of a workforce subcommittee in conjunction with Montgomery County Educational Service Center. We finished off the month hosting our annual CIO Forecast Panel.

February –February’s main event was the annual Digital Mixer held at Wright State University. Over 140 students and employees connected to explore career possibilities. Women 4 Technology had a fascinating conversation around The Great Resignation.

March – If it’s March, then it’s all about the Ohio Information Security Conference. Over 300 people gathered at Sinclair Conference Center to share knowledge of the latest cybersecurity threats and strengthen their processes.

April –Executive Director, Melissa Cutcher, represented Technology First at a workshop to teach web development at the Innovation Hub in the downtown Dayton Arcade building. We were back in person for a Tech Forum addressing staffing challenges & labor shortages in the IT community with Cassie Barlow, Doug McCollough, Chad Bridgman, and Matt Coatney.

May – May saw the Peer Groups in full swing championing data analytics and cybersecurity. We ventured down south to Mason for some Tech Thursday networking. Executive Director, Melissa Cutcher, participated in an OCEA panel discussion.

June – Women 4 Technology squeezed over 25 participants into Warped Wing’s Springboro location for a Meaningful Networking session. Members enjoyed a Dayton Dragons’ game courtesy of our annual partners altafiber and ATC. Executive Director, Melissa Cutcher, represented Technology First at a two-day workforce development retreat with Montgomery County Educational Service Center.

July – Given the success of the Springboro event, Women 4 Technology ventured down the road to Fretboard Brewing Company in Cincinnati to offer another Meaningful Networking session to our members.

August – Peer Groups for IT Leaders, Infrastructure/Cloud, Cybersecurity, and Data Analytics all met to learn new or different approaches, validate thoughts, and expand on their existing practices. Technology First partnered with The Circuit for a fun night of IT networking in Hamilton at Municipal Brew Works.

September – We enjoyed supporting some members participating in the COMSPARK conference. We also had a wonderful turnout at the annual Golf Outing benefitting the Technology First Scholarship Fund. You helped us raise almost $7000 to award qualified, regional college students!

October – We are happy a few members of the Board of Directors were able to witness Executive Director, Melissa Cutcher, receive the Jeanne Porter Career Achievement Award from Women in Business Networking at their annual gala. Congratulations, Melissa, so well-deserved! We stopped by SOCHE’s 55^th Anniversary lunch to congratulate them. This month provided members the opportunity to volunteer at the Girl Scouts of Western Ohio’s Cyber Challenge. AND we celebrated Technology First’s 25^th Anniversary! We were honored to receive a proclamation from the State of Ohio from Lt. Governor, Jon Husted.

November – More volunteer opportunities this month through the Dayton Metro Library’s Career Adventure Days and The Girl Scouts of Western Ohio’s STEM Career Fair. And, of course, we gathered with 400+ IT professionals from all over the state for our 16^th Annual Taste of IT conference at Sinclair Conference Center. We ended the day with the 9^th Annual Leadership Awards where we recognized 11 categories of exceptional IT talent from the Dayton region.

December – Since this month just started, here’s a preview instead of a review. We will close out 2022 with these Peer Group meetings: IT Leaders, Data Analytics, Cybersecurity, Infrastructure/Cloud, and Women 4 Technology. Please join us!

Thank you for connecting, strengthening, and championing the best-connected IT community in the Dayton region!

#UniteDaytonTech

Keeping Humans in the Loop

Marla Halley — Sun, 30 Oct 2022 20:22:09 GMT

One of the biggest mistakes that data teams often make is jumping straight to developing a solution and not spending enough time with the people who will be using them and understanding their true goals.

Sometimes these goals, and the challenges to reaching them, are easy to identify. This is usually true if a data scientist is already working in the problem space or is already integrated into the business processes.

However, many data scientists operate as an outside consultant who is brought in to help drive strategic goals. This can lead to misunderstanding the problem and creating a solution that doesn’t live up to stakeholder expectations.

Or worse — creating the wrong solution.

A data team’s first instinct is often to begin with understanding the data. However, they first need to understand the people involved in the problem and who want a solution to it.

We can have all the data in the world but if we do not know how users or stakeholders interact with it and understand it in their terms, we cannot possibly make a solution that is going to fully solve their problem.

But you’re in luck! There is a framework you can use to help overcome this risk before even seeing any data. This framework is design thinking - a growing trend within data science long used in product development. Empathizing with your stakeholders is the first step to better understanding the problem they are trying to solve.

A simple way to start gaining empathy is by conducting interviews with your stakeholders, leadership, and team leads. You’ll be surprised by what you will learn by spending an hour (or more) in one-on-one meetings.

Importantly, you’ll learn how they are doing the work today. You’ll also begin to learn the language, jargon, and methods that these people use and where they see the gap. Ultimately, you want to gather their ideas on how they would want to use a solution if they had a magic wand to make everything better.

You also want to understand how leadership is currently driving business goals and figure out how a solution could contribute to those outcomes. And if it doesn’t contribute to the business goals, is it something that the stakeholders really want or need?

Data science is a collaborative effort between you and those using your solution. Success starts by fostering a deep interest in the people for whom these solutions are built.

Ascend is a socially impactful technology company that provides data driven products and consulting services to help organizations solve complex community health problems.

For Taste of IT, as part of the Developer/Data Analytics track, Ascend Innovations will be presenting 'Keeping Humans in the Loop: Human-Centered Design in Data Science and Analytics'. Join us in Room 122 at 3:40p.m.

Changes in the Cybersecurity Landscape

Marla Halley — Sun, 30 Oct 2022 20:06:20 GMT

The ever-expanding digital footprint of modern organizations is causing business owners to rethink their security technology stack to address sophisticated new threats. To better manage cyber risk, businesses are evolving and reframing security practices in preparation for the changing cybersecurity landscape. Unfortunately, managing risk is getting more complex every day. Bad actors have adopted their own organizational structure complete with HR, recruiting, training, finance, operations, and development teams. And worse? They use the same tools that the IT community knows and loves.

Some of the go-to-market strategies for cyber criminals involve outsourcing, brokering software, and forming partnerships with other vendors. The web of cyber connectivity that has been woven is extraordinary and has evolved into a professional ecosystem that allows them to attack with impunity. As a result, stronger risk management practices are needed now more than ever. The National Institute of Standards and Technology (NIST), indicates that 93 percent of intentional breaches in 2021 were financially motivated, with only six percent of reported incidents attributed to espionage.

So how do organizations protect themselves against such an intricate ring of cybercrime on a global scale?

The Cost of Cyberattacks on a Global Scale

Globally, the average cost of a data breach increased by 10 percent in 2021, reaching $4.3 million, up from $3.8 million in 2020, according to a recent data breach report conducted by IBM and the Ponemon Institute. The U.S. has continually ranked at the top of the list for costs, increasing from $8.6 million in 2020 to $9 million in 2021. With the cost of breaches on the rise, it’s no surprise that spending on security technology is on the rise as well.

Worldwide spending on information security and risk management technology and services is expected to skyrocket in the next few years. According to a Venturebeat cybersecurity forecast, Gartner predicts end-user spending for the information security and risk management market will grow from $172 billion in 2022 to $267 billion in 2026, attaining a compound annual growth rate (CAGR) of 11 percent. Many businesses are seeking outside aid and partnering with IT consulting firms and cybersecurity experts to help them gain a better understanding of the solutions and services landscape.

Build a Defensible Cybersecurity Posture

A sound security strategy provides unified and reliable protection of your assets from potential threats. Today, every business is vulnerable to attack, not just major global brands, and the consequences of being unprepared can be catastrophic. That’s why along with the constant changes in the cybersecurity landscape, there has to be a continuous change in mindset.

The dialogue around security has evolved as shown below:

Organizations ask, “What if we are targeted?”
Organizations ask, “Are we ready for when they attack?”
Organizations are now asking, “Assuming we’ve already been compromised and don’t know it yet, how can we beef up our cybersecurity posture?”

As the digital footprint of organizations expands, centralized cybersecurity control becomes obsolete. If you’re not looking into encrypted network traffic, you won’t have security. This shift in mindset is the fundamental principle that drives the concept of zero trust.

Zero Trust: What and Why You Need It to Protect Your Business

Protecting the modern business requires a new approach to security, and many are turning to zero trust. A cloud-native zero-trust platform is built on a proxy-based architecture that sits between the user and the Internet to provide secure access with full SSL inspection at scale. The core concept of zero trust is simple: Assume everything is hostile and always verify. In a zero trust architecture, a resource’s network location isn’t the biggest factor in its security posture anymore. Your data, workflows, and services are protected by software-defined micro-segmentation, enabling you to keep them secure anywhere; in your data center or in distributed hybrid and multi-cloud environments.

All data must be protected everywhere—on-premises, in the cloud, in SaaS applications, as it travels on the network, etc. To provide the best possible security, organizations should have all their different layers of defense working together while leveraging the cloud, so that when an issue in any layer is uncovered, the rest of the layers will be informed for total protection.

The painful reality is that all organizations are under attack—whether opportunistic or targeted—and the cybersecurity landscape is continually changing while the attack surface increases and the perimeter dissolves. The new paradigm in security is simple: assume the bad guys are in the system and plan accordingly.

The above submission is compliments of ATC’s Tech Advisor series. Advanced Technology Consulting (ATC) specializes in digital transformation in four core areas; voice, network, cloud, and cybersecurity. In 2023, ATC will be a Technology First annual partner for five years running. For Taste of IT, ATC will be presenting on “SASE, The Edge, and Zero Trust” and exhibiting in booth #11.

It’s No Secret

Marla Halley — Wed, 28 Sep 2022 18:37:31 GMT

You are probably aware that Technology First stands on three pillars: To Connect, Strengthen, and Champion our IT community. What you may wonder is how.

We Connect by offering our members numerous opportunities every month to network with peers and industry leaders.

We Strengthen by transferring knowledge of industry trends and emerging technology through our two major conferences each year, ToIT and OISC and working in partnership with both IT consumers and IT providers every day.

And one way we Champion our technology community is through our volunteer work.

Last month, Technology First held our 9^th annual Golf Outing. The event raises money for the Technology First Scholarship fund. These scholarships are awarded every year to one or more deserving regional college students. So far, we have helped students from Cedarville University, Central State University, Clark State University, Miami University Middletown, Sinclair Community College, University of Dayton, Wilberforce University, Wright State University, Ohio State University and Xavier University. To be selected, students must be currently majoring in Information Technology-related curriculums, achieved distinguished academic success, and demonstrated authentic character and values, among other rigorous criteria. Here is what winning one of the scholarships means to a recipient:

“Thank you Technology First for your investment in my future as well as the futures of all the other students who received scholarships. The monies will be going directly to my tuition payments to help ease my student debt and make my studies a little lighter”. ~ Caleb V.

Thank you to everyone who participated in this year’s golf outing. See a few photos from the event at the end of this post. Your generosity raised nearly $7,000. This brings our total donations for the past nine years to over $100,000! We could not provide this resource without both your support and the support of our sponsors; Horizon, Independents Fiber Network and aunalytics.

And that is not all Technology First does to help students discover their place in the IT industry. This month, we will host the Girl Scouts of Western Ohio (GSWO) for their annual Cyber Challenge. The purpose of the Challenge is to grow and shape the future of IT in the Dayton region by getting girls excited about careers in cybersecurity. The Cyber Challenge presents the girls with scenarios of cyber breaches. It is a unique event because the Challenge is designed by girls for girls.

Then in November, Technology First will participate in the Career Adventure Day event hosted by the Dayton Metro Library. Partnering with organizations including DRMA, CareSource, SOCHE, Dayton Children’s, and many others, we will promote IT career-path opportunities to middle school students using interactive, engaging, hands-on activities.

It's no secret Technology First is all about promoting awareness that every business is a technology business. We exist to help shape the future of IT. It’s also no secret that you support those purposes too. We are always looking for volunteers to champion these efforts alongside us. You could serve as a committee member, event volunteer, Peer Resource Group leader, or any number of satisfying roles. Please email me at mcutcher@technologyfirst.org to learn more.

When it Comes to Cybersecurity, Don’t Discount the Basics

Marla Halley — Wed, 28 Sep 2022 15:56:28 GMT

Let’s face it. Cybersecurity is hard. Between keeping the lights on and the mountain of IT projects, it is tough to stay in the know with current threats. It is common to see organizations attempting to throw software at the problem to stay informed and mitigate risk. However, this approach creates additional challenges. The software requires care and feeding and can produce large amounts of data that someone needs to review and act on. Before long, the software that was supposed to be the answer is just another piece of the enterprise that is getting little attention and presents risks since no one is updating it. While software solutions play a prominent role in understanding your threats and vulnerabilities, organizations should not discount the effectiveness of the basics.

When working with organizations, the three main focus areas are People, Processes, and Technology. Organizations that invest in these three areas typically have an effective defense against cyber threats and are on their way to maturing their cybersecurity programs.

People:

People play a large part in an organization’s cybersecurity defenses. Your employees can be your best defense or your biggest weakness. Cybercriminals are looking for the path of least resistance; usually, people are the most straightforward way into an environment. Implementing a solid training program for your employees is a low-cost way to ensure cybersecurity is top of mind at every level. Look for ways to implement training regularly throughout the year and create a security culture. In addition, the training that employees receive on the job will often help them stay safe at home.

Process:

Processes within an organization ensure everyone is working with the same set of guidelines. Unfortunately, we often encounter organizations with little documentation on the simplest of tasks. Take user on/off-boarding, for example. How many user accounts are still enabled, with the same password in your environment, and the user has been gone over a year? None, you think, but the reality is we encounter this scenario all the time and not just for one or two accounts. A user moved on, and no one notified IT. Documenting processes like this ensures that essential IT functions do not slip through the cracks. This is just one example, but organizations should take a hard look at their internal policy and procedures and, at a minimum, have an Incident Response Plan, Disaster Recovery Plan, and Business Continuity Plan reviewed regularly and practiced yearly.

Technology:

Technology in terms of cybersecurity is more than what is implemented to protect the environment. Don’t get me wrong, having a firewall implemented and configured correctly is critical, but the attack vector shifts if you are not regularly patching your systems. Organizations are typically good at pushing Microsoft patches; that’s easy. However, software updates and operating system upgrades are a different story. How many Windows 2008, 2003, or Windows 7 machines are running in your environment? Each machine presents a risk and attack vector. Every known vulnerability since the end of support is available to an attacker. Therefore, organizations should consider upgrades as soon as a system is implemented. I often encounter organizations that utilize software and hardware well past their intended end of life. At some point, IT Administrators simply do not want to touch them for fear of breaking something.

In short, cybersecurity is more than any one piece of software or hardware. Organizations should take a layered approach to cybersecurity and think about solutions in terms of a program. Simply having good cyber hygiene goes a long way in limiting overall risk and attack footprint. By training your people, documenting your processes and procedures, and putting the right technology in place for your organization, you are well on your way to an effective cybersecurity program.

If you are looking for a place to start, we can help.

Chad Robinson is the VP of Advisory and CISO at Secure Cyber Defense in Moraine, OH. In his role, Chad works closely with organizations to develop and mature cybersecurity programs.

AI and the Future of Software Development

Marla Halley — Mon, 29 Aug 2022 19:55:01 GMT

Artificial Intelligence (AI) is a growing part of our daily lives. We interact with Siri on our iPhones, we order Amazon products with Alexa and soon we’ll be trusting our cars to safely drive us to our destinations. Now we also have AI helping us write software code by interpreting and delivering solutions by predicting developers’ intention for code. The AI can offer robust code options, complete code snippets, classes, and methods. This is a much more robust contribution and collaboration than a suggested path. It helps you write complete code blocks.

How do we get an AI model that writes code for us?

Artificial Intelligence is the result of repetitive Machine Learning (ML) using a large dataset. A facial recognition AI, for example, is the result of ML pouring over millions of images of human and animal faces. The success and failure to recognize a human face is tracked and shapes the next repetition of testing.

Similarly, to predict what a developer is going to need for his next line of code the AI would need ML from a large variety of software code. Comparing software code written in different programming languages would also improve the quality of the AI’s code recommendation. GitHub is arguably the largest data store for a variety of software code written in almost every programming language. GitHub has leveraged its vast inclusive content to create an exclusive AI code completion tool called CoPilot.

The controversy of using an AI code completion

Simple code recommendation tools, like Intellisense, have been part of developer toolkits for decades. A more complete AI-driven service as a software substitute has stirred emotional, ethical, and legal concerns.

Job Threat - Software development takes education and years of experience to become proficient. Some software developers could look at AI-written code as a threat to their job or that their expertise is being undervalued. When considering an AI tool to write software, be sure to consider the broader impact on morale and the unity of the development team. It may be a good fit for the team and another tool to use. It could also be a source of resentment and dissolve productivity in highly functional teams.

Exclusive Service Created from Inclusive Community Content - An AI-driven Service as a Software Substitute tool is leveraging available big data to give their AI enough training to be a reliable solution. In his paper ‘Copilot, Copying, Commons, Community, Culture’ Robert F.J. Seddon compares the four conceptions (i) of community written by Peter Dahos - ‘A Philosophy of Intellectual Property” (ii). Since GitHub is arguably the largest repository of publicly available software, it is a resource provided by an inclusive community. When the owner of that inclusive content leverages it into a commodity (a product) it becomes an exclusive resource immediately limiting access to the inclusive community.

Untested Legal Position on Intellectual Rights - If you use an AI-powered code completion tool that has a model built from a public, open-source software, how can this AI-created code be used for commercial solutions? Can this code be merged into an enterprise intellectual property?

In the July 2021 article ‘Analyzing the Legal Implications of GitHub Copilot’ (iii) the FOSSA team interviewed an Intellectual Property lawyer to get answers to these questions. In this article, the lawyer gave a great example of how Google provides sample content from millions of books it has indexed. It was ruled that Google was not infringing on the copyrighted material because a small sample of the material was made available. Comparing that to a code completion tool, it is not providing a complete body of work, only a small section of it.

But you should still be cautious using an AI to provide code completion. “I’d caution anyone using Copilot right now to help write code to pay close attention to the nature of Copilot’s suggestions,” Downing says. “To the extent you see a piece of suggested code that’s very clearly regurgitated from another source — perhaps it still has comments attached to it, for example — use your common sense and don’t use those kinds of suggestions.”

The Future Of AI
The development of AI tools is accelerating at an exponential rate. You can expect it to become more integrated with your personal and work activities. As more samples of big data become available, there are more opportunities to train an AI solution. One prediction I have for an AI tool: A solution that would interrogate an entire enterprise, examining internal file systems, code repositories and network topology then create workflow documentation, offering process improvement recommendations along the way.

Conclusion

I enjoy pair-programming with another developer but if that’s not an option I would consider an AI tool to get a feeling of collaboration during the development process. For some teams, it could be the support a developer needs to be productive.

As a developer, I don’t feel my job is at risk from AI-written code because there is high demand for skilled developers. I see it as a tool, similar to Intellisense, that would help me get the job done.

I know AI-written code raises moral concerns around inclusive vs. exclusive communities. The developer community needs to guard against abusive behavior from companies commoditizing on open and inclusive resources.

References

(i) Copilot, Copying, Commons, Community, Culture

by Robert F.J. Seddon, honorary fellow of University of Durham

https://www.fsf.org/licensing/copilot/copilot-copying-commons-community-culture

(ii) Drahos, Peter. A Philosophy of Intellectual Property. 1996, Dartmouth, pp. 67-70

https://www.researchgate.net/publication/304514536_A_Philosophy_of_Intellectual_Property

(iii) “Analyzing the Legal Implications of GitHub Copilot” - FOSSA 7/14/2021

https://fossa.com/blog/analyzing-legal-implications-github-copilot/

Why Software is STILL Eating the World

Marla Halley — Mon, 29 Aug 2022 19:09:22 GMT

As we near the end of the third quarter of 2022, it would not be an understatement to say the state of the software development industry remains red hot across the U.S. As I considered how to capture some of that momentum and provide some insight into something as large and complex as the state of software development I was reminded of an important article from the past. On August 20, 2011, Marc Andreesen published a piece in the Wall Street Journal that for many in the business and technology world would become a rallying cry, “Why Software is Eating the World”. In this article, he focused on what many were not as sure of then, as we are today, which is the impact software, software companies, and the start-up companies of that day would forever change the world in which we live and the businesses that many of us work for. (This article can still be found reprinted on his website, a16z.com) The insights still very much hold up today in 2022 which is why I will use it to frame up the current state of software development here in the Midwest as well as across most of the world. Here are just a few of the insights from that article that hold relevance for us in 2022.

“We are in the middle of a dramatic and broad technological and economic shift in which software companies are poised to take over large swathes of the economy.”

“Software is also eating much of the value chain of industries that are widely viewed as primarily existing in the physical world.”

“Many people in the U.S. and around the world lack the education and skills required to participate in the great new companies coming out of the software revolution.”

Is it hard to imagine that Apple, Amazon, and Alphabet are far from done taking over large swathes of the economy in 2022? While it is still early in the value shift from physical world to virtual we have plenty of samples of this evolution to reference in the last eleven years. FedEx, is now thought of more as a software network that happens to have trucks, planes and distribution hubs attached as an example. How many more physical value chains of industries do you experience weekly that are still in need of a little software revolution? Lastly, we can still see in today's news headlines that Mr. Andreesen’s concerns about the lack of education and skills required to participate in the evolving often software centric economy remains a pressing concern. While those headlines are often about security and privacy issues related to software, they also often highlight the challenges around education and skills gaps in many communities and often across a wide spectrum of people from the youngest to the oldest and the richest to the poorest.

Here are some additional data points on just the education and skills area and why the last eleven years may have only been the first course in eating the world. This data also provides insight, that even bigger opportunities and challenges lay ahead for software and software development.
- A shortage of experienced developers continues

In May of this year, the US Bureau of Labor Statistics showed that employer job postings for tech roles reached "a record high", led by new hiring in IT services and software development. Year over year through this same time there was a 52% increase in postings for tech roles with Full Stack Engineers among the most popular title.

Salaries balloon

Year over Year salary increases through the first half of 2022 remain on a growth fast track. Depending on what part of the US you are living, Hire.com and other sources report salary increases ranging from 7-14% year over year increase and on top of just as robust increases in 2021.

The Great Resignation and Potentially the Great Regret

As of July, as many as 26% of the 20 million Americans who quit their jobs in the first five months of this year say they regret that decision according to many surveys. While the numbers for software development I would assume may be lower here given the white-hot salary numbers, it’s a trend to watch also in this space. Given the large, recent layoffs and hiring freezes within technology companies, could there be a Great Regret creeping into the software labor force?

I would like to end with this thought as we sit here in August of 2022. Software is a broad and reaching subject that we all should continue to seek to understand not only from the business perspective. Better understanding how the new generation of developers and technology companies are doing what they do, to what the broader consequences are for businesses and the economy all will remain important investments of our time. By better understanding these and other areas of this layer of the technology industry can we help ensure not only the health of our industry and that of our business community, but also to help ensure better participation for all that it will impact.

3 People-Focused Ways to Increase Dev Capacity, Without Hiring

Marla Halley — Mon, 29 Aug 2022 17:29:23 GMT

As many businesses approach budget season, the truth rears its ugly head again – the business needs 15 projects completed in the next year and the team has capacity for 8. So, you get together with business leaders, you prioritize, make half the room angry, and then because you’ve committed so much, your teams have little-to-no chance of actually delivering the projects you’ve outlined. This painful process repeats itself every year.

The good news is that this isn’t unique to your business. This pattern repeats itself across nearly every IT and development organization. The frustration mounts the same way in nearly every business leader. The math simply does not work – the work exceeds the capacity.

So, we try bonus structures and tightening down the screws but none of it works for long. And of course, we want to hold off on hiring so we need a different approach.

Fortunately, there are some things you can do, so let’s get started:

1. Master Motivation

Something like 60% of all corporate employees are disengaged. No org is immune. This statistic gets cited all the time and shows up in a number of articles. Here’s one that discusses a 38% engagement rate. It’s a pervasive and hidden issue, so let’s try to make it more tangible:

An engagement rate of 38% on a team of 25 people means that 9.5 people are fully engaged.

If the engagement rate increases just 8 points (46%), it means 11.5 people are fully engaged.

That’s the equivalent of hiring 2 people!

Author, Daniel Pink wrote an incredible book on engagement titled “Drive”, that’s a must-read for every leader responsible for engineering teams. Pink’s research showed that humans aren’t motivated by money nearly as much as by having Autonomy, Mastery, and Purpose in their work. When we create environments where people have autonomy, mastery, and purpose, we create environments that lead to engagement. How do we do this?

Autonomy

Leaders who excel at creating autonomy focus on two things: trust and courage. Trust in your team to let them make tech and product decisions in their local context, without significant oversight from you (or another leader). Then, the courage to stick through it and let them make a mistake. It’s like the first time you let your 16-year-old drive on the highway by themselves (a reality in my life right now). Autonomy takes trust and courage.

Mastery

Excelling at mastery requires investment. Financial investment helps, but this one is really about time. Investing time every quarter to allow teams to develop skills (in a SAFe environment, this might be during the IP sprint). Throughout the year, encourage people to take on some new tech and then encourage pairing with someone who already knows the tech. They’ll be slower at first, but as skills develop, you’ll have two people that are masters at the new tech and the org will be twice as fast.

Purpose

Why do people work for your organization? To make money for the business? Doubtful. Making money for the org just doesn’t motivate most people. To make money for themselves? Again, doubtful – you’re probably already paying your engineers more than the money required for happiness (that number is currently $95,000).

People’s deepest purpose is to help others. Purpose provides us with the good feeling of having made the world a better place.

There are two keys to driving purpose: Stories, and Frequency. We must share authentic, believable stories about how our work improves the world and then we must talk about them frequently. Stories are the currency of Purpose.

If you work at a bank, it’s tempting to talk about revenue, but it’s more motivating to talk about helping a family achieve the dream of owning a home by providing a mortgage for them.

If you work at a Consumer Goods company, it might be easy to talk about sales goals, but it’s more motivating to share stories of moms who struggled before using your product and now have a changed life because of it.

2. Become a Culture Curator

We all know that “culture eats strategy for breakfast” but if we look at the past 6 weeks and are honest with ourselves, how much effort have we put into culture? How much to strategy? We have to wonder if the focus on strategy is ruining the breakfast.

The number one job of every leader in a development organization is to create and curate a culture. Every word, every thought, every idea you have should propel the culture in a direction that helps to accomplish the goals of the organization. If the culture needs to be more entrepreneurial, then immersing yourself in the entrepreneurial culture of startup software companies and reflecting that in decisions you make must become a core part of the way you operate.

Leaders’ roles are to eat, sleep, and breathe the culture we’d like to see embodied in our organization. The more we do that, the more we’ll create that culture in our people and our companies.

3. Become a Servant-Leader

Scrum and Agile flipped the script on leadership and it makes the world a significantly better place. Leaders who serve their teams win their hearts, gain their trust, and build more committed teams. As a senior leader, this is what servant-leadership looks like:

● Asking your teams what help looks like and then doing that for them.

● Starting every meeting by asking for the room’s thoughts on what should be covered (instead of driving your own agenda)

● Coaching an employee who shows that they need it and welcomes it.

It may take some time but mastering motivation, curating culture, and becoming a servant leader are very effective ways to increase development capacity. Along the way, you’ll become a better leader and create an even more high-performing organization.

Got Talent?

Marla Halley — Wed, 27 Jul 2022 23:01:24 GMT

By: Cassie Barlow, President, SOCHE

The times are changing in the world of talent attraction and management…..has anyone noticed? Who hasn’t seen a help wanted sign in the last few weeks? We have all noticed the changes and we are also all trying to figure out how we can recraft our workforce strategy in response.

The experts in the field of talent, workforce and organizational development are all trying to understand the needs of employers and employees while examining best practices in order to offer the best ways to engage and retain talent. Here are a few thoughts on what is trending in the field and some tips that may help your company find the workforce that you need and keep them engaged and on the job for many years.

If you are one of the companies who have lost great talent over the last 18 months, join the club. The loss of this talent along with the dearth of new talent in the marketplace has led many employers to take a very close look at their workforce strategy, organizational design, structure, salaries, benefits, and job descriptions. Now is the time to examine your internal talent, organizational structure and design and figure out what are the most important tasks that need to be accomplished and the best way to group these tasks into job descriptions. This is also a great time to examine the diversity of your current team and develop some intentional steps to attract and recruit a more diverse group of employees. The research on team performance has indicated repeatedly that team effectiveness, innovation and efficiency improve with diverse teams. There may be opportunities in your company to upskill current employees, to combine job descriptions, to rescope job descriptions, to staff positions with employees at a different level and to look at outsourcing. This is an important first step before trying to operate in the same way that you did a few years ago.

Attracting and hiring new employees is just one part of the talent equation. The trends in employee engagement and retention are also a different landscape from previous years. Professional development is a critical focus area for many employers and an expectation from employees. From internal company transfers and upskilling to paying for degrees and certifications to microlearning, your future employees are looking for ways to continue their development in their new company. Professional development is a wonderful way to engage your employees. Another way to engage your employees is through regular team building and community service. A team becomes their best when they know each other, and both of these activities can boost your team performance as well as build your company culture.

Now let’s switch our focus to keeping our employees on the team! Employees want a sense of purpose at work. They want to truly understand the value and the meaning of your company's mission and vision. They also want to know exactly where they fit into your strategy. Meaningful work and a sense of purpose will encourage employees to stay with you. In addition, employees want to know that they are being paid a competitive wage and benefits.

Take the time to conduct company climate surveys, to listen to your employees and to take action to address concerns. Your employees need to know that you care about them and that you are doing your best to provide them with the tools they need to accomplish their job, while looking out for their best interests.

Remember that we are all in these challenging times together. As a leader in your organization, take time to connect via professional organizations and learn from each other.

Resources:

https://bit.ly/ForneyTalentAquisition

https://bit.ly/ForbesHiringTrends

https://bit.ly/TandEmployee

https://bit.ly/DeloitteHumanTrends

https://bit.ly/deloitteRethinkingRelationships

Meaningful Networking: Inspiring the Future of Tech Leadership

Marla Halley — Wed, 27 Jul 2022 22:55:36 GMT

In July, Women 4 Technology once again hosted an outstanding Meaningful Networking event. During the event, women and men from various industries and technology fields gathered to connect and network. We even had a guest appearance from Treg Gilstorf, our Vice Chair. A big thank you to Brooksource for powering the event and leading one of our table discussions.

Why Women 4 Technology?

As Kathy Vogler discussed in her guest blog Disparity in the Numbers last month, women make up only 22.3% of the technology workforce. Our W4T Peer Resource Group aims to help improve those numbers by developing leadership through networking, professional development, and mentoring opportunities.

At the center of W4T's Meaningful Networking events are table discussions led by industry mentors. These discussions leave participants with tips, strategies, and connections to help solve business challenges, dissect industry trends, and achieve career goals.

July's discussions delivered on these objectives, inspiring several ah-ha moments that left participants with actionable steps and reading recommendations that can be implemented to positively impact our days, careers, and teams:

Penny McVay with Great American Insurance Group spotlighted Positive thinking and learning: If you think you can’t, you can’t… but if you think you can, you can! Penny shared the story of an NBA basketball coach and his approach to recognize and celebrate his team to success. She referenced two books Freedom Flight - The Origins of Mental Power and The Culture Code: The Secrets of Highly Successful Groups, and one mentee connected these ideas to the book The ONE Thing: The Surprisingly Simple Truth About Extraordinary.

Raquelle DeSimone and Julia Holocher of event-sponsor Brooksource led an exercise to help participants Own Your Day: Formula for Owning Your Profession based on the book of the same name: Own the Day, Own Your Life. The three-step exercise focused on defining a mission you believe in, describing how you work effectively, and owning your space.

Andrea Dale of To the Point Coaching and a W4T veteran, encouraged the mentees at her table to Strengthen their Influential Leadership Muscles by sharing her insights working with IT leaders.

Ashima Sharma with CareSource is a continued W4T supporter. In her discussion, Ashima encouraged mentees to Define Success for Yourself Before Setting Goals through what she has defined as the four p's - people, profit, purpose, and planet.

And, Claire Rohan, TEKsystems Global Services, discussed Driving Business Value and Keeping the Customer at the Center of Everything You Enable, sharing several key takeaways including the move from solution-obsessed to outcome-obsessed; meeting people where they're at; and understanding that value is always determined by the customer. These lessons came from the book Pursuing Enterprise Outcomes: Maximizing Business Value and Improving Strategy for Organizations and Teams.

We think Lisa Austin of Great American Insurance Group summed up the event best when she said, "I wasn't sure I would be able to make it tonight; but I am so glad I could! This was a great reminder of how we as IT professionals contribute to our businesses, their vision and mission. The event and conversations were a great motivation to me with thought-provoking topics."

If you haven't attended one of these events in the past, you're missing out! We look forward to you joining us at our next W4T event:

Creating an Effective Business Case
September 16, 2022
8:30 - 10 a.m.

Disparity In The Numbers

Marla Halley — Tue, 05 Jul 2022 12:30:37 GMT

By: Kathy Vogler, Expedient Technologies

According to the US Bureau of Labor Statistics the rapid rise in women’s participation in the work force was a major development in the labor market during the second half of the 20^th century. In 2019, 57.4% of all women participated in the labor force¹.

It’s become normal for women to contribute to their families’ finances and fill jobs in the marketplace. We celebrate these accomplishments. However, working women still face serious challenges that their male counterparts typically do not: motherhood and childcare, equal pay discrepancies, growth ceiling challenges with fewer leadership opportunities, and industry specific bias.

Currently only 22.3% of workers in the technology field are women. A few other fields show similar statistics and a woman trying to make a career in these male-dominated industries must face these biases and cultures.

A simple search of LinkedIn Groups for “women in tech” results in over 1,000 offerings. We are trying! My first female focused group experience was in 2013 with Women of Cisco and I’m proud of Technology First for creating Women 4 Technology in 2015. A more recent group (2018) is CompTIA Advancing Women in Technology. Women in this field understand the challenges. These groups bring together supportive women offering training, guidance, and mentoring.

57.4% Overall – 22.3% Technology. Why the disparity in these numbers?

Educators have been working on this issue for many years. How can we attract more young girls to choose a technology career? “Start early!” shares Martha Taylor, Sinclair Community College Professor of CS&IT “Provide educational opportunities and career modules to K-6 grade teachers and counselors and bring to top of mind the IT career opportunities. Create programming modules with hands-on projects that will start to build interest in IT for these young women.” And, from Kristin Friend, Senior Partner Development Manager Microsoft “Exposure, exposure, exposure! We need to make sure our STEM programs are designed for and marketed to girls of all ages with women mentors from the technology industry highly engaged with these programs.”

I attend a lot of technology focused jobs fairs and the number of young women attending and applying for available technology positions is dismal. Take a look at the crowd at the next technology event you attend, you’ll see the same. A glimmer of hope is that the women who are working in technology are thriving and are willing to help others succeed. The Technology First Peer Group Women 4 Technology currently has 66 active members and quarterly events. We are trying!

Intel’s 2021 Diversity and Inclusion Report ² shows their goal is to increase representation of women in technical roles to 40% by 2030. Dr. Tarika Barrett, CEO of Girls Who Code hopes to close the gender gap in entry level tech jobs by 2030 ³ “It’s imperative for leaders to play a bigger part in this effort. Women who do take tech jobs often drop out at age 35. We need to focus on changing hiring practices and changing culture to sustain their careers and get deep and hardwired into the company DNA. Sisterhood continues to shape the lives of women in tech who have been hidden or not recognized. You’ll get stuck but you’ll have this team of support through the sisterhood that will carry you through into the workforce. Be reflective of things that push you out of your comfort zone. If you have a supportive organization or company, you’ll find that scaffolding you’ll need to sustain.”

Some important career lessons learned about being female in technology, “You have to demonstrate you have the knowledge to work in IT. It’s important to acquire skills and stay relevant in your field” shares Martha Taylor. And, from Kristin Friend “If you find a job opening that you may not have all of the skillsets per the post, it is ok, still go for it! Men do this all the time, whereas women tend to hold back until they feel they have checked all the requirement boxes. You want to find a job where you can leverage the skillset you have but can also grow and learn to advance your career.”

Women have come a long way but the fallacy persists that most women would rather not be techie. This change in mindset to offer technical opportunities to young women needs to come from parents, teachers, guidance counselors and course learning mechanisms. To keep the women who choose this path from discouragement, change in mindset needs to happen with the C Suite, HR and employee culture committees. Women bring strength through diversity and will positively impact technology given the opportunity.

We are trying!

1 Women in the labor force: a databook : BLS Reports: U.S. Bureau of Labor Statistics

2 Intel (Nasdaq: INTC) 2021 diversity and inclusion report - Bizwomen (bizjournals.com)

3 https://www.linkedin.com/news/story/girls-who-code-ceo-leans-on-sisterhood-5346636/

ANNOUNCING NEW BOARD MEMBERS FOR 2022-2023

Marla Halley — Mon, 23 May 2022 18:13:41 GMT

Technology First announces the election of two new members to its Board of Directors. The newly elected Board members are Karen Kauffman and Kevin Johnson.

Technology First’s Executive Director, Melissa Cutcher, said, “We are so pleased to welcome these two talented individuals. Their unique backgrounds, skills and experiences will make them great additions to our board and the organization”.

NEW BOARD MEMBERS

Karen Kauffman, Director of information Technology for Precision Strip Inc., which leads the industry in metal processing and technical capabilities. Precision Strip has grown to 15 locations throughout Ohio, Kentucky, Indiana, Alabama, Tennessee, and Michigan. Karen is passionate about innovation and supports Precision Strip as they continue their business through building locations and acquisitions.

Kevin Johnson, Vice President of Information Technology

Wright-Patt Credit Union (WPCU) which is a not-for-profit cooperative, where members are owners of the credit union, and therefore share in a portion of the credit union's profits. Kevin supports WPCU by providing strategic and managerial responsibility for WPCU’s information technology division, including financial systems, data warehousing, technical services, IT Security, and Project Management Services.

Technology First Board Members

Officers:

Board Chair - Scott McCollum - Sinclair College

Vice Chair - Treg Gilstorf - Smart Data

Treasurer - Bryan J. Hogan - Afidence

Directors-at-large

Jim Bradley -Tecomet (Retired)

Diana Bolden - (Retired)

Paul Stoddard - Gartner

Matt Coatney -Thompson Hine LLP

Gary Ginter - Premier Health

Lisa Heckler - CareSource

John Huelsman - Hobart Service

Don Hopkins - Wright State University

Don Kennedy - Smart Data

J.D. Whitlock - Dayton Children’s

Paul Moorman - ND Paper (Retired)

Thomas Skill, Ph.D. - University of Dayton

Kevin Johnson - Wright-Patt Credit Union

Robin Poffenberger - Washington Centerville Library

Karen Kauffman - Precision-Strip

Human-Centered Data Science

Marla Halley — Mon, 23 May 2022 17:35:34 GMT

By: Bill Baez, PhD, Vice President-Strategy, Ascend Innovations

Data scientists begin analysis by working to understand the people and data involved before turning any numbers into actionable, data-driven insights. Data science frameworks often begin with an initial step of “Business Understanding”, as seen in the Cross-Industry Standard Process for Data Mining and Microsoft’s Team Data Science Process. However, like many analytical fields, data science is often defined using a cold, precise tone, like this one from a recent CIO article:

“The goal of data science is to construct the means for extracting business-focused insights from data. This requires an understanding of how value and information flows in a business, and the ability to use that understanding to identify business opportunities.”^{^[1]}

And while true, definitions like these often gloss over a fundamental aspect of these data-driven insights – the people using them.

While data science frameworks often focus on the need to understand the business, they lack an emphasis on the individuals faced with problems that require the data scientist’s expertise to solve. To provide great and effective solutions, data scientists must be willing to understand what their users feel about their problems. Data scientists need to first empathize with their clients.

A growing trend within data science is incorporating elements of design thinking into data science frameworks. Design thinking has long been used in product development and considers empathy to be the first step where researchers can get a better understanding of the problem users are trying to solve.

Data science is fundamentally a collaborative effort between you and those using your solution. Data scientists that foster a deep interest in understanding the people for whom their products are built, create more effective data-driven products and services than those that deliver a sound technical package. Data scientists must place the same weight on understanding their user’s needs as they do in feature engineering or picking the right machine learning model. Not seeing the problem through the user’s eyes can lead to weeks, if not months, of wasted effort creating a model or dashboard that is ultimately not used.

Historically, data scientists have focused on the technical aspects of a project to improve performance. Improved accuracy is only part of the equation when examining a product’s effectiveness. Increasing a model’s accuracy from 80% to 83% isn’t always the right metric to measure its impact on the problem you set out to solve. You want to find out how often that model or dashboard is being used and in what context. You also want to understand how much the decisions made by the models are acceptable to users, how to build trust in the results, and how your users identify value from your product. The answers to these questions will help data scientists develop solutions that are not only technically right but also effectively right for the people using them.

Bill Baez, PhD, Vice President-Strategy, Ascend Innovations

Bill is currently the VP of Strategy at Ascend Innovations in Dayton, OH. In his role, he works closely with multiple departments to provide socially impactful, data-driven products and services to organizations trying to solve complex community problems.

^{^[1]} https://www.cio.com/article/221871/what-is-data-science-a-method-for-turning-data-into-value.html

Why a 3rd Party Assessment is So Important

Marla Halley — Mon, 28 Feb 2022 21:25:27 GMT

By Shawn Waldman – CEO – Secure Cyber Defense, Miamisburg, OH

I've been in technology for over 25 years, and one of the first things I did in 2009 when Cybersecurity was becoming a thing was to have an external firm evaluate my program. Considering that I didn't have a program back then, the results were very enlightening. I hired a firm that could look at me through a completely different set of eyes. They didn't know my company or me and came at the task differently.

Let's look at some of the many reasons you would want to have this done.

Insurance

First and foremost, we're seeing that many insurance carriers are explicitly asking you to have a 3rd party assessment to renew or obtain coverage. Unfortunately, this leaves the door open for interpretation of how the evaluation is carried out. We recommend using many mainstream compliance frameworks like the CIS Top 18 Controls, NIST 800-171, or the National Cybersecurity Framework. Depending on the maturity of your organization, you might also want to investigate the ISO 27000 set of standards.

Risk Management

When I'm talking to potential clients, one of the first things I usually talk about is that no business owner will decide about a significant move in just about anything without having good intelligence and information to support the action. Quite frankly, many company executives and managers are completely unaware of the Cybersecurity risk that might be present. A considerable benefit of the assessment process is that a seasoned and experienced assessor can pivot from the interview and look more profound for risk. What's the most common way risk makes its way into an organization? Change.

Getting a Fresh Look

Sometimes, it's just nice to get a second set of eyes on things to see if anything is missed or a different way of doing things. A natural reaction is to resist the need for an assessment because it can be seen as a threat or a sign of distrust. Quite the contrary, actually, in the over ten years I've been doing 3^rd party assessments, I can only count on one hand the number of times that someone took it that way. Most companies and IT staff welcome a second set of eyes, especially with Cybersecurity, since most IT staff don't want to take on that expertise.

Compliance Requirements

Maybe your organization is required to maintain a certification or requirement for you to perform a contract or business with a customer. In this example, CMMC/DFARS/NIST is a perfect model. Since before the requirements were ratified, Secure Cyber Defense has performed pre-assessment work in this area as the customer's advocate. Although the CMMC rules are in flux (recently reduced from 5 levels down to 3), it's important to monitor new contracts for CMMC notification levels. Until then, make sure you work with a trusted provider who can start working with you through the Plan of Action and Milestones (POAM) and help prepare the System Security Plans (SSP). We recommend all defense contractors continue to work on the DFARS/NIST compliance pieces as regardless of what CMMC does, those components will be required for the foreseeable future.

Vendors/Customers Request It

Next on the list, you would want a 3rd Party Cyber assessment because vendors and customers may require it. It's not out of the question, and many of you have already been requested to have an external evaluation to keep those relationships. These requests generally surround the increased push for organizations to keep their 3^rd party vendors in check (i.e., CIS Control 15 covering service provider management). It's always good to keep a current external assessment on file; we recommend every year or every other year.

Light Threat Hunting

Something that we've been doing since the beginning has been doing what we call "light threat hunting." In the course of our assessment, we provide some threat hunts of known and documented threats (like log4j indicators) and communication with countries currently listed on the Office of Foreign Access Control (OFAC) list. Often, this can be a good indicator of a potential threat or evidence of one in history. As you are searching for 3^rd party assessment vendors, I would ask about.

Blow the Dust Off Your Policies

The policy is still one of the not-so-glamorous parts of managing an IT Department and a Cybersecurity program. Things like an Incident Response Plan, Disaster Recovery, and Business Continuity were all things that were not on the priority list year ago. That being said, we've come across many organizations that have policies but haven't been updated for many years. Assessors can look at the guidelines that you do have and provide some feedback on any changes that might need to be made to make them current.

C-Suite and Boards Take Note

Executives in the C-Suite and Boards need to note that not having an external look at your organization can often put you in a blind spot. Like I've said previously, it's not a trust issue, and it's the fact that you can get tunnel vision looking at the same things for many years. Like I've said earlier, this happened to me when I was managing IT. Only when I hired an external firm to look at my organization did I learn that there were processes and information I didn't have about new hardware/software solutions available.

Perform Regular Re-Assessments

As indicated in this article, we recommend getting regular assessments and rotating through providers at least every other year, much like you would with penetration testing. The idea behind this is that you will get a completely different perspective and process each time you switch vendors.

In Summary

This article has spent a lot of time discussing why you would need to hire a firm to perform a 3^rd party Cybersecurity assessment, and I've outlined many of the reasons we do them and some of the components that make up our service. Please spend some time interviewing the firm as one of the most valuable assets of an assessor is their background and experience and their ability to inject their years of expertise into your company.

About Secure Cyber Defense

Secure Cyber Defense offers 24/7/365 threat monitoring services, Fortinet hardware, secure email, cybersecurity and compliance consulting, incident response services, and cybersecurity training for businesses and government agencies to protect company data from cyber threats. Offering both installed and "cybersecurity as a service" offerings, we scale custom solutions for any size organization. Secure Cyber Defense is a Premier Fortinet Partner.

Just Adjust

Marla Halley — Mon, 31 Jan 2022 18:57:14 GMT

Mardi Humphreys, Change Agent, Integration Edge

Tenacity is when we try something, but if it doesn’t work we try different ways to achieve the same goal. Here’s why and how we should develop tenacity on the job.

Why:

Tenacity is a hard ability to train, so tenacious employees earn the respect of both their managers and peers. Workers willing to do what is necessary for the business to endure downturns are the ones who get to keep their jobs. Successful people are tenacious. Doing hard things and seeing them through to completion gives us confidence. We develop mental toughness and keep going when others quit. Most people expect Plan A to work every time, but how often does that really happen? There are 26 letters in the alphabet. Let’s be unafraid to go back to a failed Plan A and revise it to make a Plan B, Plan C, or however many letters it takes to overcome the setback. Let’s learn how to not make the same mistake twice. Making new mistakes is much more fun.

How:

Perceive failures as experiments: When we think we’ve spent all our energy and ideas on overcoming our obstacle, let’s give it one more try and change the input to achieve a better outcome. Often, the answer lies just beyond what we think we’re capable of.
Set S.M.A.R.T. goals: We’ll filter our responsibilities through them. E.g., if we want to be the team’s SME for JavaScript, how do the tasks on our daily to-do lists get us closer to that goal?
Identify a coworker as a friendly rival. We’ll find someone who is competing for the same promotion or the same client, etc., and use her as the bar against which we measure our work. Does she know Excel better than us? We can take an online class (many are free with a library card) to increase our knowledge. I call competing with someone who is on my team “coopetition.” (Think Group Round during Hollywood Week on American Idol). We strive to outperform this person because we admire her success. We can use this as motivational fuel to course correct when we’re struggling. This study says we succeed when our rival succeeds. We can learn from her mistakes as well as build on her successes.
Jim Rohn said, “You are the average of the five people you spend the most time with.” Let’s hang out with tenacious people: professional groups, friends, family, and people with our job title from other companies. We can also read biographies of tenacious people and study what they did.
Tenacious people are comfortable with being uncomfortable. If our fear of failure is holding us back, let’s do something about it. Let’s sift through the symptoms to get to the root. (Journaling may help us see it easier.) Then take baby steps every day to overcome it.

Tenacity comes through practice. The bad news is, this means facing adversity over and over again. The good (?!) news is, life gives us plenty of adversity to practice with.

Using Libraries for Lifelong Learning

Marla Halley — Mon, 31 Jan 2022 16:56:40 GMT

Robin Poffenberger Support Services Manager, Washington-Centerville Public Library

Research indicates that people are more likely to use public libraries during childhood, early parenthood, and retirement. Hopefully, some of you have fond memories of attending story time as a child or parent! But what can libraries offer you during the career stage of your life?

Keep up to date with technology and business news using newspapers and magazines, available in both physical and digital editions. Many digital editions are always available, ready to read whenever and wherever you are.
Sharpen and grow your skills to advance your current career or start a new one. Use your library card to access thousands of free video-based trainings via LinkedIn Learning or Udemy on topics ranging from project management to Microsoft 365 Administration. These resources are also a great way for small businesses to develop their employees.
Need statistical information to provide justification for a new project? Statista has over 80,000 topics from over 18,000 sources combined in a single platform.
Our Reference Librarians can assist you in finding free resources including business-oriented databases to create customer lists, develop and gather competitive intelligence, and investigate industries.
Working at an international company? Improve communication with your colleagues by learning a new language using online language systems or mobile apps.

Catch up on new and best-selling business books. Pick up a physical copy using curbside pickup or download an audio copy to your phone and listen while you commute or exercise.

Lifelong learning isn’t just about professional development. Studies show that we have fewer new experiences as we age, making time feel like it passes more quickly. Taking time for learning activities during your personal time also provides benefits such as helping your brain stay healthy and expanding your thinking. Libraries can help!

Enlist your friends and family and test your sleuthing skills with digital escape rooms from the comfort of your own home.
Learn new recipes or cooking skills using cookbooks and cooking magazines. Try traditional recipes from around the world using the AtoZ World Food online database or try regional recipes from the U.S. with AtoZ Food America.
Go back in time to research your family tree using genealogy resources such as Ancestry, Fold 3 and HeritageQuest.

Ready to buy a new car or try repairing your own? Check out Consumer Reports for reviews on new vehicles or tackle vehicle maintenance repairs with help from Chilton Library online.
Tackle those intimidating home improvement projects with Home Improvement Reference Center.
Plan your next trip with the help of the library! Get passports and passport photos, foreign language tutorials, travel books and more.
Learn to knit, crochet, scrapbook, decorate cakes and more using CreativeBug, an online video tutorial resource. CreativeBug has thousands of award-winning art and craft video classes taught by recognized designers and artists.

If it’s been a while since you visited your local public library, stop in or visit us online to see how we can help you achieve your learning goals.

Leadership Article - Board Chair

Tue, 04 Jan 2022 16:28:55 GMT

Scott McCollum, CIO, Sinclair Community College and Chair, Technology First Board of Directors

Every IT organization has their “table stakes” products for providing security over their infrastructure. These are the products such as anti-virus, firewalls, and mail scanning gateways that have become ubiquitous and a part of every IT department’s budget. Beyond these common products there are other, more capable products that are implemented in order to address other risks that the organization feels are in need of mitigation. In addition to this inventory of products that have been implemented, I don’t think I’d be going out on a limb to say that every organization, regardless of size or the number of products that are used, has a list of products that they feel would improve their security posture. If this truly is the case, then how do organizations ensure that the products on their “wish list” address their most important vulnerabilities, and how do they get approval for increasing their spend for yet another product to eliminate their remaining vulnerabilities?

Sorry if you thought I had the answer to this most important question. Unfortunately, the number of vulnerabilities in an organization’s infrastructure are numerous and caused by many different factors. Some are due to bugs in the particular software that the organization uses, some are caused by flawed operational procedures of departmental users, and some are due to misconfiguration of systems. My point is that these issues will always exist and we can’t expect our budgets to continually grow to add more security products. In addition to the vastness of areas where vulnerabilities exist, we are faced with ever-tightening budgets that were already hard to justify increases in prior to the world-wide pandemic that has increased technology support costs while decreasing revenues.

While we can’t eliminate all vulnerabilities, we must identify those vulnerabilities that pose the greatest risk for the organization and focus on these areas for process improvements and technology acquisition. In some cases this means repurposing of our resources, due to the lack of being able to justify additional funding. This repurposing can manifest itself in many ways. One way to repurpose resources is to eliminate products that don’t attack the greatest threats or to acquire a new product that provides these capabilities in addition to other unmet needs. Another strategy is to implement unused functionality in products that are already owned, but under-utilized. In addition to repurposing tools, there are also opportunities in many cases to repurpose personnel to focus on security functions and to work on improving processes and managing security products.

The first step to being able to repurpose your security assets is to take an inventory of your environment for all resources that relate to security. This can be hard to do because there are some products that provide security, which are not exclusively security products, such as Microsoft 365. Once you have a total picture of the security inventory you can understand the security spend for your organization and where you might have an opportunity to repurpose resources. Identifying the risk that each of your products addresses allows you to map your “wish list” of additional security capabilities and determine how you might be able to perform any necessary repurposing before you make that much more difficult attempt to justify new funding.

TechCred Applications Open from Jan. 3rd-31st!

Mon, 03 Jan 2022 18:18:22 GMT

Upskill your workforce with TechCred.

No matter what industry you work in, technology is having an impact on the future of your business and the nature of your work. TechCred helps Ohioans learn new skills and helps employers build a stronger workforce with the skills needed in a tech-infused economy. Many of these trainings can be completed online!

The TechCred application opens on January 3, 2022 and will close on January 31, 2022 at 3:00 p.m.

Businesses applying for TechCred are required to list their Supplier ID Number on the TechCred application. To register as a new supplier or update an existing account with the State of Ohio, visit https://supplier.ohio.gov and follow the prompts until completed. Once this information has been approved, you will receive a ten-digit State of Ohio Supplier ID number.

Beginning with Round 12 (January 2022), the following changes have been incorporated into the TechCred program:

Training for approved credentials must start on or after the Effective Date of the Grant Agreement and must be completed by the End Date of the Grant Agreement. The Effective Date of the Grant Agreement will be the first day of the month immediately following the last application period. Costs incurred by the Applicant prior to an award of eligibility and an executed Grant Agreement is done at the Applicant's risk.
TechCed Grant Agreements will be incorporated as part of the TechCred application. Upon receiving an award announcement, awardees will be directed to log into their application to provide an electronic signature certifying and acknowledging the Grant Agreement, Terms and Conditions, and the Program Guidelines.

https://techcred.ohio.gov/wps/portal/gov/techcred/apply

The 7 Technology Trends I’d Like to See in 2022 (and Why They Aren’t Impossible)

Sat, 01 Jan 2022 19:19:32 GMT

Mardi Humphreys, Change Agent, Integration Edge

7. Not having to remember my passwords – Every year about this time I have to either remember (uh, no) or find (ditto) the username and password I created last year for my annual updates (e.g., insurance renewals) and trainings (i.e., don’t ask). Has this prompted me to keep them in a safe place where I can find them once a year? (Again, uh, no.) When I go through the process of changing them, they are so long and involved (e.g., minimum 14 characters, at least one capital letter, at least 16 numbers, at least 11 special characters, etc.) it’s no wonder I fail to remember them or write them down. Luckily in 2022, Passwordless Authentication will become more common.

6. Virtually trying before buying – Warby Parker already does this to a degree with their virtual try-on app. In 2022, Augmented Reality will allow sellers to create realistic 3D models of their products. Since stores’ fitting rooms are still closed (thanks, COVID), I’m looking forward to finally being able to discern if the back pockets on a pair of trousers are deep enough to hold my phones before purchasing them.

5. Smaller mobile phone – 2022 will see 5G normalized. This means I can get a smaller (and cheaper) mobile because phone processors and graphics chips will become obsolete. My Spotify playlist will be streamed to my phone as if it’s a video feed. It also means I don’t have to be so quick to buy those trousers I mentioned in #6.

4. No more colonoscopies – Kohler, Toto, and Google are all working on technology around Smart Toilets. So far, they can monitor health indicators like sugar levels, body temperature, and blood pressure, to name a few. Fingers crossed colonoscopies will soon be extinct.

3. Becoming a permanent couch potato – by changing his company’s name to Meta and transitioning Facebook to one of its offerings, Mark Zuckerberg is declaring the advent of the metaverse. Defined by Zuckerberg as an embodied internet where you are in the content, not just viewing it, 2022 seems to be the beginning of a totally immersive environment. (Yes, like The Matrix. But hopefully, without all the dystopianism.) I look forward to visiting my friends’ Instagram accounts and eating the photos of the food they constantly post.

2. My own personal robot servant – While I’m integrating into the metaverse, someone (or something) will have to keep an eye on things back here in reality. Sure, a robot can clean my floors, but in 2022, I expect to be able to purchase a robot that will also keep an eye out for burglars, make out my grocery list, and give me the answer to Final Jeopardy.

1. Printing my own tiny house – In the interest of making my robot servant’s life easier, I’m willing to downsize to a tiny house. (Okay, maybe it doesn’t care, but I do. That’s what makes me so nice.) Given the current housing stock, I may have to 3D print one. The IEEE Computer Society thinks that 2022 will bring a revolution in fabrication for 3D printing. This will allow for the production of designs that, until now, would have been too expensive. Of course, it may take all of 2022 to 3D print my tiny house.

GRAY AREAS OF TECHNOLOGY

Sat, 01 Jan 2022 19:18:41 GMT

Kathy Vogler, Communications Manager, Expedient Technology Solutions

I’m a member of a fantastic Dayton area technology leads group. We are homegrown and somewhat modeled after the very successful BNI group methodology. We cover technology from A to Z with one person representing each type of technology touch. We are all “in technology” these days and we cover a large swath of technology with much of it residing in Gray Areas.

So exactly what is a Gray Area?

A gray area is an often-used analogy to the area of color that exists between black and white, complete opposites. To an artist, gray areas result from ambiguity and rich variations that naturally occur in our environments. It’s been said that the ability to see and think in gray areas is a basic element of intelligence. A price can be expensive or cheap, but the gray area will determine if it’s a reasonable price or a good value. It’s hard to categorize gray areas because often they are unique. I saw this and it is a perfect example: A boat is like a canoe and a kayak without technically conforming to either of those categories. Complex systems, like technology, are literally too complex to model easily.

Are you a Boat or a Canoe?

Who says they are in technology? Everyone. Not picking on any particular industry, because most people I know are really awesome people, but unfortunately, there are people who believe they can sell anything to anyone. Do they say “I am a seller of a specific business product or service”? Nope, these days it may sound something like “I work in business technology and help people manage and reduce costs.” And, while this is probably true, it falls into the gray area of technology. Competition is fierce in nearly every business. COVID took a toll on our traditional methods of working. Remote and hybrid working changed things immediately and for the future. Supply chain issues are mounting and making us rethink our strategies. It’s wise for all companies to look deeper into technologies to add to their repertoire. Often, non-technical companies in the traditional sense will acquire a technology team that compliments their existing services and salespeople are compensated for promoting and selling these newly added technologies. The logic is that it’s all technology since everything plugs into the network. I believe it’s critical that we always reflect our actual services and resources to our clients to avoid potential failures on their networks. Businesses completely depend on their technology. There are experts in all areas of business technology, from one extreme to the other and including all of those gray areas.

What exactly is business technology?

Simply put, business technology is any form of technology that is integrated directly into the operation of a business. Twenty years ago, when I took a job at a technology company, it was fairly straightforward with infrastructure/hardware at one side of the building and programming/software at the other. Gray area at that time was if your company did both. As our reliance on the internet grew, so did the complexities of technology. Ironically, the dot-com bubble burst at about that same time, but progressive-thinking companies survived and flourished. Voice over IP originated around 1995 and grew to become a business standard. Video communications, fax sharing, integration of copiers and door alarms all made our work experience more efficient by using the internet.

And of course, the introduction of the indispensable grand champion of smartphones (thank you Steve Jobs) changed it all. Social media arrived, the cloud became a go-to resource, we no longer stored our data on portable files that someone took home, and disaster recovery become a must-have business plan. Additionally, we have artificial intelligence, commercial drones, driverless vehicles, virtual reality, the Industrial Internet of Things, cloud and collaborative robots, and digital everything. We must never forget that cybercriminals evolve along with these changes.

To quote Pink Floyd “It could be made into a monster if we all pull together as a team.”

I mentioned I was part of a technology networking group, and this is how we work together, as a team. Yes, we have a ton of overlap, and I don’t want to use the term “cooperative competition,” but in our group we each fill predetermined roles and truly help each other. By doing this, we are collectively helping our clients and the Greater Dayton region with skilled resources in every aspect of technology.

Here are our group’s categories:

· Data integration
· Office hardware/software
· Managed IT services (this is my spot)
· IT coaching
· IT staffing
· IT promotional video
· Structured cabling
· Website and digital marketing
· Fiber optics telecommunications
· Copier and managed print services
· Telecom/phone systems
· Trade association education (this is Technology First’s spot)
· Training and coding
· Cybersecurity
· Hardware OEM
· Robotics
· Software testing
· Virtual reality

It’s an interesting mix and we have a ton of overlap with lots of gray areas to cover. But the plan with this thought process is that by working together we provide transparency and the right resources for our collective clients. I took a quick look at “cybersecurity” and that one category all by itself has nearly as much gray area as the rest of technology. It seems we live and work in the Gray Zone.

If you ask me what my company does, I will tell you “We’re a cybersecurity-focused managed IT services company.” Sure, we do a lot of other things too, but I think this is a very black and white statement and hopefully easy to understand. Technology First is the embodiment of this strategy with a mission to connect, strengthen and champion our IT community. Area businesses, and all their employees, will succeed and continue to grow if they are using the right technology resources for their needs. Let’s all be a part of that success as it ripples through our community.

A note from our Executive Director

Wed, 01 Dec 2021 15:47:36 GMT

Melissa Cutcher, Executive Director, Technology First

As this year ends, I have been reflecting on our mission to connect, strengthen and be a champion for our IT community. So much has happened this year!

Technology First hosted almost fifty special interest group meetings to engage regional leadership, to learn and find inspiration in their field of interest. With over 1,000 IT professionals in attendance!
We hosted our first ever virtual digital mixer in partnership with Jobs Ohio and SOCHE. We had over twenty-five employers and over two hundred students and adults register for the event. It was a tremendous success, and we look forward to hosting the next Digital Mixer on Wednesday, February 16^th, at WSU Student Union.
In April we launched a new website! The new website is fantastic and allows for peer-to-peer communication through the forums. If you have not checked it out yet…https://www.technologyfirst.org/Peer-Forum
We hosted a Girl Scout Cyber Challenge in partnership with Girl Scouts of Western Ohio to explore the world of Cybersecurity for a day filled with activities. Activities were led by over twenty cyber security professionals/volunteers. Volunteers tasked just under fifty plus girl scouts with stopping a cybersecurity breach and went through various stations to break through technological based challenges.
Technology First awarded $5500 in Scholarships to IT students at University of Dayton, The Ohio State University, Wright State University, and Sinclair Community College. To date we have awarded over $95,000 to students across the region! And this year the golf outing raised over $3800 for the Technology First Scholarship Fund!
We participated in Career Adventure Camp in partnership with Dayton Metro Library and hosted four stations with almost 20 IT professionals who volunteered their time and talents towards to share IT career pathways with over 950 7^th & 8^th grade students. Our volunteers shared their professional journeys and experiences with the students and inspired them to consider careers in IT.
Taste of IT 2021 was in-person! Wow, what a momentous event and it was amazing to see everyone in 3-D. We had two keynotes, twenty-five breakout sessions, over thirty exhibitors and over 300 IT professionals in attendance. It was a major event full of learning, networking, and fun! We look forward to seeing you next year for the 16^th Annual Taste of IT on Wednesday, November 16, 2022!

AND, oh so much more! We would not be able to accomplish all these remarkable things, and more, if it were not for the amazing leadership and volunteers that make up Technology First. Thank you so much for your support. Volunteers change the world, and we are forever grateful! Thank you for joining us and we look forward to seeing you in 2022!

Cheers!

Making Monitoring Pervasive

Mon, 01 Nov 2021 19:30:00 GMT

BY JOHNNY HATCH, AHEAD

Historically, monitoring has been something that could be manually deployed to a set of physical or virtual infrastructures, and once in place, you were good to go. Alerts and events would occur if something went wrong, and the monitoring tool would simply notify you with details about the incident. IT operations teams would nurse their infrastructure back to health, and all was good and right in the world again.

Fast-forward to today, however, and you’ll find a much different situation – one where enterprises are increasingly embracing a culture of DevOps and the world of monitoring is reckoning with the need to evolve and adapt. Production environments are no longer static or perpetual where monitoring is a one-and-done activity. Rather, concepts like observability—where teams are taking a holistic approach to measuring and understanding digital experiences—are being baked into the release management pipeline to ensure every application and every bit of infrastructure being deployed has monitoring attached to it. But how do you get there? What tools and technologies are ushering in this new age of monitoring and observability? The not-so-surprising answer: An intelligent combination of automation and data.

A Call to Automation

As the velocity of software release cycles increases, the manual approach to deploying monitoring agents or instrumenting everything in the release for proper observability becomes impractical and counterproductive. Can you imagine a developer checking in code to a source code management repository, creating a ticket in an ITSM system, and requiring someone within IT operations to manually deploy monitoring to that release? That flies in the face of speed, agility, and what a culture of DevOps is trying to accomplish (releasing better software, faster).

Leveraging automation tools, such as Ansible, Puppet, or Chef, is a great first step toward making monitoring pervasive with every release. This may involve the automated deployment and installation of a monitoring agent, the customization of a configuration file to define what gets monitored, or API calls to the control plane of a monitoring system to register new systems for observation. Fortunately, many continuous integration (CI) tools either have these automation capabilities out-of-the-box or stitch well with third-party automation tools.

Another growing trend we’re seeing in the quest toward making monitoring pervasive is ‘observability as code.’ In the same way that infrastructure as code seeks to codify infrastructure components as configuration files using JSON or YAML for consistent and repeatable use, we can leverage a similar capability with monitoring and observability. Increasingly, we’re seeing observability vendors develop terraform providers to do just that. Head over to the Terraform Registry and search for your favorite observability vendor to see if they have something listed.

A Data-Driven Approach

Once a repeatable structure has been established to deploy observability in an automated fashion, we can take things a step further in the use and maturity of observability data. If the goal of DevOps is to release better software more quickly, the question of how we do that begs to be asked. Observability provides one answer: by leveraging data about the health, performance, and availability of the application while running in a pre-production, lower-tier environment. You might be asking yourself, “does that mean monitoring and observability should be deployed outside of just production?” The short answer is yes. There are a host of benefits to having the telemetry data to make better-informed decisions about whether or not to promote code from a pre-production environment to a production environment. Many in the marketplace have begun to call this process ‘release verification.’

Among the largest data sources to drive this automated decision-making process are the metrics, logs, and traces from our observability stack. If there is too much latency being identified by our APM tool, too many errors in the logs, or anomalous metrics coming from our applications or infrastructure, then our tooling should be integrated or stitched into our delivery pipelines to throw up a red flag and say, “Stop! Don’t release or promote this code.” In addition to taking automated action, it would also facilitate a quick feedback loop to the development team, providing insight into why it failed so developers can spend more time on value-add activities and less time troubleshooting.

Conclusion

Monitoring maturity has come a long way in a short period of time – especially as the ways infrastructure and applications are architected and released to market have evolved. Learning to become proactive in the use of monitoring and observability data as part of a CI/CD pipeline can be new to a lot of traditional operations teams (particularly for those who have historically focused on incident response activities). However, employing an automated and data-driven approach to the use of observability will result in better software, differentiated products and services, happier customers, and outpaced competition.

Magnetic Mobile doubles in size, names Brian Sichi as CEO

Fri, 08 Oct 2021 18:19:58 GMT

Magnetic Mobile is pleased to welcome Brian Sichi as its new Chief Executive Officer as the company continues to expand its capabilities and workforce.

Sichi brings more than 20 years of experience growing innovative teams at international technology consultancies. Magnetic co-founders Beck and Barry Besecker will remain active board members.

The pandemic has driven more retail activity to the digital space. This increased demand for standout online and in-app experiences has helped Magnetic Mobile grow new and existing client partnerships. Having recently increased revenue by 85% and nearly doubled its workforce, the company looks to continue that expansion into 2022 and beyond.

“Magnetic has a proven track record of delivering superior customer engagement for our partners and that reputation allows us to take advantage of new opportunities in the current landscape,” said Beck Besecker. “Brian’s vast experience leading collaborative teams at some of the world’s best enterprise-level tech firms will help us capitalize on that momentum, building on our strengths and growing Magnetic’s portfolio.”

Previously the Retail Loyalty Division of sister company Marxent before spinning out in 2016, Magnetic Mobile has partnered with Speedway (now part of the 7-Eleven family) for nearly a decade to support the digital components of its industry-leading Speedy Rewards program.

Magnetic Mobile combines data-driven design strategy with the latest technology to create digital experiences that keep customers coming back for more. With expertise in UX design, content strategy, front-end and back-end web development, mobile applications, and digital promotions management, Magnetic supports every step of the customer journey.

With headquarters in the heart of the Cincinnati-Dayton technology corridor, Magnetic is proud to be rooted in the Midwest. Rapid growth during the pandemic has enabled expansion of its remote workforce, adding top talent from across the country.

Magnetic has developed mobile applications and responsive websites for many of the nation’s top manufacturing and retail brands including Champion Windows & Home Exteriors, La-Z-Boy, and Bob’s Discount Furniture.

“Having been a client of Magnetic’s sister company, Marxent, I experienced first hand the customer focus and innovation that Beck and Barry bring to organizations. I look forward to working with them in their continued roles on the Magnetic board,” said Brian Sichi. “I couldn’t be more excited to join the leadership team at Magnetic and to expand on that legacy as we bring Magnetic’s capabilities to a broader client base while continuing to innovate.”

Sichi brings to Magnetic more than two decades of experience driving innovation at some of the largest technology consultancies in the world. Most recently, he worked as Director of U-Collaborate Innovation & Digital solutions for KPMG Australia.

His previous roles include Exponentials & Analytics Lead for Deloitte’s Leadership Center for Clients and Strategy, Innovation, & Transformation Practice Lead for Capgemini Government Solutions. Sichi is also a Marine Corps veteran, having served in the United States, Somalia, and Korea.

“Magnetic is a high-performing organization positioned to take our success even higher,” said Sichi. “We are a company built for a tech-savvy world and have a great opportunity to help existing and new clients improve their digital brand.”

Your Greatest Cybersecurity Asset

Tue, 28 Sep 2021 21:40:28 GMT

Chris Kuhl, CISO/CTO, Dayton Children's Hospital

Is your greatest cybersecurity asset that shiny new tool your organization just purchased? What about the integration between tool A & tool B into a unified dashboard? This is the great conundrum for cybersecurity teams, and I would like to convince you, that your greatest cybersecurity asset is your users.

According to Gartner, an IT research and advisory company, the worldwide cybersecurity market spending is forecasted to reach $170.4 billion in by 2022. Yet, in 2020, organizations still suffered from a global loss of $945 billion. I believe it is safe to say that we need a more comprehensive cyber strategy, that includes addressing the human risk along with the technology risk.

According to the 2021 Verizon Data Breach Investigations Report (DBIR), over 85% of all breaches involved human interaction. Human interaction includes phishing attacks, human error, misuse of privileges or having easily guessed passwords. To focus in even more, phishing and passwords are the top two risks to any organization for a third year in a row. Luckily, you can address all these topics with a security awareness program.

Creating a comprehensive security awareness program isn’t difficult. It takes the three most challenging resources to acquire: time, leadership support, and an understanding of your organization’s culture.

The first thing we need to do is replace the old mantra “users are the weakest link in your cyber defense” with “people are the primary attack vector.” In healthcare, we are talking about people with advanced degrees, years of experience in their respective fields and valuable insight. None of which is geared towards cybersecurity.

Secondly, we need to survey our users to gain a better understanding of the cybersecurity culture in our organizations. Once you understand the current culture around cybersecurity, you can begin to develop the four focus areas for your awareness program.

Two important categories were mentioned above, phishing and passwords. Easy ways to identify/report a phishing email and the use of passphrases instead of passwords should be included in your security training. That just leaves two additional categories unique to your organization. If you have a lot of remote workers, you might want to cover how to work remote safely and securely. If you are doing manufacturing, you may want to cover what to look for with physical security and tailgating into the controlled rooms.

The importance of cybersecurity awareness training has become more front and center in the last 20 months. Traditional network perimeters are dissolving from a combination of cloud platforms, smart devices and employees working from home more. Protecting the user’s identity and PC become that much more important.

Our main goal, as cybersecurity professionals, is to secure our organization. To quote Gabe Bassett, one of the authors of the DBIR, “Your job is not to secure your computers but your organization. And if you’re not securing your people, you’re not securing your organization.”

10 Cybersecurity Best Practices for Mid-Size Organizations

Tue, 28 Sep 2021 21:36:00 GMT

Cadre Information Security

Alleviating cybersecurity risks comes in many shapes and sizes—and so do organizations. Large enterprises with deep pockets and full-fledged SOC teams adopt the latest technologies and processes to fight back against adversaries. But for mid-size organizations, reducing risk is often constrained to a pick-and-choose approach. With limited funds, headcount, and internal knowledge, those responsible for keeping data secure are left wrangling the tough decisions of what matters most.

Here at Cadre, we firmly believe that there is no “one size fits all” approach. We’ve had decades of experience with a variety of companies—some probably resembling yours. But even still, there isn’t a carbon copy of a security prescription to dole out. However, that doesn’t mean there aren’t best practices that everyone can follow to avoid common mistakes. And that’s the guidance you’re here for after all, so let’s jump in:

1. Don’t discount your value. Many mid-size organizations think that just because they are smaller, they aren’t a target. On the contrary, adversaries often perceive smaller companies as easy targets—and without the proper protections, they can linger undetected for lengthy periods of time.
2. Know where your security gaps are. We all get caught up in the day-to-day work. Especially when there’s new malware at every turn. But it’s critical to carve out time to analyze security risks as the business and world changes.
3. Establish a baseline. If you don’t know what is “normal,” how will you know what activity is “abnormal” on your network and devices? Businesses should have some form of monitoring and logging in place to flag any activity or incident that should be investigated.
4. Inventory your assets, and do it regularly. People and devices come and go. Be sure to complete quarterly asset inventory assessments so you know who and what is connected to your network.
5. Train users on security more often. There is never enough security training. Even the most vigilant users fall for phishing attempts. By creating more training opportunities, companies can move towards a culture of security where users understand strong cybersecurity isn’t only important for the company, but for them personally, too.
6. Evaluate supply chain threats. If recent high-profile breaches have taught us anything, it’s that the supply chain is more vulnerable than ever. We will begin to see it being regulated more, which can impact business function and revenue.
7. Put a business continuity plan into place. The old saying goes, “it’s not a matter of if you will be breached, but when.” Be sure your organization has continuity plans in place covering impacts from basic cybersecurity to core business functions for everything from targeted disruptions to a worst-case scenario.
8. Segment your network. What’s worse than a malicious actor that gets into your network? One that can move freely within it. To prevent this, be sure to segment your network.
9. Patch. Need we say more? Okay yes, patch in a timely manner and in a deliberate fashion. Audit your patching.
10. Accept help. Cybersecurity changes every day. Keeping up with vendors and their technologies, sifting through acronyms, and steadying a finger on the pulse of your company’s security is often an impossible task. Be sure you have a lifeline when something goes wrong or you need an outside perspective from a trusted source.

Of course, this list isn’t comprehensive, but it’s a good place to start. Even if you’re heard many of these best practices before, it can be a gentle reminder that some need renewed attention.

Still struggling with these 10? Need more help getting your cybersecurity in order? Read our blog, 10 Reasons a vCISO May be a Good Choice for Your Company.

Speakers Needed! Share about your career with future IT students!

Tue, 28 Sep 2021 21:17:08 GMT

SOCHE Announces Virtual Sessions with Employers on Careers in Information Technology

Purpose: To expose High School teachers and Career Guidance Champions to the different career opportunities in Information Technology to better direct students in career paths

When: Tuesdays from 3 PM - 4 PM (19 Oct - 7 Dec 2021)

How: Live 1-hour virtual sessions that will be recorded to share across all schools in Ohio for greater impact

Audience: High school teachers, career champions, guidance counselors

Presenter: Employers who have experts in the listed topics >> This could be you!!

Format: 25-minute information session on each topic below (e.g. Computer Programmer) given by Presenter with 5-minute Q&A. Suggested talking points for the presenter are offered below. The presenter can create a PowerPoint presentation or a demo that explains their job.

Date	Topic 1: 3 -3:30 PM	Topic 2: 3:30 - 4 PM
19-Oct	IT technician/End-user support - collaborates with support specialists to analyze and diagnose computer issues	Support specialists - responsible for reviewing and solving computer network and hardware problems for a business
26-Oct	Computer programmer - writes new computer software using coding languages (provide example of different languages and when to use them)	Release Management – delivering new software and hardware to users
2-Nov	Quality assurance - testers who check software products to see if they're up to industry standards and free of any issues	User experience (UX) - designer is involved with all facets of product development regarding its purchasing, branding, usability and functionality.
9-Nov	Web development - design the appearance, navigation and content organization of a website	Data scientist - analyzes and organizes data to determine trends that can influence business decisions.
16-Nov	Database administrator - employs specialized software to organize and keep track of data. The software can be associated with software configuration, security and performance when applicable.	Network engineers - work on the day-to-day maintenance and development of a company's computer network, utilizing their skills to make the network available and efficient for all employees within an organization.
23-Nov	Systems analyst - reviews design components and uses their knowledge of information technology to solve business problems	Software engineers - applies their knowledge of mathematics and computer science to create and improve new software.
30-Nov	IT security - builds and maintains digital protective measures on intellectual property and data that belong to an organization.	IT Director oversees the strategy and execution of IT operations for an organization.
7-Dec	Computer scientist - applies their technological skills and resources to solve IT problems for businesses.	IT Project Manager – Oversees the hardware and software projects

Presenter Talking Points:

What is your job and how does it relate to your company’s success?
What is a typical day like for you?
How many hours a day do you spend in meetings or working in groups?
Do you mainly sit at a desk doing work individually or do you have an opportunity to work in different environments?
Are you expected to be oncall? If yes, how often?
What education or other experience helped you to get your current job?
When hiring a new employee in your department, what education does a candidate need?
What skill do you most value in hiring a new employee?
What advice would you give a student considering a career in your field?

Contact Information: Please email your timeslot preferences >> Patty Buddelmeyer (patty.buddelmeyer@soche.org)

Bringing Risk Into View: A Guide to More Effective Vendor Risk Management

Tue, 28 Sep 2021 21:07:46 GMT

Nina Wyatt, Senior Technical Consultant, AHEAD

Managing vendor risk has become a challenging standard practice for most organizations today. With the adoption of cloud technologies and globalization of technology service providers, more companies are working to evaluate the security programs of vendors and service providers as well as gain visibility of vendor risk overall. Whether you are tasked with evaluating a vendor’s security program or responsible for maintaining visibility of enterprise vendor risk, both functions present challenges and barriers. Among these challenges, one of the most difficult for organizations to navigate is completing security questionnaires for partners or clients dependent upon their services, as no single industry or company has adopted a widely used standard for the process. This results in teams receiving lengthy questionnaires that all differ in volume and complexity.

Another key challenge arrives for companies needing to establish a process for maintaining holistic, enterprise-level visibility of vendor risk. The present reality is that most companies find themselves burdened by both of these processes. Below, we’ll explore actionable steps to reduce the difficulty of managing vendor security and risk questionnaires, and steps to enhance the security of your organization through establishing a vendor due diligence review process.

Simplifying Security Questionnaire Response

Multiple solutions exist to mitigate the challenge of performing vendor security assessments, but very few address the burden of completing security questionnaires. However, you can greatly reduce this burden by doing the following:

Create a Repeatable Process

Gather all information about the controls in your environment and provide the same questionnaire to all requestors
Eliminate questions not applicable to your business, operations, and environment
Keep answers short and simple
Create an encrypted, password protected, and centralized repository that includes public-facing/redacted policy/program documents, attestations, security compliance overview presentations, and a single version of your questionnaire
Recognize that offering too much information, screen shots, or tool-specific responses can exacerbate the problem
Ensure that all questions offer consistent responses whenever possible

Recognize That Certification Attestation Can Validate Strength of Control Environment

Understand how certification (SOC2, ISO, NIST) can help – many topics covered in questionnaires are also covered in the control attestation process

Recognize Liability Associated with Security Questionnaires

Acknowledge that security questionnaires can be traced to liability risk, which may be inevitable for some organizations
- Upon completing the questionnaire, any future incident may prove a question was answered incorrectly, and organizations can be held liable for negligence or misrepresentation of the “secure” environment
- When evaluating the security of another organization, any future incident may prove a questionnaire and risk assessment process to be inadequate, and companies can be held liable for failing to perform an appropriate level of due diligence in vendor selection or monitoring

This process requires both time and resources, which also introduces liability. If it becomes merely another ‘box’ to ‘check,’ consider revising the process to produce actionable and desired outcomes that enhance the visibility of vendor risk. For example, instead of asking for a policy about vulnerability management, ask for validation that no critical vulnerabilities exist in the environment. Not all vendors will be willing to share this information; however, a documented policy is not equal to control validation – and control validation is the only reliable source of security control assurance.

Proactively Avoid Missed Business Opportunities

If gaps are identified in your responses, include a remediation plan with a target date for completion (to prevent voiding potential business opportunities)
At minimum, this will show that your assessment processes are functioning and that there is already a plan in place to address self-identified control gaps

Achieving Holistic Vendor Risk Visibility

If you are struggling to understand your organization’s vendor risk holistically, there are many solutions that can help. As with any great automation capability, process is paramount. Consider the following recommendations to raise your organization’s awareness of vendor risk:

Establish a Policy or Standard

Begin with a policy or standard for evaluating vendors based upon your organization’s expectations (or regulatory requirements). The policy or standard should be framed by risk exposure and include:

What conditions or criteria determine the level of risk associated with a service provider
Which reviews are performed relative to the level of risk associated with each service provider
How frequently risk will be assessed (e.g., if a vendor is high-risk, consider performing annual reviews; if a vendor is low-risk, consider performing bi-annual reviews)

It is vital to ensure that you can identify when conditions or characteristics of a service engagement change, as this may translate to a change in risk and require a change in policy (type of review, frequency of review, etc.). Without a mechanism to determine when and how the scope of an engagement has changed, the risk of falling out of compliance with the established policy or standard is heightened.

Categorize Vendors by Risk

What conditions or characteristics need to be understood to categorize vendors by level of risk? As usual, it depends!

If your organization has an appropriately structured Enterprise Risk Program, it is likely that these conditions and characteristics are already outlined in what is typically referred to as a risk tolerance or risk threshold statement within your risk management framework or risk assessment methodology.

On the other hand, if your organization does not have a well-defined Enterprise Risk Program, you may not have achieved a level of growth that warrants one (yet). The good news is that you can inspire risk reduction specific to IT security by establishing a risk assessment methodology that centers around information security risk (availability, confidentiality, integrity). For an information security-centric approach, consider the following:

AVAILABILITY RISK

Is the service provider providing something that is critical to the operation of my business?
- If this service is interrupted, would the impact to my operations be extensive or minimal?

CONFIDENTIALITY/INTEGRITY RISK

Is the service provider storing, processing, or transmitting sensitive data?
- Has your organization defined what sensitive data is?
  - PCI, PII, patents, trade secrets, PHI, etc.

The process used to evaluate a low-risk service provider should not be equal to that of a high-risk service provider. If you opt to take a broad-brush approach, your department may be unnecessarily expending resources to perform risk assessments that extend little value to your organization.

Establish a Consistent, Risk-Based Approach

Depending on your answers to the two questions posed above, you’ll need to determine how extensive of a review is warranted. The table below can be used as a guide when establishing a risk-based approach to perform vendor risk assessments.

It is worth noting that ‘Limited,’ in this context, does not mean ‘less’ review. Rather, it means asking tailored questions directly associated to criticality and/or sensitivity – whichever applies per engagement. The point here is that if a review process were defined and issued to all vendors regardless of criticality or sensitivity (using the aforementioned ‘broad-brush’ approach), you would spend time requesting, collecting, and reviewing information that offers no real value to the organization.

For example, if a service provider is not providing a critical service, do you need to see a record of successful recovery testing? Conversely, if a service provider is not storing, processing, or transmitting any sensitive data on behalf of the company, do you need to validate that encryption is used?

Additional Considerations for the Vendor Risk Review Process

The following considerations may be helpful in defining a review process; all provide opportunities to reduce the burden of effort associated with performing vendor risk assessments:

Include business purpose information, such as source departments, relationship sponsors, relevant technology or applications, and dependent business processes. Identifying these factors early on will make it easier to validate recovery capabilities or necessary data protections.
Include questions that assess how critical a service is to validate that a vendor’s recovery capabilities are sufficient. If it is highly critical to operations, this may serve as justification to perform the review more frequently, or to gather information from process owners to determine if contingency plans exist internally. For example, if the service is non-critical, are business continuity and disaster recovery documents or associated questions necessary when the contract itself stipulates SLA language specific to recovery capabilities?
Identify what data is being stored, processed, or transmitted. If highly sensitive data (such as PCI or HIPAA) is involved, you may want to perform the review more frequently or consider specific data protection controls that must be validated before a service engagement proceeds.

In all cases, the questionnaire and documents requested should directly correlate to the service provided and actionable outcomes. Beware of defining a broad-brush vendor risk assessment process designed to treat all vendors the same way. Instead, employ a risk-based approach that will enable you to perform reviews quickly and effectively in a manner relevant to the service engagement. Doing so will not only provide your organization with valuable risk insights but minimize the burden of effort on your team and program.

Monitoring & Measuring Vendor Risk

As the saying goes, “what is measured is improved.” Once your vendor risk review process is established, valuable data points can be gathered to increase the visibility of vendor risk. Here are a few metrics worth consideration:

Vendors by Risk Categorization – Provide visibility to leadership as to what percentage of vendors are considered high risk.

Vendor Risk Review by Status – Provide visibility to those managing the process, ensuring reviews are completed in a timely manner.

Vendors with Authorized Risk Exceptions – Offer visibility of current risk tolerance or an indication that too much risk is accepted. Not all vendors will be able to satisfy your security requirements. In these instances, the risk should be documented and distributed to those authorized to accept risk on behalf of the company.

Vendors with Known Issues – Elevate vendors with known issues to ensure relationship managers are aware of the issues to assist in tracking remediation efforts. Relationship managers can offer value to a vendor risk program by acting as the liaison to help monitor and close any known issues specific to a vendor’s security program. As risk issues are remediated, risk reduction is measurable and shows a direct benefit of the vendor risk review process.

Vendor Review Resulting in Benefit – Identify when the vendor risk review process results in benefit to the organization. In some cases, information from a vendor review can strengthen contract language or offer variables that can be powerful in the contract negotiation process. Measuring these benefits can inspire the risk team to ensure that as the vendor review process continuously strengthens over time, the benefits outweigh the effort.

Conclusion

Having the right level of guidance is paramount for organizations that are struggling to complete vendor security questionnaires or those that need to mature their vendor risk review process. Similar to information security risk, vendor risk is no small effort. In that spirit, it is easy to get overwhelmed and inundated with processes that offer little-to-no value to the organization. As illustrated above, the best vendor risk functions are those that are risk-based, actionable, and value-adding.

The First Layer of Defense is Physical Security

Tue, 28 Sep 2021 20:36:37 GMT

Kathy Vogler, Communications Manager, Expedient Technology Solutions

I’ve lived most of my life in a relatively secure and crime free area. I’m fortunate that my first real experience with personal property theft didn’t happen until 2010 when a trailer was stolen from our barn area. This was completely shocking for us, at that time we didn’t lock anything including the house. We have dogs, we have motion lights, we don’t take risky actions and there is no crime. Well, those days are sure in the rear-view mirror, aren’t they! Everything seems to be fair game these days. The new normal must fall on the side of zero trust. This isn’t just important to combat cybercrime, it’s for everything. Businesses need to take physical security seriously.

“I get hired by companies to hack into their systems and break into their physical facilities to find security holes.”~ Kevin Mitnick, 1995 convicted hacker, owner of Mitnick Security Consulting LLC

Physical security is the protection of people, property and physical assets in a fashion similar to steps used by law enforcement. And while the Achilles heel to security will always be the human factor, security experts agree that the three most important components of a physical security plan are access control, surveillance, and security testing.

Access Control at a high level is about restricting access to a resource and may even be part of your regulatory compliance requirements. Physical access control limits access and often uses a proximity card or fob, password, PIN or biometrics to unlock the door. For example, an organization may employ an electronic control system that relies on user credentials, access card readers, intercom, auditing and reporting to track which employees have access to a restricted area. This system may incorporate an access control panel that can restrict entry to individual rooms and buildings, as well as sound alarms, initiate lockdown procedures and prevent unauthorized access.

Access Control has five main components:

Authentication
Authorization
Access
Manage
Audit

Surveillance is most often done by video cameras using a video management system. The surveillance could start at the outer edge of your perimeter to monitor your facility and parking lots to secure your outdoor areas. These control systems ensure that you will know who enters your facility and when. Your camera systems serve two purposes; dissuasion when a potential thief knows they will be recorded which may prevent the criminal act and if anything does happen you will have a recording of it. IP cameras are standard and no longer require specialized equipment to handle them. A simple computer system connected wirelessly can record. You may even consider adding night vision. Real time alert offerings can send snap shots or video alerts directly to your phone.

Security Testing or physical penetration testing to assess the ability of the current physical security controls to prevent penetration by the bad guys and the testing of these systems on a regular cadence to ensure their efficacy. Many cybersecurity breaches occur when attackers find they can take advantage of one or more physical security flaw. Flaws are as simple as no one monitoring the video feed or through devices that are easy to disarm or avoid.

Armed guards and strong security policies are useless if the bad guys can infiltrate by verbal deception or piggyback techniques to access your facility. Effective staff training, procedures and personal controls like visitor records are important. You test your employees by sending phishing emails to see if they will click, you should also test to see if your staff will allow anyone who says they have a reason to be in your facility access. In large organizations where people don’t know everyone, it’s as easy as slipping in the door alongside someone who has authenticated. The goal of the bad guy might be to steal property, harm your employees or plug code into a USB port of an open printer that is attached to your network. Any action like this can cause serious disruption to your operations, ruin your company’s reputation, or steal intellectual property.

Zero Trust “Never Trust, Always Verify”

If the bad guys enter your front door, you should not automatically give them access to everything inside. How long can an intruder wander around your facility before they are detected or before anyone questions them? Will the bad guy find sensitive information laying on desks or on the copier? Are there unlocked screens at workstations, accessible phones or open USB ports? There are hundreds of things a bad guy can do in a matter of minutes; plug in a USB with malicious code, clip a vampire tap on a cable, plug in a hardwired keylogger and you are completely compromised.

With a Zero Trust approach to your security including physical security, you can limit access and require further permissions.

That said, and regardless of you hosting your own or outsourcing this, the interaction of every aspect of security and safety systems is most prevalent at the heart of your data and requires a comprehensive 360-degree review. Your physical data center (on-prem or in the cloud) represents the epicenter of your customers’ and your company data and should be consistently controlled with security standards including monitoring and securing all environmental elements such as power, cooling and fire suppression. Your data center should be the primary defense against cyber theft and any disaster that requires business continuity. Trained and experienced people keep physical and digital security systems running effectively. Employee background checks, security and compliance training, regular access reviews, annual penetration testing against your physical infrastructure, and regular patching schedules for all systems are key. If you outsource, are your third-party data center providers keeping your data safe? In addition to safeguarding infrastructure, do they have a plan for an active shooter? Do they have a plan that includes hardened barriers at strategic points in the facility?

The world evolves and the only constant is change. Physical security and cybersecurity have the same weak link that is the human element. It’s been said that “nice people create critical physical gaps.” Studies show that up to 60% of all people entering corporate offices do so without authentication. Awareness and response training of your employees (not just the new employees) can go a long way to keeping your people, property, and physical assets safe.

I’m not really ready for Zero Trust at home, but we do lock the doors now.

IT Leader Spotlight: Brian Clayton

Tue, 28 Sep 2021 20:32:35 GMT

Brian Clayton, IT Services Manager, HBR Consulting

Did you always want to work in IT?

No, the USAF chose that for me. When I joined, I had no objective in life so when I passed the entry test open to any role I wanted I chose my ten and IT was amongst that list. I was sent after boot camp to Biloxi to train in the Communications Group (then ISG). My first job after the AF was not in IT, but that business moved me to manage their computer network, so I guess God was telling me my path.

Tell us about your career path.

It has always been Service to others, whether in in the military, help desk, as an enterprise architect or CIO/CISO.

What business or technology initiatives will be most significant in driving IT investments in your organization in the coming year?

Balancing securing and enabling businesses to deliver at their highest level, such as protecting personal data and work product while opening all doors and windows for employees to exhibit their skills and talents to the fullest.

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include?

The CIO’s responsibilities cross all lines of businesses. I believe lines can only be drawn with mature leadership teams. Understand your role and how it affects and is affected by the others on your team. The CIO must also be an enabler not just a wall.

What does a good culture fit look like in your organization? How do you cultivate it?

A team respecting their role on the team and the expertise that surrounds them. This doesn’t mean to sit still, it means to evolve together, welcome new team members, congratulate those who graduate and move to other teams. Understand sometimes people suck, we all do at some point. But the respect and commitment to the team will get you out of those holes and allow you to move forward again.

What roles or skills are you finding (or anticipate to be) the most difficult to fill?

Technically skilled who can have user empathy balanced with being technically skilled.

What’s the best career advice you ever received?

Deliver on your promises and share the rewards with all who joined in on your battles. Those people that challenge you the most are setting the bar for your next achievement.

What has been your greatest career achievement?

To love and be loved by those I have worked with along the way. Don’t destroy the path behind you. It is a part of you forever.

Looking back with 20/20 hindsight, what would you have done differently?

Changing my mistakes in the past might very well change where I am today. Physical features of weight aside, I am happy where I am today. Just learn from those mistakes for tomorrow, look forward.

Create a Ransomware Incident Response Plan - Webinar

Tue, 28 Sep 2021 17:39:35 GMT

Info-Tech Research Group

Ransomware is now a daily news item. Having an effective and formalized response plan in place is more important than ever. Organizations are considering how to prepare and respond, whether they need cyberinsurance, and how it all works with their business continuity.

Join us in this webinar where we will address how to:

Assess your ransomware preparedness.
Document a formal response plan.

Include ransomware events in business continuity planning.

View Webinar

Melissa Cutcher, Executive Director of Technology First, wins local award!

Mon, 27 Sep 2021 21:49:54 GMT

The Better Business Bureau’s Women in Business Networking (WiBN) program is thrilled to announce the 2022 Women of Impact honorees, as well as Jeanne Porter Career Achievement Award recipient.

Women of Impact honorees are dynamic professional women who have been recognized for inspiring and encouraging those around them to actively challenge the status quo, working to improve their communities, develop their employees and advocate for women in general. Rather than being content with others just watching them work, these women involve those around them in their endeavors thereby increasing their collective impact. They understand we are “BETTER TOGETHER.”

Melissa Cutcher, Technology First, will be the recipient of the 2022 Jeanne Porter Career Achievement Award. This honor is presented annually to a woman who continues to inspire, influence and impact the business community and the world around them well beyond their initial recognition as a WiBN Top 25 Woman. This award is meant to recognize an impactful professional legacy, like that of Jeanne Porter, founder of WiBN.

2022 Women of Impact include:

Sheri Aldridge, New Beginnings for You
Molly Bardine, Chaminade Julienne
Cassie Barlow, Col. USAF Ret. & SOCHE
Judy Budi, Graceworks Lutheran Services
Janet Carpenter, Sophie‘s companions for Veterans/Sophie Kerrigan For the love of Animals Foundation
Joyce Carter, Montgomery County
Pamela Cone, Aviatra Dayton & Curated Conversations
Lissa Cupp, Big Rocks of Life & Style Encore
Angela Dugger, National Alliance on Mental Illness
Lois Elrich, Real Change Business Coaching
Denise Henton, Single Parents Rock
Karlee Mason, Picnk, LLC
Anita Moore, A. Moore Consulting
Dr. Shanee Pacley, Wright Patterson Air Force Research Laboratory
Robyn R. Razor, Mount Carmel East
Dr. Rhonda Smith, Divine Core Transformation & Renewed Health Care Practice
Yvonne Turner, BSN, CHPN, CNS, Ohio’s Hospice
Lisa Wagner, Levitt Pavilion Dayton
Natalie Walters, WKEF/WRGT
Erika Ward, Ronald McDonald House Charities of Dayton

Meet XDR: A New Approach to Threat Detection and Response

Mon, 27 Sep 2021 21:40:17 GMT

Cadre Information Security

You’ve probably heard about it. Maybe you wrote it off as just another product on your cybersecurity bingo card? It is Extended Detection and Response (XDR)—cybersecurity’s “next big thing.”

Could it be the security management technology of your dreams? Let’s find out. We’re diving right in to give you an up close look at the technical evolution that vendors seem to be going gaga over. And, we’ll let you judge for yourself.

What is XDR Anyway?

Before we define XDR, it might be helpful to create context with Endpoint Detection and Response (EDR). As endpoints proliferate, organizations are focusing more attention on securing workstations. To do this, EDR provides two essential functionalities:

Continuous monitoring and threat detection.
Follow up of automated responses to threats discovered during the monitoring phase.

While EDR provides essential visibility and control over threats to endpoints, threat actors do not focus solely on laptops, desktops, mobile phones, and other devices. Rather, they find the entry point of least resistance and escalate their privileges to move laterally until they reach their intended target.

To block and disrupt threats effectively, organizations need to go beyond EDR with extended, real-time visibility into security events not only for your endpoints, but for cloud workloads and the network. XDR achieves this by collecting and correlating data across all channels to enable visibility and context into advanced threats. After alerting analysts, threats can be analyzed, prioritized based on risk, hunted, and remediated to prevent breaches and data loss.

But I Have a SIEM for That

As with many security solutions, some features of XDR and SIEM overlap. Because of this, customers tend to ask if XDR adds value in environments that already have a SIEM solution deployed.

The distinction starts from the very beginnings of each product. SIEM had its genesis in compliance. Over time, SIEM evolved to a threat and operational risk platform, pulling data from disparate sources, performing automated analysis, and alerting human analysts. However, it does not include some of the broader functionality that XDR encompasses.

Unlike SIEM, from day one XDR was developed to focus on threats and to provide a single platform for deeper and narrower threat detection and response. Seen as the next generation of EDR, XDR includes additional functions like antivirus, firewall, and of course, EDR.

More specifically, XDR differentiates from other product categories in three ways:

Level of turnkey integration is much higher and does not require expensive, labor-intensive calibration.
Squarely focused on threat detect and incident response and have a higher quality detection and analysis lab.
Generally built on cloud-native architectures and can be rapidly deployed.

Is XDR Right for Your Business?

As vendors begin to take their XDR offerings to market, we have seen it appear in different forms—hardware companies adding standalone XDR products while traditional enterprise security companies add XDR as an extension of their existing platform. Given the range of options, there is certainly an XDR for every need.

But, is there a need for every XDR? Sometimes you don’t know until it’s too late. Or instead of waiting, you can try finding your security program holes through a pen test. Read more in our blog, What are the different types of Pen Testing?

Face the Facts: 3 Cloud Security Realities

Mon, 27 Sep 2021 21:38:41 GMT

Greg Franseth, Cadre Information Security

The internet is chock-full of cloud growth stats. We all know it’s happening, but do we really know how great our security risk is? According to our friends over at Netskope, in 2020, the number of apps in use by the average enterprise increased by 20%[1]. Organizations with 500-2,000 employees used on average 690 distinct cloud apps. Of those apps, 47.5% have a “Poor” Cloud Confidence Index™ (CCI) rating—meaning enterprises should avoid using these apps and take steps to migrate to safer app alternatives.

And that’s just a glimpse into the current state of cloud security.

With so much of today’s work rooted in the cloud, it’s easy to get wrapped up in doing everything you can to improve your organization’s cloud security posture. But these days what we’re seeing is that IT teams need to take a pause and revisit these 3 need-to-know security facts.

1. Everyone’s cloud security stack still needs to be tailored.

“More cloud security doesn’t equate to stronger security” is something you have probably read time and time again. But it’s worth repeating. Why? Because as the attack surface keeps expanding, organizations keep falling into the same pattern. There’s an issue, they buy a security solution to stop the hemorrhage or meet a compliance requirement, and then put off dealing with the complexity issues for another day.

The real problem is that cloud complexity combined with too many different and uncooperative security solutions leaves you with no shared intelligence.

To overcome these challenges, you must streamline your security stack and include must-haves like: Cloud Access Security Broker (CASB) as part of your Secure Access Service Edge (SASE), Identity and Access Management (IAM), threat intelligence, and next-generation firewalls. And do so in a strategic manner that ensures all solutions work in harmony.

2. Constant vigilance is the only way forward.

So much of the discussion on cloud security revolves around technology. However, it’s not the IT team’s problem alone. Today, people are the weakest link in security. Even with a cloud-based SWG, if an employee clicks on a phishing email and enters their credentials, your whole cloud ecosystem could be at risk as attackers stealthily move and escalate privileges. While artificial intelligence (AI) and machine learning (ML) technologies help with predicting these events, and isolation layers can keep phishing attempts and malware off endpoint devices, awareness is still a central pillar of keeping the cloud secure.

3. You have to use ML/AI to take the load off analysts so they can keep a human eye on end users.

The cloud can be safer, but you’ll always need real-time monitoring and analysis of end-user behavior. This will allow you to spot irregularities that deviate from normal usage patterns (did they modify audit trails, did they repeatedly try to download data, etc.). And at the other end of the spectrum, when that employee departs the company, do you have a process to ensure they can no longer access your cloud storage, systems, data, customer information, and intellectual properties?

To address these issues, consider completing an assessment before buying any new solutions that use AI/ML to complete low-level, high-volume tasks to take the burden of human experts such as:

· Intrusion Detection & Response

· Extended Detection and Response

· SIEM

Cloud-First Must be Security-First

As a bonus fact, to reap the benefits of cloud computing, organizations must put security first on the list of priorities. While cloud is more secure if you take the right precautions, it takes constant evaluation and re-evaluation to ensure you have the best solutions for your ecosystem. At Cadre, we work with the best cloud security providers in the business and take an unbiased approach to review and recommend how to best secure your unique environment and reduce risk.

To learn more about integral parts of today’s cloud security, watch our recorded webinar, Demystifying SASE - A Cloud-Based Approach to Network Security.

Minimize Security Incidents with a Strong Security Awareness Program

Mon, 27 Sep 2021 21:37:31 GMT

Monique Little, Cadre Information Security

News of companies getting hacked is omnipresent. The fear, uncertainty, and doubt as a result of these reports can make you want to give up. But don’t let that dissuade you—there’s still hope and it resides in an unusual fact: more than 99% of today’s cyber attacks are human-activated.¹

You might think to yourself, how is that good? Well, for one thing, human behavior can be changed. It just requires a strong Security Awareness Program.

Security Awareness is More than Phishing Campaigns

Running phishing simulations is a common security education practice, but it is only one component among many other tactics. When we boil it down, Security Awareness is teaching employees how to develop a strong security mindset both at work and at home. That could mean using townhalls, chat channels, newsletters, and informal and formal trainings to enhance cybersecurity best practice knowledge.

Security Awareness is … not holding the door open for the person behind you, even though human nature tells you it’s common courtesy. It’s learning that threat actors leave USB drives behind and hope someone will plug it into their computer to see what’s on it (it’s in our nature as humans to be curious). It’s being aware that hackers use social media to see what your title is at work so they know who to target. It’s training employees to trust, but verify. Just because she says she’s there to fix the printer and name-drops so that it sounds legit, doesn’t make it so; always verify before leading anyone into your office space. Remember, these are just a few examples of social engineering attacks, not an exhaustive list.

When Security Incidents Happen

When an attack or breach occurs, what often has the most influence on the end result is how the organization reacts—and, how they learn from the event.

Post-event, it is critical to evaluate using these questions:

-How did the targeted user react?
-How did IT react?
-What went great?
-What opportunities are there for improvement?
-Are security tools configured correctly?
-Do you have a Security Awareness Program in place? How did it prepare the affected parties?
-Do you know what to do in case of a suspected incident?

What to Do: The #1 Rule

Knowing what to do in the case of a suspected incident is paramount. Messaging to all staff needs to be clear and encourage communication and participation. Good organizational responses should emphasize positive, defensive behaviors. This is true from the CEO to the receptionist, and to the head of IT. No matter who you are, if you have the slightest suspicion that you are experiencing an attack or have been infected with malware, don’t wait to confirm. End users need to know that IT departments would prefer false alarms than be kept in the dark about potential attacks. If anything gives an end-user pause, it should be reported immediately to IT.

It is important to note that an event or an incident is not synonymous with the B-word (rhymes with reach). Anything that happens on a network—even a false positive—is categorized as an incident. That doesn’t mean that your data has been compromised. Organizations can tie themselves in knots in fear of a public relations fallout only to discover there was never anything there. Don’t allow nomenclature to dictate how you respond.

Be Sure Users Know This

Do the users in your organization know how to contact your IT department in case of a suspected incident?

Make sure that all employees know how to contact IT during business hours, after hours or on weekends/holidays. And most importantly, how to contact IT if their email or whole computer has been compromised. Users should have email addresses, desk phone numbers and cell phone numbers of the appropriate IT contacts.

Debunking the Biggest Cybersecurity Misconception

The IT and security team are solely responsible for the organization’s cybersecurity posture. That couldn’t be further from the truth. But it underpins the importance of starting, and maturing, a Security Awareness Program.

Everyone in the organization is responsible for remaining diligent to protect business, employee, and client data. However, not everyone thinks this way. End-users must be educated in the role they play, and how “good” cybersecurity behavior isn’t simply beneficial to the business, but their own personal lives.

There is no technology that can stop all social engineering attacks since they rely on exploiting human nature—you must have ingrained security awareness as your first line of defense.

Having a strong Security Awareness Program can help to minimize security incidents within your organization. If employees know what to look for, they can do their parts to help keep your organization’s data secure. If you have questions about or need assistance in building a strong Security Awareness Program within your organization, please contact us.

One more reason why estimating software projects can be so challenging

Tue, 31 Aug 2021 16:00:36 GMT

Smart Data Systems

If you lead an organization that is required to estimate software development projects, you may already know estimating software development is not easy. In fact, the entire topic of estimating software is often a contentious one within many organizations. Whether that is internal stakeholders or clients who have a desire to know what will be delivered and when, or a software development team that is hesitant to create something that stakeholders will use against them. A lot of this frustration and the challenges surrounding estimating this type of work stems from a belief that software developers should be good at estimating in the first place.

Don’t get me wrong, we humans are amazing creatures in so many ways. We have the capacity to solve complex problems, make technological advances that have made all of our lives easier and more enjoyable. And yet, despite all those achievements, we still fall prey to flawed thinking and in general humans are not always great at estimating many complex challenges. While not all software projects are complex, many tend to be and one very real reason why is how we think about complex problems and how being more aware of where that thinking can go wrong.

A great book on the process of thinking that highlights some of these basic mistakes is Thomas Kida’s “Don’t Believe Everything You Think, The Six Mistakes We Make in Thinking”. While not specifically about software estimating, it does provide some very interesting insights and research on why most humans can make common mistakes in how they are applying critical thinking

The six basic mistakes are:

· We have faulty memories
· We tend to oversimplify our thinking
· We sometimes misperceive the world around us
· We rarely appreciate the role of chance and coincidence in shaping events
· We seek to confirm, not to question, our ideas
· We prefer stories to statistics

One common challenge for software teams is what is often called “the problem of perfection” or the pressure to provide “perfect” estimates. Most good teams can empathize with the need to prioritize work, the love of metrics, and the all too common need to push for estimates of work that will tell you when something will be “done”. What can often happen with or without this pressure is good teams or developers will fall into one of Mr. Kida’s six mistakes which is our human tendency to oversimplify our thinking.

Heuristics or general rules of thumb are what most of us use to try to effectively simplify complicated judgments we need to make. They also can give us good approximate solutions to our problems. The great news is approximate solutions are surprisingly very effective and for many project estimates they can provide teams with good estimates and can keep many organizations from following into the “Perfect is the enemy of good” rut. However, the challenge is those same rules of thumbs can also lead to systematic biases that result in grossly inaccurate judgments. A common mistake is our “representativeness” rule of thumb or “of course it’s the same, it looks the same doesn’t it.” This method of oversimplification works well for many decisions as things that go together can often be similar in development. However, things will go off the tracks with this way of thinking, if enough other relevant data is overlooked, and thus often can lead to major decision errors. This is sometimes reflected in a piece of development that was done by one group of developers so the natural thought would be, it’s the same relative size of work so the new work must take the same number of hours. A is similar to B, so therefore they must be equal, right? Factor in the relevant data that the previous development team was made up of six people all with two or more years of experience in working with this same solution and your new team consists of only two of those same people and now two new people that started last month. Is that still similar?

The great news is simplifying as a thinking strategy is not all bad. In fact, simplifying strategies will serve you quite well in most software development estimates, just remember to recognize that oversimplifying, with little or no relevant data, and your own biases will lead to major problems with how your team thinks and estimates. I would also suggest looking at more of Thomas Kida’s work or the work of others to understand how we think about problems and see if it can’t help you or your teams with your process of estimating software development.

Technology First & Software Development

Mon, 30 Aug 2021 18:51:35 GMT

Registration & Details Here!

Don Kennedy, Smart Data Systems and the Technology First Board of Directors

“We are uncovering better ways of developing software by doing it and helping others do it”

-Agile Manifesto, 2001

There is a lot of talk in and outside of the technology community about “being agile” and helping organizations increase their ability to react quickly to what seems to be an ever-changing business environment. Just in the last 18 months we have seen unprecedented spikes of demand on Health care, Manufacturing, and Logistics systems as well as perceived permanent shifts in where and how we work, shop, and visit our physicians. At the heart of all of these changes are millions of lines of code written by craftswomen and craftsmen. Software development and engineers continue to be at the forefront of an accelerating digital change and why Technology First is proud to continue to support this community at the heart of it all. In this month’s edition we wanted to highlight some of the ideas, people, and practices from this important part of our community

One set of principles deeply entrenched in this part of the technology world are Agile Principles. They are now over twenty years old and you would assume many of us may have felt or heard of them as you worked with your developers or technical teams. While often confused with the adjective Agile, the Agile Manifesto is actually a set of principles that have evolved and continue to very much be an effective and sustainable way of working for many organizations around the world. While there also continues to be some misunderstanding of the Agile manifesto and Agile community, I hope to demystify some of what being “Agile” means to many within the software community.

Allow me first to give a very brief history of where some of these principles came from as I think this lays important groundwork. I will apologize in advance as with any history many things are lost and, in an attempt to be concise, it can be difficult to give it the adequate coverage it deserves. But in 2001 and growing out of sympathy for the need to find alternatives to documentation-driven, heavyweight software development processes, seventeen people, some competitors and most very independent thinkers, documented specific ideas they believed would provide that alternative. Underneath this manifesto of ideas are the bedrock themes of values and culture. So the manifesto and principles are really nothing more than a set of values that was intended to underpin and promote an organizational model based on People, Collaboration, and the Organizations models in which the original group would want to work. What has since grown out of those original ideas is a celebration of a sustainable, quality, process model that works to hold up the idea that “people are our most important asset”.

With that history under us, I would also highlight critics of the principles will often confuse the original ideas and all too often accuse “Agilest” of being anti-methodology, anti-modeling, and completely against documentation. These are all incorrect beliefs, but a common theme among many critics in this way of working and building software. What the principles are and how people incorporate them into their way of working is a much longer subject that I could not begin to cover here, but my understanding is these principles stand more for certain principles than they are against anything if that makes sense. This is also where I will maybe get into a little trouble and admit some people do hide behind some of these ideas, like humans can, and will use them to fight against certain processes more than maybe they should. That said, inherently the principles are again about balance in planning, or documentation, etc. So while the principles highly value Individuals and interactions over process and tools, nowhere do these principles say you should not embrace documentation, planning, or methodologies. I will also admit I am very much a traditionalist when it comes to business in many ways and while I work with many developers, I am not a software developer myself, so it has taken me time and first hand witnessing the value of these principles to come to a better understanding of the intrinsic value they bring to people, teams, and entire businesses. While we do not have adequate time to cover these principles here I hope this brief piece and the principles themselves below will help in some way to provide insights to those unfamiliar with Agile practices. If nothing else, I would encourage you to remain open to the idea that as humans we can fall into habits and ruts of behavior all too easily and practicing new ways of working can have unforeseen benefits.

What follows is the manifesto itself and the twelve principles of Agile Software freely copied in its entirety from https://agilemanifesto.org/

We are uncovering better ways of developing
software by doing it and helping others do it.

Through this work we have come to value:

Individuals and interactions over processes and tools
Working software over comprehensive documentation
Customer collaboration over contract negotiation
Responding to change over following a plan

That is, while there is value in the items on
the right, we value the items on the left more.

We follow these principles:

Our highest priority is to satisfy the customer
through early and continuous delivery
of valuable software.

Welcome changing requirements, even late in
development. Agile processes harness change for
the customer's competitive advantage.

Deliver working software frequently, from a
couple of weeks to a couple of months, with a
preference to the shorter timescale.

Business people and developers must work
together daily throughout the project.

Build projects around motivated individuals.
Give them the environment and support they need,
and trust them to get the job done.

The most efficient and effective method of
conveying information to and within a development
team is face-to-face conversation.

Working software is the primary measure of progress.

Agile processes promote sustainable development.
The sponsors, developers, and users should be able
to maintain a constant pace indefinitely.

Continuous attention to technical excellence
and good design enhances agility.

Simplicity--the art of maximizing the amount
of work not done--is essential.

The best architectures, requirements, and designs
emerge from self-organizing teams.

At regular intervals, the team reflects on how
to become more effective, then tunes and adjusts
its behavior accordingly.

Please join us at the Taste of IT this November 17^th and look at our developer track for more interesting content around software development and its practices! Registration and Details here!

Beware the MVP

Mon, 30 Aug 2021 18:46:48 GMT

Dave Best, Technical Director, Mile Two

“Minimum Viable Product,” or MVP, is a well-known acronym in the software and product development community. Eric Ries popularized this term in the book, The Lean Startup. He describes the MVP as:

“[...] the minimum viable product is that version of a new product which allows a team to collect the maximum amount of validated learning about customers with the least effort” (https://leanstartup.co/what-is-an-mvp/).

That definition is reasonable, but the reality is more complicated. “MVP” has become a largely unhelpful term. In this article, I will present two ways that it is unhelpful and two mechanisms for mitigating those concerns.

A Lack of Shared Understanding

Shared understanding is one of the most valuable assets of a team, especially when moving quickly. It is inefficient and expensive if your team members are building too much or building the wrong things. The group may be well-aligned on the “what” you are developing, but the ambiguity of the MVP term creeps in around the edges. You may find yourself answering questions like:

● Do we need tests?

● That feature needs to be complete, but what about these related features?

● What sort of user load does this need to support?

● How, where, and which users will be using this MVP?

● Will this become production code? Really? (How many teams have been burned by this one?)

I’ve seen the term MVP used as a stand-in for non-production work or as an excuse for bugs or poorly implemented features. This lack of shared understanding may not be a problem for the disciplined and experienced team, but I’ve repeatedly seen senior teams make poor assumptions.

The Build Trap

The second concern with MVP is the last word in the acronym - ‘product.’ Product implies a level of fidelity much higher than ‘experiment.’ The original definition and the Lean Startup book couch the MVP in terms of the scientific method. MVPs are experiments; they allow the team to test the output from a single cycle through the “Build, Measure, Learn” loop (read more about it here: http://theleanstartup.com/principles).

Shipping a product can be uncomfortable work; I’ve seen many teams get bogged down in the details of their MVP; they are doing too much (or the wrong) work because, for many groups, building a product is less daunting than facing the customer.

At Mile Two, we use a handful of terms alongside the stray MVP; experiment, design seed, prototype, mockups, etc. Our early “MVPs” for some projects were simple pen and paper or whiteboard exercises. Some relied on mockups designed in Adobe XD. When your business is developing software, you’re going to get some odd looks if you call your mockup drawn on a whiteboard your “MVP.” You’ll get fewer strange looks calling it a “Process Experiment.”

Words Matter

Fundamentally, my problem isn’t the term itself. It is a placeholder; shared understanding must support it to make it effective.

Scales of Fidelity

At Mile Two, we’ve been experimenting with using “fidelity scales” to better understand and communicate the level of effort to be invested in any endeavor. The categories that we use are in flux but include:

● Software Fidelity

● Design Artifact Fidelity

● Project Resilience

● Progress Alignment to Plan

Our goal is to develop consensus around these levels so that every team (and team member) has a shared understanding of the work needed. An experiment that is (for example) a “3” on the software fidelity scale, regarding the level of testing, reliability, and roughly how long the team will work on the iteration.

These metrics connect to the specific way that Mile Two works, but they are adaptable to the processes of other organizations.

Embrace the Experiment

One of the easiest ways to frame the work is to walk through the three parts of the “Build, Measure, Learn” loop backward:

● What one thing are you trying to learn?

● What can you measure so that you will learn what you need?

● What is the simplest thing you can build to measure what you need adequately?

This framing can help you break out of the “build trap” where you over-engineer or over-develop your experiments. The “Build, Measure, Learn loop” is meant to be an iterative process; if you try to learn too many disparate things from an experiment, you can end up learning nothing at all.

At Mile Two, we believe strongly in iterative development and co-creating the solution with our customers. We bring them into the process early and often; we get feedback on small experiments that advance our (and sometimes, our customer’s) understanding of the problem domain as frequently as possible.

I’m always happy to talk about product development processes or how Mile Two can help you solve your complex problems. Feel free to send me an email at dbest@miletwo.us.

Arrested Development

Mon, 30 Aug 2021 18:44:51 GMT

Mardi Humphreys, Change Agent, Integration Edge

Why am I, a marketing aficionado, writing about developers? Because their scarcity is about to halt the pace of innovation here in Dayton, Ohio. You know, the birthplace of aviation, the cash register, and the pop-top beverage can? This situation could hurt Dayton’s brand, and that’s where I come in.

So here we are, fully vaccinated and (somewhat) back in the office, but wait…where is everybody? Where did all the developers go? If they aren’t all WFH, (and research suggests that if you want them to work for you, you should let them work from home, but more on that later…) then they are probably being wined and dined by potential employers like Google, IBM, and Apple because good developers are hard to find. They are few, far between, and in demand right now.

In 2019, the average time it took to fill a tech position was 66 days compared to taking 43 days to fill non-tech positions. When COVID-19 sent everyone home in 2020, and multitudes of businesses moved to e-commerce, the demand for developers went up exponentially. Here at the end of Q3 2021, businesses continue to rethink their strategies thanks to the lessons learned from the digital transformation thrust upon them last year. Plus, evidence suggests that there is no going back to the way things were pre-pandemic. Competition for talent is intense. Simply put, there are more open positions than developers to fill them.

Why is there a shortage?

Every employer is now a tech employer: retail, education, finance, healthcare, etc. Reading those industry categories, you can think of at least one name for each of them. Take retail for instance. Kroger not only offers a digital shopping experience, now they are testing drone delivery right in our backyards. Kroger has nearly half a million employees and plenty of them are developers since their digital business doubled in 2020, and they plan to do $20 billion in online sales by 2023.

Lack of skills:The technology is evolving so fast (like Blockchain, Cybersecurity, and AI) and the necessary skills are so specialized (e.g., Chief Nursing Informatics Officer is a real job) that humans can neither learn fast enough, not get experience fast enough, nor interview fast enough to fill open positions.

Lack of credentials:Our colleges and universities are playing catchup in offering the languages and internships necessary to work with the emerging technologies, and employers are looking for those college and university names on resumes. To fill open positions, more employers and job seekers are turning to bootcamps as avenues to quickly upskill workforce.

If you want to be a developer, what should you learn?

There are a few things you should be well versed in to stand out from the competition and attract a lucrative salary. Employers are looking for developers who are experts in Python; followed closely by JavaScript and Go. If you are looking for certification, CompTIA has paths that are widely accepted by employers and offered by local workforce development companies. Python is the most popular language to date and experience with machine learning is quick on its heels because you have to be able to make sense of all of that collected data. Being able to legitimately list Data Science on your resume is a plus. It’s a bit vague since it could mean anything from data analytics to software engineering, but if machine learning is on your resume, data science can be too. If you are not already certified in Amazon AWS, Microsoft Azure, and/or Google Cloud, get certified. Everything is moving that way. It behooves you to be ahead of the wave. If you want to specialize, then experience in Cybersecurity, AI code testing, or IoT (especially as consumers gain access to 5G) will put you in a good position to get the role you want. But please remember, you also need soft skills like emotional intelligence, flexibility, continuous learning, strategic thinking, and habitual process improvement to thrive in a team environment.

If you employ developers, how do you keep and attract talent?

Be flexible: Remember earlier in this article when I said more on WFH later? Well, it’s later. Developers in the market for new positions are in the driver’s seat and plenty of them are driving home. Post-COVID-19, WFH is less of a perk and more of an assumption. Hey, if Microsoft can do it , so can you; particularly as it pertains to where, when, and for how long an employee works for your company. Giving employees options for working in the office, at home, or a combination of both, will help you compete for top talent. And flexibility has a wonderful side effect. It helps you with your DEI goals. Offering remote work attracts mothers, diffuses location bias, and ensures accessibility for the physically challenged.

Communicate: Offer multiple communication channels to promote team bonding. Open a Slack channel for remote workers to discuss what Netflix shows they are currently bingeing as well as separate channels for teams to collaborate on their mutual projects. Smooth onboarding by assigning new hires an ambassador to help them navigate company culture, introduce them to colleagues, and answer questions. In your emails to the entire company, normalize asking for help and promote overcoming challenges together.

Upskilling: Make continuous education for employees an item in the company budget. It should be a perk of working for you. Partner with local higher learning institutions and talk about emerging technologies, what you think you’ll need, and how you’d like to get your pipeline from them. They want to supply you with future employees as well as upskill your current workforce, you want a skilled workforce, and the workforce wants to, well, work. It’s a win-win-win that keeps everyone in the Tech Community in business.

IT Leader Spotlight: Randy Hinders

Mon, 30 Aug 2021 18:29:16 GMT

Randy Hinders, IT Director, Mile Two

What was your first job?

Afternoon paper delivery route. This was great at teaching responsibilities and accountabilities. It’s a shame that these types of opportunities for teens are not as easily available today.

What’s the best career advice you ever received?

My dad told me as I joined the Army. Volunteer for everything. Sometimes you will get a crap job, and I did, and sometimes you will get an awesome assignment. Which I have. I raise my hand for those technical challenges that will push my understanding of a topic or business process so that I learn and grow. Sometimes they stink and might not be successful, other times they are wonderful experiences making lifelong friends in other areas of business that I would not have seen had I just stayed in my cube.

What advice would you give to aspiring IT leaders?

First, remember that it is about your team and not you. If your team is successful, only then will you be successful. Second, know and be yourself. Do not try to be someone you aren’t but do bring on people who can and will fill in your shortcomings.

Get More from Your Professional Network

Mon, 30 Aug 2021 16:01:29 GMT

Aaron Davis, Recless Tech

Your professional network holds the key to solve a work problem, sign a customer, or get that new job. A referral from a known person comes with more trust. It is engaged more quickly and creates a bias for the connection to be a success.

I can no longer count how many times I’ve coached a technical professional through how to network with their contacts. Unfortunately, it’s often when someone is referred to me in an urgent job hunt situation - a contract ending, an unexpected termination, or work suddenly becomes unbearable. I always wish we had talked months prior.

The best time to network is before it's needed!

Make a List

People get lost, and it’s hard to keep up with everyone that’s valuable to you. If your LinkedIn is too vast and messy (like mine), document who you want to keep up. Do they have a good reputation? Do you trust them? Do they respect you? Add them to your list. Salespeople and recruiters use CRM systems but staying in touch is valuable to all of us. There’s nothing wrong with having a list of valued connections and dating your last interaction with them so you don’t lose touch.

Find Ways to Give

The hardest part of any give-and-take relationship is finding ways to give. If you want your network to be ready to help when you need them, invest early. The people you need to stay connected with are not always the ones right in front of you. Old colleagues may not come to you first to solve a problem. You have to go out of your way to stay in touch.

Everyone knows the value of connecting with influencers and decision makers. But people you can help are even more important. They will remember you, and many of them will be in positions to help you in the future. Giving generously is the master key to networking.

Connect through Curiosity

People won’t always remember the details of your last conversation with them. They will remember how they felt! Being heard is an important part of feeling good in any relationship but can be with a more introverted personality. Stay curious. Asking big questions like “How’s work?” or “How’s your family?” might be enough to get conversations going with some. Others are more to the point. You may have to probe to stay connected. It’s your network, so do the work of learning what’s important to them, and how you can help.

Ask Directly for Help

When the time comes, and it always does, be prepared to ask for help. People like to help their friends and colleagues. It’s satisfying to know you’re valuable. It scratches a life-purpose itch to improve someone else’s situation. And when you state it in a way that is clearly an ask for assistance, it gives your connection a chance to feel like your hero.

Leave some room to decide exactly how they can help. If you communicate your goal, tell them what you’ve done to get there, and ask them how they can help, most people will want to come to your aid.

I prefer:

“I’d like to communicate directly with PersonA about XYZ. I don’t trust the portal. But I need help getting in touch with them. How could you help me?”

Over:

“Would you introduce me to PersonA with an email?”

Adding a bit of problem solving to the ask can offer a feeling of appreciation for the idea on top of the connection.

Aaron Davis is the founder and CEO of Recless Tech, an external referral platform that uses peer-to-peer sourcing to fill tough technology positions. He has previously served as the COO for a software services firm, the Talent Acquisition Director for a large health plan, and an Account Executive for a large tech staffing firm. Aaron is a Senior Professional of Human Resources, a Certified Scrum Master and holds an MBA from Wright State University.

Aarondavis@reclesstech.com

937.672.4598

Tempting Talent - Talent Series Part 4

Thu, 26 Aug 2021 19:51:24 GMT

Mardi Humphreys, Change Agent, Integration Edge

Last week we discussed how to retain your current employees during the Talent Tsunami. But despite your best efforts, it’s likely that some of them will still jump ship (cue Debbie Downer). From a financial perspective, hiring a new employee is an expensive process. You not only have to calculate salary, but also the cost of recruiting, training, and benefits. If you are a company of 0-500 people, this price could average $7645. How can you ensure you’re attracting trustworthy talent?

Congruity Through Change

It’s tempting to just increase the top of the salary range or offer a sign-on bonus and publish the “We’re Hiring!” post. But throwing money at the problem is not a long-term solution. The pandemic proved the workplace can function very differently than it’s been allowed to since the industrial age. This excited employees, but management not so much. COVID-19 fast-tracked the inevitable evolution of the way knowledge work gets done. Protocol that made factories run efficiently (e.g., all employees work five consecutive eight-hour days) are no longer in employees nor companies best interests here at the end of the digital revolution. If you make this an arbitrary rule, you risk losing out on valuable talent. Conversely, if you explore innovative alternatives for running your business, then you keep your company’s vision intact by taking advantage of modern methods to manifest it. For example: How many processes can you automate? Can you employ subcontractors? Can you upskill high-value individual contributors? Concepts like remote working and unlimited PTO that your company deemed impractical before COVID-19 are now your competitors’ widely advertised company perks. Ponder how implementing such changes may impact your business. A company that helps its workforce navigate work-life integration attracts employees who want to make that company thrive. Be a company that allows employees autonomy to get their projects done, advance in their career and life, and affiliate with both their coworkers and company. Prioritize being a great place to work; a place where employees are valued as human beings. When you do, that becomes part of your brand. In short order, you have an inspiring story to tell everyone and you will attract a workforce excited to invest in the company’s success.

Not Your First Rodeo

You’ve been short-handed before, so now is not the time to panic. Employment is a long-term prospect. You need to discern whether a new hire will be a loyal member of your team or if they are just riding a Talent Tsunami wave. Be as selective in choosing whom to add to your staff now as you were pre-pandemic. When hiring, consider:

Why are they changing jobs?
Did COVID-19 cause them to be laid off or furloughed?
What did they learn during the pandemic that will help them succeed in this role?
Are they looking for more purpose in their work?
What specifically drew them to your company?
Did someone you trust from your network connect you to this talent prospect?
Do they seem excited to meet with you?
Did they tailor their resume to the open position?
Did they ask you good questions about both the company and the job?

This power shift to job seekers won’t last forever. You’ll likely have the same pre-pandemic issues (e.g., finding employees with specific skills) you always had, but if you refresh your policies to create more win-win working conditions, you’ll attract quality talent.

What makes your organization attractive to talent?

The Tide is High - Talent Series Part 3

Wed, 18 Aug 2021 15:31:41 GMT

Mardi Humphreys, Change Agent, Integration Edge

You kept your business solvent during the pandemic. Now vaccines are available and buildings are reopening. Both you and your workforce are deciding where to go from here. Pivots like switching the product you manufacture (e.g., making hand sanitizer instead of bourbon) or shifting your employees to working from home has not only burned everyone out, but also revealed work-life integration paradigm shifts. You need to both retain your current workforce and attract new employees, but how? This week, let’s focus on keeping the folks you have.

Pivot Again

You regularly adapt your business to market conditions. This shift in the balance of power is a condition more abrupt than most, but it offers you a gift. It forces you to look at your mission, vision, values, policies, and procedures and sift them through the filter of The Platinum Rule. For example, employees hear the siren call of flexibility and autonomy in their jobs. Are your company’s paid time off policies amenable to employees with caregiving duties to young children, aging parents, chronically ill partners, etc.? If not, then it behooves you to reevaluate those policies. If your employees are being washed away by the Talent Tsunami, then you need to take a long, hard look at your company’s culture, protocols, and development paths. If your workforce was happy before the pandemic, then they would not be so tempted to leave now. You will be wise to shift your mindset to focus more on taking care of your employees and repeatedly communicating that commitment. People want to work in an environment where they feel valued. If your company has a vision the workforce can believe in, you coach them to share it, and demonstrate how their jobs are integral to realizing it, then employees get invested in meeting the company’s goals and want to stick around.

Engagement Brings Retention

The inconvenient truth is it’s cheaper to keep an employee than to hire a new one. If you don’t know what your employees need to achieve work-life integration, or to feel appreciated, now is the time to ask and actively listen to their answers. Individual contributors who feel they belong and have purpose are less likely to burn out. How do you know if your employees are burned out? Ask them. Company-wide email surveys are easy to create, send, and compile results. You can ask questions like: How do you think the company handled pivoting during COVID-19? How many days a week do you want to WFH? If the company reimburses you for upskilling, will you agree to work for us for a year? The answers will give you data that will not only help you to assess the risk of employees leaving, but also reveal what you can do to keep the good ones.

“Bye” the Way

Unless employees signed a contract saying they’d do one, they are not obligated to give exit interviews. A smart employee will not grant one if they don’t have anything nice to say. An exit interview is more of a benefit to you than to them. It’s an exiting employee’s gift of feedback to you. If the resigning employee grants one, stick to questions that will help you retain other employees. For example: What could the company have done to make it easier for your team to communicate with each other?

What are you doing to encourage your employees to join you in making your business succeed?

PMI - Summit 2021 - Accepting Proposals until Aug 27th

Wed, 18 Aug 2021 15:13:29 GMT

Project Management Institute - Dayton Miami Valley Ohio >> Submit Your Proposal!

Our goal is to curate outstanding content for our 2021 Virtual Summit. We are seeking engaging speakers for our 1-day Conference on October 29, 2021. If you are willing to share your expertise with our PM community, complete the speaker form below. The email address you provide in the form will be the main method of contact throughout this process.

With the focus on our theme "Change can be Scary", our ideal speaker is:

Experienced, engaging, and comfortable speaking in front of groups.
Passionate about sharing expertise on topics such as leadership, program/project management, business strategy, work-life balance, and change management.
Willing to partner with PMI’s Southwest Ohio and Dayton/Miami Valley Chapters to provide the best possible experience for our attendees.
Speakers should tell the story based on experience and be candid about outcomes, lessons learned, and techniques. Please “Think TED talk not Lecture Hall.”

Please submit your information via the speaker form today!

Making Waves - Talent Series Part 2

Wed, 11 Aug 2021 17:12:01 GMT

Mardi Humphreys, Change Agent, Integration Edge

The pandemic made us take a hard look at our priorities. What is now most important to you? In terms of your job, if you were able to pivot (e.g., a restaurant moving from fine-dining in person to at home delivery) or to transition to WFH (e.g., software developing), you’re grateful to have found a way to continue making a living. But now that we’ve moved into COVID-19’s phase of vaccines and variants, do you want to keep this up?

What Do You Want?

It’s time to decide what aspects of the working-under-quarantine conditions you want to maintain. Has the way you had to work made you want a different job, maybe even a different career path? If so, you have loads of company. The U.S. Bureau of Labor Statistics reports 3.6 million Americans quit their jobs in May 2021. But before you start searching for a new situation, get clear on why you want to leave your current one. If you’re running away from this job instead of running to another one, your discontent is likely to follow you. Ask yourself:

Am I burned out?
Did the pandemic reveal a side of my company’s culture that I can’t support?
Were my manager’s expectations unreasonable?
Did I discover a remote position would be best for work-life integration?

During the work day, when you feel frustrated or stressed, write down what you’re working on or what’s happening. Is it a project, person, and/or PTO? The answers will help you define your non-starters when considering your next role.

Defining what you don’t want narrows your choices down to what you do want. Compensation (salary, PTO, insurance, retirement benefits), location, culture, and leadership development are all obvious details you need to consider. But also ask yourself:

What does your perfect job look like?
Where are you doing it?
When are you doing it?
Who are you doing it with?
Why are you doing it?
How are you doing it?

What values do the answers to these questions reveal (e.g., freedom, culture, growth)? Rank them in order of importance. For one work week, notice what you are doing when you lose track of time as well as what you are doing when time seems to drag. Write these down and analyze them. While looking for a new position, search for one that allows you to do more of the work you enjoy.

How Do You Get It?

Once you figure out what you want, make a list of companies whose mission, vision, and values match yours. LinkedIn, Glassdoor, and Business Journals regularly identify great companies to work for. Target people in these companies you can reach out to for informational interviews. Notify your network that you are looking for a new role. Ask them not only for introductions to hiring managers you want to meet, but also ask how you can help connect them to the decision makers they want to meet. It’s tempting to apply for every job that looks like fun, thinking that eventually one will take, but that’s actually a time waster. It’s more effective to invest your time building relationships with your network. Insiders know a position is available before it gets publicly posted. A good rule of thumb is to network with five people for every one job application you submit.

Are you thinking about a new position? What are you looking for in a company?

UPSKILL your workforce through TechCred & Technology First Academy

Tue, 03 Aug 2021 00:28:11 GMT

Should You Surf the Tsunami? - Talent Series Part 1

Mon, 02 Aug 2021 23:15:55 GMT

Mardi Humphreys, Change Agent, Integration Edge

The number of posts from my LinkedIn connections announcing their new positions increases every day. Have you noticed it too? The Talent Tsunami is soaking us. Is it tempting you to find a new gig? Even now a job search can still be long, arduous, and uncertain. How can you tell when it’s time to move on?

In my role as a Change Agent, I ask questions so my clients can visualize both where they are and where they want to be. Next week, we’ll discuss how to figure out where you want to be. But first, here are questions to help you determine whether or not your current employment situation is still worth your T.E.A.M.

Your Body

Stress can physically manifest itself. Do you have headaches, nausea, and/or heart palpitations when you’re getting ready for work, at work, or just thinking about work? If so, your subconscious is trying to get your attention.

Your Mind

If your talents aren’t being tapped, you’ll get frustrated and, eventually, resentful.

Do your skills match the work you’re doing?
Are you unhappy the majority of the time you’re working?
Are you spending more time on social media than your work?
Are you watching the clock hoping time will speed up so you can leave?
Do you experience Sunday Scaries?
Are you looking at job postings and daydreaming about them?
Are you no longer proud of the work you’re doing?
Are you lowering your standards?
Do you hear yourself say, “It’s just a job?"
Have you lost your passion for the work?
Do you see your work as challenges or problems?
Careless mistakes (e.g., frequent typos, forgetting scheduled meetings) happen, but too many too often indicates that you’re disengaged from the work. Are you making too many glaring errors?

Your Environment

You can try to influence your environment, but the only actions you can control are your own.

Is the environment toxic?
Is the culture (e.g., you want to WFH and the company insists you spend the entire week at the office) not a good fit for you?
Is the company restructuring?
Are there rumors of outsourcing your department or selling the company?
Are you chronically understaffed?

Your Development

Has the novelty of being the SME worn off?
Are you tired of being the trainer and never the one learning something new?
Does your employer provide company time and money for upskilling?
Is advancement possible?
In order for you to move up, does someone have to leave?
Can you have a transparent conversation with your manager to find out if what you’re looking for can be attained within the company?
Have you taken on more responsibility and the effort has yet to be acknowledged?
Have you asked for a promotion at multiple performance reviews and even after completing the tasks your manager told you would result in advancement, they tell you that you’re still not qualified yet?
Are you no longer getting highly visible assignments?

Your Relationships

How do you get along with your manager?
Does your manager habitually give you instructions and refuse to hear your insight?
Does your manager refuse to negotiate benefits or discuss salary?
Are conversations with friends and family dominated by complaints about your job?

When you evaluate whether or not your current employment is worth your T.E.A.M., what criteria do you use?

Wright State offers "quick" way to add credentials

Thu, 29 Jul 2021 18:17:38 GMT

Graduate Certificates: Big and Smart Data and Cyber Security Analytics

Big and Smart Data Graduate Certificate

Why Choose Big and Smart Data Sciences?

The Department of Computer Science and Engineering offers a program of graduate study leading to the Education Certificate in Big and Smart Data Sciences. This unique certificate will equip business professionals with the technical foundation needed to manage and analyze Big Data and to create Smart Data-enabled applications for enterprises and individuals.

There is an unprecedented growth in data collected by all types of organizations for scientific, medical, financial, and other purposes. This comes as a result of activities in our interconnected world including social activities on the web. It is produced using sensors and other high throughput devices on or around individuals and around the globe. This has given rise to Big Data, characterized by five Vs (volume, velocity, variety, veracity, and value). Big and Smart Data Sciences is about the intelligent processing of Big Data for improved insights and decision-making for enterprises and individuals. It is also about creative approaches, methodologies, and techniques that span data acquisition to analysis and applications.

More info here

Cyber Security Analytics Graduate Certificate

Why Choose Cybersecurity Analytics?

The Certificate in Cybersecurity Analytics contains the four core courses of our Master of Science in Cybersecurity degree. We offer a flexible learning environment with both online and in class courses. You can use this certificate to enhance your current skills or start on the journey to a master’s degree in cybersecurity. We will provide you with the technical foundation needed to understand the major risks associated with cyberspace, and how to begin mitigating those risks.

Complete this certificate online or on campus.

More info here

Cincinnati State: Online degree highlight!

Thu, 29 Jul 2021 17:34:21 GMT

Computer Programming and Database Management – Computer Software Development Major (CSD)

The Computer Programming and Database Management – Computer Software Development Major (CSD) is an online degree focuses on the design, development, implementation, and maintenance of software used in a variety of industries. Students gain knowledge of computer operating systems and software development using several programming languages.

Graduates earn an Associate of Applied Science degree and are prepared to enter the workforce as skilled computer programmers and systems integrators. Graduates may continue their education in a bachelor’s degree program in computer science, information systems, business informatics, or business administration.

The Computer Software Development Major is primarily offered as an online degree for students who seek that instructional method. Some of the required courses can be taken through in-person classes.

Curious about software engineering? Learn more about Computer Programming and Database Management - Software Engineering Technology Major (SET) right here.

Time to recruit! University of Dayton Career Fairs this September!

Fri, 23 Jul 2021 17:58:39 GMT

As the fall 2021 semester is quickly approaching, UD Career Services is pleased to share upcoming fall recruiting events. Information about each event and a link to register are listed below.

Fall 2021 Career and Internship Fair *In-Person*

September 13 from 1-5 PM at UD RecPlex

Organizations are invited to visit our campus and meet with students and alumni from ALL MAJORS and degree levels seeking employment in internships/co-ops and full-time opportunities. Registration is available through Handshake.

Fall 2021 Virtual Fairs

September 15 & 16 from 2-5 PM on Handshake

September 15 – Science, Technology Engineering, Mathematics (STEM) and Healthcare

September 16 – Communication, Creative, Business, Human, and Public Services

The fairs are based on industry groups, not student majors. Registration for both fairs are available on Handshake.

Contact employerrelations@udayton.edu with any questions.

Host a Senior Capstone Project from UD!

Wed, 21 Jul 2021 18:01:44 GMT

The University of Dayton Department of MIS and Operations Management is now accepting Company Project Proposals for their MIS and OPS Senior Capstone Projects.

These year-long projects (2021-2022 school year) allow students to learn by applying the theories they learn in the classroom to real world projects

Firms benefit by having a fresh set of eyes and ears focused to carry out proposed improvements. In these projects, both assigned faculty and sponsor management guide the assigned student teams.

There is no cost to companies sponsoring projects.

Submitted project proposals should be submitted by August 16th.

UD MIS/OPS 2021-2022 Senior Capstone Project Proposal: https://drive.google.com/file/d/1gTIzgc2oMGty1l352Y6a6UWeHVEU4gnK/view?usp=sharing

Any questions can be directed to : Stephen Hall, Director, Center for Project Excellence, shall2@udayton.edu

Franklin University offers Microcredential Programs!

Wed, 21 Jul 2021 17:49:05 GMT

Franklin University is excited to share our newest Industry-Endorsed Microcredential programs. You can gain professional training for in-demand skills with just three, six-week courses! Choose from:

Asana Project Management with Agile
Facebook Digital Marketing
Salesforce Administrator
Tableau Data Analytics

Fall term begins August 16^th! Learn more at: www.franklin.edu/microcredentials

Discover the world of Cybersecurity! Community College Cyber Summit - Career Exploration

Mon, 19 Jul 2021 20:25:51 GMT

OPENING CYBERSECURITY OPPORTUNITIES

Cybersecurity careers and jobs keep growing and expanding. Community College Cyber Summit (3CS) is hosting a Career Exploration event to help you understand the field and learn about many and varied career opportunities. Cybersecurity 2- and 4-year students and recent graduates are invited to participate. You will have an opportunity to talk to professionals in the field about careers and jobs, and attend conference sessions specifically geared towards students to learn about advancements in the field. 3CS will be held November 5-7, 2021.

WHO WILL BE THERE?

Regional and national companies, government agencies and universities will share their opportunities for careers, advancement, and jobs with attendees. Additionally, over 400 college faculty and workforce development professionals from across the nation will be present.

WHY SHOULD YOU ATTEND?

Discover a variety of cybersecurity careers and job opportunities
Learn about the developments in the field by attending 3CS sessions
Meet cybersecurity professionals to discuss skills and opportunities
Meet peers and faculty to learn about different education programs

FINANCIAL SUPPORT AVAILABLE

Local Student: If you live within a 50 mile radius from the college you are entitled to a $75 stipend to cover the registration ($25) and incidentals.
Regional Student: If you live within a 100 mile radius from the college you are entitled to a $250 stipend for travel, lodging, registration ($25) and incidentals.
National Student: If you live over 100 miles from the college you are entitled to a $500 stipend for travel, lodging, registration ($25) and incidentals

HOW DO YOU APPLY?

You are required to complete the application form found at https://form.jotform.com/81047053504145
Once approved, you are required to register for 3CS. The registration enables you to attend the Career Exploration event, the 3CS sessions, and the conference social events
You will need to spend your own funds and will be reimbursed AFTER the conference upon completion of the 3CS Stipend Form.

For more information about the Community College Cyber Summit (3CS), visit my3cs.org

Hire from Wright State - full-time and internships!

Mon, 19 Jul 2021 18:03:39 GMT

Are you seeking recent graduates or alumni? Interested in building a co-op/internship program with Wright State University? Simply forward your job/internship postings to sheryl.kent@wright.edu. In return, Sheryl will send a targeted e-mail blast out to Wright State University students and faculty as well as include your postings in Wright State's CECS LinkedIn Group: https://www.linkedin.com/groups/961807.

You are also encouraged to post your positions to Handshake- WSU's resume referral database. This system will allow you to post your position, view potential candidates, and register for career related events. Any questions regarding this system should be directed to Career Services, 937-775-2556.

For a complete list of our majors in the College of Engineering and Computer Science, please visit: https://engineering-computer-science.wright.edu/degrees-and-certificates

STEPS TO SUCCESSFUL RECRUITING IN A VIRTUAL ENVIRONMENT

Update your Company Profile on Handshake (WSU’s online job board and resume referral system) to ensure students get a great impression of your brand. Upload your current logo, describe your company culture, provide key statistics, post jobs and host events to impress students. Refresh your company profile now by logging in here

Create a Virtual Recruiting Event on Handshake to spotlight your organization and to connect with students from targeted majors.

Request a Virtual Information Session (Career Talks, Coffee Chat, Job Search Presentations, etc.) to provide an interactive and engaging virtual presentation.

Participate in Manufacturing Day (Founded by NAM, first Friday in October) and Engineering Week (Founded by NSPE, Mid-February)

Other ways to build your brand: Virtual Resume Critiques, Virtual Mock Interviews, Virtual Guest Speaker for Student Clubs/Organizations

QUESTIONS? Seeking customized assistance? The Brandeberry Career Development Center offers a variety of opportunities to volunteer on campus to increase your company's visibility within the College of Engineering and Computer Science. Please contact me for more information. Simply email sheryl.kent@wright.edu or call 937-775-4491.

We look forward building your brand on campus.

Hire an intern and let SOCHEintern handle the paperwork!

Mon, 19 Jul 2021 17:55:12 GMT

Ohio students are always searching for internship opportunities. SOCHEintern handles recruitment, applications, employee taxes, onboarding, orientation, hiring and payroll and customizes your internship program according to your unique business needs. Work with SOCHEintern to take full advantage of the energy and fresh ideas interns bring while reducing your hiring and training costs. Click here, email us at soche@soche.org or call (937) 258-8890 to find your interns.

Register now for Launch Dayton Startup Week

Mon, 19 Jul 2021 17:40:20 GMT

Tickets available for Dayton’s premier entrepreneurship conference

Registration is live for Launch Dayton Startup Week, the Dayton region ’s premiere opportunity for entrepreneurs to connect and network with both resource providers and fellow founders.

This free, annual, week-long, community-focused conference brings together the region ’s thinkers, dreamers, doers, makers, entrepreneurs and small business owners.

“Speakers and workshops have been curated to celebrate the diversity of our startup community and to spur tangible progress for local businesses,” said Launch Dayton Startup Week organizer Audrey Ingram. “At Launch Dayton, we believe everyone should have the opportunity to determine their own economic prosperity. We hope Startup Week serves as a launching point for these young companies that will drive the economic future of the region.”

All experiences are welcome — whether a seasoned entrepreneur or new to the community, there is space to jump in. Register here: https://bit.ly/LaunchDaytonStartupWeek2021

This year’s conference is made possible thanks to generous support from title sponsors Canary Consulting, Parallax Advanced Research and the Entrepreneurs’ Center.

Who: Dayton’s startup founders, entrepreneurs, innovators, small business owners, business leaders, entrepreneurial resource providers, business-building experts, and more

What: Launch Dayton Startup Week, the Dayton region’s premier entrepreneurship conference

When: Sept. 13-16, 2021

Where: All of this year’s sessions will be held in the historic Dayton Arcade complex, from the main stage, startup market and pitch competition in the Rotunda, to business workshops in The Hub, to industry-specific tracks in the The Tank and an artists + creative entrepreneurs track in The Contemporary’s gallery space. (We'll also be live-streaming sessions for those who prefer to attend virtually.)

Why: to celebrate the diversity of Dayton ’s entrepreneur community and to spur tangible growth for local businesses

Be Inspired:

Monday, Sept. 13 we'll kick off at 8:30a with inspirational stories and how-to talks from founders offering advice that applies across industry lines, all told from our main stage in the historic Rotunda. Shop local businesses throughout the day at the Launch Dayton Startup Week Startup Market, hosted in partnership with Tae Winston, founder of the The Entrepreneurs' Marketplace, Shoppe & Connection.

Stick around after the final keynote for a social hour, followed by the Launch Dayton Startup Week Early Risers Pitch Competition, where 10 local startups will compete for cash + prizes, starting at 6p.

Want to pitch & win up to $5K in cash + prizes? Apply here by Aug. 13: https://bit.ly/PitchLaunchDaytonStartupWeek2021

Hear & network with:

Mile Two founders Jeff Graley and Jorge Sanchez talk about growing from a four-man shop during the first Startup Week to landing a $15M government contract;
Maximize the Money You Have — Financial guru Emerald Sparks & Arcani Coil Care founder Jerricha Hoskins will talk about getting out of the mindset that someone else will give you money to launch your business;
A panel of business owners will discuss Doing Business in 2020 —we’ll talk about the challenges of the pandemic and rising hate crimes, as well as opportunities stemming from the recent push for racial justice;
Marketing experts will debunk the most common marketing myths they hear from clients looking to launch or grow their business on a budget;
Neurosurgeon turned entrepreneur & investor Dave Kirschman will share his story, from his entrepreneurial start in a college dorm room to his $90M X-spine Systems exit. His current company, Aerobiotix, produces an air filtration system for operating rooms.
Nickole Ross, cofounder of the only minority-owned and Black woman-operated processing facility in Ohio’s burgeoning cannabis industry, will sit down with What’s The Biz founder Te’Jal Cartwright to talk about breaking into an industry that has disproportionately harmed her community.

Work On Your Business:

Tuesday through Thursday, dig deeper into your business with industry-specific tracks and get hands-on with various workshop opportunities. We'll kick off after lunch and go until 8p to create more opportunities for aspiring founders to attend. Partners have curated a series of offerings for founders innovating in the areas of:

Tuesday, Sept. 14

MedTech, curated by BioOhio;
SaaS, curated by Technology First;
Business 101 classes, curated by Parallax’s Early Risers Academy;
Marketing workshops, curated by LMG
Elevator pitch practice — in an actual elevator

Wednesday, Sept. 15

Food/Bev/Retail/Consumer Products, curated by Downtown Dayton Partnership and the Arcade Kitchen Incubator;
Artists + Creative Entrepreneurs, curated by CultureWorks & hosted by The Contemporary;
Scaleup workshops on value prop, financials and investment models, curated by the Entrepreneurs’ Center;
A million-dollar women founders panel, curated by Aviatra Accelerators —Dayton

Thursday, Sept. 16

Defense, curated by Parallax Advanced Research and sponsored by Infinite Management Solutions & Treble One Aerospace;
Future Tech, curated by OhioX;
Marketing workshops, curated by LMG

Join us in-person by entering the Dayton Arcade via The Hub Powered by PNC, at 31. S. Main Street, downtown Dayton. Park at the Reibold Garage on Fifth Street, or park at meters available around the building.

Prefer to attend virtually? Register now, and as the conference gets closer, we'll send you a link to download the official Launch Dayton Startup Week app. The app, available on iOS, Android and the web, will allow you to personalize your schedule, attend sessions, connect with attendees, find resources, and win prizes.

Afidence Announces Sale of Managed IT Services Division to Intrust IT

Thu, 15 Jul 2021 17:23:45 GMT

Afidence, a technology consulting and services firm headquartered in Mason, has announced it has sold its managed IT services division to Blue Ash-based Intrust IT.

From left to right: Afidence co-owners Bryan Hogan and Barbara Hogan.

The move will allow Afidence to focus on serving its mid-market and enterprise clients, with services that primarily include project management, cloud/infrastructure, cybersecurity and application development.

“We are so grateful and appreciative of our managed IT services clients and our devoted team members who have served them throughout the years. These relationships mean the world to us,” said Bryan Hogan, CEO/president and co-owner at Afidence. “Our managed IT services clients and team are in a position to thrive with Intrust IT—an organization focused on providing managed IT services,” said Hogan.

Intrust IT CEO Tim Rettig.

“We cannot be happier knowing Intrust IT is the ideal organization to take our managed IT services clients and team to the next level,” said Barbara Hogan, co-owner of Afidence, who explained that intensive consideration went into the decision to divest this portion of the business. “We’re also pleased that every managed IT services team member will have continued employment with Intrust IT,” she said.

Afidence is ensuring all clients and employees will be transitioned smoothly into a company culture that embraces the same core values as Afidence, according to Bryan Hogan. “Those values include an emphasis on strong relationships that are rooted in trust and transparency,” he said. “During this process, it has been—and continues to be—our top priority to ensure both our employees and clients will flourish as a result of this transition.”

Intrust IT, an IT support and cybersecurity company, primarily serves small and medium-sized businesses in the greater Cincinnati area. In 2019, Intrust IT became employee owned through an Employee Stock Ownership Plan (ESOP). For the past several years, Intrust IT has reported customer satisfaction scores of 99 percent or higher. Intrust IT has also been nationally recognized with an All-Star Champion award from the Great Game of Business (GGOB) thanks to its excellence in implementing open book management practices. Intrust IT has been a finalist for the Business Courier's Best Places to Work awards nine of the last ten years.

Intrust IT CEO Tim Rettig said the deal developed through an existing relationship between Afidence and Intrust IT, adding how the two firms share a dedication to company culture and customer service. “We’re like-minded in our approach to serving and supporting clients and our focus on fostering a healthy, positive company culture,” said Rettig. “We’re pleased this deal makes our ESOP stronger and expands the benefit to a larger group. We’re excited to bring these new staff members onto our award-winning team, and we look forward to continuing to provide stellar service to the managed IT clients of Afidence.”

Hogan added this is a milestone step for Afidence as they enter a new phase of expansion. “Our company was built on serving mid-market and enterprise clients, and this enables us to have a singular focus that will give us the opportunity to have even greater impact going forward,” he said.

About Afidence

Since 2010, Afidence—a name which stems from Latin for “joining in trust”—has provided clients with unbiased, real-time business and IT solutions. Built on a foundation of integrity, quality, and strong relationships, Afidence relentlessly serves the best interests of clients, employees, and colleagues. Headquartered in Mason, Afidence specializes in project management, cloud/infrastructure, cybersecurity and application development. Afidence’s proven syncMETHODOLOGY™ process ensures that each step and deliverable is proactively communicated in an easy to understand, open and transparent manner. To learn more about Afidence, visit www.afidence.com.

About Intrust IT

Intrust IT is a Cincinnati IT support and cybersecurity partner that gets you and gets back to you. As a locally owned small business, Intrust IT empathizes with business owners, uses ingenuity to solve problems and delivers service that makes clients happy. Intrust IT was founded in 1992 by Tim Rettig and ever since, has been putting the “service” in “managed services.” As of 2019, Intrust IT is an employee-owned company. By growing together as a business, team members inspire each other and clients in a new way to do more and impact the region. Visit www.intrust-it.com to learn more.

Like a Pirate Ship Sailing Into a Yacht Club

Thu, 01 Jul 2021 19:58:30 GMT

Mardi Humphreys, Change Agent Integration Edge

I made this poster to hang in my office. (Full disclosure: Since the pandemic my office is actually the dog’s bedroom. Yes. The dog has his own room. Don’t ask.) I made the poster to remind myself that innovation is often only appreciated in hindsight. While modern-day pirates are a serious threat to certain areas of the world (e.g., West Africa and Somalia) and should be treated as such, my poster represents archetypal pirates like Blackbeard who was known not only for his leadership and non-violent nature, but also for his boldness, personal courage, and brand awareness; all important elements of innovation. Here in Dayton, OH we have a lot to live up to in terms of innovation. There’s the obvious: The Wright Brothers, Ermal Fraze, Charles F. Kettering, et al; but what about you? Your business is IT. Aren’t you innovating almost daily? There are basically three types of innovation: product, process, and business model:

Product

Since we work in Information Technology, this is the type of innovation we most likely think of when we hear the word because we see it all the time. Think: combining an MP3 player with a mobile phone (more on this later).

Process

This is where I live. We streamline SMBs’ and non-profits’ workflows and procedures to eliminate waste and human error, and to increase data security. We automate as many steps in their processes as possible, thus saving them time, energy, attention, and money. Think: a physician sending your prescription to your preferred pharmacy online instead of writing it out and handing it to you on a piece of paper.

Business Model

This is the most drastic innovation because it affects the entire organization. It’s most successful in startups because they’re still experimenting with how to structure their businesses. It usually occurs when the person in charge starts wondering out loud why customers aren’t buying. Think Amazon.

You see innovation and you are innovative, but do you act on that innovation? When you have an idea you believe will change the course of the product, process, or profession, what keeps you from acting on it? Innovators have at least three things in common:

Bravery

Innovation is scary. You have to put yourself out there. Brene Brown says, “Vulnerability is the birthplace of innovation, creativity and change.” As the Change Agent for Integration Edge. I have to sit with vulnerability a lot. Change is hard. Even good change, like growth, is still difficult. There’s a reason growing pains is a cliché. Humans are creatures of habit. We love doing what we’ve always done. It’s getting what we’ve always gotten that we don’t like. That’s where innovation enters the equation. One of my favorite things about innovation is that it seems so epic; but in reality, one little change can be that last push the flywheel needs to start turning as fast as you’d hoped it could.

Boldness

Back in the Product section of this article, I promised more to the story of combining an MP3 player with a mobile phone. Here it is, long story short: When a small team of engineers, designers, and marketers at Apple presented the idea to Steve Jobs, he vehemently opposed it. But his team saw the potential both in the technology and the market, and kept gently persuading and boldly negotiating with Jobs until he agreed. Four years after it launched, the iPhone was responsible for half of Apple’s revenue. Innovators don’t ask their customers what they want. Innovators ask their customers what they want outcomes to be. iPod customers did not suggest that Apple combine the iPod with a mobile phone. They just wanted to stop carrying multiple devices.

Brand Awareness

Innovation is ineffective if it’s a secret. In development you need secrecy, but once you’re in production you have to tell the world about it. It’s okay to get excited about projects that improve our clients’ businesses. You worked hard. Tell everyone who will listen. The more organizations you impact, the more innovative you’ll be and the more your reputation will grow. I learned this lesson from Edward Teach. Back in 1717 he commandeered a slave ship, La Concorde, disembarked the people at Bequia, then proceeded to acquire two more ships and 150 crew members. Teach was big and tall. In battle, he dressed in dark clothing with a sling over his shoulders that held a brace of three pistols. He wore a wide hat under which he put lit matches to appear fierce. He did this to intentionally make a reputation for himself that would scare his enemies so that he did not have to hurt them. (We have no verified account he ever harmed any of his captives.) Like Teach, we want to cultivate a certain reputation because we understand the value of appearances. How valuable was his appearance? Teach renamed the slave ship that he commandeered Queen Anne’s Revenge. Edward Teach renamed himself Blackbeard.

Bridging the Development Gap

Thu, 01 Jul 2021 17:39:09 GMT

Future of No-Code Bright, but Challenges Remain

Matt Coatney, CIO, Thompson Hine LLP & Technology First Board of Directors

Several years ago, I led professional services for a data analytics no-code/low-code company. We built cutting-edge solutions for healthcare, life sciences, finance, and more using our trailblazing platform.

There was one problem though. Consulting was a great revenue stream, but business wants the recurring revenue of licensing and “citizen developer” self-service. But no matter how much we tried to convince companies they could build applications with our tool, inevitably they would lean back on us instead.

I call this the Development Gap: the gulf between organizations’ application needs, the availability and technical sophistication of their business teams, and the state of no-code platforms. The gap is still too wide for the average company to get real, transformative benefit from these tools., But I remain optimistic in the long run.

There is a lot of hype around products like Microsoft PowerApps that promise “anyone can build an app.” I recently surveyed the landscape, tried out several tools, and admittedly walked away disappointed. Most tools approach the space in a similar way and focus on basic use cases: form data entry, editable lists of items, and dashboards. While you can create some useful apps with those building blocks, it is not much more than a glorified online spreadsheet with a few more bells and whistles.

But if you want to make an immersive application experience? Forget about it. Even something as simple as uploading a file and performing an action in real-time proved difficult in these platforms. In many cases, the user must write code to accomplish more than trivial use cases, and we are right back where we started. Non-developers are either overwhelmed by the interface or stymied by limited functionality, and developers will not use the tools because, well, they love to write code.

So why am I still optimistic? For one, the market demand has increased significantly, and investment dollars have followed. Plus, with several large players pushing into this space, I expect significant improvements over the next five years in user interface design, reusable component libraries, and AI-enabled automation. Additionally, as younger tech-natives enter the workforce, they are more attuned to how software works, and while they are not developers, they often have a better grasp of data and business logic.

In the meantime, what can you do to help bring innovative applications to your organization more quickly (the promise of no-code)? One way is to leverage more mature self-service platforms for targeted use cases, especially in the area of data reporting and dashboards. Your development teams can also spend more of their scarce time building platforms to support rapid development and self-service, rather than bespoke business unit solutions. And development teams can also further embrace agile iterative development with shorter cycle times, which ultimately bring product to market quicker.

These steps will help you advance innovation initiatives while we all wait for the Development Gap to get just a bit narrower.

Tech First Teams up with Girl Scouts!

Thu, 01 Jul 2021 14:14:39 GMT

Technology First has teamed up with Girl Scouts of Western Ohio for a CSA Cyber Challenge with support of the Ohio Cyber Range Institute!

Volunteers from Technology First’s membership will lead a series of “plugged” and “unplugged” cyber challenges to over 50 Girl Scouts grades 6-12. This event will take place on July 23rd at the University of Cincinnati’s 1819 Innovation Hub. Participating companies include 84.51, CareSource, Great American Insurance Group, Kettering Health, Kroger, P&G, and the University of Cincinnati.

If you know a Girl Scout interested in participating, they can register by Friday, July 9th!

Inclusive Recovery for Ohio - JobsOhio

Wed, 30 Jun 2021 17:07:48 GMT

Business Leaders and Community Stakeholders,

A successful and sustainable recovery for Ohio must include all Ohioans. Nearly 20% of Ohioans live in distressed areas—defined as areas that have not recovered from the last recession. The COVID-19 pandemic further disproportionally impacted these communities and their residents. It is critical that we support these areas of the state to help them and Ohio overall with post-pandemic economic recovery.

These communities are home to businesses with intellect that can benefit all of Ohio. JobsOhio is prioritizing efforts to empower the businesses with the resources they need to reach their potential. Since the start of 2020, we have worked on an inclusion strategy that focuses on investing in and driving job creation to Ohio’s distressed areas as well as providing the capital needed to grow the businesses in these communities and those owned by underserved populations.

One component of this strategy is the JobsOhio Inclusion Grant, which was created in July 2020 as part of JobsOhio’s COVID relief programming. The program puts funding of up to $50,000 for small and medium-sized businesses located in distressed areas of the state and owned by underrepresented population groups. As of today:

133 companies have closed deals or are currently in the pipeline.
Over 4,287 jobs have been created or retained.
Of these projects, 82% are in distressed communities, 23% are woman owned, 21% are minority owned, and 11% are veteran owned.

Some of the participating homegrown businesses include The Chef’s Garden, an agriculture company that pivoted its business model due to the pandemic, and MAKO Finished Products, a rural Ohio-based business that helps power a leading fitness brand. After a successful first year in providing $5 million in financial support to small and medium-sized businesses, the JobsOhio Board of Directors recently approved an increase of up to $8 million in 2021 due to the success and growing interest from local businesses.

Our efforts to ensure Ohio’s recovery is inclusive of all Ohio continue and we will share more in future updates.

Learn more about the JobsOhio Inclusion Grant

Technology First leader on the move!

Tue, 29 Jun 2021 14:08:58 GMT

Treg Gilstorf has been selected chief operating officer for Smart Data, a local IT services provider and Technology First Member.

Treg is Vice Chair of the Technology First Board and has 25+ years of experience in IT, strategic planning, process improvement, consulting, operations and project management. Prior to joining Smart Data, he spent eight years as chief information officer at Yaskawa Motoman, the Miamisburg-based robotics division of Yaskawa Electric Corp. Before that, he held leadership roles for companies throughout Southwest Ohio and Indiana — including Cincinnati-based Fifth Third Bank, Afidence and Luxottica; as well as Duke Energy’s operations in Indianapolis.

Congratulations on the new adventure, Treg!

Dayton Region Intern Appreciation Week

Mon, 28 Jun 2021 17:03:39 GMT

Celebrate Interns in your organization (July 12-16, 2021)

DAYTON, Ohio (June 28, 2021) – The Southwestern Ohio Council for Higher Education (SOCHE) leads several initiatives to increase internships and close workforce gaps in Ohio. The Dayton Region recognizes the immense value of interns in workplaces and communities. Dayton Region Internship Appreciation Week encourages Southwestern Ohio companies to show their appreciation for interns at all levels. Companies can visit https://bit.ly/3hL2ZvT for ideas on how to thank their interns.

Several Mayors in the Miami Valley have issued proclamations to declare Intern Appreciation Week for their city from July 12 – 16, 2021. Thanks much to the cities of Springfield, Beavercreek, Trotwood, and Centerville! Other cities are welcome to join!

SOCHE’s member colleges and universities, representing nearly 200,000 students, participate in thousands of internships throughout the year. These 200,000 students, in addition to all the region’s high school students, are the future workforce. Hiring these students boosts the likelihood that they will remain in the area as full-time employees.

“We’re proud of the ever-increasing intern numbers across the region and we hope that employers and colleges and universities are equally proud of the progress,” said Cassie Barlow, President of SOCHE. “Every year we work to strengthen and evolve partnerships between the private sector and higher education to provide more internship opportunities in Ohio,” Barlow added.

SOCHE’s internship program employs hundreds of students, high school through the post-doctoral level, in many positions to support Wright Patterson Air Force Base, the City of Dayton, and Montgomery County, as well as numerous small and mid-sized companies. Internship roles call for students majoring in various subjects, including science, technology, engineering, math, arts, business, social sciences, manufacturing, and humanities majors.

Patty Buddelmeyer, Vice President of Development at SOCHE, added, “We’re excited to see more and more employers with interns in the Dayton region. Businesses are experiencing the value interns bring to workplaces. The rising internship numbers speak to the commitment of the local business community and colleges and universities to retain talented and engaged students in the region.”

Formed in 1967, SOCHE is the trusted and recognized regional leader for higher collaboration, working with colleges and universities to transform their communities and economies through the education, employment, and engagement of nearly 200,000 students in southwest Ohio. SOCHE is home to SOCHEintern, the Aerospace Professional Development Center (APDC), and Defense Associated Graduate Student Innovators (DAGSI). For more information about SOCHE and all SOCHE initiatives, visit http://www.soche.org/.

UPSKILL your workforce through TechCred

Thu, 27 May 2021 17:00:45 GMT

TechCred_TechFirst_June.pdf

Enhancing MLOps with Azure Machine Learning

Wed, 26 May 2021 16:56:43 GMT

BY BEN PRESCOTT, AHEAD - This article originally appeared on AHEAD's i/o blog

Recall the year 2013. The world has just topped four zettabytes of generated data (equal to four trillion gigabytes). The term “big data” is taking hold, creeping into every corner of the tech and business worlds.

From that point on, data volumes have grown exponentially. It’s estimated that the world produced more than 44 zettabytes of data by the end of 2020 (growing by a factor of 11 in just seven years). We’re now generating more data than we can effectively manage—and it’s a big problem.

Today’s organizations are searching for ways to harness, manage, and analyze these huge influxes of information. Many are turning to machine learning (ML) and deep learning (DL) models to analyze data and predict what could happen next. In fact, organizations across every industry use ML and DL today in various capacities.

Healthcare innovates pathology detection by leveraging neural networks and tracking patient patterns to predict their length of stay. The pharmaceutical industry uses ML and DL to identify causal factors of diseases for drug development and predict patient response to drug combinations. Manufacturing organizations identify product defects, predict machine malfunctions before they even happen to provide proactive maintenance, and use generative design methods to determine the best structural design for a product (such as a car frame). From a general business perspective, many organizations leverage ML to aid in forecasting business revenue, schedule resources for projects, and drive sales and marketing efficiency.

But building and training effective machine learning models is no easy task. Add the maintenance (operations) component and achieving true machine learning operations (MLOps) is difficult for most organizations.

That’s why a platform like Azure Machine Learning can be beneficial. Azure ML is a hosted service that enables and enhances an organization’s MLOps capabilities through four key benefits:

1. Graphical interface

2. Out-of-the-box machine learning models

3. Single pane of glass view

4. Direct integration with Git and Azure DevOps

Before we dive into the ins and outs of Azure MLOps, let’s define MLOps.

What is MLOps?

MLOps blends DevOps methodologies and processes with the ML development process. There’s a lot that goes into the process of developing ML models, from collecting and cleaning data, to model training, validation, and deployment. But, while the goal is to deploy a model into production, monitoring and maintaining that model are just as, if not more, critical.

Within the DevOps umbrella are concepts known as Continuous Integration and Continuous Delivery (CI/CD), a way to shorten development and deployment cycles while maintaining quality code. While DevOps plays a critical role in core application development, MLOps puts a twist on CI/CD. Within MLOps, CI validates data quality and structure, and CD broadens focus to the full ML solution.

MLOps also introduces a new concept—pushing the deployed ML model back through the training and validation process, often referred to as Continuous Training (CI/CD/CT). This is a way of ensuring the model doesn’t become stale, having only “seen” aging data. It also continually evaluates and improves a model’s ability to predict. After all, the last thing you want is to make business decisions from a model that provides poor predictions or recommendations.

MLOps with Azure Machine Learning

One of the biggest struggles of adopting MLOps is piecing together the services needed to support the full data lifecycle. Data scientists and machine learning engineers are traditionally really good at building robust models, but the process of deployment and monitoring is usually done manually, or not at all.

Once a model is in production and consuming new data, how is it monitored and retrained? The retraining process quickly becomes manual—going back through the same steps performed during development before pushing the retrained model back into production. As soon as it’s back in production, it’s out-of-date again. As with any iterative process, this becomes time-consuming, expensive, and frustrating.

Azure ML supports MLOps by giving teams a platform to manage models and integrate model usage, output, and insights across the organization. It does this through the areas we mentioned earlier—a graphical interface, out-of-the-box algorithms, single pane of glass approach, and integration capabilities.

Graphical Interface

Azure ML provides both a graphical web interface (Azure ML Studio) as well as SDKs that (at the time of writing) support Python, R, and Azure CLI. This is important because some organizations prefer to work in their existing environments while leveraging the features and capabilities of Azure ML.

Out-of-The-Box Algorithms

Azure ML comes with many pre-built algorithms to help you get started quickly, including those for regression, text analysis, recommendation services, and computer vision. In addition, Azure ML Studio boasts “Automated ML,” a no-code solution to automatically find, train, and tune the best model for your data.

Single Pane of Glass

Azure ML takes a single pane of glass approach that provides capabilities in all areas of the MLOps lifecycle, while integrating with common DevOps services. Each capability within Azure ML can operate as an independent feature to help gradually grow MLOps maturity. Whether it’s data scientists making use of the notebooks and experimentation, infrastructure engineers managing the CPU or GPU-backed compute infrastructure, or security teams leveraging Azure ML’s model change tracking logs, everyone has a role to play in embracing an MLOps methodology. Azure ML helps make this transition easier by providing ready-to-be-consumed services.

Integration with Git and Azure DevOps

Integrating Azure ML with Git and Azure DevOps offers many automation opportunities that are otherwise not accessible:

Enables the use of Azure DevOps Pipelines to automate the data ingestion process and perform data checks
Provides the ability to automate the Continuous Training and Continuous Deployment aspects of the MLOps lifecycle, removing the need to manually retrain models as performance degrades
Automates scaling of compute resources for model training, both up and out, and provides a one-stop-shop for managing backend compute needs
Automates deployment of trained/retrained models to internal- and external-facing services on Azure Kubernetes Services, Azure App Services, Azure Container Instances, or Azure Virtual Machines, and removes the need to manually deploy new or retrained models

At the end of the day, it’s better to back your MLOps with tools that will get you there better and faster, and that’s just what the Azure ML platform does.

To learn more about how Azure ML can help your organization leverage machine learning, reach out to our team.

Once Upon a Time

Tue, 25 May 2021 17:30:51 GMT

Mardi Humphreys, Change Agent, Integration Edge/RDSI

I’m a storyteller and I love data analytics. These two things may seem mutually exclusive, but bear with me. Data analysis is a process. So is storytelling. Data analysis inspects, cleanses, transforms, and/or models data. So does storytelling. You use data analytics to discover useful information, form conclusions, and support decision-making. So is… never mind; you know what goes here. Let me give you an example. Here’s the story of Goldilocks and the Three Bears as if they were all data analysts.

Goldilocks finds an empty-looking cabin in the woods. She peeps in the window. She doesn’t see anyone inside. She knocks on the door. No one answers. She turns the knob and finds the door unlocked. Given this data, she decides to enter the cabin. The data she’s missing? The cabin belongs to a family of three bears: Papa, Mama, and Baby. The Bear family goes out to pick fresh blueberries every morning.

Goldilocks gathers more data. There are three various-sized bowls of porridge on the dining room table. She tastes the contents of the biggest bowl. It burns her mouth. She tastes a spoonful from the medium-sized bowl. It’s cold. She tastes the porridge from the smallest bowl and finds it palatable. With this data, she discovered enough useful information to form a conclusion. She decides to eat the whole small bowl of porridge and leave the other two sitting.

Goldilocks continues being nosy, er, I mean, gathering data. She wanders into the living room and spies three chairs. Full of porridge, she decides sitting a spell is a wise choice. She tries out Papa Bear’s large chair. She determines it is too hard to sit on. Next, she tries Mama Bear’s medium-sized chair. She determines it is too soft to sit on. Sticking to her data-gathering process, she moves on to Baby Bear’s tiny chair and gives it a sit. It’s perfect! She’s so excited her experiment worked, she does a happy dance and promptly breaks the chair. (Side note - This is why we never test anything in production.)

All this porridge eating and chair breaking made Goldilocks sleepy. She again wanders around the cabin; this time looking for a bed in which to nap. Refining and iterating her process based on feedback, she is not surprised to find three various-sized beds on the second floor. Continuing her data gathering process, she plops onto the ginormous Bed #1. She about breaks her back because it’s as hard as steel. Sticking to her method, she moves on to the medium-sized Bed #2. After wallowing in the piles of blankets and pillows, she decides it’s too soft. She moves on to test the smallest, Bed #3. It must have met her search criteria, because she falls asleep in it.

Not long after, the owners of the cabin return from blueberry picking to find things are not as they left them. The data they first encounter is the dining room table with two bowls of half-eaten, Goldilocks-germ-infested porridge on it and one tiny bowl licked clean. This data leads them to believe someone’s been eating their porridge. This is a correct analysis of their collected data.

The Bear family goes to the living room to see if there is more data to collect. They find their three chairs not as they left them. The big hard chair and the medium-sized soft chair are salvageable, but inspection of the smallest chair deems it transformed beyond repair. This additional data leads them to conclude a hungry vandal entered their house and may still be there. Another correct analysis of the collected data.

Not finding anyone on the first floor, the Bear family angrily stomps upstairs to see if there is more data (or a full-bellied, chair-destroying vandal) to be collected. They find their three beds not as they left them. The biggest and medium-sized beds are now unmade and rumpled, but the covers on the smallest bed are rhythmically moving and snoring. This aggregated data leads the Bear family to the conclusion that the culprit who entered their cabin, ate their food, and broke their chair is now sleeping in their bed. Acting on their conclusion, the three angry bears roar and Goldilocks awakens.

What have we learned about data analytics from this story?

Goldilocks’ Data Analysis:
What insight did she gain? The cabin offered three sizes of food, chairs, and beds
What understanding did it build? The third option always suited her best
What decisions did it influence? Eat, sit, sleep

The Bears’ Data Analysis:
What insight did they gain? They never had to lock the cabin door before
What understanding did it build? If they leave the cabin door unlocked, they may get robbed
What decisions did it influence? Whether or not to lock the cabin door

Goldilocks’ Results:
How did she use her collected data? To ransack The Bears’ cabin
What innovation did she achieve? She learned not to make herself at home in a home that wasn’t hers

The Bears Results:
How did they use their collected data? To find the culprit who vandalized their home
What innovation did they achieve? They discovered Goldilocks made a better meal than porridge and blueberries

Okay, that last conclusion is pure speculation on my part, but you see what I’m getting at. Data analysis is rich inspiration for storytelling. You help your clients visualize their choices when you include storytelling in your design, development, and deliverable.

Good Data and Better Decisions

Tue, 25 May 2021 17:27:40 GMT

Kathy Vogler, Communications Manager, Expedient Technology Solutions

Early on in my career, I was told by a boss that my intuition was a gift and that I should always trust my guts in every decision I made. That advice has really worked for me most of my life. However, the new reality in a data-driven culture embraces the use of data in decision-making.

“If we have data, let’s look at data. If all we have are opinions, let’s go with mine.” ~ Jim Barksdale; President and CEO of Netscape 1995 - 1999

Maybe my mind captures, cleans and curates meaningful data. But the volume of our organizational data is much more than my job or my thoughts. Our culture is supported by data-driven decision making and the data holds our teams accountable.

The literacy level of any team member to leverage the data at hand and turn that into appropriate decisions is key. Hence a systematic approach to analysis of the data and reporting that is understandable and actionable is of utmost importance. The staggering amount of data that we store and analyse means that we need to meet often to review data findings, choosing what needs to be measured and what metrics will be implemented. Our data wizards have created detailed metrics on our customers’ experience which helps our team deliver wow.

No Departmental Silos Allowed

Departments tend to focus on the data that affects them directly, and rightfully so. But this sometimes creates a logjam and we become ignorant to the language of data that is being interpreted by each team. If we tie every team in an explicit and quantitative level, it helps us to understand if we have enough data for a reliable model to make intelligent decisions. We need to evaluate uncertainty by testing and reevaluating the data collectively. It’s been said that promising ideas greatly outnumber practical ideas. Proof of concepts will determine if the idea is viable in production. The immediate goals directly affect each team member by saving time and avoiding rework with readily accessible knowledge at their fingertips. Metrics should be universal and each team should take ownership of interpreting their data to help the literacy of the enterprise.

Measure what you Should, not what you Can

More data doesn’t guarantee better decisions, but it is always better to start with data. Better decisions almost always begin with better informed teams. And it’s our duty as team members to ask questions. And so I bring up skewed data …

¹ Some distributions of data, such as the bell curve or normal distribution, are symmetric. This means that the right and the left of the distribution are perfect mirror images of one another. Not every distribution of data is symmetric. Sets of data that are not symmetric are said to be asymmetric. The measure of how asymmetric a distribution can be is called skewness.

The mean, median and mode are all measures of the center of a set of data. The skewness of the data can be determined by how these quantities are related to one another.

One measure of skewness, called Pearson’s first coefficient of skewness, is to subtract the mean from the mode, and then divide this difference by the standard deviation of the data. The reason for dividing the difference is so that we have a dimensionless quantity. This explains why data skewed to the right has positive skewness. If the data set is skewed to the right, the mean is greater than the mode, and so subtracting the mode from the mean gives a positive number. A similar argument explains why data skewed to the left has negative skewness.

Pearson’s second coefficient of skewness is also used to measure the asymmetry of a data set. For this quantity, we subtract the mode from the median, multiply this number by three and then divide by the standard deviation.

X = mean value

M_o = mode value

S = standard deviation of the sample data

Skewed data arises quite naturally in various situations. Incomes are skewed to the right because even just a few individuals who earn millions of dollars can greatly affect the mean, and there are no negative incomes. Similarly, data involving the lifetime of a product, such as a brand of light bulb, are skewed to the right. Here the smallest that a lifetime can be is zero, and long-lasting light bulbs will impart a positive skewness to the data.

¹ Taylor, Courtney. "What Is Skewness in Statistics?" ThoughtCo, Aug. 25, 2020, thoughtco.com/what-is-skewness-in-statistics-3126242.

It’s important to take note of skewness while assessing your data since extreme data points are being considered. Take into consideration the extremes for current logic instead of focusing only on the average which provides a better picture of the future logic. Flawed data analysis leads to flawed conclusions which often result in poor business decisions.

I do trust my instincts, but my reporting to others is much better with statistical data.

Telehealth and the Edge: Infrastructure Considerations for Remote Patient Care

Tue, 25 May 2021 17:17:21 GMT

Uptime Solutions & Vertiv

It’s not an exaggeration to say the global pandemic created a new healthcare delivery model virtually overnight. Telehealth, previously a simmering patient engagement option, has now erupted.

The global telehealth market is expected to grow dramatically, reaching $266.8 billion by 2026 and showing a compound annual growth rate (CAGR) of 23.4% between 2018 and 2026. The biggest barrier to pre-pandemic adoption was behavioral inertia. Now due to COVID-19, momentum is building toward a marked transformation.

Understandably, most healthcare providers are struggling to keep pace. Existing IT systems, infrastructure, and security and privacy protocols already were stretched or outdated due to the proliferation of diversified healthcare systems. Telehealth adds another layer of complexity requiring new IT strategies and investments.

Read our white paper to learn more about the critical decisions that are looming for healthcare IT managers and chief information officers (CIOs).

Download the White Paper at the Vertiv Blog

Next TechCred Round Launches June 1st

Tue, 25 May 2021 17:08:53 GMT

Governor's Office of Workforce Transformation

The next round of TechCred opens on June 1^st and closes on June 30^th at 3:00 p.m.

Ohio businesses can visit TechCred.Ohio.gov to apply and help their employees earn a short-term, technology-focused credential at no cost. Not only can businesses upskill their current employees, but they can upskill those they plan to hire as long as they are on the payroll at the time of reimbursement.

More than 1,100 Ohio businesses have used TechCred, some having used it multiple times, creating the opportunity for 19,841 technology-focused credentials to be earned by Ohio employees.

The results from the April application period will be announced in the near future.

Visit TechCred.Ohio.gov to learn more!

Raise your IT Department to the Next Level!

Fri, 21 May 2021 14:36:42 GMT

Info-Tech Research Partnership

To provide additional resources for our members, we have formed a new Partnership with Info-Tech Research Group.

Through this relationship, Info-Tech is offering our community complimentary access to specific research and services across a wide range of topics as an additional benefit to members across the Technology First community.

Ensure your IT team delivers measurable results for your organization while networking with a community of peers and access these benefits through Technology First today!

If you are a member, be sure to log in and visit the Tech First Member forum under our Peer Groups tab to receive your complimentary resources!!

Host a 5-day Mini Internship! Support aspiring IT Professionals!

Wed, 12 May 2021 16:48:44 GMT

WANTED: Area organizations to host a student for 1 week!

Back to Basics Youth Education Center is a free non-profit after school program that focuses on coding and programming in the Dayton area.

This summer, they are holding a 4-week summer program for 5 students in the area. Two of the weeks they are wanting to set up 5-day mini internships with local IT organizations! Would you be willing to sponsor a student for a week?

Please contact: Lawrence Lindsey, Director, Back to Basics Youth Education Center at lbtbyec@gmail.com

A Healthy Culture is not an Accident

Mon, 03 May 2021 18:29:28 GMT

Kathy Vogler, Communications Manager, Expedient Technology Solutions

Every employee affects your organization. The executive leadership team may have the most direct impact on your company culture, but any employee who “leads” can too. While culture revolves around the engagement, environment, atmosphere and success of the company; leadership affects staff confidence and self-worth. Leaders at every level have a responsibility to “be the change you want to see” and to demonstrate the company values in their actions. Technology connects us in increasingly new ways that place a bigger social responsibility on our companies.

If you have a great culture, guard it as the precious foundation of your success. You must hire people who fit your culture. If your employee represents your company through account management, sales, marketing, support staff or even avenues outside of work; you’ll want to make sure that first impression is an accurate and favorable reflection of your company.

Why do you want to work here?

This is a common HR question and a great way to know that the prospective employee has done research on your company and the position. Are they onboard with your values? Do they live your values in their personal life? No one is perfect, but you’ll want to watch for dysfunction, passive-aggressive behavior and the dreaded sociopath. HR and hiring managers will need to look past the surface and see the real person. Some people are fantastic at interviews and can hide their true selves. A deceptive bad hire may slip through and will be very hard on team members and your culture even if they don’t make it to their 90-day review.

We’ve all witnessed that high-performing employee who didn’t fit the culture, often called “cultural vampires.” Even with solid performance, their attitude will be detrimental to the company culture. Maybe you’ve lived the “people don’t leave a company they leave a bad boss” meme. I have. And I felt forced to leave a job I loved and people I respected. A bad boss is hard on the culture. HR may want to look for signs to see if that polished, charming, capable person you are interviewing may be a toxic nightmare for your staff and culture.

A strong culture is distinguished by firmly held core values that are organized, openly shared and permeate throughout the entire staff. Employees will thrive when they know their leaders personally care about their well-being. The five aspects of well-being include physical, social, community, financial and purpose. Focusing on only one or two aspects will miss important opportunities to grow the best workplace culture. Quality leaders demonstrate a genuine interest in promoting the growth of their employees and will collaborate to build career paths and provide the resources needed. By encouraging employees to take risks in order to grow, effective leaders are able to foster a culture of learning and growth. Good leaders incentivize hard work and good behavior, and they promote a vision of the future that is positive and values-based. Strong leadership knows that good ideas and good decisions can come from anywhere.

People are all different, but you need that.

Most companies use some form of personality tests prior to hiring and there are plenty to choose from. Hippocrates suggested that humans had a “persona” in 460 BC and the rise in psychodynamics in the 1800s led to a drastic change in the way we viewed and understood personality in social situations. Sigmund Freud suggested that our behavior and personality are driven by our innate desires and needs. Carl Jung proposed there are four human personality influences: sensing and intuition (irrational or perceiving functions) and thinking and feeling (rational or judging functions). This spurred the popular Myers-Briggs testing. New hire assessments come in many forms and people are pretty used to doing skills assessments, personality quizzes and IQ testing as part of the hiring process.

Those of us who are Technology First Women 4 Technology (W4T) members have had the great opportunity to delve into the importance of creating teams and groups inside of our organizations that encompass all personality types. In 2017 we walked through our DISC (Dominance, Inducement, Submission and Compliance) profiles and in 2021 we virtually worked through our Clifton Strengths self-assessments. I walked away from these meetings with a better understanding of my own strengths, the strengths of my peers and that each personality type requires unique communications. In our differences, we are a stronger team.

The DISC session was focused on building effective teams using complementary styles. You probably get along great with some people and others take all of your energy and patience. In this analysis, all four personalities have a style that determines the way we approach our work and life and defines how we will react to situations and other people. This program is a great way to identify your style and what to look for in others to build highly effective teams. Those teams need to have an even number of people of each type and not be dominated by one certain personality characteristic.

We use this program at work through Innermetrix values with Dave Ramsey’s goal tactics as part of our hiring process and openly share our profiles with the team. I was surprised to see how different my “adaptive” style is from my “natural” style, which I attribute to a large family and strict parents. You can see by my chart that “C” (compliance or caution) goes from 39 natural to 60 adaptive. Whew!

You can use the complete executive summary to understand how employees will approach solving problems, interacting with team members, environmental preferences, expectations and their approach to the pace of their work. Additionally, the results will offer opportunities for developmental growth, motivation, learning styles and communication insights. There is a free assessment, or you can complete the full assessment for $29 per employee.

Focus on strengths and not on your weaknesses.

Clifton Strengths from Gallup breaks talents (strengths) down to 34 themes that fall into 4 different domains (Executing, Influencing, Relationship Building and Strategic Thinking). We are born with innate talents or gifts. The Clifton Strengths Test method, introduced in 2001 by Gallup and created by Don Clifton, concludes that a person experiences more success and satisfaction when they can use their talents in their daily activities. According to Gallup, a focus on weaknesses does nothing to help development, but a focus on strengths will allow you to succeed and continue in situations that others have decided are impossible or extremely difficult. When we create teams with a variety of strengths, the number of tools and talents they have access to increases exponentially.

Of course, completely ignoring weaknesses is not an option. It is healthy to identify the cause of the weakness (education, experience or opportunity) and there is almost always something that can be done about it. StrengthsFinder 2.0 ISBN 978-1-59562-015-6 can be purchased anywhere, I bought mine on Amazon for $17. Each book contains a unique code to take the CliftonStrengths Assessment online. The personality test consists of 177 questions and each should be answered within 20 seconds. The entire test usually takes around 30 minutes. A report is generated based on the answers and clarifies the five strongest themes and summarizes a strengths insight guide.

You cannot change your basic personality type. However, you can, and should, change the aspects of your personality that you are unhappy with to become a more well-rounded person.

Are technical people introverts and sales people extroverts?

2014 was declared the year of the “Introvert Craze” mainly due to the influx of technology in our daily lives and the rapid rise of social media channels. The terms introvert and extrovert are consistently misunderstood and usually show two polarized personalities – the extremely shy and the extremely confident. The truth is that introverts can be as social as extroverts, but when their batteries are drained, they need solitary downtime. Extroverts, on the other hand, need people to recharge their batteries. 2020 memes often showed introverts claiming to have prepped their whole life for the solitude of the pandemic. Has social media given a voice to introverts? Face-to-face socialization gears us for talking while the qualities of listening and thinking are largely ignored. Unfortunately, we may have taken that same thought into social channels too.

The stereotype of tech people being introverts is mostly false. Highly technical people tend to be more capable of being quiet and focused on what they are doing and are proficient at working alone. You won’t get very far in technology without this natural behavior. However, it’s unfair to perceive the extreme when most people are adept at crossing directions and socially adapted and able to handle human interactions. The perfect example of each extreme are the rivals Thomas Edison (extrovert) and Nikola Tesla (introvert). Where would we be without either of those? I believe I am an Ambivert. Anyone who has met me knows I love people and talk to everyone, but what you don’t see is when I’m drained of energy that I prefer to be alone to recharge. I think this is much more common than either of the extremes.

“Company culture is what employees live and breathe every day in the workplace.” ~ Mike Zani, The Predictive Index

Diversity and inclusivity at every level of your organization brings many benefits to your company and to your individual team members. It is important to create a culture where all people feel included and represented -- every department, every team, every project. You must first understand the true personalities of your team members then work to utilize their skills collectively.

Technology Leadership & Culture

Mon, 03 May 2021 18:22:17 GMT

Jim Bradley, VP IT, Tecomet & Technology First Board, Past Chair

So, what has it been like being a technology leader during these unprecedented times over the past year? And how has the technology culture changed in the new normal virtual world?

Technology Leadership

Being a technology leader during the past year has been truly challenging. For many of us, traveling has gone from regular to non-existent, whether that be local, regional, national, or global. This has freed up a significant amount of time which was subsequently and rapidly filled with on-going remote video meetings, typically supported by more presentations. Also, most of us are working longer hours without our usual commutes, both earlier in the morning and longer into the evenings and weekends.

Many of us depended on personal face-to-face interactions with our customers, our team and our partners and suppliers. We never thought it could or would work without that, but it has. It is less personal for sure, without the ability to see full body language, having some of the interpersonal chats before or after the meetings, or the always valuable informal hallway chats or those during travel, meals, and drinks. We’ve had to compensate and communicate in other ways.

Our first thoughts were around the bandwidth for work from home, having enough computers, peripherals and accessories, cybersecurity, and personal home wi-fi and internet. Many of these concerns were easier to overcome than initially anticipated. One of the items we had to address quickly were electronic signatures, which also became easier than originally thought.

What about Vision and Innovation? Technology has received more respect over the past year; everyone began to see their own dependencies for sufficient and better technology. On top of that, there was now more interest in how technology could help organizations more, adding to what was the technology vision and innovative solutions for many Executive Teams and Boards. What else could we do for mobility, agility, productivity, and efficiency now that it was in the spotlight? It was good for us to have more of a say at the table and to bring forth what else could be done.

Technology Culture

As for the technology culture, changes in the new normal virtual world have been dramatic. Technology influences our everyday lives and has a strong influence on culture. It impacts the ways in which we do most anything; personal computers, mobile smartphones, tablets, e-mail, the internet, social media - how did we ever survive without these things before we had them? They have changed the way we communicate, learn, think, and how we interact on daily basis. We are more interactive and collaborative than ever before. But do these items also lead to addiction, psychological, or physical health issues?

Promoting technological understanding at a user level occurred as many, both in the professional and personal world, have become much more computer savvy, leading us to the point that we are all likely much more efficient…or are we? While we think we are, what overall psychological or physical health detriments have we ignored? How are we working harder and longer than ever before while remaining isolated from each other, unable to socially interact as we used to? And how are we physically? Are we still getting as much exercise and/or are we eating better in a more sedentary world? I would argue both worse and better depending on the individual. Have you rebalanced your eating, drinking, and exercise habits to remain healthy while working longer, and more stationary, hours? I’ve seen many more people standing at their desks all day to compensate.

Information Exchange occurs predominantly via remote video meetings, as well as over the phone. Is that as productive as a face-to-face meeting? I say not, but I also see it working for some individuals. But are we making tasks easier and solving problems this way? I believe we are, there is more automation, less downtime, and we are still getting our jobs done.

What do you think? My goal was to get you to consider all the pros and cons we’ve experienced in these past few months and truly think about it. What would you like to change now, and what would you like to keep? While we’ve still got a long way to go, keep your chin up and do what you can! Good luck!

Boundaries Battle Burnout

Mon, 03 May 2021 18:19:19 GMT

Mardi Humphreys, Change Agent, Integration Edge

The World Health Organization recognizes burnout as an official medical diagnosis caused by an unrelenting workload and/or no work-life balance. It’s number two on this list of what employees said were their biggest challenges during the pandemic.

They feel

· pressured to be available 24/7/365

· lack of flexibility at work

· worried about losing their jobs

· overwhelmed dealing with shuttered daycare and online school

· not at liberty to talk about outside-of-work issues affecting job performance

To begin battling burnout, define, set, and enforce your personal boundaries with your manager.

Define

Your boundaries are based on your values and priorities. When defining them, think about what you need to feel empowered. The last time you felt undervalued, disrespected, or out of balance, what was the trigger? Did you have to work last weekend? Do you buy the office birthday cards and cupcakes for coworkers and it’s not in your job description? That’s where your boundary is. If you could live that situation over again, what action would you take to change it?

Set

· Does your manager randomly call you throughout the week? Schedule a recurring 1:1 catch up meeting with an agenda.

· Feeling overwhelmed? Make a list of your priorities and ask your manager to do the same. In your next 1:1, compare lists. Are they different? Decide together what your top three responsibilities are and how much freedom you have to accomplish them.

· If your manager’s expectations cross a boundary, how important is the boundary to you? Is a compromise possible? Is saying no a battle you want to fight?

· Give updates on your projects’ statuses and request they prioritize them. Ask them to tell you more about why they need this assignment done in this timeframe, and why the task requires your unique skillset.

· Personal goals count. If your manager wants you to stay late, but your trainer is meeting you at the gym at 6:00PM, offer to get started early tomorrow morning. Compromise so you aren’t saying no all the time.

· Best practice is setting boundaries at the beginning of a project. For example: Make a rule to only answer texts after 7PM if it’s an emergency, and define what constitutes an emergency.

· Use technology to help you communicate boundaries: change your status to busy in the business communication platform your company uses, calendar an hour a day and label it as busy. You don’t have to say what you’re using the time for. Get the kids started on their homework if that’s what it takes to enable you to finish your work.

Burnout doesn’t just affect you; it affects the work too. You need to be flexible and accommodate the occasional emergency requiring overtime. But, regular work hours and exceeding the expectations of the project are good boundaries to help you both do the work every day and juggle the other aspects of your life. Do not apologize for protecting the time it takes to do the work you are already assigned.

Enforce

Practice for boundary crossers. Rehearsal takes the emotion out of holding your boundary. Visualize your manager asking you to work on a Sunday morning; what do you do? Instead of silently fuming over the infraction for hours, immediately reinforce your boundary by clearly and respectfully stating what it is and why it exists. Be consistent in holding healthy boundaries. You aren’t communicating clearly if you keep moving them. For example, if you said you won’t respond to emails after 7:00PM, don’t open your inbox.

Your boundaries will be challenged. That will reveal where they are and help you to refine and iterate them. Those who set and hold boundaries gain respect. A friend just gave up a committee chair position because she assessed her commitments and realized she needed to off-load some. Will I miss her leadership? Yes. Do I respect her for making choices that help her achieve her goals? Absolutely.

Leadership & Culture Videos with The Geek & The Coach

Thu, 29 Apr 2021 18:45:43 GMT

Jeff Van Fleet "The Geek" & Mark Adams "The Coach", Lighthouse Technologies

IT Leader Spotlight: Paul Webendorfer

Thu, 29 Apr 2021 18:37:20 GMT

Paul Webendorfer, Director of IT, ChangeUp Inc.

Did you always want to work in IT?

As far as career paths go, I am still weighing my options. I sincerely hope to make a decision before retirement, but the clock is ticking. Despite the fact that I have been working in IT for nearly 25 years, I had no aspirations of working in IT. I was actually planning for a career in financial law. Somewhere along the way, I took a job with a small local company, started helping with the fledgling IT department and the rest is history. Maybe I didn’t know what I really wanted to do or maybe it was just fate. Either way, I am blessed to have accidentally found a career that has provided me with so many challenges, so many rewards and so many opportunities to work with amazing people.

What’s the best career advice you ever received?

Throughout my career, my managers have primarily been on the business side of the organization, rather than the IT side of the organization. I think this factor helped form my “business first” IT philosophy. As a young man, just learning about business technology, enamored by technical bells and whistles, my boss gave me some excellent advice. He told me, “technology doesn’t mean a thing to us, if it doesn’t help the business.” This simple, practical advice set me on the right path of focusing on business solutions and not on the technology itself. To this day, I consider myself a business person working in IT, not an IT person working in business… and that has made a big difference for me.

The Hub Powered by PNC & Vincent Lewis

Thu, 29 Apr 2021 18:32:48 GMT

Staff Writer

Technology First had an opportunity to sit down, virtually of course, with Vincent Lewis, President of The Hub Powered by PNC, which is an exciting new joint venture here in Dayton. Given the April theme is building an innovation culture within our companies or individual teams, we thought getting a better understanding of this new organization’s mission and leader would be interesting to our 175 member companies.

With over 95,000 square feet of unique space, The Hub sits in the heart of downtown Dayton and is breathing new life into the city as well as a historic landmark building that was built in 1906 and previously called Dayton Arcade. If you have not seen it yet, there is a great YouTube video called “The Dayton Arcade: Waking the Giant” we would personally recommend watching to get a little better understanding of the space The Hub and its development partners are helping to reclaim.

The joint venture itself, which is between The Entrepreneurs Center and The University of Dayton, is designed to help drive forward new venture creation and social innovation and will also serve as the centralized location for the region’s entrepreneurs and innovators. An important part of that venture will be the team of organizations behind it which includes not only the University of Dayton, but the L. William Crotty Center for Entrepreneurial Leadership program, which will be housed at The Hub, The Greater West Dayton Incubator, numerous Dayton-based startups, and the Entrepreneur Center. This team and the venture are designed to build out a critical and needed focal point of the activity that physically and programmatically will merge two of the region’s primary entrepreneur-oriented organizations. This space will allow the free flow of ideas and help facilitate what they call “serendipitous collisions” among innovative thinkers while offering practical, flexible, and cost-effective space solutions for entrepreneurs.

At the heart of this effort are Vincent Lewis and a strong team of individuals who will be focused on driving both a cultural as well as a business impact. The Cultural Impact is focused on partnering with the City of Dayton to ensure the resources, talent, and capital available within The Hub can also positively impact the broader Dayton community. The Greater West Dayton Incubator is a good example of one of the partners tasked to ensure pathways are opened to the opportunities in our startup ecosystem for minority and women entrepreneurs in underserved areas.

No less important will be the business impact The Hub has been tasked to accelerate. Primarily this impact will be focused on the opportunities for innovators and entrepreneurs to launch their ideas, grow their businesses, and drive prosperity within the startup ecosystem. The Entrepreneur Center itself has served as a tremendous advocate and supporter of entrepreneurs in the Miami Valley for years including small businesses, high-tech, and research commercialization-focused startups. Specifically, one of the Entrepreneur Center’s tasks will be continuing to provide support through its mentorship, funding, and marketing programs at The Hub.

Based on Dayton’s heritage of innovation, strong work ethic, and existing business community, it presents a real possibility to create hundreds of new jobs and ripple across all segments of the business community.

For more information about ways to engage with The Hub Powered by PNC Bank, visit https://www.thehubdayton.com.

In our time with Vincent, we had the opportunity to get to know him and asked him to share some personal things about himself and at the end of the conversation ways the Technology First Membership could collaborate with his team.

What needs do you believe the Hub addresses in the region?

The Hub meets many needs, but simply it will serve as a “Melting Pot” of opportunity and hands-on activities for a wide segment of our city, from the students and business owners who will occupy the 95,000 square feet of space to the citizens and investors looking for creative inventors, business owners, and other resources in our region. This is also a great resource to give students the opportunity to remain in the region after graduation.

What’s a lesson you can share that's shaped your work?

Humility and learning you do not have all the answers and are not required to have all the answers to be successful were important lessons.

What’s a trend in technology or innovation that you think maybe doesn’t get enough attention?

I believe innovation is an overused word and there is not a straight line between technology and innovation. The Arcade serves as a great example of that. The origin story of the Arcade involves food wagons needing to get out of the rain so they started pulling into the building to better sell their products. It took many years and pivots to come to the current innovation and believe real innovation can take time.

Do you have a personal favorite place in the region you like to visit?

With a smile, “The Arcade”. Vincent has always enjoyed the 360 miles of regional bike trails in the Dayton region and two of his favorite locations are Charleston Falls in Tipp City and Sugarcreek Metropark south of Bellbrook.

Anything in closing you like to share with the Technology First Membership and overall technology community?

I believe the Technology Community is an important piece of critical infrastructure to any region and it’s extremely important that we continue to grow it here in Dayton. Having technology-focused companies such as DataYard support our launch is only one example of how we can continue to collaborate.

Professional background

A Western Kentucky graduate, Vincent went on to get his Master’s degree at Antioch University. After graduation, he went on to become the CEO of Hyde Park Electronics, a family-owned business at the time that would go on to become the #1 provider in the world (in front of companies such as Siemens) as a high-tech provider of ultra-sonic sensors technology. Over his 11 year career, he would lead the company on to eventually be sold to Schneider Electric. He would continue until leaving the company in 2007. He then went on to own Logos@Work, with his wife for fourteen years, where he continues as chairman today. Finally, in 2014 he followed his love of teaching to his current role at The University of Dayton.

IT Leader Spotlight: Jon Rike

Thu, 29 Apr 2021 18:21:14 GMT

Jon Rike, CIO, City of Dayton

What was your first Job?

My first job after graduating from college was providing IT support for executive leadership at the University of Dayton. Looking back, I now realize how privileged I was to have access and exposure to phenomenal leaders like Brother Ray Fitz, Father Gene Contadino, Dr. Katy Marre, and Jaci Jackson. As I've grown in my career, I've more fully realized that my leadership style and approach to management was fundamentally shaped by these interactions and the lessons I learned from great leaders. Throughout my career I've done my best to "pay it forward" by modeling their approach and continually looking for opportunities to provide servant leadership.

What has been your greatest career achievement?

Significant achievements in IT are typically associated with initiatives or projects that produce a fundamental impact at the enterprise level. In my career I've been blessed to have led or contributed to many technology projects that have raised the bar and provided compelling benefits for the organization. However, when I think of my greatest achievement I always come back to the team and the people. As leaders we have an amazing opportunity to fundamentally change the trajectory of careers and lives. My greatest achievement will always be associated with the investments I've made in my staff and the exponential growth that has followed!

What's the best career advice you've ever received?

One of the best pieces of career advice that I've ever received was provided in a quote by Harry Truman. He famously said that "not all readers are leaders, but all leaders are readers". This advice has really served me well in the area of information technology. I truly believe that to successfully lead in this industry, you have to have an endless appetite for reading, learning, and growing. Additionally, the pace of change within IT has accelerated to such a degree that any lapse in learning will quickly become a competitive disadvantage for the individual, the team, and the organization. Thanks for the great advice President Truman!

What advice would you give aspiring IT leaders?

Enjoy the process of becoming! I think in life we often try to speed the process of reaching a given objective without fully embracing or appreciating the journey. As Kobe Bryant said, "Those times when you get up early... those times when you stay up late... when you're too tired... you don't want to push yourself, but you do it anyway. That is actually the dream." Enjoy the ride, be a voracious reader, learn from your mistakes, and always put relationships first!

CompTIA A+ Certification Training (1001 & 1002 Exam Vouchers Included)

Thu, 22 Apr 2021 18:28:49 GMT

CompTIA IT Fundamentals Training (Exam Vouchers Included)

Thu, 22 Apr 2021 18:25:50 GMT

Husted Announces Pilot Program Linking High School Students to Tech Internships

Tue, 20 Apr 2021 20:18:02 GMT

High School Tech Internship Pilot Program - Ohio Businesses.pdf

The High School Tech Internship pilot program is an opportunity for Ohio employers to hire high school interns and receive reimbursement for their wages.

The High School Tech Internship Pilot Program will connect 100 Ohio high school students with technology careers and businesses in Ohio. Businesses can hire summer interns by contacting one of 12 pilot sites across the state. Visit Workforce.Ohio.gov/HSTechInternship to learn how to participate in the program. Interns should be placed in technology roles that focus on software, data, cloud and IT infrastructure, and cybersecurity. Students will be expected to perform job duties similar to what would be expected in an entry-level position.

Wage Reimbursement:

To qualify for wage reimbursement, employers must submit documentation proving that the individual was employed for a minimum of 150 hours and was paid at least $12 per hour. Employers will receive a higher wage reimbursement for younger students to help more students experience technology careers at an earlier age.

Questions? Please contact the High School Tech Internship team via email: High_School_Tech_Internship@Development.Ohio.gov

ATC Rebrands and Relocates to Liberty Center

Tue, 13 Apr 2021 13:12:50 GMT

Advanced Technology Consulting (ATC) has rolled out a refreshed logo, branding, and website to reflect ATC’s position more accurately in the digital transformation marketplace. In addition, ATC recently signed a lease for ~7,000 square feet of Class A office space on the fourth floor of Liberty Center, a mixed-use community in Liberty Township, just north of Cincinnati.

ATC is an independent IT consulting firm specializing in digital transformation in four core areas: voice, network, cloud and cybersecurity.

ATC will officially move into the new space this August. The need for new space has been fueled by ATC’s growth—eight consecutive record years—and demand for additional talent. ATC recently added three IT consultants and has tripled its Cincinnati workforce in a little over two years. Aggressive plans to onboard additional IT talent are part of ATC’s growth strategy.

“With our growing team, we need a space that will fully engage our employees, clients, and partners on multiple fronts,” says David Goodwin, ATC Managing Partner & Co-Founder. “Liberty Center and our new office space will do just that. We’re eager to embrace this new brand and move to Liberty Center. Our new location on the I-75 corridor will allow us to further develop our regional presence.”

ATC’s new logo and brand colors are refreshed but not altogether new. What remains as part of the new brand identity is the triangle, the blue and gray colors, and “ATC” spelled out in all caps. What is new is the aqua color and the 3D-like, technology-forward favicon. Phase one of ATC’s new website is up and running, with phase two slated for release in May.

ATC’s new brand will be reflected within the new space, and ATC is currently working through an experiential design process that will exhibit ATC’s technology-forward brand characteristics. As conceived, the office will be a hub for collaboration where talent, technology, and expertise unite. Naturally, the space will utilize and showcase the technologies ATC evangelizes every day with clients.

“It’s an exciting time for us,” says Louie Hollmeyer, ATC director of marketing and consultant. “Our work with clients has been wrapped around digital transformation for some time now, and it was essential for us to create a refreshed brand identity to better align with today and tomorrow.”

By joining the Liberty Center community, Cincinnati’s hottest suburban hub, ATC will have access to unmatched amenities and finishes. The center offers immersive experience of endless dining and retail options, multifamily housing, onsite parking and community events. ATC’s new office also has excellent drive-by visibility and convenient access to both the Cincinnati and Dayton metropolitan areas, including Northern Kentucky.

To learn more, visit ATC here and here.

It's TechCred Time Again - Free Training Funds

Tue, 06 Apr 2021 16:31:51 GMT

Sinclair College Announcement

Who doesn’t want to qualify for free training funds? Right now is a great time to increase your current employees technical skills. The department of Workforce Development at Sinclair College has several programs eligible for state funding with Ohio TechCred. We anticipated it opening again in March, however, they made some changes to the program and it reopened 1 April.

TechCred is Ohio's innovative workforce program that reimburses employers for industry-recognized, technology-focused, credentialed training programs and certificates. The training must be completed within 12 months now and the current online application period is open as of April 1st. Now is the time to start thinking of who needs upskilled!

Here are some things you should know, including changes from previous funding rounds:

1. Employers will identify the specific, technology-centric qualifications they need, as well as the employee(s) they want to upskill.

2. To qualify for reimbursement of training costs, the employer must partner with a training provider and apply online. Individuals must be Ohio residents with a verifiable Ohio address.

3. The length of the grant will be reduced from 18 months to 12 months from the award date.

4. Training programs must start on or after the date of the award, not before, and must be completed in less than 12 months.

5. The state will reimburse up to $2,000 of training costs per credential upon completion. There is no longer a limit of one reimbursement available per employee in each funding round.

6. Employers are eligible to receive up to $30,000 per funding round.

7. The application period begins April 1st and will end on April 30th.

8. Click here for more information about the TechCred program.

Wondering what you could use it for? Many companies in the area have already used it to streamline workflow and improve productivity with Microsoft Office training. Learn to effectively manage projects, analyze data or build PivotTables with Microsoft Office training. With courses for beginners to power users, you can gain the skills you need to master the features and functions of the Microsoft Office suite.

Eligible Industry Areas

Business Technology (think Adobe Creative Suite or Photoshop for your marketing)
Construction Technology
Healthcare Technology
Information Technology (think Microsoft, Excel or Word)
IoT & Cybersecurity Technology
Manufacturing Technology (think SkillsTrac Industrial Maintenance, CNC Machining or GD&T)
Military & Smart Transportation (automotive training, such as diesel maintenance)
Robotics/Automation (think electrical troubleshooting or robotic programming)

Please contact Karolyn Ellingson if you have any questions.

Karolyn Ellingson, M.Ed.

Workforce Development Manager
Sinclair Community College | 5380 Courseview Dr | Mason, OH 45040
O: 937.512.5584 | M:937.416.6556| F: 937.512.5591

karolyn.ellingson@sinclair.edu

workforce.sinclair.edu

Technology First & Cybersecurity

Mon, 01 Mar 2021 21:27:43 GMT

Lisa Heckler, VP Information Security & Privacy, CareSource and Technology First Board of Directors

Is your life feeling a bit like Groundhog's Day? Needing something to snap you out of the Winter Blues? Look no further than Technology First for exciting volunteer, network and educational opportunities in the Dayton and Southwest Ohio region… and virtually beyond! Here's a peek into what's coming up related to my favorite topic - cybersecurity:

Girl Scouts Cyber Challenge - Calling All Cybersecurity Professionals

What??? The Moon has been hacked?! Girls in grades 6 - 12 will come to the rescue of the Moon Base as part of the 2021 Girl Scouts Cyber Challenge. This all day event will immerse attendees in the world of cybersecurity. Along the way they will solve interesting problems (no experience necessary) and meet real world cybersecurity professionals.

Will you join me in creating an exciting experience for our young women who are interested in cybersecurity? The event will take place at the end of July (day to be finalized) and we need day-of volunteers to make it happen.

Cyber SIG - Calling All Cyber Security Professionals… AGAIN!

Technology First is starting a new special interested group focused on Cybersecurity. The group will meet quarterly starting with the virtual OISC (see below for more info on the OISC). Our next meeting will be on June 3 featuring local cybersecurity expert Bryan Fite. If you've met Bryan you know that this is sure to be an interesting evening filled with information on Bryan's latest research as well as lots of conversation on the latest threats and trends in cybersecurity. Technology First will be sending out more information as we get closer to the event.

If you have questions or would like to submit a topic or speaker for consideration for a future event, please email kregan@technologyfirst.org.

Ohio Information Security Conference (OISC) - Last Call for Cybersecurity Professionals!

(And anyone interested in learning more about Cybersecurity)

We have another interesting and informative OISC on tap for 2021 including keynote speaker Duane Harrison, Chief Scientist, National Air and Space Intelligence Center (NASIC), Wright-Patterson Air Force Base. NASIC is the Air Force analysis center for foreign air, space and specialized intelligence. As Chief Scientist, Mr. Harrison guides the 4,100-person center’s analytic production mission, ensuring timely delivery of relevant intelligence data products and services to Air Force and joint operational warfighters, acquisition and force modernization communities, and senior defense and intelligence community policymaking customers.

Additionally, there are four tracks featuring cybersecurity practitioners sharing real life experiences, practical guidance, and thought leadership, as well as technology vendors sharing the latest tips, tricks and tools to address our cybersecurity concerns. The tracks are focused Cybersecurity Trends & Directions, Applied Cybersecurity, Cyber R&D, and Roundtable Discussions.

Please join me at the all virtual OISC on Wednesday, March 10! Registration & Details Here!

How can automation be used in cybersecurity threat response?

Mon, 01 Mar 2021 21:22:37 GMT

Shawn Waldman, CEO, Secure Cyber Defense

When it comes to cyber threats, every second counts. Quickly identifying a security breach or cyber threat minimizes the damage and cost to an organization. Unfortunately, the volume of threat alerts an organization receives every day, from multiple security systems, creates an overload of tickets needing to be analyzed, prioritized, and investigated.

Hackers are now using artificial intelligence to make their own criminal activities more efficient. If cybercriminals are using automation technologies, it makes sense that cybersecurity professionals do the same to stay one step ahead.

Heightened productivity, consistency, and keeping up with increasingly complex security needs are all solid advantages for adopting automation. With automation and Artificial Intelligence (AI), repetitive tasks like manually sifting through threat alerts can be handled quickly and efficiently. Automation technologies also use vast amounts of threat intelligence to quickly identify and address emerging threats—specifically sophisticated threats designed to avoid detection. Through the use of playbooks, systems can quickly and efficiently eliminate risk. This quick response reduces Mean Time To Detection (MTTD) and Mean Time To Response (MTTR) saving companies time, expense, and downtime.

There are five ways artificial intelligence and automation fill a need for data security teams:

Machine learning-powered security can quickly spot and automatically address sophisticated new threats
Automated tools can uncover and fix vulnerabilities before attackers can exploit them
Tasks can be automated to extend the capabilities of security teams and reduce alert fatigue
Automation handles threat analysis and response in a matter of seconds, 24/7
As part of a larger security solution, automated platforms work together in a coordinated response

WHY ISN’T EVERYONE RELYING ON THESE TOOLS?

If AI-powered automation tools are providing more accurate and timely results than humans, why isn’t everyone using them? For one, automation tools are behavior-based, meaning they need data to inform their learning and actions. Cost can also be a factor since these platforms require expertise to configure and manage, often requiring outside Managed Security Service Provider (MSSP) support. Finally, automation needs to be part of an overall cybersecurity plan, rather than simply patching a hole.

First and foremost, organizations need to be sure they have the basic security measures in place, like adhering to the CIS Top 20 Controls to stop the most pervasive and dangerous cyber threats. Having the basics in place before jumping into AI- and machine-learning platforms is the best place to start. Some of the basic elements include:

Understanding your network and the devices on your network
Addressing perimeters such as firewalls, intrusion prevention systems, and encryption
Secure network coverage such as SIEM, SD-Wan, and VPNs
End-point protection such as antivirus and anti-malware
Good email security and hygiene
Controlling the use of admin privileges
Proper password management
Ensuring firewalls, email gateways, and other security devices are properly configured
Resources behind the scenes to satisfy training needs, create awareness, and develop a positive cybersecurity culture

Automation isn’t replacing security teams, rather automation enhances the skills and capabilities available. Minimizing human errors in repetitive cybersecurity tasks is a benefit of automation. Automation provides consistency reducing error rates and increasing protections. A higher level of detection and speed of response means there is a quicker link between suspicious behavior and action. Over time, as AI-powered platforms continue to learn your network environment and ingest threat intelligence data, their benefits to your organization will continue to improve.

Automation can be rapid, agile, and consistent. What automation can’t be is creative and curious. When security processes are automated, security teams are freed up to exercise their creativity to solve problems and build more comprehensive security approaches. Cybersecurity professionals still need to decide what servers or networks to isolate, when incident response teams need to be brought in, plus determine what changes should be made to policies and procedures to institute corrective actions. Like everything else in the IT stack, it comes down to needs, workload, and budget to determine how much automation will deliver a return on your investment.

So, What’s the Answer?

The reality is that the complexity of technology and the amount of data that must be watched and analyzed is not slowing down. In order to manage the growing threat surface and threat alerts, security automation and integration tools will continue to evolve with the same urgency to support security teams. Is your company prepared to take advantage of automation? If not, how will you develop strategies to keep up with the speed and sophistication of cyber threats?

Shawn Waldman

Is the CEO and Founder of Miamisburg-based Secure Cyber Defense. With over 20 years of experience in cybersecurity and information systems, his team designs, manages, and monitors cybersecurity solutions, responding to threats and protecting organizations from cybercriminals.

IT Leader Spotlight: John Huelsman

Mon, 01 Mar 2021 17:42:06 GMT

John Huelsman, IT Director, Hobart Service

What was your first job?

IT related – Computer Services at BGSU. I worked part-time while a student at BG. Go Falcons!
Non-IT related – paperboy (5^th grade to 9^th grade).

Did you always want to work in IT?

Nope, My initial career thoughts were towards teaching and/or coaching. However, three of my older siblings graduated college in the IT field and got decent jobs so that led me to eventually explore it as a possibility. I was proficient in math and science, so my high school guidance counselor pointed me in that direction as well.

What advice would you give to aspiring IT leaders?

Be patient.
Observe and listen to leaders you respect. Similarly, find a mentor and talk to him/her regularly.
Get involved in professional networking organizations (like Technology First) and build your network of contacts.
See the big picture regarding your overall business and markets.
Put yourself out there and take risks. Volunteer for stretch assignments that get you out of your comfort zone. “Progress always involves risk. You can’t steal 2^nd base and keep your foot on 1^st.” – Fredrick B. Willcox
Take ownership of your career – it is ultimately your responsibility.

IT Leader Spotlight: Matt Coatney

Mon, 01 Mar 2021 17:39:46 GMT

Matt Coatney, CTO, HBR Consulting

What was your first job?

Software engineer for an AI software startup in the pharmaceutical/drug discovery space (by far the most geek-cool job I’ve had!)

Does the conventional CIO role include responsibilities it should not hold? Should the role have additional responsibilities it does not currently include?

The challenge of the modern CIO is that you still must “keep the trains running on time” – ensuring that core systems like email, network, and infrastructure are rock solid and secure – but that is no longer enough by itself. That’s table stakes. The role is also increasingly looked to for advice and initiatives that transform the business through technology in areas like analytics, cloud, mobile, IoT, and the like. In mid-sized organizations especially, the CIO is looked to as the security, data, and innovation officer too, which requires intense focus and energy to balance all these plates.

What advice would you give to aspiring IT leaders?

Be non-traditional. Avoid the typical, predictable career ladder. Pick up special assignments and roles that stretch your comfort zone and give you experience in all sorts of different disciplines: cutting-edge technology, operations, security, finance, economics, law, etc. The future leader will need a wide range of skills – including the skill and passion of continuous learning – to keep up with the rapid acceleration of technology and the world of work.

The Key to Success? Failure

Mon, 01 Mar 2021 17:37:53 GMT

Mardi Humphreys, Change Agent, Integration Edge - a division of RDSI

There’s an old adage: if you’re the smartest person in the room, you’re in the wrong room. When it comes to work, let’s just say, I’m in the correct Zoom room A LOT. I like to think it’s just a diversity of gifts. My coworkers bring the technical knowledge necessary for building solutions and I bring them challenges to solve. But every little mistake I make feeds a low-grade lack of confidence and makes me wonder, “What if I fail?”

When the thought occurs, I have to stop and remind myself that everyone fails. In fact, failure is a necessary step to success. If I approach projects with curiosity, seek to understand, and demonstrate I’m both listening and learning; then failure becomes part of the problem-solving process. It can even help bond the team. Failure presents an opportunity to highlight everyone’s unique roles and particular skill sets. This allows me to frame failures as experiments I need the team’s talents to finish. We can analyze where things went wrong, gather data, and move on. We want to fail fast, forward, and with feedback. Not every piece of code is written correctly the first time. It’s why development, staging, and production environments exist. Development and staging are places designed for experimenting, testing, and failing before putting the final solution into production. This method doesn’t have to be used exclusively for software development. It can apply to any project team.

Development: This is the brainstorming phase. Wacky ideas are welcome in this no-judgement-allowed preliminary formation of plans. Blue sky thinking happens here. At this point, we know where the client is and where he wants to go. Now, we figure out how to get them there. Everyone is encouraged to contribute then go test their ideas on their own. Think proof of concept.

Staging: This is the evaluation phase. Still a no-judgement zone, everyone brings their idea that passed testing and combines it with everyone else’s bit; much like connecting to a network. The results of wacky-ideas testing are discussed. Would this idea actually work? Do we have the necessary resources to make it happen? The team looks for obstacles to the solution’s success and adjustments are made. Will the client be able to afford this? Does an off-the-shelf solution already exist? Think prototype.

Production: The individual experiments have been combined, vetted, tested, run, and are ready to present to the client as a solution or at least a roadmap. Think demonstration, or, if more fully evolved, think deliverable.

This approach produces more ideas and more solutions more quickly. Business moves at the speed of trust. If we create a safe environment in which to fail, it not only saves time, but also creates a more compassionate, patient, and bonded team. Embracing failure can turn smart people into leaders, mentors, and coaches who will help the team build sustainable trust. Shifting to this mindset frees us from the fear of failure. It inspires us to use failure as a tool and puts us in the same category as Thomas Edison, the Wright brothers, and Sara Blakely. Talk about great company to be in!

6 Must-Have Ransomware Protection Features (And One Nice-to-Have)

Mon, 01 Mar 2021 17:35:37 GMT

Chi Corporation and StorageCraft

Just about every story you read about responding to ransomware includes the directive to “never pay the ransom.” That’s easy enough to say if you’re not the one whose data is being held hostage. And the odds are pretty good it will happen to your company. CyberEdge’s 2020 Cyberthreat Defense Report calls out that nearly seven-in-10 companies will be affected by ransomware attacks.

So, it’s pretty clear you need to put the protections in place that keep ransomware out. You may think that means bolstering endpoint security since that’s where most ransomware attacks originate, but the reality is that 77 percent of organizations that have been infected with ransomware were running up-to-date endpoint protections.

Since it’s almost impossible to prevent every ransomware attack, what you need is a backup and disaster recovery solution that lets you bounce back from an attack, as unscathed as possible. We suggest you consider the following features when shopping for such a solution:

1. Get Continuous Data Protection

You never know when ransomware will strike, so you need to be prepared. Look for a solution that protects your data at all times by automatically taking continuous, space-optimized, image-based backups.

2. Look for Efficient Multi-Site Replication

You’ll want automatic replication of your backups offsite, or at least off-network, as well as to the cloud. This should be able to be accomplished simply by selecting the machines you want to back up and pointing their backups to the desired backup targets using a checkbox or a drag-and-drop interface.

3. Simplify Data Protection with an SLA-Driven Workflow

An optimized workflow for SLA-driven data protection should include a “set and forget” policy feature for data protection and management, with a browser-based dashboard that gives you a single workflow to protect and manage both physical and virtual infrastructures. It should give you a global view of all of your recovery points, and let you schedule and manage local backups, set up onsite, offsite, and cloud replication, and retention schedules. A solution with proactive error detection and alerting will further help simplify management and speed problem resolution.

4. Make Sure Your Data Integrity Is Absolutely Reliable

Choose a data protection solution that ensures your backups will be there when you need them. Inflight verification and automated re-verification of backup images mean you’ll have backups you can count on. Other features like smart retries, self-healing repairs, and PKI-based encrypted channel communication increase backup reliability even more.

5. Include Instant, Flexible Recovery

Because every minute of downtime caused by ransomware is very expensive, you’ll want a solution that lets you get back in business immediately. That should mean you can get back up and running in milliseconds.

You’ll also want to be able to directly recover to your primary store, eliminating the need for vMotion and eliminating any performance impacts during recovery. Being able to recover to dissimilar hardware or virtual environments is another valuable feature for ensuring flexible recovery by letting you use available resources instead of waiting for specific resources.

6. Count on Integrated, Cloud-Based DRaaS

The best way to ensure total business continuity is to go with cloud-based DRaaS that delivers orchestrated, one-click virtual failover. So you don’t have to wait for anyone, recovery should be via a self-service portal and not require third-party intervention. Look for DRaaS solutions that include replication as a service and give you the option to recover using seed drives, BMR drives, and web downloads.

A Nice-to-Have: A Converged Data Platform to Control Costs

A solution that unifies data protection and scale-out storage onsite and offsite can help you fight back if ransomware strikes. It can also help you control storage costs and simplify both storage and backup and disaster recovery management.

Look for a solution that uses an object-based, distributed file system so you can scale non-disruptively, without any need for configuration. Inline deduplication and compression will also save on storage costs. And scale-out storage lets you add capacity as you need it to keep up with your data storage requirements, eliminating forklift upgrades without sacrificing security.

Get the Facts

For over 50 years, Chi Corporation has been a leading IT solutions provider specializing in data storage, backup and recovery, networking, security, and virtualization. Together with our valued partner StorageCraft, we have helped organizations of all sizes ensure they never have to pay the ransom. For more information and to schedule a demo, please reach out to John Thome, President of Chi Corporation, at 440-498-2310 or jthome@chicorporation.com. Or learn more at ChiCorporation.com and StorageCraft.com.

Secure Access Service Edge (SASE): Getting Sassy in the Cloud

Mon, 01 Mar 2021 17:28:00 GMT

Cadre Information Security

Operating on the edge with vigorous due diligence

Moving business processes, applications, and data to the cloud is inevitable as we expand operations and distribute workforces around the globe – yet this fundamental shift provides cybercriminals a central target and more accessible attack vectors to compromise sensitive assets. Consequently, organizations are increasingly challenged to expand the security perimeter, which often forces implementation of controls that are at odds with the evolving cloud environment. Cybersecurity experts argue that secure access service edge (SASE) – pronounced “sassy” – is a timely solution to the current cloud dilemma and it is the future of network security. Continue reading for a glimpse into this cloud-centric operation.

A netscape riddled with vulnerabilities

Network security has experienced many evolutions since the early days of the internet and its subsequent explosion into the cloud.

While the stateless access controls of firewalls nearly a quarter century ago were incapable of protecting emerging stateful technology, the consequent move to proxy technology also proved to be a vain resolve because proxies couldn’t keep up with new applications and network traffic.

Stateful inspection of applications proved to be more secure and dominated the market for many years, until the explosion of internet applications demanded yet another novel tactic to secure networks.

Next-generation firewall architecture and an array of network security infrastructures, such as internet protocol virtual private networks and remote access gateways, now enable organizations to more effectively secure traffic destined for headquarters, branch offices, and data centers. But even these solutions create new problems as they solve old ones.

Now, the inherent risks of migrating applications and data to the cloud, along with protecting the growing pandemic-era remote workforce from cyber threats, perpetuate the multitude of network traffic vulnerabilities that overwhelm CISOs and their security teams.

Perhaps it is time to get “sassy” with network security

“The future of network security is in the cloud,” says Gartner, who describes an emerging cybersecurity concept known as Secure Access Service Edge (SASE):

"In cloud-centric digital business, users, devices, and the networked capabilities they require secure access to are everywhere. What security and risk professionals in a digital enterprise need is a worldwide fabric/mesh of network and network security capabilities that can be applied when and where needed to connect entities to the networked capabilities they need to access."

While Gartner predicts that more than 40% of businesses will have a strategy to adopt SASE by 2024, many enterprises have already embraced the cloud-based network security service model to converge their multitude of network traffic and managed security products.

SASE capabilities are delivered in real-time as a service based on the identity of the entity, which includes people, devices, applications, services, IoT systems, and edge computing locations.

Its cloud-based infrastructure provides flexibility to implement and deliver security services more efficiently, including threat prevention, sandboxing, DNS security, next-generation firewall policies, and web-filtering, among others.

Integrating full content inspection and enterprise data protection policies into the framework enhances visibility into network activity and improves threat prevention, ultimately minimizing the compromise and theft of sensitive information.

The model continuously assesses risk throughout network sessions. Plus, exercising Zero Trust in the cloud reduces faulty assumptions and protects sessions even when entities are not connected to the network.

Not only can operating on a single platform increase performance by allowing us to connect to entities wherever we are located in the world, this approach also eliminates the necessity for multiple point products, which could significantly reduce costs and IT resources.

“SASE is moving us away from a model of building defensive perimeters and internal checkpoints which replicate a world of physical security to a new viewpoint where users, systems and data carry the requisite security protocols with them as a personal force field connected to a central point of security management,” says Greg Franseth, a seasoned information technology expert and Director of Professional Services at Cadre Information Security.

Operating on the edge demands vigorous due diligence

Getting sassy with a single cloud-based platform enables CISOs and risk managers to simplify IT infrastructure and reduce the complexity of network security.

But as the industry embraces this incredible shift in network security, moving to the cloud creates a new centralized attack surface for cybercriminals to target and exploit.

We must be mindful that the fundamental objective to prevent attack-ways to our people and sensitive assets hasn’t changed. We must continue to be vigilant and innovate in staying secure.

Effectively leveraging the cloud will empower us to protect the organization from hostile cyberattacks in novel ways.

Topics: Secure Access Service Edge, SASE

An Intro to the New NIST Privacy Framework

Mon, 01 Mar 2021 17:24:10 GMT

Claire Cochran, AHEAD - This article originally appeared on AHEAD's i/o blog

Security and privacy have long been considered “two peas in a pod,” but security is often the primary focus of the two. This is because it is possible to have a nearly perfect secure system without worrying about privacy. (Imagine Fort Knox with nothing inside of it to protect.) However, it is impossible to have a privacy-centric system without any focus or worry about security principles and technologies. When you put the data first and truly understand what it is you’re protecting, you are able to scale security to make it commensurate to the data under protection.

After more than a decade of its Cybersecurity Framework (CSF), in January of 2020, the National Institute of Standards and Technology (NIST) spoke on the topic of privacy. The new and simply named NIST Privacy Framework was created to complement the CSF and lays a foundation for early privacy program adopters to follow as they build out more comprehensive programs. According to NIST, the framework considers “privacy events as potential problems individuals could experience from system, product, or service operations with data, whether in digital or non-digital form, through a complete life cycle from data collection through disposal.” In other words, any form in which the data of an individual could become public in any way, causing harm. NIST further breaks down harm categories into the following areas: embarrassment or stigma, discrimination, economic loss, or physical harm.

(source: NIST)

It helps businesses better identify, prioritize, and manage privacy risks to protect the privacy of individuals everywhere. It does this by closely mirroring the same approach as the CSF—CSF functions include: Identify, Protect, Respond, Recover; while the functions of the Privacy Framework are: Identify, Govern, Control, Communicate, Protect. The two clearly borrow from each other and overlap—showing how integral the two concepts are to mutual success.

(source: NIST)

Framework Structure and Use

Like the CSF, the Privacy Framework is made up of three parts: Core, Profiles, and Implementation Tiers. The Core is a set of activities and outcomes to help organizations begin to think and talk about their privacy risk. Its Profiles dive into the above-mentioned functions of Identify, Govern, Control, and Communicate. The Implementation Tier helps businesses understand whether they have the resources currently in place to manage privacy risk and achieve their goals.

Any organization can use the framework to assess and reduce its privacy risk. In fact, NIST provides hypothetical use cases featuring both a large corporation and a small business to illustrate its implementation within various environments.

So What Does This Mean for Businesses?

Privacy as an industry has long been complicated with compliance and legal regulations and standards with a lot of uncertainty around where regulatory boundaries start and end. There are also multiple industry and government regulations which have taken the spotlight in recent times—GDPR, HIPAA, CCPA, PIPEDA, FERPA—this list goes on and on. However, these existing (and often required) regulations are specific to certain industries, governments, and even geographical areas. NIST’s purpose when developing the Privacy Framework was to develop an industry-, geography-, and sector-agnostic approach that is readily available as a voluntary foundation to anyone who is interested in adopting it. It serves as a great starting point for organizations to use while developing basic, intermediate, and even advanced privacy programs.

Taking a Moment to Celebrate IT’s Response to the Pandemic

Fri, 01 Jan 2021 19:51:44 GMT

Thomas Skill, Associate Provost & CIO, University of Dayton and Technology First Board of Directors

For more reasons than most of us are prepared to count, 2020 was a year we would like to forget. The struggles we faced with the global pandemic and the resulting personal and professional consequences of health-related protocols such as physical distancing forced major changes in the ways we work, learn, and gather. While none of us willingly signed up for this experience, there is a silver lining in the dark clouds of 2020 – and the IT industry should get some well-deserved credit for their contributions.

Imagine for a moment what this pandemic would have been like if we did not have the Internet, videoconferencing and online learning tools? Prior to the pandemic, just 3.4% of the US workforce were working remotely according to the US Bureau of the Census. In April 2020, 51% of US workers were remotely doing their jobs (according to a recent Gallup study). What is so very remarkable is not just the sheer numbers, but also the incredible speed of this transition! In many cases, this shift to remote working and teaching was almost an overnight event. For example, at the University of Dayton in March 2020, we moved over 3000 “on-premise” classes to “fully remote” in just 10 days – and that included training and supporting nearly 1000 faculty. These kinds of emergency transitions happened at schools and businesses across the nation.

Many popular media stories are touting this pandemic as the catalyst for incredible technological innovations. However, from an IT perspective, I would contend that the scaling of IT systems and the widespread adoption of remote engagement technologies are our most significant accomplishments. While not as important as the successful development of a vaccine, it does stand as a remarkable achievement in the social acceptance and diffusion of essential technologies. This pandemic has dramatically transformed the ways that we work and teach – and the speed at which we saw the rapid adoption of video conferencing tools will very likely become an important case study in the effective diffusion of an innovation.

This is not a simple circumstance where videoconferencing has finally found its purpose. We’ve had compelling use cases for this technology since it was introduced unsuccessfully in the early 1960s. What we are witnessing today is the convergence of several mature technologies: Widely available high-speed Internet, ease-to-use software platforms, and standards-driven end-user devices (smartphones, tablets and computers). However, perhaps the two most important drivers are the favorable “economics of access” for most users (we can afford to be online for hours at a time) and the ready availability of IT support to help us solve those frequent technical problems (where would we be without tech support?).

As we look to 2021, the IT community can take great pride in having provided one of the few bright spots during this pandemic. However, we must keep in mind that much work remains. Our heroic efforts were executed as “emergency solutions” to a crisis. Our rollout plans had many gaps in both security and equitable community access. We were pressed to rapidly deploy VDI, VPNs and other security tools that pushed us beyond our traditional security “comfort zones.” The genie of remote work is now out of the bottle and we will need to reconsider our practices for supporting this new home-based workforce. The other major consideration is the ongoing “digital divide.” While access to high-speed Internet and computing tools has expanded greatly in recent years, there are significant gaps in both urban and rural areas of the US that are leaving families behind. A recent Pew study reported that a significant number of families earning less than $30,000 annually do not have access to a reliable computer or an Internet connection. A stunning 45% of those families had their children doing homework on a cellphone during the “study from home” days of the pandemic.

Exploring and promoting secure and broadly accessible solutions to these ongoing challenges are what the IT community in Dayton embraces through our work at Technology First. I’m looking forward to a post-pandemic 2021 when we can once again gather – and continue to collaborate – as we consider opportunities to support and grow IT in our community.

The Worst Things to Share on Social Media

Fri, 01 Jan 2021 19:49:01 GMT

Tim O'Connor, Manager, Knowledge Services (vCISO), Cadre Information Security

As a business professional, why should you care what your employees post on social media?

Even before COVID-19 caused the mass migration to a remote workforce, many successful hacks into organizations originated from an employee’s personal device (e.g. cell phone, tablet, laptop) or from information leaked from a personal social media account. I am NOT suggesting that organizations play “big brother” and attempt to police the personal affairs of employees online, but I am going to make a case for education, awareness, and due care.

While we can’t (and should not want to) dictate what our employees share about their personal lives on social media, we also can’t escape the fact that poor social media “hygiene” is a risk to the organization. Employees will forward emails between work and home accounts and use similar passwords for personal accounts and work accounts.

The most effective way to mitigate the risk of users “taking malware to work” is a good Security Awareness Program designed with the help of a trusted advisor. In this article, we are going to cover a few of the worst kinds of behavior that your employees will hopefully avoid, once they receive proper training. When sharing this information it is critical to let the employees know that good social media hygiene helps protect not just the organization but also themselves, family, and friends. You may wish to convey the information in this article to your staff and partners.

It’s All Fun and Games Until Someone Gets Hacked

Games are fun and one of the attractions of social media is sharing personal trivia with friends and family. I am not going to ask you to stop playing games, but it is important to recognize that some of the games on social media have been designed by evil hackers.

Many of these games look innocent and don’t SEEM to give away any information to hackers, but hackers are a crafty lot. Many of these games, like the popular “what is your elf name”, ask for your birthdate or a part of your name as part of the process. Others ask about your favorite pet or your phone number. What could be wrong with these games?

The way it works is that evil hackers simply reverse your post to find out pieces of your birthday, phone number, and/or favorite things (people often use favorite things like pet names as passwords). After you answer one or more of these quizzes, enough of a profile is built to allow the evil hacker to guess likely passwords or forms of authentication such as the last digits of your phone number. With this information, for instance, they could steal your pharmacy prescription:

A legitimate question upon seeing the hackers game shown here is, “why would knowing only the last two digits of my phone number be a risk?” The answer is that knowing this is a gold mine to a mentalist or an evil hacker as this reduces the possible remaining numbers to a manageable sum. The evil hacker can use another game or source to get the other digits or might just use them to CONFIRM other information that can be found publicly as they build a profile on you. In the social media post above, we found people even offering up remaining digits as part of the fun of the game. You can find out more about the “Elf Name” hacks and the relationship of mentalism to Social Engineering here.

What is Amen farming and what harm could it possibly do?

“Amen Farming”, also known as “Like Farming”, is a social media hack that tries to compel people to quickly post a one-word comment about a compelling subject. On the surface, it would seem that this is no different than sharing any other meme and making a comment. It turns out on further examination though that this is a powerful psychological tool that can exploit the privacy settings of respondents.

As a security professional, I am extremely fascinated by the many ways Amen Farming can be exploited. I ALMOST don’t want to warn my friends just so that I can track the methodology of the hack. There are almost a dozen ways these posts can assist evil social media hackers. The first is that many more people will respond to these one-word memes than would respond to a regular discussion. When a long chain of shares and comments are built, this allows the original posting account to mine information from the replies that would normally be blocked by privacy settings. We don’t know all the ways this information can help evil hackers but we do know it assists them in profiling accounts and building up the reputation of an account that they will later use for friend invites and misinformation campaigns.

This practice has become such a gold mine for evil hackers that they often don’t even bother to make up their own memes. They just find a popular one and photoshop “say amen” or another phrase into the meme graphic as in this example.

The best thing to do is to NOT SHARE these memes and of course don’t type “amen”. When you see someone sharing these kinds of memes let them know it might be a scam and point them to this article or the one from “That’s Nonsense”: (https://www.thatsnonsense.com/facebook-like-share-photo-scams-dont-make-scammers-rich/).

If you MUST share the meme, don’t share it from the original account. Download the graphic and then reshare it as your own content and also make sure your social media privacy settings are set to “friends only”.

Fact-Checking Hoaxes

If you are reading this article I suspect you already know that spreading hoaxes on social media is a bad thing and should be avoided. Therefore, I won’t be going into much detail but I would be remiss if I did not include this in our list.

An interesting new development in the “fake news” wars is that scammers are now doing their best to discredit fact-checking outlets. This makes perfect sense as the ploy to “shoot the messenger” goes back long before social media. You should not take the word of a fact-checker until you verify the contents of the article and the sources used for fact-checking. While statistics show only a very small number of fact-checking articles from well-known sites ‘get it wrong,’ it still can happen. In practice, however, it seems hard to get your crazy uncle to do ANY fact-checking much less use additional due diligence. For yourself, some fact-checking is better than none and I would urge you to read the entire write-up from the fact-checker.

If your crazy uncle does not believe any fact-checkers, try going to the sources in the fact-checker article and posting those directly.

“Watch Out For This Hacker” Warnings

Several times a year instant messaging hacks show up warning people to not befriend some ‘famous’ evil hacker. A recent example is the “friend request from Jayden K. Smith” hoax. Since Jayden K. Smith is not a real person and she won’t actually send anyone a friend request, what is the harm?

The harm from these kinds of messaging scams is similar in some ways to Amen Farming. The evil hackers are building profiles and networks and as an aside, they are helping to muddy the water and discredit real notifications about social engineering. The principal difference is the media used, in this case, instant messaging services.

Accidental Information Leakage in Social Media

Never post your phone number, address, age, or passwords on social media. While I think most of us know that, you should know that this information can easily be shared inadvertently, often through photos.

A good example happened last year when a photo of a government emergency worker was posted but on the monitor behind him was a post-it note with a government network password.

Now that many of us are working from home, this kind of information leakage becomes much more common. Check to make sure any photos you post do not include shots of the desk where papers might be in sight or calendars on the wall. When you post a photo of that new item that just arrived in the mail, can you see your mailing address?

Screenshots are particularly dangerous and should be examined and edited closely before sharing. Many people now use multiple monitors at home and don’t realize that a screenshot includes BOTH screens. Screenshots from phones and tablets are also possible sources of information leakage.

Knowledge is Power

I hope this article has helped you to become aware of some of the top common exploits that happen with social media sharing and that you will pass this information on to others.

If your organization would like help in developing policies, Security Awareness Programs, or other related issues please let us know. We have lots of services, workshops, webinars, and direct help to you.

A Special Thank You to Steve Hangen

Fri, 01 Jan 2021 19:46:40 GMT

Paul Moorman, Technology First Board of Directors

We wish our dear friend Steve Hangen the very best as he transitions to a well-deserved retirement after a remarkable career in Information Technology, leading teams at some of the Dayton region’s largest and best-known companies including NCR, Reynolds and Reynolds, WinWholesale (now WinSupply), and Mike-Sell’s. We asked folks who knew him well to provide us with some recollections, and the words that flowed back included “admire, smile, leadership, consummate professional, consistent, calm, supported, mentor, wisdom and quiet confidence.” He will be remembered above all for his caring and helping of others. Steve wrote on his LinkedIn page that “the biggest blessing of my career has been the fantastic people that I have been privileged to work with across the years!” Steve, the privilege has truly been ours.

Ryan Kean, Kroger’s VP of Technical Strategy and Architecture, recalls Steve’s leadership style with the quote, “I had the opportunity to work in Steve’s organization at Reynolds and Reynolds. He was very consistent in his communication and leadership. He was calm, clear, and cared for his teammates.” Don Kennedy, Practice Lead at Smart Data, adds, “I admire not only his “professionalism with a smile” manner but also how he has attracted and retained IT talent around him over the years as well as his ability to give back to our community with his time.”

Steve was a guiding light for over sixteen years and one of the most important change leaders for Technology First, volunteering as Vice-Chair and Board Chair, serving many years on the Executive Committee and Board of Directors. He was personally responsible for revamping the CIO Council into an attendee-driven group that delivers relevant, timely information and assistance to local IT leaders, and his is the format that all Special Interest Groups (SIGs) follow to this day. His impact is best spoken in the following words from his peers.

Jim Bradley, VP of Information Technology at Tecomet, sums it up with, “Steve has been the consummate professional and a huge contributor to both Technology First and to me personally. He modeled the CIO Council to make it what it is today, and countless IT Leaders have learned much through the years because of what he established and developed. Steve also taught us all the value of peer connections and relationships.” Bryan and Barbara Hogan, owners of Afidence, chime in with “Your work and leadership have truly built something that will stand the test-of-time!” John Huelsman, IT Director at Hobart Services, relays, “Steve’s been a mentor for me for many years both professionally and personally. His wisdom, experience, and quiet confidence inspire me to this day. He has impacted me in profound ways through the years and I will be forever in his debt.”

To our friend, all our best, and we hope our paths cross again soon as you continue to mentor our IT community in a new way!

A note from Technology First

Fri, 01 Jan 2021 19:39:05 GMT

Melissa Cutcher, Executive Director, Technology First

Dear Friends,

2020 has been the year of “you’re on mute”, “I forgot my mask” and wine with DeWine. I am grateful to close chapter 2020 and welcome 2021 with a great big socially distanced hug! 2020 wasn’t all bad. It’s been an outstanding learning experience for me both personally and professionally. I had the opportunity to meet Steve Hangen, Ann Gallaher, and many other great IT thought leaders in our region. Each one has demonstrated great leadership and grace during a year of stress, confusion, and uncertainty.

As an organization, Technology First faced our own unique challenges. Pivoting from all in-person events, like SIG’s, Board and CIO meetings, to all virtual by April was no small task. In November, we produced our first virtual conference, Taste of IT. We hosted speakers and attendees from all around the United States! We will continue hosting events virtually until the Governor says we can go back to in-person. Until then, I look forward to “seeing” you at the next Technology First event.

We have great plans for 2021! Look for:

§ Two new special interest groups: developers and cybersecurity
§ The Technology First web site will have a new look and updated features for our members
§ Expansion of our workforce development efforts
§ Continuation of building partnerships with other associations such as, The Circuit, Ohio-X, Ohio IT Association, SOCHE, DDC, JobsOhio and Dayton Area Chamber of Commerce

The vision of Technology First is to develop our region’s future by engaging, expanding, and connecting the IT community. We plan to accomplish this vision by being the conduit for IT advancement in the region.

Yes, 2020 was a challenge. But as a community, we are stronger, because we are together! We have virtually, gone into each other’s homes, connected on a deeper, more personal level seeing each other’s workspaces, meeting family members, both two and four legs.

If you haven’t already, get involved in Technology First. Join us on social media, sign up for the newsletter and event email lists, make a donation before the year ends, volunteer at an event, and respond to our latest workforce survey.

2021 – here we come!

Getting to Know You

Fri, 01 Jan 2021 18:11:50 GMT

Mardi Humphreys, Change Agent, Rainbow Data Systems, Inc. & Integration Edge

I’ve disappointed Rick Springfield. He told me not to talk to strangers, but I lean more toward young Forrest Gump’s philosophy of business development. Remember the first time he got on the bus to school? There are plenty of services that allow your sales team to send hundreds of emails extolling the virtues of your products/services to strangers. There are even companies with the technology to make hundreds of cold calls for you and when the prospect answers the phone, transfer the call to a sales rep waiting to pitch. I’m usually a big fan of automation, but why would a company reveal their pain points to you when they don’t know, like, or trust you yet? This is why Relationship Marketing is so important.

What Is It?

Relationship Marketing is simply building long-term, trusting relationships with strangers; essentially, developing clients into friends. When your friends face challenges, you want to be the first person they contact for a solution. You should feel the same way about your clients. People need to know you’re authentic in order to trust you. You must be the same person to your clients as you are to your cousins. Unless you’re Tom Hanks, you can’t act like different people in your relationships. Being inauthentic is exhausting and counterproductive.

How Does It Work?

Mom is right. If you want to make a friend, be a friend. Take the initiative. Network. Communicate. Be curious. Provide value without an agenda. Businesses are run by people. Go where the people are. Get personal. Do your homework. There is so much information at your fingertips (e.g., company websites, LinkedIn, business newspapers/websites), find out what their business does and their role in it. Figure out how you can help. The companies you want to partner with need revenue to survive. How can your company help them either attract customers or save money on their operations? Do they have a problem your company doesn’t fix? Do you know someone who does? Introduce them. While this doesn’t bring you revenue now, proving you want what’s best for their business demonstrates you can be trusted to put their interests before your own. Having a mindset of their success means your success. We get further together than we do on our own.

Why Does It Work?

Giving your clients great experiences differentiates your company from your competition. You have to go beyond persuading them to believe in your brand. Your clients want to be seen. They want you to help them solve their unique issues. They want to give you permission to be on their team. They do not want content forced on them. They want to learn what your company has to offer and what you can do for them in their own time using the communication channels they favor. I can’t think of one business owner who enjoys having their day interrupted by a cold sales call or sifting through all the cold emails they receive daily. However, I can think of several who appreciated a congratulations-on-your-latest-success LinkedIn message.

Technology First / Info-Tech Research Partnership

Fri, 01 Jan 2021 18:02:27 GMT

To provide additional resources for our members, we have formed a new Partnership with Info-Tech Research Group.

Through this relationship, Info-Tech is offering our community complimentary access to specific research and services as an additional benefit to members of Technology First.

Info-Tech Research Group produces unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. Partnering closely with your IT teams, they provide everything from actionable tools to analyst guidance.

This month’s exclusive content for Technology First Members includes:

Benchmarking

2021 Tech Trends

Disaster Recovery

Ensure your IT team delivers measurable results for your organization. Explore these new complimentary resources for your team here!

What should you do next?

Technology First is participating in an association-wide benchmarking program.

CIO Business Vision Diagnostic

Value: 6k – Complimentary for Technology First members!

The most important thing an IT leader can do is understand the business' needs and actively measure that the business is satisfied.

Stakeholder management is a critical aspect of running a successful IT department.

Info-Tech's CIO Business Vision program is a low effort, high impact program that will give you detailed report cards on the organization's satisfaction with IT’s core services.

Use these insights to understand your key business stakeholders, find out what is important to them, and improve your interactions. View a sample report and begin the diagnostic through our partnership page!

Technology First Blog

Mind The Gap: The Latest on Labor

Closing the Accountability Gap: Why Automation and Cyber Risk Transfer Must Evolve Together

When Automation Fails at Scale

The Illusion of Infallible Automation

Accountability in a Fragmented Risk Landscape

From Insurance to Guarantees: Shifting Risk Transfer Models

Why This Matters Now

A Framework for Shared Accountability

Resilience in Manufacturing: How Octoplant Helps You Recover Faster and Operate Smarter

Modern Identity Security: What Actually Stops Attacks

What MFA Was Built to Prevent

How Adversary-in-the-Middle Attacks Bypass MFA

A Typical AiTM Attack Flow

Why Traditional MFA Falls Short

Controls That Actually Reduce Risk

Conclusion

Signature-Based Detection Is Losing the Arms Race, And AI Is Accelerating the Problem

The 2026 Tech Leader Playbook: Top 5 Priorities for the Next Wave

Red Flags in Professional Relationships: Lessons from Hiring Technology Leaders

Five Cybersecurity Trends Every Leader Needs to Know for 2026

Your Roadmap to CMMC Compliance: Key Steps for Defense Contractors

Pillars for an Autonomous Future

Compliance And Risk-Management Are Part of Cybersecurity Too

Why are we so concerned about Cybersecurity?

So what’s the right path?

Workstation (Endpoint) Basics:

Server Basics

Better Security

Protecting the “network”

Protecting the Human Resources

So where does Compliance and Risk Management come into play?

So how do you ensure compliance?

Conclusion

About the Author

References and Supplementary Materials

3 Steps to Improve your Software Productivity AND Work-Life Balance

Workforce Development: Personal Attributes, Skills, and Competencies MUST Work Together

Understanding the Three Building Blocks

The Corporate Culture Connection

Why It Matters for Workforce Development

Practical Steps for Leaders

The End Goal

VMWare | Broadcom: What you need to Know

Myth vs. Reality: Bridging Ohio’s Tech Talent Gap with International STEM Graduates

Community Is Everything

Empowering the Future: My Journey as a Volunteer with Technology First

Protect Your Technology Investment

What’s All the Fuss About Agentic Artificial Intelligence?

5 Things Every Tech Leader Should Stop Doing – Now!

AI Isn’t a Trend, It’s Your New Normal

A Guide to Data Security for Small and Midsized Enterprises

Breaking Barriers: Empowering Professionals with Disabilities in IT & Cybersecurity

The Hidden Barrier: When Qualifications Aren’t Enough

The Role of Remote & Adaptive Work Environments

How Employers Can Close the Gap

The Path Forward

CMMC Final Rule: Key Changes and Their Impact on Defense Contractors

How to Use CIAM to Elevate the Customer Experience

AI’s Next Chapter: What to Expect in 2025

AI and the “Whopper” of Change

Reflecting on 2024: Building Connections, Strengthening Tech, Championing Innovation

Championing Tech: The Value of Volunteerism

Turning Conference Chatter into Client Conversions: How You Can Leverage Events for Business Development

The Future of Enterprise Communications and Technology

Cybersecurity Essentials for Small Businesses: A Comprehensive Guide

Taking These 4 Preventative Steps Can Reduce Your Cyber Risk

Emerging Tech Leaders: Unlocking Potential & Paving a Path for the Future

Harnessing Generational Diversity: Strategies for Building a Future-Ready Workforce

Finding Success in IT Leadership Without Deep Technical Knowledge

Empowering Tomorrow's Tech Leaders: A Vision for Workforce Development

Sustainable Technology: Extending PC Lifecycles with Cloud Solutions

Innomark Communications Promoting Sustainable Tech in Upcoming Facility

Economic impact of CMMC on Small Businesses and MSPs

C-Suite Spending on IT is an Investment – NOT a Drain

Mentoring Saves You Money

Budgeting for the Cloud in 2025

Protecting Your Capital Investment

Protecting Your Technology Investment in the Face of Fast-Paced Changes and Security Threats

The Overlooked Security Risk