Sakliga råd från en etisk hacker

En nyutgåva av en intervju från i vintras med en etisk hacker innehåller massor av praktisk information om cybersäkerhet. Det jag främst gillar med innehållet i artikeln är den sakliga tonen där ingen ”skrivs på näsan”. Här är en expert som tar utgångspunkt från användarens perspektiv och förmedlar sin kompetens på ett lättåtkomligt sätt.

Ska själv göra en genomgång av punktlistan med råd och se ifall jag är ”up-to-date” med min egen cybersäkerhet.

Model thoughts – Foresight & Design Thinking

I am finalizing a course, ”Trendspotting in theory and practice”, at Mälardalen University in Sweden. One assignment was stated as follows: ”The overall question to be answered in this assignment is how to organize foresight in general and trendspotting in particular in an organization”.

In my paper, I describe one model based on foresight practices and design thinking. Sharing my thoughts with a broader audience through this post. Inputs much appreciated.

Organizing for foresight – methods and models

Background 

This paper aims to reflect on the assignment that is stated as follows: ”The overall question to be answered in this assignment is how to organize foresight in general and trendspotting in particular in an organization”. 

I will use an IT department, Obelix Services, at a large corporation as an example and describe two different approaches to foresight, trendspotting and introducing the concept of design thinking to make use of insights from foresight. The whole idea is to have a closed loop innovation based on foresight and coming needs for the organization that Obelix serves.  

My examples are fictional, but based on real experiences in both management and strategic advisory positions. The leadership at Obelix has reorganized its IT services organization to better align with the business needs of the corporation. For every service in the catalogue there is a product manager responsible for development, maintenance and end-of-life activities for that specific service. Those managers report to a manager responsible for a cluster of services to a specific business function or for general-purpose services.  

At the product manager level the focus is on the present with a microscopic practice in a planned emergence mode [Pina e Cunhaa, Palmab, da Costaa, 2006]. 

The CIO of Obelix has appointed a strategic foresight group lead by the CTO, who´s main focus is on understanding the movements in the near- and the surrounding world [Wahlström, 2012]. The trendspotting group has named it self Getafix and laid its path to work with design- and scenario thinking [Pina e Cunhaa, Palmab, da Costaa, 2006]. The motivation of that early decision lays in the fast-evolving and changing nature of ICT and the need to re-learn on a constant basis. 

Foresight and trendspotting at Obelix 

There are many different levels of engagement in foresight and trendspotting activities at Obelix. Everything starts with gathering of materials and know-how ”en masse”: 

  • Formal seminars, conferences and workshops 
  • Daily updates by selected analysts and RSS feeds 
  • Engagement in peer networks through LinkedIn and Gartner Circle 
  • Annual attendance at Gartner Symposium/ITxpo
  • Subscription to trendwatching services 
  • Business performance data from internal BI systems 
  • And much more… 

All inputs and signals from those multiple channels and interactions are stored in a big data-like [Magoulas, Lorica 2009] system with statistical marking of key terms. Bi-weekly there are meetings of the Getafix team to disseminate possible candidates for further exploration. The process is simple at this stage; whenever a term gets heavy weighting in the collected data, and the term is not generally well-understood, then there is some indication that this should be researched further. After a first analysis of the term(s) the team decides on deeper analysis efforts to be presented at the next meeting in 14 days. This process has become the trendspotting circle of virtue at Obelix. 

Roles involved in foresight and trendspotting 

The initiative is hosted and mentored by the CIO of Obelix Services as a top-down program, but a bottom-up approach is facilitated by the Getafix group so the initiative gains full momentum within the organization. The whole program is of strategic value and the CIO understands that ideas come from wherever they come from [Hines & Bishop, 2006]. 

Every product managers role is to: 

  • Understand the changing needs in knowledge driven by coming technologies and thus be able to plan for ongoing skills development 
  • Do lifecycle planning for each technology component within their total product/system consumed by the corporations users.

The cluster product manager level role is to: 

  • Understand the evolvement of technology and delivery models that either challenges or brings new opportunities to their systems-/services set 
  • Use the insights to both renegotiate contracts with technology vendors and provide fast TTM [Datar et al, 1997, pp 452-464] for their corporate customers needs.

The Getafix team is lead by the CTO and consists of the CDO, head of enterprise architecture, CSO, services delivery manager, head of software development, change manager and two representatives from the DevOps team. The role of the Getafix team is to: 

  • Gather competitive intelligence and sense upcoming shifts that will have an effect on Obelix´s services 
  • Make informed decision material based on digitalization scenarios 
  • Facilitate organizational workshops with the cluster product managers and product managers 
  • Give senior manager support to new investments and decommissioning of old obsolete products/services. 

Foresight and Design Thinking 

At Obelix, the CIO saw the opportunity to change the development processes as a integral part of the foresight program. For that purpose she teamed with the head of development, the chief architect and the leaders of the DevOps team to discuss a holistic approach. After many brainstorming sessions and workshops, the team assembled a model where the foresight and trendspotting activities are seen as a ”funnel” of valuable input to the development of new services, products and possibilities to be a TTM-partner to the business. The team also outlined the value of de-commissioning obsolete services/products/technologies and thus freeing time and budget for necessary investments.  

Obelix Service adopted the ideas and concept of Design Thinking [Liedtka, 2011] to be able to do faster innovation of services.  

The model is visualized in illustration 1. 

Modell foresight - design thinking

Illustration 1. Foresight and design thinking as a process at Obelix Services (overview). 

Risk analysis 

Before the launch of the program the CIO gathered a team of representatives from both management and employee levels. She wanted to make sure to identify potential risks and pitfalls before the launch and based on the weighted outcome have a monitoring in place of the most harmful risks. The CIO instituted the notion of ”risk IQ” [Apgar, 2006] for the group, so the team could work systematically and learn in the process. 

During a two day workshop the team identified the following risks that were put on a ”watch list”: 

  • Co-workers that feel they are outside the process 
  • Coming to insights that suit the current capabilities within Obelix 
  • Low, or no, commitment from the many business owners and vice presidents. 

None of the risks have occurred during the first 16 months of the program. 

Level of engagement and evaluation of efforts 

Each and every employee at Obelix Services has two hours of every working week for trendspotting activities. The rationale behind this decision is that informed employees build a mental ability to embrace change and minimize the levels of fear to teaching new. There is also a sense that the real experts live close to their area of expertise and have an early understanding on shifts on the horizon. By an aggregation of all experts input it will be easier for the product managers and cluster program managers to get a big picture of factors that will bear importance to their area of responsibility. 

At the product manager and cluster product manager level trendspotting is a daily routine and no specific time is set aside for these activities. Instead, there are two additional key performance indicators (KPI’s) that are monitored and measured related to quality of service and corporate value: 

  • New corporate IT service time to market (TTM) compared to similar cloud service from outside vendor 
  • Newly adapted total technology lifecycle corporate benefit (TLCB) is a pilot test to showcase how agile deployment of new technology and faster decommission of old technology adds business benefits, while lowering the total operational costs. 

For long-term motivation the CIO and the corporate CFO joined forces to be corporate sponsors for timely investments whenever the foresight- and trendspotting activities has identified areas of corporate interest. The interest spans from pure productivity gains and effective contracts management to investments in new businesses and mergers & acquisitions. 

To instrument the possibilities that rises from the foresight- and trendspotting capabilities, and also be able to measure on the KPI´s, a cross-functional team of change managers has been set-up. The team facilitates the interactions between business owners and the Obelix teams. It is crucial to build trust within the organization. One past indicator of bad performance from Obelix Services was the occurrence of multiple contracts from many business segments with cloud services companies or multiple line-of-business applications operated outside of IT´s realm. This is traditionally referred to as ”Shadow IT” [Mingay, 2014] and manifests a lack of trust of the corporate IT organization abilities to provide necessary services to its clients.  

One quick win for Obelix after the reorganization was the elimination of hundreds of contracts and software license deals around the corporation, leading to millions of dollars in savings. The CFO has been instrumental in helping the corporation understand the total savings, by capturing both capital expenditure (capex) and operating expenses (opex) accounts for ICT services. 

The CIO has followed-up on that momentum by stating that Obelix will be competitive and deliver at least as good a service as a specialized cloud service provider for that service. 

Attracting and retaining talent 

The CIO of Obelix recognized early on the segmentation in competence and know-how within the IT organization. Within every department there were a few ”stars” that were instrumental in modernization and development efforts. But, very soon, they were overburdened by informal requests for help from the ”lazy” colleagues and used to fix critical errors. And within a short timeframe the ”stars” left the company for higher-paying jobs as consultants, leaving a knowledge gap in the organization.  

So, one indirect motivation for the foresight- and trendspotting initiative was to invest in skills transfer activities for all personnel. And the bottom-up approach was crucial to get things going. By adding two representatives from the DevOps team, one from infrastructure & maintenance and the other from the development department, to the Getafix team the CIO built the foundation. Instead of having formal skills transfer programs, the strategic forward-looking group slowly started to create a competitive attitude. Everyone wanted to show their expertise and get some time under the lights. This way, the personnel started to develop themselves and the next step is to spread the rings on the water and attract new talent whenever new positions are open. 

Communicating results 

The CIO has instituted corporate sponsorship of the foresight- and trendspotting initiative by adding the corporate CFO at the heart of the program. This is the main channel of executive level communications at the corporation. Setting up the change management team there was also a communication component, opening broad channels between the business owners and IT services. All informal, around the water-cooler, discussions are flowing this way. 

A communication team is also set up with the responsibility to spread the messages both to a broad- and a deep audience. The communication team is working with following channels to build awareness within the organization: 

  • A section at the corporate intranet where the foresight- and trendspotting activities are presented in-depth 
  • The CFO and the CIO write a monthly letter, outlining successes and other key learnings 
  • The product managers, cluster product managers and the Getafix team has its bios, photos and responsibilities presented 
  • A dashboard section presents the KPI’s  
  • Witness sections of satisfied business owners and lessons learned 
  • There is a section called ”Blink” where every employee at the corporation can add buzzwords or other signals of interest. These are immediately added to the big data-system and analyzed by the Getafix team. Employees that come up with otherwise ”stealth” signals are rewarded with a bonus 
  • A bi-weekly mail, ”Getafix blitz”, is available to those who want to subscribe 
  • Quarterly breakfasts are hosted by the Getafix team and video feeds are sent to remote locations.

There is also an idea to add a TV channel to the intranet. But the challenge is to find the time from busy stakeholders. 

Own reflections 

To institutionalize a foresight- and trendspotting program requires top-level executive support and substantial investments in time. At Obelix Services, there is a clear understanding of the different challenges that technology paradigm shifts and delivery models brings to the organization. The CIO has acknowledged bad past performance from the IT organization and reorganized the department so that important decision power is closer to the owners of the product/service. As a crucial part of that empowerment she has also set up a horizontal foresight team, Getafix.  

On the other end, the CIO added the CFO as a corporate sponsor for the program. Together they laid out clear success factors and adapted two new key performance indicators to measure the outcome of the program. They also did a review of the phenomenon called ”shadow IT” that has risen due to dissatisfaction with the IT services delivered to the corporation. With these calculations, the program gained financial traction by showing multimillion dollar savings. 

The CIO has understood the importance of change management and communication. She built a team of change managers to support the services organization to build credibility among business owners. And the communication team works broad and deep to tell the success stories of the foresight- and trendspotting program. 

Bibliography 

Apgar, David (2006). Risk Intelligence – Learning To Manage What We Don’t Know, Boston Massachusetts; Harvard Business School Press 

ISBN-13: 978-1591399544 

Hines, Andy & Bishop, Peter (2006). Thinking about the Future – Guidelines for Strategic Foresight, Washington D.C. Social Technologies 

ISBN: 097893170X, 9780978931704 

Liedtka, Jeanne & Ogilvie, Tim (2011). Designing for Growth – A Design Thinking Toolkit for Managers, Columbia University Press 

ISBN: 9780231158381