• Whether an individual, a small business, or an enterprise – cybercrime doesn’t discriminate. All things “cyber” continue to grow, unfortunately including cybercrime (cyberattacks, cyberthreats, hacking, phishing, etc.). Follow along to learn what cyber challenges we are anticipating in 2024 and how you can manage.

  Growth in Cybercrime

  Cybercrime has been on a steep rise over the past several years. With ransomware and “data extortion” breaches making the news almost daily, attackers have turned these activities into profitable revenue streams that are unlikely to stop soon. While risks are at an all-time high, the task of protecting networks is becoming harder for businesses of all sizes. As we migrate to de-centralized cloud-based applications, the traditional “castle” method of defense with building walls around our most valued assets will no longer work.

  The number of applications used by a typical organization has rapidly grown in the last few years. According to recent reports, organizations use 130 SaaS apps, which is up from just 16 five years ago. The problem is then compounded by bringing more and more of our devices online, which creates additional “attack vectors” for cybercriminal to target within our environments. Forecasts say there will be 41.6 billion IoT (Internet of Things) * devices by 2025. These include POS and entertainment systems, cell phones and computers, digital signage, printers and more. Not to mention, the software and firmware running these systems sit atop increasingly complex codebases.

  So, what can you do?

  Business size plays little part in who is or is not attacked. As the “business of cybercrime” has grown, there are now attackers that fit victims of every size. Unfortunately, there is no one-size-fits-all solution for this complicated problem.

  Individuals and small businesses have limited financial resources dedicated to cybersecurity, making it crucial to prioritize and allocate resources effectively. As businesses grow and become more valuable, it is critical that they continue to increase their security posture at the same rate to address new risks and prevent increasing potential losses.

  The Federal Trade Commission lists five principles of sound data security:

1.     Take stock: Inventory the office and know what information you have – where is it stored and who has access? What do those people or businesses do with the information they have access to?
2.     Scale down: Retain only what you need. The more information you hold the greater the risk that personal information will get exposed.
3.     Lock it: Providing the minimal amount of access needed to people and devices generally leads to better overall security. On your network, two things you can do are:

a.    Using advanced firewall with security features like intrusion detection, content filtering and built-in malware scanning. This will help prevent customers and your team from mistakenly navigating to malicious websites and help stop already malicious devices from connecting back to their servers.

b.    Segment your network to reduce the impact if there is a breach. Create smaller “Virtual Networks” (VLANs) in your environment to virtually split up which devices can communicate with each other. A common setup for small to midsize businesses might be to build four “virtual networks” like…

4.     Pitch it: If you don’t need it, get rid of it securely. Create a retention schedule and have appropriate disposal processes and devices.
5.     Plan ahead: Create a policy and procedure regarding cybersecurity and invest in the correct technologies and partners if it’s not your expertise. Use reputable vendors for purchasing hardware and services, and stick with trusted brands – especially when it comes to internet connected devices. Many IoT devices found online are made by fly-by-night manufacturers and have been found to come with “backdoors” built in, but even those not compromised from the start are often not supported long term by the makers and become security risks.

• And finally, never neglect your people. Even a perfect fence can’t work if someone accidentally leaves the gate open. So, invest in employee training and security awareness.

  A few key practices to highlight: **

• • Secure personal devices like laptops and phones, especially when in public places. Be sure to lock your screen if your computer is unattended, and don’t install software that isn’t authorized on work devices.
  • Educate employees on the signs of a cyberattack, especially phishing, and the laws that apply to data they may handle.
  • Make sure employees know who to turn to and feel they can come to you if an issue arises, it takes the whole team to fight these threats.
  • Remove employee access if they are no longer with the company even if you don’t think the person is a risk. User accounts no one is using leaves the door cracked open for attackers.

As we approach 2024, individuals and businesses must be prepared to tackle the evolving cyberthreat landscape. Understanding the seriousness of cybersecurity, identifying your unique needs, and addressing the practices above are great ways to start.

*Stats found in Harvard Business Review: https://hbr.org/2023/04/cyber-risk-is-growing-heres-how-companies-can-keep-up  

**Principles and practices found from Protecting the Unprotected: Data Breach Prevention and Response – A Guide for Businesses and Charities by Dave Yost

Jordan is a Senior Manager of Security and Cloud Services at Hawaiian Telcom, a company under altafiber’s family of companies. He has spent nearly two decades helping organizations implement technology to solve business challenges. Jordan has a Master of Science in Leadership and Management and has earned CSSP, C|CISO, and GCFA certifications. He will happily talk your ear off regarding anything with technology, organizational culture, or the best ways to cook meat with fire!

The Crisis We Are In

The pandemic changed a lot!!   Trust and confidence in IT have increased as a result of the support the organization received from IT when the pandemic was at the most volatile stage. Expectations for IT are also higher now as a result.  While worker productivity was proven to reach, or even surpass, pre-pandemic levels for IT performance, attitudes and expectations of IT staff have also shifted as a result. 

The "great resignation" emerged - and continues to some extent.  IT staffing functions (both recruiting and retention) are in a state of "crisis" - whether it involves bringing talent in through the front door or preventing them from wanting to leave.  While many organizations have adjusted as a result of living through the pandemic, many more have not - with some that are even still waiting for the "right time" to move back to old practices.

The staffing crisis is acute enough to put business goals and objectives at serious risk.  While seemingly not a glamorous technology "trending" topic, it continues to rank as one of the highest areas of impact to IT organizations as we move into 2024 - certainly one of the top three across the majority of the 30+ CIO clients I work with and advise.  Many CIOs are battling against antiquated HR-related policy and an organizational culture that works to their disadvantage.  My repeated advice to my clients is not to get caught in the "victim" mentality - but to do more to lead the changes that might be necessary. 

Staffing (recruiting and retention) as a Core Competence

Staffing is a multi-dimensional function - encompassing attracting, hiring, and retaining resources.  Too many IT leaders are focused almost exclusively on the hiring function and ignore what it takes to attract and to retain the talent they need. 

At the same time, workers’ expectations have shifted - whether as a part of living through the pandemic or as a function of the shifting norms and nuances of different generations - work-life balance is higher on the list of important considerations than ever.  The CIO needs to have a strong partner in the CHRO (and support from above) to tackle some of the foundational elements that can positively impact the CIO's staffing functions.

IT leaders also need to better understand what factors influence the Employee Value Proposition (EVP) of the candidates and employees who are making decisions every day whether to join, stay, or leave.

Sourcing IT Candidates

Traditional recruiting channels do not continue to deliver as in the past while direct recruiting of experienced workers is more competitive than ever before.  College Internships as a way of "sourcing" inexperienced candidates continues to change - with candidates entering internship programs earlier in their college years and receiving offers from potential employers much earlier than before.  It's not unusual to see internships attracting sophomores and freshmen while organizations try to lock in earlier on students with potential.

As a result, non-traditional sourcing channels are gaining attention and interest.  IT Apprenticeship programs have been growing in popularity - targeting "2nd career" candidates in their 30's and 40's as a way of introducing them to more entry-level IT functions such as help desk, deskside support, security monitoring, testing, and even early data analytics. 

Also, focusing more broadly across all employee demographic categories is important.   More formalized Women in IT programs with specific attention is needed to address the unique needs and interests of women as that demographic continues to see less candidates entering college IT curriculums.  Also, DEI programs are getting more attention to address areas of interest that will help in attracting and retaining talent.

Retention

The economics and benefits of focusing more on retention efforts are clear.  It is easier, less expensive, and less risky to retain a skilled employee who is performing well than to find a new one.  Especially given that much of the job-at-hand is unique to the organization regardless of the core functions that underly the position (and are considered "transferable" skills).

Understanding what factors drive retention is often a gap for many managers.  Putting too much emphasis on compensation is a common problem. 

Likewise, assuming that certain retention factors are the same across all workers is another problem.  While trends may seem to emerge across certain demographic dimensions (age, gender, nationality, etc.) knowing your employees well is the best way to know what factors are important to each one.

Some popular targets in the area of staff retention include developing programs and adjusting policy to:

o   Allow for flexible work arrangements (location as well as time of day) based on the position 

o   Accelerate opportunities and timelines for career advancement

o   Expose employees to other technical (or functional) areas of interest that they aren't currently exposed to - and provide more opportunities for education that can be leveraged

o   Strengthen performance measurement programs in order to more accurately reward high performers, improve marginal performers, and remove non-performers

o   Reskill employees and business technologists to fill gaps created by the shift from legacy technologies to emerging ones

Bottom Line

The organization relies on the ability of the IT function, more than any other, to achieve its bottom line and to accomplish its goals and objectives - whether it's strategically transforming itself or operating in a business-as-usual mode of operations.   IT leaders need to continually articulate the direct correlation between their ability to perform and "deliver" - and the business outcomes that their IT services are expected to enable or influence.   

It should be a pretty straightforward value proposition when it comes to getting the attention (and at times the additional investment) needed to address the necessary changes or enhancement. 

As IT leaders we need to take greater interest, control, and influence over something that is so impactful and influential to our success - and ultimately the success of the organization.

Paul Stoddard is an Executive Partner with Gartner’s Executive Programs. He works to provide expertise and guidance to his CIO clients as a trusted advisor to help them realize their strategic goals and achieve their business objectives. Paul brings 35+ years of a very broad IT background as both a technology consultant and former CIO at several large-scale firms.

Technology First Was the Place to Be in 2023!

As the year draws to a close, let’s reflect on how our members lived up to Technology First’s mission to connect, strengthen, and champion the best-connected technology community in the Dayton region.

January  Our Peer Resource Groups began the year strong with our Annual CIO Forecast Panel. Board Chair Treg Gilstorf, the Chief Operating Officer for Smart Data and CNBS Software moderated a discussion with J.D. Whitlock, the Chief Operating Officer for Dayton Children’s Hospital, Jon Scruggs, Director of IT for Hobart Service, and Matt Coatney, Chief Information Officer for Thompson Hine LLP. Here is how you can get involved in a Peer Resource Group in 2024.

February Our Digital Mixer was a big hit! We brought education and industry together to meet workforce needs. Many thanks to Partner Wright State University for hosting. Technology First Executive Director, Melissa Cutcher, was a guest on the podcast A Greater Dayton and shared why events like the Digital Mixer make Technology First such a relevant trade association. Here is how you can participate in the 2024 Digital Mixer.

March If it’s March, then it’s time for our Ohio Information Security Conference. Over 300 attendees enjoyed two keynotes, six learning tracks, one CISO panel and over 30 exhibitors ready to help solve their biggest cybersecurity challenges. Here is how you can attend #OISC24.

April Technology First members love to give back and a local Girls Who Code field trip to the GRILL (Gaming Research Integration for Learning Lab) was a fun way to do it. Featuring our mosaic mural, Technology First volunteers helped the chapter learn about systems engineering. Technology First members volunteer for a variety of events throughout the year. If you’d like to join us, here is where you find opportunities for 2024.

May Speaking of volunteers, our Volunteer Appreciation Night at Poelking Lanes was a strike! The VIP Suite was the perfect place to eat, drink, bowl, and network. Thank you again to everyone who gives their time and energy to strengthen our community. Thanks also to the Technology First Board members who were able to attend and thank our volunteers in person. Here are your current Technology First Board of Directors for 2024.

June Executive Director, Melissa Cutcher, was invited to participate in a panel discussion for the Dayton Area Chamber of Commerce’s Gen D Ignite program. For their Personal Strength and Profession Growth program day, Melissa coached emerging young professional leaders on how to build their networks. If you are interested in helping further Technology First’s mission to build for the future, here is how you can help in 2024.

July We had an amazingly positive response to our Summer Networking Series, #UniteDaytonTech. Our first happy hour event was at Off Par Golf & Social in June and the tickets sold out. It was so much fun, we did it again. This time at Warped Wing Springboro and we packed the house. These events are free to members and are a great way to connect. Here is how you can become a member in 2024.

August Workforce continues to top the list of concerns for our technology community, so we invited Partner, TEKsystems, to present on the State of talent at our Tech Forum. We have several articles regarding the workforce on our TECH NEWS page. Here is where you can read them in 2024.

September  This was a busy month for the community. The Women 4 Technology Peer Resource Group held their first conference, Own IT! Over 125 women gathered to network and champion empowerment. Also in September, you raised $8000 for the Technology First Scholarship Fund at our annual Scramble for Scholarship Golf Outing. Here is how you can contribute to the Technology First Scholarship Fund in 2024.

October We kicked off the regular quarterly meetings of our newest Peer Resource Group, Workforce Development. We had a very interactive panel discussion on alternative recruiting channels. Everyone is welcome to participate in this group. Here is how you can attend discussions in 2024.

November The 17th Annual Taste of IT Conference sold out again this year. We met 470 of our closest friends at the intersection of tactics and trends and shared our knowledge and networks. We enjoyed a great morning keynote from Gary Sorrentino, Global CIO of Zoom, an engaging lunch panel discussion around Industrial AI, 24 breakout sessions, and solutions from 36 providers. Capping off the conference, we recognized technology talent from the Dayton region at our 10th Annual Technology First Leadership Awards. Here is information for the conference in 2024.

Thank you to our Board, Committees, Partners, Sponsors, and Members for connecting, strengthening, and championing your community this year! We are already looking forward to what 2024 will bring!

The Privacy and Security Risks of “Citizen Development” 

Marc Andreessen, founder of Netscape and a well-known technology investor, famously said “‘Software is Eating the World” way back in 2011 and it’s obvious now that he was right. We live in a Software Defined Everything (SDE) world where even your coffee maker is “smart”, and the trend of software in everything shows no signs of slowing down.In fact, it’s estimated there will be 76 billion Internet of Things (IoT) aka “smart devices”,each driven by software, online by 2025, and Microsoft has said there will be a whopping 500 million new apps built over the next five years. 

All this software is driving the rapid digital transformation of our world and while the demand for software development has never been higher, it greatly outstrips the available supply. Gartner reported that demand for software development will grow five times faster than conventional IT departments and the average IT project backlog is between 3 and 12 months per Appian. 

Compounding the issue is the growing shortage of software developers. Forrester has reported that there will a shortage of 500,000 developers in the United States by 2024 and IDC has reported the shortage of software developers may reach 4,000,000 worldwide by 2025.  

To quench the demand for software development and to accelerate value delivery many organizations have embraced “Citizen Development”. Citizen Development democratizes software development by allowing “Citizen Developers”- individuals with little or no programming experience - to use low-code or no-code (LCNC) tools to quickly build and deploy software applications. LCNC tools are rapidly growing in popularity, Gartner predicts that by 2025, 70% of enterprises will use LCNC tools and LCNC platforms expected to reach $187 billion in sales by 2030 according to Research and Markets. 

This is a fundamental shift in how organizations build and maintain software applications. Individuals without an extensive technical background can build business ready applications using visual interfaces and pre-built components with little or no coding required. Readily available LCNC tools such asMicrosoft Power Apps, Appian, Zoho, Quickbase, and Salesforce Lightning allow business professionals with domain knowledge to create applications tailored to their specific needs without waiting for or relying on traditional software developers in the IT department or at an external consulting company.  

The reasons for the growing popularity of Citizen Development include: 

As a result of the exploding popularity of LCNC tools and the benefits they deliver, organizations of all sizes may find themselves leveraging LCNC tools. And while the democratization of software development can significantly speed project delivery and reduce demand on traditional IT departments, like many “Shadow IT” solutions that originate outside the IT department, Citizen Development introduces privacy and security concerns for organizations that employ it. For example, non-technical users might not be aware of privacy concerns or security best practices, leaving their applications more susceptible to attacks or leaks.Increasingly frequent and increasingly devastating cyberattacks demand that organizations understand and address these concerns. Let’s examine each in more detail. 

Citizen DevelopmentPrivacy Risks: 

Citizen Development Security Risks: 

Organizations should ensure they address the following to reduce the risks of Citizen Development: 

The advent of LCNC platforms has revolutionized the way software is developed and it offers immense potential for organizations seeking speed, agility and efficiency.  However, the convenience and accessibility of citizen development brings inherent privacy and security risks that must be addressed proactively, and organizations should strive to strike a balance between fosteringCitizen Development and safeguarding sensitive data. 

A well-executed citizen development strategy can empower employees, drive innovation, and significantly contribute to the overall success of digital transformation initiatives.By investing in training, robust security, trustworthy platforms and a good governance framework, organizations can leverage the power of Citizen Development while minimizing the associated risks.

Dave Hatter, Cybersecurity Consultant, Intrust IT – CISSP, CISA, CISM, CCSP, CSSLP, PMP, PMI-ACP, PMI-PBA, PSM 1, PSD1, ITIL 

During the COVID pandemic, we experienced lockdowns, illness and death, loneliness, working from home, learning from home, disrupted supply chains, overtaxed health systems, non-stop media reports about COVID, and daily anxiety and stress.   Although U.S. and global health organizations declared the end of the COVID public health emergency, the effects linger, including many workplace disruptions.  Being a good leader of people in any industry means reflecting on social context and social disruptions and how our own leadership skills and style must adapt.  Because every organization’s competitive advantage relies increasingly on technology in this age, it is even more important for technology leaders to pivot to changing workplace conditions. How are you adjusting in response to these disruptions? 

1. Hybrid and Remote Workplace 

For many roles in the workplace, we are not going back to the old way of working - physically in the office building five days a week, 8 am-5 pm.  According to Forbes, of the jobs that can be done remotely, 7% of workers were fully remote before the pandemic, and in 2023, it is five times higher at 35%.   Workers are very clear about what they expect from their employer, according to Forbes’ remote work statistics,  “98% of workers want to work remotely at least some of the time and 65% of workers want to work remotely ALL of the time.  Fifty-seven percent of workers would look for a new job if their current company didn’t allow remote work.” 

But there are also downsides to remote work. From the same Forbes report, “69% of remote workers report increased burnout from digital communication tools, 53% of remote workers say it’s harder to feel connected to coworkers, and 23% of remote workers struggle with loneliness.” 

Many large corporations have recently begun return-to-office mandates:  Google, Meta, JP Morgan Chase, Amazon, Apple, Starbucks, Disney, Lyft, and Zoom. This has set up a conflict between what employees want and what employers want.   Currently, organizations that can give workers some flexibility will be better poised for recruiting and retaining talent.   If you do implement a mandate for in-person work, CNBC Leadership Insights recommends: 

2. Stress, Trauma, Mental Health 

There has been a measurable rise in negative emotions around the globe, including stress, sadness, anger, and worry, according to an annual measure by Gallup. The pandemic caused a spike in the world of unhappiness and we have not yet recovered.

In the workplace, Gallup finds that employee engagement dropped in 2021 for the first time in a decade and dropped again in 2022. Our workforce is unhappy and disengaged at record levels. Why? 

CAUSE #1 – POST-COVID STRESS DISORDER -“Illness, grief, job loss, social isolation, uncertainty, and other pandemic-driven stressors have contributed to an increase in psychological stress,” according to Yale School of Medicine. There is a new disorder identified as Post-COVID Stress Disorder, which presents similar to PTSD including increased reaction to stimuli, avoidance, focusing on the negative aspects of a situation, incessant contemplation of negative events, and anxious arousal associated with memories of the COVID-19 pandemic.   

CAUSE #2 – SOCIAL MEDIA -  National Institutes of Health states that social media is strongly correlated with “anxiety, depression, insomnia, stress, decreased happiness, and a sense of mental deprivation.” This correlation is caused by the “negative impact on self-esteem through unhealthy comparisons, social media burnout, stress, lack of emotional regulation due to social media preoccupation, and development of social anxiety due to decreased real-life social interactions.” FOMO (Fear Of Missing Out) is a real thing, with real mental health consequences.  

Because our workforce is seeing heightened stress and general unhappiness, leaders must be aware of, and manage, employee engagement and well-being. 

3. Generational Disruption 

In conjunction with disruptions related to the pandemic, Gen Z’s entry into the workforce is driving change, due to different norms and values regarding workplace atmosphere, culture, and support. By 2030, Generation Z will constitute about 30% of the workforce. While generational stereotypes are not 100% accurate for each individual, data from Johns Hopkins University indicates that, in general, “Baby Boomers sought job security, Generation X sought work-life balance and professional progress, Millennials and Generation Z are seeking greater Diversity, Equity, and Inclusion (DEI), greater flexibility, and a focus on ethics and social awareness of a company.” Gen Z is also seeing a lack of engagement at work leading to lower retention and higher levels of stress that impact work performance.   

According to McKinsey, factors that motivate Gen Z to stay in a job aren’t the same as those for other generations. Gen Z, for example, considers compensation less important than flexibility, career development, meaningful work, and a safe, supportive work environment. 

Have you heard of “Quiet Quitting,” “Bare Minimum Monday”, and “Time Blindness”?  These terms, and the values they represent, may at first seem incomprehensible to older generations, but leaders cannot easily dismiss this if they want to recruit and retain a thriving workforce.  Seek first to understand the different generations. 

Artificial Intelligence (AI) 

How will AI disrupt the workplace in the next ten years? Some industries and roles will be affected more than others, and leaders will need to be ready to reskill their workforce. McKinsey Global Institute reports that an increase in labor demand is predicted for health professionals, health technicians, and STEM Professionals (a 30% increase).  A 15-20% decrease in labor demand is predicted for office support, customer service, and sales.  In the fields of education and workforce training, business and legal professionals, creatives, and arts management, not a large change in demand is predicted, but a high change in work activities. “Workers in lower-wage jobs are up to 14 times more likely to need to change occupations than those in highest-wage positions, and most will need additional skills to do so successfully.”    

These changes will not happen immediately, but leaders should begin preparing.  Remember this famous quote from Bill Gates in 1996: 

“We always overestimate the change that will occur in the next two years and underestimate the change that will occur in the next ten. Don’t let yourself be lulled into inaction.”   

Reskilling your workforce is a strategic imperative and it is the responsibility of every leader and manager. Leaders will need to understand and embrace these shifts if they hope to adapt to the rapidly evolving new era of automation and AI. 

In today's fast-paced technology landscape, the integration of Artificial Intelligence (AI) has become a game-changer for businesses seeking to enhance internal and external customer experiences. For professionals well-versed in various aspects of the technology industry, understanding the simplicity of AI and the crucial steps required for success can be a significant advantage. In this blog post, we'll delve into the core concepts of AI, outline the key steps for technology teams to excel, and offer valuable tips for getting data sources right.

The Simplicity of AI
Despite its reputation for complexity, AI can be simplified into its fundamental components. At its core, AI is about teaching machines to learn from data and make intelligent decisions. For our audience of technology professionals, this means understanding that AI isn't magic, but a tool driven by algorithms and data.

Key Components of AI:

1.    Data: Data is the lifeblood of AI. Accurate, relevant, and diverse data is essential for training AI models. Ensure that your data sources are comprehensive and up to date.
 
2.    Algorithms: Algorithms are the brains behind AI. These mathematical instructions process data and make predictions or decisions. Familiarize your team with various AI algorithms and their applications.
 
3.    Model Training: Training AI models involves exposing them to data to learn patterns and make predictions. It's an iterative process that requires constant refinement.  It is very important that the models being trained are consistent with your organization’s culture.
 
4.    Evaluation and Testing: Rigorous testing is crucial to ensure AI models perform as expected. Monitor their performance and fine-tune them as needed.  Make sure that you include your customers in the evaluation and testing process.

1.    Define Clear Objectives: Start by defining your AI project's objectives. What specific problem are you trying to solve, and how will AI help achieve this? Clear goals are essential.
 
2.    Assemble the Right Team: Form a cross-functional team with data science, software engineering, and domain knowledge expertise. Collaboration is key.
 
3.    Data Quality Matters: Garbage in, garbage out. Ensure your data is clean, relevant, and well-structured. Invest in data quality tools if necessary.
 
4.    Choose the Right Tools: Select AI frameworks, libraries, and tools that align with your project's requirements. Consider open-source options and cloud platforms.
 
5.    Iterate and Improve: AI is an ongoing journey. Continuously evaluate and refine your models to adapt to changing conditions and data.

1.    Data Diversity: Gather data from diverse sources to minimize bias and enhance model performance.
 
2.    Data Governance: Establish clear data governance policies to ensure data integrity, security, and compliance.
 
3.    Data Preprocessing: Clean, preprocess, and normalize data before feeding it to AI models to improve accuracy.
 
4.    Feature Engineering: Craft meaningful features from raw data to enable better model insights.
 
5.    Data Validation: Implement rigorous data validation processes to detect and rectify errors early on.

In conclusion, AI need not be shrouded in mystery for technology professionals. By understanding its core components, following the right steps, and paying attention to data quality, your technology team can harness the power of AI to deliver exceptional internal and external customer experiences. Stay informed, collaborate effectively, and embrace the AI revolution to stay ahead in the ever-evolving technology industry.

Remember, AI is not just a buzzword—it's a transformative force, and you have the knowledge and tools to leverage it effectively.

Bill Magnuson is the co-founder and CEO of BindMyIT, a leading technology solution consulting company. With over 26 years of experience in the tech industry, Bill is passionate about harnessing AI's potential to drive innovation and improve customer experiences.

I am consulting with a client who outsourced software development for a new app. As her acting CTO, I have good insight into this relationship and the work they are doing. Let me start by saying, I am shocked by how poorly this vendor treats us. Our negative experience working with them has reminded me of the principle “treat others the way you want to be treated.”  

The bad news is how difficult this experience has been. The good news is that it prompted me to write about how we should treat our clients, and frankly, how clients want to be treated in return. Whether you provide software services, cyber services, or plumbing services, I think you can relate to the following principles: 

Meet with your client frequently. We recommend weekly. If you have two-week sprints, each week can alternate between a user story/requirements grooming session and a post-sprint retrospective. Use your grooming session to build rapport and understanding with your client and use the retrospective to share what you got done. Be open. Share what you planned to get done vs. what actually got done and have an open dialog about why.  

Maybe you were too optimistic when you estimated the story points. Maybe you and your client didn’t do a great job grooming a particularly complex requirement. Maybe your testers uncovered a bunch of unexpected bugs. That’s a good thing. You’d rather find them now than later. Maybe two of your team members got sick. Who knows? But the point is to work together, develop lessons learned, learn the lessons, improve, and avoid repeating the same mistakes over and over. SHARE OPENLY. 

To achieve this, we recommend you set an immutable, unbreakable definition for Done-Done – This definition cannot be gray because if it is, then … Every feature. In every sprint. Is going to be questioned. Forever. Make it easy and clear to your team, your client, and your stakeholders. For us, the ideal definition of “Done-Done” is that you completed both the development and testing for a feature. Ideally, all bugs are fixed, but at a minimum, all critical and majors are corrected, and any minors or trivials are documented in Jira. DO NOT EQUIVOCATE.

I wrote this talking directly to software development companies, but it’s easy enough to flip the script and read these as the expectations you should have when buying software services. If you are in the market for a software development partner or have found yourself in a frustrating situation with one who isn’t performing where you want them to be, ask yourself how you want to be treated. Then, use your answers and the guide above to find a qualified partner who not only aligns with your needs as a company and client, but as a person.  

We’d love to hear from you! Do these resonate with you? What have your experiences been? Please share your personal experiences so we can all learn and improve.  

Jeff Van Fleet 

President & CEO, Lighthouse Technologies, Inc. 

After almost 20 years of developing and managing complex software/hardware systems for both commercial and Department of Defense (DoD) applications, Jeff founded Lighthouse Technologies in 2000 with the aim of delivering software systems on-time, on-budget, and on-quality while simultaneously building an intentional culture of caring, growing, and improving – A “Culture of We”. 

The NIST Cybersecurity Framework

NIST, the US National Institute of Standards and Technology, has released a new draft version of its Cybersecurity Framework (CSF).  This 2.0 version of the voluntary Framework is the first refresh to the current 1.1 version released in 2018. 

NIST, the US National Institute of Standards and Technology, has released a new draft version of its Cybersecurity Framework (CSF).  This 2.0 version of the voluntary Framework is the first refresh to the current 1.1 version released in 2018. 

At a high level, the CSF is a set of guidelines intended to help organizations improve their cybersecurity practices and effectively manage their cybersecurity risks.  By following the Framework, organizations can enhance their overall cybersecurity posture, minimize cybersecurity risks, and safeguard critical assets and data. 

The Framework Core is a set of cybersecurity outcomes which are arranged by function, category, and subcategory.  It also includes examples of how those outcomes might be achieved by providing implementation examples and references to additional guidance.  It’s not a checklist to follow because the actions needed to achieve a cybersecurity outcome will differ by organization and use case.

Changes to the Cybersecurity Framework

Expanded Scope

The scope of the Framework has been expanded.  The CSF was initially developed with the focus of protecting critical infrastructure such as banking and energy industries, but the Framework has been useful in other sectors from small businesses, education, to local governments. 

Expanded Implementation Guidance

The updated version provides improved and expanded guidance on the implementation of the CSF.  The use of Framework Profiles tailors the CSF for specific use case scenarios.  Examples of Profiles include a specific scenario such as “How to Use the Cybersecurity Framework Profile for Connected Vehicle Environments,” or a more general topic of “Ransomware Risk Management.”

The Framework will also now include implementation examples for each of the function’s subcategories to help organizations use the framework more effectively.  These examples are not contained in the main framework document but will be maintained separately in an online format called the NIST Cybersecurity and Privacy Reference Tool (CPRT).  This will allow for more frequent updates to keep information current.  This tool is currently in Phase 1 of its development and will be expanded as it matures.

New Pillar

The CSF has added a new pillar to the previous five main functions of identify, protect, detect, respond, and recover.  The sixth pillar that was added is the Govern function.  The new pillar focuses on the establishment and monitoring of the organization’s cybersecurity risk management strategy, expectations, and policy. 

The Govern function isn’t an entirely new topic in the CSF.  17 of the 31 subcategory items in the Govern function have been moved from one of the other five functions.  In addition to new subcategories being added an entirely new category was added related to Oversight. 

One new focus is the emphasis on organizational leadership bearing responsibility and accountability for cybersecurity risk and an organizational culture that is risk-aware, ethical, and continually improving.  It shows cybersecurity isn’t just a function of IT but rather needs to be a part of the organization’s overall governance and strategic planning.

Conclusion

The changes to the new (draft) version of the NIST CSF bring an expanded scope to include more than just “critical infrastructure” sectors.  Framework Profiles / use cases help to tailor the Framework to organizational and sector goals.  Implementation guidance for each of the Function’s subcategories helps organizations to use the framework more effectively.  Finally, the addition of the sixth pillar of Govern shows the importance of the integration of cybersecurity into overall business strategy and oversight.

Marcus Thompson is the Founder and CEO of Expedient Technology Solutions, LLC, located in Miamisburg, OH.  ETS is a cybersecurity-focused managed services provider bringing technology and cybersecurity solutions to area organizations.  Marcus holds many cybersecurity certifications including the Certified Information Systems Security Professional (CISSP) and Certified Information Security Manager (CISM).

As organizations rapidly deploy generative Artificial Intelligence (AI) tools, many companies expect significant effects on their industries and workforces.

The latest annual McKinsey Global Survey on the current state of AI confirms the explosive growth of generative AI (gen AI) tools. Less than a year after many of these tools debuted, one-third of the McKinsey survey respondents say their organizations are using gen AI regularly in at least one business function. Amid recent advances, AI has risen from a topic relegated to tech employees to a focus of company leaders: nearly one-quarter of surveyed C-suite executives say they are personally using gen AI tools for work, and more than one-quarter of respondents from companies using AI say gen AI is already on their boards’ agendas.

What’s more, 40% of respondents say their organizations will increase their investment in AI overall because of advances in gen AI. The findings show that these are still early days for managing gen AI–related risks, with less than half of respondents reporting that their organizations are mitigating even the risk they consider most relevant: inaccuracy.

Darrell West, Senior Fellow, Governance Studies at the Brookings Institution, states that AI is likely to flatten many organizations due to its ability to automate work activities. Right now, most organizations have entry-level people who perform routine tasks, midlevel individuals who supervise them, and high-level employees who set the direction of the organization.  That organizational structure will no longer be necessary. AI can automate many of the tasks performed by entry-level workers. Accounting features, purchase orders, and job requisitions are already being automated. Workplaces no longer need people who manually compile or analyze information.

As generative AI becomes more widely deployed, even more tasks will be automated. In addition, job supervision and assessment won’t need as much human oversight. Customers can rate employees on how well they perform basic tasks and allow people to get the services they want. Using data analytics and AI, companies can use the responses to weed out low-performing workers and reward their top individuals. The end result will be fewer layers of management and a smaller number of employees overall in the organization.

Image Source: McKinsey Global Survey on the current state of AI

Michael Chui, Partner, McKinsey Global Institute, states that there are some gen AI applications where the potential to have transformative impact really comes to the fore. For example, in research and development, some experiments using generative AI to support writing software code have shown very high levels of increasing productivity. But that doesn’t mean we’ll need a lot fewer software engineers, because the world needs more software. Generative AI also has the potential for improving the productivity of contact centers. Technologies that automate interactions with customers already exist. Generative AI has the potential for making these interactions feel much more natural.

Alexandra Samuel, digital-workplace speaker and co-author of “Remote, Inc.” states that as AI takes over routine tasks, there will be a temptation to cut the whole tier of entry-level employees. Summarizing documents, answering routine emails, writing basic computer code, and solving simple logistical challenges are all tasks that AIs can do about as well as an inexperienced human, and at much lower cost. But employers still need an on ramp for new hires. If you stop hiring entry-level employees, you’ll have to do all your midlevel hiring from outside the organization. And if every organization pares back on entry-level hires; it will get harder and harder to find experienced mid career talent anywhere.

That’s why it pays to cultivate your own long-term talent pool by hiring green employees, but rethinking how they are tasked and trained. Instead of piling your juniors with grunt work and trusting that they’ll learn through observation, assign them more challenging tasks, like drafting reports instead of just summarizing them. The explosion in AI research and writing tools means that kind of work is now well within the grasp of inexperienced hires. With more active coaching and mentoring, these green employees can grow into valuable colleagues, much more quickly.

###

Trevor Cobain is the Senior Business Development Manager for Alta IT Services. He has over 20 years experience providing niche talent ​opportunities to his clients.

For the first time in Technology First history, we are hosting a women’s conference. We are thrilled to bring this half day event to the Women 4 Technology community! The theme for this year’s conference is Own IT! As you can imagine, we’ve had several conversations over what Own IT means, and I was surprised by the variety of viewpoints.

For me, Own IT means:

Owning who I am, knowing my values, understanding my strengths, owning my personality type, and setting, and sticking to, my boundaries. It’s so important to be both confident in who we are and really owning who we are. I remember a time when I wished that I was five feet tall and weighed 100 pounds. It simply isn’t the way I’m built and today I’m okay with that.

Over the years I’ve taken a plethora of values tests and they pretty much stay the same: collaboration, honesty, trust, contribution, and participation to name a few. Knowing my values helps me stay aligned with what really matters, how I decide to spend my time and with who. If you haven’t taken a values test here is a pdf to get you started.

Several years ago, I read Strength Finders 2.0 by Tom Rath. It’s a quick read and then a quick online test. The feedback I received was invaluable! I learned my top strengths are achiever, learner, responsibility, deliberative and relator. Knowing this has helped me know where and how to best spend my time. I surround myself with people that have different strengths because together we make a great team!

Knowing my personality type has also clarified how I communicate and how I process. If you are familiar with Myers-Briggs, or MBTI, I’m INTJ: introvert, intuitive, thinking, judging. I know, introvert, me?! This one really helped me understand the reason I’m exhausted after a day of meetings and networking.

Boundaries! Man, these are tough! As I get older, I’m better at them but then there are times I think I can conquer everything, volunteer for everything, and do everything. Setting boundaries has become both necessary and a way to ensure I work on some sort of work/life harmony.

Owning IT also means, to me, taking responsibility for my actions and my team. Ensuring that my expectations are clearly communicated, and that we are all on the same page. If something fails, it’s my fault and my job to find out what I need to do to fix it. What processes and/or procedures need to be reviewed, reevaluated, and/or created to ensure it doesn’t fail again? It’s when I mess up and take responsibility, owning my actions, or lack of action.

So, I ask you, what does Own IT mean to you? Join us on Wednesday, September 27^th and share your point of view!

*********

Melissa Cutcher is Executive Director of Technology First.