The Cybersecurity Maturity Model Certification (CMMC) framework, developed by the Department of Defense (DoD), is designed to enhance the protection of controlled unclassified information (CUI) within the Defense Industrial Base (DIB) sector. This requirement is expected to be enforced starting in Quarter 1 of 2025, with a roll out of 5 years and having one-fifth of all DoD contacts requiring CMMC each year. We will explore the various facets of how CMMC compliance can impactyour company's economic health. 

How do I know if I need CMMC? 

All DoD contractors, sub-contractors, and support companies will be required to be at least CMMC level one. This isdetermined if the company has any Federal Contract Information (FCI). Then most contractors, sub-contractor, and support companies that have access to Controlled Unclassified Information (CUI)are requiredto be CMMC level 2. There is also level 3 compliance, but this is more limited and has much higher security and data control requirements.  

The Cost of CMMC 

Achieving CMMC compliance involves significant upfront investments. Companies need to assess their current cybersecurity posture, identify gaps, and implement necessary controls. This may include upgrading IT infrastructure, purchasing new security software, changing current corporate culture, and hiring cybersecurity experts. These expenses can be substantial, especially for small and medium-sized enterprises (SMEs). In addition, any company that is supporting a DoD contractor or subcontractor needs to be CMMC compliant. This includes Managed Service Providers that support the companies.  

The cost to be prepared for a CMMC assessment can range anywhere from $20,000 up to the $100,000s, depending on the scope of the project. This is why it is critical to have a good scope of what is required to be protected. Such scoping projects need to be the first step to compliance and cost management.  

In addition to the upfront cost, there is the cost of the assessment itself. This needs to be done by an independent third party known as a C3PAO (Certified Third-Party Assessor Organization). These costs can range from $15,000 up to the $100,000s depending on the scope and size of the company being assessed. The larger the scope, the greater the expected cost.  

Then there is the ongoing cost of compliance. A company should expect ongoing costs of CMMC. These costs include maintenance of security environments, any secure cloud environments, and physical environments. These costs should be expected to be anywhere from $1,000 to $5,000 per month per user depending on needs, scope, and amount of CUI (Controlled Unclassified Information) being protected.  

The Cost of Non-Compliance 

If a company decides not to go after a CMMC compliance, they will not be able to go after DoD contracts in the future. It will also remove sub-contractors and support companies from being able to service those contracts and companies. For companies heavily reliant on defense contracts, failing to achieve CMMC certification can be economically devastating.  

If you are an MSP or IT service provider to DoD-contracted companies, DoD rule 32, CFR 170, Section 170.19,paragraph 5 states, “If an OSA (Organization Seeking Assessment) utilizes an ESP(External Service Provider), other than a Cloud Service Provider (CSP), the ESP must have a CMMC certification level equal to or greater than the certification level the OSA is seeking.” The Cyber AB has confirmed that MSPs do fall under the ESP standard.  

The Value of CMMC 

Though CMMC has a high initial investment cost and a substantial continuation cost, there are many advantages to having a CMMC certification. Because of its high cost,it creates a barrier to entry for competitors, giving your company an advantage in the marketplace. It is also possible to increase your costs to the government at a rate that is reasonable to the increased burden on your company.  

For information technology (IT) to be considered a valuable investment by the C-Suite, it must be strategically aligned with the business’s key objectives. IT expenditures that do not align with these objectives become a financial drain. 

Simply aligning IT with the business is not enough. The IT investments must deliver the promised results and provide appropriate returns on investment (ROI). Achieving this requires a closed-loop process. The IT organization must maintain a relationship with the C-Suite, allowing visibility into both current and future business objectives. This ongoing conversation necessitates trust and a high level of IT competency. 

One challenge with alignment is the diverse perspectives within the C-Suite. While all are focused on advancing the business and guided by the same objectives, each executive views the path to success through the lens of their specific function. This diversity requires the IT organization to have a robust prioritization mechanism. 

This prioritization is typically managed through the IT portfolio management process, which assesses projects based on business impact (e.g., alignment with key business objectives, payback period, ROI) and implementation difficulty (e.g., risks, likelihood of success). After agreeing on a prioritized list of projects, the IT organization must match available resources and investment capacity to these projects. It is crucial that all proposed investments are cost-efficient and perceived as reasonable by the C-Suite.  

Building relationships and trust with the C-Suite is vital. When C-Suite members perceive IT estimates as too high, it is often due to a lack of understanding of the required integration with legacy systems or the extent of change management needed. Therefore, accurate and comprehensible estimates are essential. 

During project prioritization, it is important to establish clear metrics for success. Success extends beyond mere implementation; it includes delivering the projected business value. The IT organization’s commitment to the C-Suite must be fulfilled. As an example, a CEO at NCR would always ask, “If I give you a dollar today, when will you return it to me?” He wanted an answer of less than a year, though he made exceptions for larger projects, emphasizing accountability for business value return. 

The IT organization must have a process to evaluate investments six months to a year post-implementation, ensuring that the returns are meeting expectations. These returns can manifest as cost savings, reduced time to market, improved customer satisfaction, or increased revenue, all contributing to the entity’s bottom line. This process is often referred to as business value management. 

In summary, success in collaborating with the C-Suite hinges on building relationships and fulfilling commitments. IT organizations need to understand key business objectives, align their investments accordingly, prioritize investments based on C-Suite directions, successfully implement projects, and ensure these projects deliver the expected business value. Consistently delivering business value to the C-Suite will dispel the notion of IT investment as a financial drain. 

Bio: Don Hopkins is the Interim Dean of Raj Soin College of Business at Wright State University and former Chief Information Officer at NCR, SunGard Availability Services and International Game Technology. He also served as Vice President of Global Procurement and Supply Chain Management at both NCR and SunGard Availability Services and International Game Technology.  

Finding qualified tech talent, especially at the junior level, can be a tough task. Employers are often spammed with resumes from candidates, and it can be difficult to filter through resumes and determine which applicants actually know their stuff. Talent teams are already spending countless hours trying to narrow down the applicant pool for higher level positions, and these entry level roles can add undue stress. 

What’s a hiring manager to do? 

Establishing a pipeline of junior level talent by creating a community of mentorship is not only financially beneficial for companies, but provides a more qualified, and often diverse, talent pool for years to come. The creation of a mentorship program also challenges development teams to make clear processes for onboarding new hires, which can help explain the work in a more concise, consistent way for employees across all levels. This results in new hires who are onboarded more quickly and efficiently, and who can begin making an impact much sooner.  

How Can this Pipeline be Established? 

For example, Code:Youprovides free training to adults aiming to transition into tech-related careers, and an integral piece of the program are the volunteer mentors who help students navigate their learning journeys. Qualified professionals who are already in the tech field work with students to help with troubleshooting, knowledge checks, and learning what it’s like to actually work in the tech field. Mentors get to watch their students succeed and build lasting relationships with them. This set-up has allowed for a life cycle of giving back, with former students coming back to mentor the program once they are more established in the industry.  

Companies can intentionally structure their own development teams around mentoring by creating internal pipelines. Senior devs can mentor mid and junior folks, while mid-level employees looking to flex their leadership skills can mentor juniors or interns. By structuring their code, deployment process, and documentation around mentoring, companies can come up with processes that are easy to learn and explain for folks at all levels. This leads to clean code and well documented projects that anyone can contribute to, but requires a team buy-in to build out successfully.  

Get First Pick of Talent 

For example, at Code:You, mentors work with the same group of students for up to 20 weeks, allowing them to get to know their work ethics, skills, and unique backgrounds and interests. This relationship gives mentors the ability to pinpoint students who not only know their stuff on a technical level, but whose background and transferable skills would be a good fit for their company. Instead of sifting through a pile of faceless resumes, they have a pool of qualified talent at their fingertips, saving both time and money in their hiring process. Companies can mimic this model by bringing on early level talent for internships and using established mid to senior level talent to mentor and foster that talent. 

Strengthen Your Team 

Providing a strong mentor experience can allow companies to train students or potential employees in skills important to them. Instilling best practices from the get-go can allow for a shorter onboarding period and learning curve once a new hire starts, allowing them to make a more immediate impact.  

Latecomers to tech can also be an excellent asset for your team, because they often bring other skillsets and/or industry knowledge to the table.  

Sharpening Your Team’s Skills 

Mentors are helping the next generation of tech talent grow into full-fledged junior developers. A mentor does not need to be an expert developer or have prior teaching experience. In fact, self-taught developers who are around the mid-level tend to be some of the best, because they know where students are coming from, and can provide a similar perspective. These leadership experiences can empower higher level developers to grow more in their own careers.  

Have fun! 

Day jobs can be a slog from time to time, even for those who genuinely enjoy what they’re doing. Mentoring adds back in some of the fun of what you do day to day. Helping students work through problems and create exciting new project ideas can help remind you why you got into the field in the first place. Getting more involved in the tech scene is sure to benefit you professionally.It will also surely provide personal benefits as well.  

Creating a strong community of mentorship is not something that happens overnight, but the benefits are worth the hard work. According to a 2022 article from the Society for Human Resource Management (SHRM), employers estimate the total cost to hire a new employee can be three to four times the position’s salary. By cultivating a community of mentorship, your company can lessen those costs by finding talent that is not only a skills match, but a culture match, and set to succeed.  

Bio: Shannon Sheehy is the Manager of Strategic Partnerships for Code:You, a non-profit program that has helped over 1,000 adults launch exciting new careers in technology since 2015. Through her role, she manages the careers team that assists program participants in finding jobs after completion of their training program. A Dayton native and graduate of Miamisburg High School, Shannon now resides in Louisville, KY.

Hello Tech Community!

As we gear up for another exciting year in the world of technology, it's time to talk shop about one of the hottest topics on every IT leader's mind: budgeting for the cloud in 2025. I'm thrilled to dive into this with you because, let's face it, the cloud isn't just a buzzword anymore – it's the backbone of modern IT infrastructure. 

So, let's start with the headline news: Gartner's latest report predicts that by 2025, a whopping half of enterprise IT spending will be allocated to cloud technologies. Wrap your head around this figure: nearly $1.8 trillion – that's trillion with a 'T' – is expected to be spent on cloud services alone.

But before you break into a cold sweat thinking about budget overhauls and endless spreadsheets, fear not! I've got your back with a savvy roadmap to help you prepare for this cloud-centric future while keeping your budget in check. 

Here's the lowdown on how to navigate the cloud migration and budgeting waters in 2025:

1. Know Thy Infrastructure:

Take stock of your current IT setup like a seasoned detective. What apps are you running? Where are your workloads chilling? Understanding your infrastructure inside-out is key to figuring out what's ready to make the leap to the cloud. 

2. Show Me the Money:

Budgeting for the cloud isn't just about crunching numbers; it's about predicting the future (cue the crystal ball). Work closely with your finance team to map out the short-term migration costs and the long-term operational expenses. Remember, a little foresight goes a long way! 

3. Craft Your Migration Strategy:

Rome wasn't built in a day, and neither is your cloud migration plan. Take it step by step. Decide which workloads get first-class tickets to the cloud and which ones can chill in the on-premises lounge a little longer. Oh, and don't forget to factor in downtime – nobody likes surprises! 

4. Lockdown Security & Compliance:

Security isn't just a buzzword – it's your shield against cyber nasties. Beef up your security measures and ensure you're compliant with all the regulations lurking in the shadows. Trust me; it's worth the peace of mind. 

5. Skill Up, Buttercup:

The cloud isn't just about fluffy white things in the sky; it's about empowering your team with the skills they need to navigate this brave new world. Invest in training and upskilling initiatives to ensure your squad is ready to rock the cloud like pros. 

So, there you have it, folks – your roadmap to cloud success in 2025! Buckle up, because the journey ahead is going to be one heck of a ride. And remember, the tech community is here for you.  

Until next time, stay curious, stay savvy, and keep pushing the boundaries of what's possible in tech! 

Melissa

Melissa Cutcher
Executive Director
Technology First

The Industrial Internet of Things (IIoT) and adjacent technology continues to have a profound impact on industrial processes, creating opportunities for product and service transformation. From intuitive graphic interfaces and intelligent device sensors to full-scale industrial workcells and more, successful technology integration is proven to optimize operations. That said, here are several concepts for companies to consider: 

Install a Robot 

An outside-of-the-box concept for many to consider, the adoption of robotic technology further enhances the IIoT ecosystem, driving further growth toward operational excellence. Where applicable, companies that successfully integrate and synchronize highly efficient robots with their current network of devices, including capital equipment, have discovered benefits such as greater production workflow, part quality, product throughput, operational safety, and return on investment (ROI). 

A prime example of this is the integration of an industrial or human-collaborative robot to load/unload machined parts. A highly mundane and potentially dangerous task (depending on the part and environment), the combined use of innovative end-of-arm tooling (EOAT), easy-to-use electrical interfaces and flexible-yet-robust robots enables highly consistent part transfer. Not only is this reliable and consistent method of transfer ideal for protecting the integrity of capital equipment such as press brakes, but also, employee health and safety concerns can be substantially minimized. As an added benefit, workers can be redeployed to safer, value-added tasks for increased competitive edge. Applications for palletizing, pick and place, and welding are other labor intensive tasks that are frequently automated. 

Execute Security Standards 

Whether an industrial robot or another piece of machinery has been deployed, companies that integrate and synchronize equipment to an IIoT framework should understand the potential cybersecurity threats and vulnerabilities these machines (and others for that matter) can face. From exploiting weak passwords to ransomware attacks and more, there are a variety of ways “bad actors” try to disrupt operations. For these reasons, it is important for decision makers to take all necessary steps to ensure robot and enterprise safety.  

Adhering to robot safety standards and industry best practices such as the Robot Security Framework (RSF) is suggested. Additionally, replacing default passwords with strong passwords, along with backing up robot and peripheral data at regular intervals is helpful. 

Encryption and authentication techniques to protect data and communication may also be helpful to securely connect robots to necessary systems or networks. Protocols like Secure Sockets Layer (SSL) and Transport Layer Security (TLS) can aid in encrypting and authenticating data transmitted over the internet or other networks, while Virtual Private Network (VPN) technology can create a secure and encrypted tunnel between devices and a remote server. Public Key Infrastructure (PKI) may also be used to employ digital certificates and keys to encrypt and authenticate data. 

“Hardening” devices and existing networks to withstand physical and logical attacks is also important. This process is done by applying security measures and configurations that disable and/or remove any service and feature that is not required for robot or device operation. This includes apps, interfaces, ports, protocols, etc. 

Clearly defining internal roles and responsibilities for managing the robotic system (and inter-connected devices), when needed, is also ideal. While this is not a complete list of protocols and methods that may be used, it indicates that cybersecurity is a real threat that should be taken seriously, and proper precautions should be implemented to protect operational integrity. 

Use Machine Monitoring 

Many devices (CNC machines, robots, grippers, scanners, torches, etc.) can provide a wealth of information pertaining to equipment performance and operational trends. The ability to check, harness, and transform this data into actionable insights is extremely valuable for achieving the highest level of operational efficiency – as it enables data-driven optimized planning for key decision making. 

That said, the implementation of a factory automation monitoring system that supports multiple brand devices and collects data in real time is suggested. From a manufacturing perspective, IIoT monitoring tools (along with product/part tracking) are helpful for detecting system errors, part defects and production bottlenecks. 

Proven edge server solutions that use a leading OPC-UA interface to enable an integrated, intelligent, and innovative approach to data analytics are ideal. This allows decision makers to see what is happening at any point on the value creation chain. In turn, this helps to make informed choices that provide the ability to better manage supply chain complexity, maintain high-throughput production and execute strategic company goals. 

Practice Preventative Maintenance 

The key to peak performance operations is maintaining the health of a robot and other capital equipment. While the use of machine monitoring for predictive and preventative maintenance can play a large part in the life cycle management of automated tools, visual checks of a robot system should not be overlooked. From performing a grease analysis to monitor iron levels to doing a manual test to check for worrisome vibrations and gear noise, there are common assessments end users should perform to protect their robotic investment. 

With any high-end purchase, it is always smart to invest in the value-added support programs available through the equipment supplier. Not only does this help ensure maximum asset performance, but also it provides prime ROI. Locking into an annual or extended service plan can augment a company’s preventative maintenance strategy, while ensuring issues are addressed in a timely manner to optimize uptime. 

Whether protecting a robot or robot system purchase, maintaining the life cycle of another piece of capital equipment, these concepts should help build a solid foundation. As always, any questions should be directed to your robot supplier or equipment manufacturer – as this will provide the best source of information for moving forward. 

Bio: Bill Edwards is Sr. Manager of Collaborative Robotics at Yaskawa Motoman, where he strategically oversees all aspects of collaborative robot planning, design, specification and approval. With over three decades of experience in engineering and project management, as well as control systems application and design, Bill is dedicated to developing safe, high-quality robots that foster greater production efficiency. He is a voting member for both the International Organization for Standardization (ISO) and the American National Standards Institute (ANSI), where he serves on various industrial robot safety committees. 

In today's rapidly evolving technology landscape, safeguarding your investment in technology is good business sense. With the ever-present threat of cyber-attacks to companies of all sizes and the need for scalability, businesses must adopt proactive measures to protect their assets while maintaining flexibility for growth. This article explores a concept called “continuous threat exposure management” and strategies to ensure scalability in the face of these evolving challenges.

Continuous Threat Exposure Management

1. Vulnerability Assessment: Scope for cybersecurity exposure
2. Develop a discovery process for assets and their risk profiles
3. Prioritize the threats most likely to be exploited
4. Validate how attacks might work and how systems might react
5. Mobilize people and processes

Continuous Threat Exposure Management (CTEM) is a formal, proactive approach to identifying, assessing, and mitigating risks to an organization's digital assets. It involves continuously monitoring the organization's technology infrastructure, applications, networks, and data for vulnerabilities and potential threats. The goal of CTEM is to minimize the organization's exposure to cyber threats by identifying and addressing weaknesses before they can be exploited by attackers. The need for processes like CTEM in organizations of all sizes is an unfortunate reality of today’s world.

According to Gartner, the 5 major steps in CTEM are:

Vulnerability Assessment: Regularly scanning and assessing the organization's systems and networks to identify vulnerabilities, misconfigurations, and weaknesses that could be exploited by cyber threats.  

The full vulnerability assessment process is an ongoing investigation of not only what ports might be accessible from the Internet, but also a complete scan of internal resources and what might be accessible to a “bad guy” if they do get inside the network.  In years past, it was often deemed sufficient to do a scan of your company’s “public” footprint to see what ports might be open to internal resources and identify any misconfigurations or flawed security from that perspective. More recently however, since over 90% of cyberattacks begin with a phishing email, which ends up either compromising a local system, or a cloud email platform, looking at the technology from the perspective of the bad guy is the better approach.

Most organizations, especially smaller companies, may not have the internal resources or tools to conduct these types of scans internally. The use of an external 3^rd party resource which specializes in Cyber Security Penetration Testing is advised. Even MSPs (Managed Service Providers) find it wise to outsource this specialized service to 3^rd parties on behalf of their clients.

Threat Intelligence Integration: Incorporating threat intelligence feeds from various sources to stay informed about emerging threats, attack techniques, and indicators of compromise relevant to the organization's industry and technology environment.

Keeping up to date on everything technology related is a daunting process, and now we need to keep a close eye on Threat Intelligence as well. While there are many open-source, online resources that provide lots of up-to-date information on threats, keeping up to date on them is difficult, especially for small businesses.

The FBI’s InfraGard program is a collaborative product between the FBI (Federal Bureau of Investigation) and members of the private sector. Authorized users of the InfraGard program can share information, networks and educational workshops to keep up on threats relevant to 16 specific infrastructure categories.

There are also 3^rd party resources providing consolidated resources for vulnerability and intelligence.

Patch Management: Implementing a structured process for installing security patches and updates promptly to address known vulnerabilities in software, operating systems, and applications.

It is common knowledge that Microsoft, as one of the predominant software providers, releases their standard patches on “Patch Tuesday” -- the second Tuesday of each month. Patch Tuesday is the unofficial term for the day when Microsoft releases update packages for the Windows operating system and other Microsoft software applications, including Microsoft Office. In some cases, Microsoft will issue "out-of-band" updates for particularly critical security flaws, especially ones that are being exploited in the wild.

As Microsoft patches security vulnerabilities, it doesn't release those patches immediately. Instead, the company gathers those fixes into a larger update, which is released on Patch Tuesday.

Windows workstations and servers automatically (by default) check for updates about once per day. The average system should automatically download these updates quickly but may delay installation.

With the number of issues with Microsoft updates over the past several years, many organizations hold off on applying updates for a week or two, to make sure there are no issues noticed.

Security Monitoring: Using monitoring tools and technologies to continuously monitor network traffic, system logs, and user activities for signs of suspicious or malicious behavior that could indicate a security threat.

Network monitoring is crucial for small businesses to ensure the health and functionality of their computer networks. In today’s digital landscape, where businesses heavily rely on technology, having a robust network monitoring system is essential to find issues and potential threats. As small businesses often have limited IT (Information Technology) resources, it becomes even more vital to have efficient network monitoring in place.

Incident Response Planning: Developing and regularly testing incident response plans to ensure the organization is prepared to detect, contain, and respond effectively to security incidents when they occur.

Businesses should have a written plan that identifies those steps to take in an incident, including notifications to Cyber Insurance carriers, customers, and law enforcement. Preventive steps to keep business functionality include backup and recovery procedures to help a business recover and get back to normal operation as quickly as possible.

Risk Prioritization and Remediation: Prioritizing vulnerabilities and security risks based on their severity, likelihood of exploitation, and potential impact on the organization's operations, and implementing proper remediation measures to mitigate these risks.

The formal Continuous Threat Exposure Management (CTEM) process is an approach to identify, assess and mitigate risks to an organization's technology assets. While this approach is ideal in a perfect world, it does entail significant investments in processes and resources.

For smaller business without the internal resources for this process, a Managed Service Provider may be able to provide these services or coordinate with 3^rd parties for some of these steps such as Vulnerability Assessments, understanding threats, implementing Patch Management controls and Security Monitoring.

Bio: Barry Hassler is the founder and President of Hassler Communication Systems Technology, Inc (HCST), a business IT Managed Services Provider based in Beavercreek OH. HCST has been in business since 1991 and serves a variety of small businesses primarily in the Dayton and Springfield Ohio

Panetta, Kasey, “How to Manage Cybersecurity Threats, Not Episodes”, Gartner, 3 May 2024, https://www.gartner.com/en/articles/how-to-manage-cybersecurity-threats-not-episodes

Copiers (MFPs) and Printers are often forgotten when it comes to a company’s security policy.  As IT professionals continue to invest time and money into tightening their cybersecurity, it is vital to include MFPs and Printers in their policy.   Copiers of years ago were simple devices, not connected to a network and they only made copies.   As technology has advanced, so have MFPs.  These devices are just like any other device on your network and are a gateway to an enterprise’s most sensitive data.

According to a 2023 Print Security Landscape Survey by Quocirca, 61% of organizations have experienced a print-related data loss over the past year and 39% struggle to keep up with printer security.  

Below are the top MFP and Printer security risks and how to mitigate them:

1. Physical Access: Documents left on the output tray pose a significant security risk.  We recommend a “follow you” print strategy to enable the device to “hold” the job until an end user authenticates and releases at the device.

2. Default passwords: Factory preset credentials need to be changed by administrators.

3. Lock Down Scanning Access: MFPs are often used more for scanning than copying.   Scanning should be locked down at the minimum to scan only to your company’s domain.  To take it a step further, having users authenticate with their user credentials and enabling “scan to myself” is a best practice. If scanning isn’t locked down, confidential documents can be sent to “Gmail or Yahoo” addresses and your company wouldn’t even know it was sent.

4. Lack of Security updates: Your Vendor should work with you to ensure these devices have updated firmware and software patches.

5. Hard drive wipes: Before these devices leave your environment to either be shipped back to a leasing company or decommissioned, it is vital to wipe or destroy the hard drive.

6. Track and audit device usage: Many companies are investing in print management software to track who is using these devices and how they are using them.  You can limit what a user has access to and have audit trails of how each employee is using the device.

7. Home office printing: With the trend of a hybrid workplace continuing to grow, it is vital to make sure that home office printers are configured and set up with the same security settings as your in-office devices are.

8. Standard security features on devices: Many devices now come with SIEM integration, Verify System at Startup, SSD Data Encryption, and Encrypted Secure Print.  It is important to ensure that these security features are enabled and set up properly.

9. Cloud printing risks: Cloud printing services are on the rise, but it is important that your provider has robust security measures in place.  End-to-end encryption of print jobs, reviewing activity logs and reviewing access control all need to be in place.

MFPs and Printers are an integral piece of technology in organizations, but if left unmanaged can pose a high security risk.   Confidential data regularly moves between user’s PCs, Servers and MFPs/Printers, so it’s important to have a security plan in place to protect your print environment. 

Bio: Leah Seymour is the Senior Sales Director for Modern Office Methods (MOM) and has 26 years of experience in the Office Equipment Industry.  She specializes in working with IT Leaders in Healthcare, Manufacturing, Logistics and Higher Education to help them improve productivity, control costs and secure their devices.

Building a technology organization involves substantial investments – from hardware, software, and cloud solutions to the critical processes governing, modernizing, and maintaining operations, not to mention the invaluable talent driving these initiatives. 

Your investment in people is particularly crucial, as skilled personnel play a pivotal role in developing, managing, and effectively utilizing technology. Identifying, recruiting, and onboarding the right talent requires significant time and resources. However, the journey doesn't end there. Retaining these team members necessitates a strategic plan and continued commitment of time and resources. 

Here's how your business can safeguard its investment in people: 

Leverage Technology First:

• Attend peer group meetings for insightful peer-to-peer sharing and learning. 
• Transform a peer group meeting into a one-on-one development opportunity by bringing a team member along. 
• Expand knowledge and strengthen networks by attending conferences. 
• Encourage subject matter experts (SMEs) to submit presentations at conferences, enhancing their speaking skills. 
• Foster collaboration by actively participating in our peer resource group forums. 
• Join a committee and contribute resources to give back to the community. 
• Share volunteer opportunities with your team to promote team building. 
• Nominate a team member for a Technology First Leadership Award and attend the event to support all finalists.

Prioritize Well-being and Development: 

• By prioritizing the well-being, growth, and development of your technology workforce, your business can ensure a resilient and motivated team that drives innovation in the dynamic technology landscape. 

Connect, Strengthen, and Champion Your People: 

• The more you invest in connecting, strengthening, and championing your people, the more invested they will be in the career you're developing together. 

As you focus on protecting your technology investment, take a moment to enjoy summer activities that energize you. We hope to see you at one of our upcoming Tech First events! 

*SMACK!*

Stop it!  Stop it right now!

*SMACK!*

We all know the classic Hollywood trope: the heroine stands her ground in front of the “false threat”. In the face of her unexpected authority and steadfast agency, that threat suddenly comes up short (and to great comic effect!).  From there, what initially presents itself as an insurmountable obstacle to the heroine ’s journey transforms into a loyal and steadfast ally for the rest of the plot.  Think: Dorothy and the Cowardly Lion, or Cher and Nicolas Cage, or Kagome and Inuyasha. 

If only life would work like that.  If only our work would work like that.

There are a lot of lessons to be pulled out of these stories: team building, change management, system transformation, etc.  But there ’s a warning here, too.  A warning that gets glossed over too often and leads to a lot of failed team building, change initiatives, and system transformations.  The warning of the Magic Bullet Mentality - mistaking the resolution of the “false threat” for the solution of the real problem.

Everyone falls for the Magic Bullet at some time; most times, multiple times.  “Do this one thing!” “Make this one change!” “Install this one tool!” Too often, especially in Information Technology, the Magic Bullet Mentality leads to buying and installing some very high-priced (and, therefore, high-visibility) tools that fail to live up to their promises.  And what do you have to show for it all?  A big hole in your budget, a burned out support team, and a lot of angry questions from your business leadership.

So, if we are all susceptible to the trap, how can we avoid this ‘magic bullet’ thinking?  Even better, is there a way to rescue a deployment that obviously started with a ‘magic bullet’ in mind?  There are three questions to ask, right now, to help:

1. Do you have a “Process Map”?

Process mapping might not be the latest buzzword, but it’s darned important nonetheless.  And the sooner the process mapping is done around the existing tool, the better.  That’s right; the existing tool.

Too often we’re so enamored with the promised benefits of the new tool, we want to skip to the end and not do the due diligence necessary to map out the work ahead.  But how else can one ensure new tooling will successfully take over the job of the old one, if you can’t describe the work the old one was doing?  You can’t.  You need a baseline to measure against.

The Process Map as a baseline has another benefit.  Once completed, a savvy project manager can take it, break it down into the individual components and efforts, and build a much more effective project plan.  And a project manager with a proper project plan will be much more likely to succeed.  Already started the project and don’t have the Process Map completed? 

*SMACK* “Shame on you!” - Dorothy Gale, Wizard of Oz (1939)

2. Do you have a “Data Map”?

Data mapping is a newer buzzword, but it is not the same as a Process Map.  A Process Map charts the relationships between business functions and processes.  It provides insight on: which departments are responsible and accountable for what activity, who gets informed or consulted about those results, and what needs to happen before and after.  A Data Map describes the flow of information between the various systems and technologies described in the Process Map, down to the individual data attributes. 

Consider an example.  Three teams work together to procure hardware and software assets: Vendor Management, Purchasing, and IT Service Management.  Each uses different tools to do their jobs and coordinate using email, chat, and excel charts.  The Process Map will show how these teams work together, and how a new ERP system could provide response and operational efficiencies.  The Data Map would show that the Service Management team needs cost center codes and project number data in order to keep break/fix inventory separate from capital expensed equipment.  And, come to find out, that new ERP system requires a whole separate financial module to be able to handle that demand.

Let me guess.  You already started the project without a data map? 

*SMACK* Snap out of it! - Loretta Castorini, Moonstruck (1987)

3. Have you done a “Feature Analysis”?

To be fair, the issue exemplified above could also have been noticed with a proper Feature Analysis.  Nobody likes doing them, but the money and heartache that can be avoided by making sure the right tool is chosen cannot be stressed enough!  A Feature Analysis goes beyond merely sitting through a boring sales demo, or copy/pasting the feature comparison from gartner.com .  The Feature Analysis lays out the manufacturer’s plans and roadmaps for future features, prices out the cost of support services and discounts offered, interviews and investigates other customers’ satisfaction with the tool and implementation.  The Feature Analysis will also draw direct connections between issues internal clients are having with their existing tooling and the features offered by all the other tools being considered.

Unfortunately, a Feature Analysis will not be of much good if the tool has already been purchased.  But if you are still in the planning stage?

*SMACK* “Sit boy!” - Kagome, Inuyasha (2000)

BONUS QUESTION: Consider a third-party consultant?

The idea of bringing in a third-party consultant - in addition to the internal technical personnel, the manufacturer’s technical resources, project manager, stakeholders, etc. - gives the feeling of ‘too many cooks in the kitchen.’  However, if the installation project is already in flight and there is a high degree of “magic bullet” thinking, a third-party consultant can be just the solution. 

The manufacturer’s provided resources are really there for one goal: to complete this installation to the client’s satisfaction (or contractual obligation).  Usually, they will be running a script, checking boxes, and only provide specific solutions to specific technical challenges that arise.  They will not be able to make suggestions surrounding process changes, data flows, internal responsibilities or external accountabilities.  The internal team might know the ins-and-outs of the current platform, policies, and users.  But they might not have the experience with large digital transformations and the challenges the new tooling will present.

A third-party, independent consultant can provide the experience and guidance to help both the internal and external teams succeed.  An experienced consultant will have actively participated in a number of similar deployments (not just the tool in question, but competitors as well).  They will be able to describe the usual mistakes and provide recommendations to the internal team and increase their change of success.  At the same time, they can engage the tooling resources to effectively and efficiently ensure the tooling resources can overcome challenges in a way that ensures long-term success for the client (not just the installation).  A third-party, independent consultant can also provide benefits in other areas as well: completing documentation, crafting training materials, building internal reporting to ensure the new tool stays useful.

Bio: Jeremy Boerger founded Boerger Consulting, to improve and promote the benefits of Information Technology Asset Management (ITAM) programs for medium and large businesses.  He is a published author and sought-after speaker at technology expos, conventions, and podcasts around the world.  His clients routinely see a one-third reduction in their software operations budget, usually within nine- to twelve-month timeframe.

In the tech leadership world, there’s this common trap we can fall into—hiding away in our offices. It's easy to do, especially for those of us who lean a bit on the introverted side. But here’s the thing: to really get the pulse of what’s happening in our field, we've got to get out there and engage with the people doing the actual work. Technology’s all about making things easier and more innovative for our teams, but there’s often a gap. Folks not living and breathing tech might not know about all the cool tools they could use, and us tech leaders might not see the creative shortcuts or workarounds they're using to get things done.

So, how do we bridge this gap? How do we get more in tune with the heartbeat of our companies? Here are a few thoughts:

Getting out of your office and engaging with your team not only helps your tech team get seen as the go-to problem solvers but also makes your work a lot more enjoyable. It’s about building connections, understanding the real-world application of your work, and continuously improving things.

In short, stepping away from the comfort zone of your office and diving into the daily lives of those around you is key for any tech leader looking to make a real impact. It’s all about fostering a sense of community, being open to learning from the ground up, and using that insight to drive innovation and efficiency. Plus, it’s just a more fun and fulfilling way to work. Making those connections, understanding challenges first-hand, and seeing the direct impact of your solutions.

*****

Bio: Karen Kauffman is the Director of Information Technology at Precision Strip Inc.  Karen has 35 years of experience in the IT industry, with 20 years of leadership experience.  Precision Strip leads the industry in metal processing for the automotive, appliance and beverage can industries.