Wednesday, April 29, 2015
My I Minute Video Message on Cyber Security & Resilience!
Start your day with just a little education on one of the biggest issues we’re facing in IT & business today!
Events • Industry News • Leadership • Videos • (0) Trackbacks • Permalink
Monday, April 27, 2015
Resilience Is Not Another Name For Security - Just Ask The Fukushima Power Plant Operator
Security measures help us to AVOID breaches. That’s a good thing. We should all undertake cyber security, and every organization does - to some degree or another.
Cyber resilience on the other hand goes beyond security measures to includes additional plans and actions for how to deal with the after-effects of threats that may not be preventable or predictable, or because of lapses in cyber security. Such as an employee who - with no malicious intent - works around strict policies to access corporate data from an unsecured device. Or a mischievous hacker who exploits a “back door” or “buffer overflow routine” to crash a computer system. Or a rare natural disaster that turns out to be worse that anything we thought possible (never mind probable).
Back to the more mundane world of IT management, we’re all very familiar with the increasing rate at which software developers have to release patches to close vulnerabilities in operating systems and application software. The very nature of this work means they’re always playing catch-up. So until the patch is developed, and applied, we’re vulnerable. if all we relied upon were security measures, then we’re not being responsible. We need to at least put some thought into “what if the worst were to happen, what next?” Cue resilience.
Consider what happened to the Fukushima Nuclear Power Plant in 2011. No matter how secure they believed they were in being able to prevent catastrophic damage from the most likely threats (including the after-effects of earthquakes and tsunamis) the Board of Audit investigating the “incident” is uncovering systematic complacency by TEPCO, the plant operator. When the tsunami hit and the reactor was flooded a bunch of resilience systems should have kicked-in to shut things down and minimize the negative effects. Sure, there’d be interruptions in power supply to the customers. And sure, they’d be a massive clean-up expense. But those “inconveniences” are part of the price of doing business in this volatile world. Instead, lack of reasonable resilience measures resulted in a full meltdown, lost lives and an astoundingly expensive de-commissioning and clean-up operation which will cost tens of billions of dollars and take 30-40 years to complete! What should have been a very bad incident became a catastrophic disaster.
At the Cyber Risk & Resilience Summit events we’re presenting in Washington D.C. & London in June, we will be discussing not only what good resilience practices look like, but how they can be institutionalized.
Events • Leadership • Practices • (0) Trackbacks • Permalink
Wednesday, April 22, 2015
Avoid The Headlines!
This past February at Pink15 I expressed the opinion that it’s time we paid more attention to the increasingly diverse threats to our cyber assets.
The justification for this has never been more obvious. Every single day - and I mean EVERY SINGLE DAY! - there are new stories of data, services or infrastructure being compromised.
The causes? Either our own carelessness and complacency, or the mischief-makers! (Could be cyber criminals, or could be thrill seeking youngsters with some new skills and too much time on their hands).
If you still need convincing, set your browser’s Home Page to Information Week’s “Dark Reading” website for a few days and see what pops up every morning.
Also, take a look at the FireEye website with the real-time threat map depicting hacks-in-action.
Or this one here from Kaspersky.
It’s time to acknowledge this is a vital issue.
And when I say “vital” I really mean VITAL. In the military when something is “vital” it means “get it done, or we die”. For us in business, paying attention to cyber threats by doing risk management and building resiliency, is vital. If we don’t do it - we could go out of business. According to Inc., 60% of small businesses will fail within 6 months of a cyber attack. It’s as simple as that.
Of course when we hear about organizations like ....
Sony - who suffered 3 separate high-profile breaches in 2014. (You can find more information yourself by doing your own web search with the keywords “Sony” and “cyber breach”, because, who knows there may be even more than 3 by the time you read this!)
US Department of Veterans Affairs - who payed out $20m to settle a class action lawsuit because an employee lost a laptop containing a database of 26.5m personal records of veterans and active duty personnel
.... we think “Well that’s their problem. Nothing to do with me!”
Really? According to Misha Glenny - the opening keynote speaker at our upcoming Cyber Risk & Resilience Summit in June - “There are two types of organizations. Those who know they’ve been hacked. And those who don’t know they’ve been hacked.”
So even putting aside the risks to our cyber assets through our own carelessness (losing a laptop) and complacency (“it can’t happen to us”) - according to Glenny, we’re ALL going to be hacked at some point!
So isn’t it time you made the effort to learn more about the scope of this problem, and what you can do about it? You can start by coming along to the Summit in June. We can’t promise your organization will not “hit the headlines”, but what we can promise is that when it does happen, what you learn at the Summit will have helped you to minimize the damage.
That’s what we mean by “cyber resilience”.
Certification • Events • Industry News • Leadership • Practices • (0) Trackbacks • Permalink
Thursday, March 26, 2015
The5 Most Valuable Leadership Characteristics For IT Leaders
The visuals I used in this morning’s Breakfast With Pink webinar!
Friday, February 27, 2015
Opening Remarks From Pink15
In case you weren’t there, or in case you just don’t recall, here are the remarks made by Pink Elephant CEO, Fatima Cabral to kick off the 19th Annual IT Service Management Conference & Exhibition in Las Vegas last week.
(The stage is set like the Raiders of the Lost Ark movie and Fatima manages to escape the big rolling ball as she recovers the golden elephant statue!)
“Hey - they say for a woman to be successful in business she needs big balls….. but, that was ridiculous!
Hello!! And welcome back!
On behalf of everyone here at Pink Elephant, it is my pleasure to welcome you to Pink15 - our 19th conference. We are so very proud that this is still THE largest gathering of IT Service Management professionals in the world! Thank you very much for being here.
I want to extend a special thank-you to those who have travelled from abroad – and there are many! This is truly an international event – we have attendees here from all corners of the globe. Africa, many parts of Europe, Russia, Scandinavia, the Middle East, many parts of Asia, Australia, New Zealand … and of course, from here in North America – Canada, Mexico and the US. Thank you very much for making the long journey here to join us.
Our conference theme this year is “Snakes and Ladders”, and Pink Indy is on hand to symbolize this theme, and the ups and downs of today’s business life.
You know, I just love that scene from the movie where Indy says ‘Snakes, why did it have to be snakes?’ Well, Indy, it’s good you’re not here this week, because we have a lot of snakes (yes, real ones!!) – and some ladders too.
So why did we chose snakes and ladders for our theme this year? Well, we think they represent the risks and rewards and opportunities we face in our everyday lives, including at work.
Let me explain – every time you’re faced with a challenge, whether it’s a project, or a deadline, or a change, there’s always risks. And risks need to be assessed because there’s always something that can go wrong, even with the smallest change. There’s always something that can get in the way. And if you don’t think things through, or you make dangerous assumptions, then those risks come back to bite you – so these are the snakes! Risks that go un-checked.
But every challenge has the opportunity of a successful outcome, especially if you leverage the right tools, knowledge, experience and other resources to help you. Often you have more going for you then you realize. These are the ladders. Find the ladders, put them in the right place and climb them. Understanding where the snakes are, and dealing with them before they get in the way; and making good use of the ladders – that’s what you need to increase the likelihood of success!
You may be thinking that the way I explained it makes it seem all too easy; and of course YOU know it isn’t all easy. Often you don’t really know where the snakes are. And some ladders don’t take you very far. Worst of all - sometimes that ladder you were counting on turns out to be a snake!
So it’s good to have a guide. And that’s where Pink comes in. We’ve got a lot of expert guides for you this week. You know who they are – just look at the fantastic program. As usual at this time I urge you to make the most of the wonderful expert guides we’ve assembled for you this year. And don’t forget those who sit next to you. We’re all in this together and we all have different levels of experience – so don’t be shy. Listen to the guides, but don’t forget to share too. You may be a guide to someone else! If we all commit to helping each other avoid the snakes, and climb the ladders, then it should all turn out well in the end!
The Indiana Jones movies are real favorites of mine. I want to show you now one of my other favorite scenes.”
(Video plays of the scene from Raiders where Indy is in the Cairo marketplace and is confronted by the bad guy wielding the huge sword. Instead of getting involved in a hand to hand fight fight with an expert swordsman, he simply pulls out his pistol and shoots him.)
“So, the lesson learned is - sometimes the most obvious answer is right in front of us!
Before I close off, I want to leave you with an inspirational quote for you to take back to work as you manage through the snakes and ladders of IT and your business lives ……
When you get back to work, set Pinky down on your desks, and look at him for inspiration - Stay Calm and Indy On!!
Have a great conference!
And now please welcome the President of Pink Elephant, David Ratcliffe.”
Fatima leave the stage and David enters.
“It’s great to be back, believe me - it really is great to be back!
It’s amazing to think this has has been 19 years. Time has just flown by.
You know, from the very beginning our goal has always been to deliver relevant, practical education programs in a fun and entertaining setting, and with a generous portion of inspiration. Because if we don’t inspire you - nothing gets done. So good luck this week!
But first - I’m really here to tell you about the exciting plans we have for Pink Elephant in 2015.
We’re presenting 13 major conferences in 8 countries this year. That’s more than double what we did last year. Unfortunately I don’t have time to explain everything, but I do want to tell you about 1 particular major event we’re presenting in Washington D.C. in June. The 1st Annual Pink Elephant Cyber Risk & Resilience Summit.
Doesn’t it seem like every day we wake up to news of yet another high profile security breach? Household name companies suffering the double-whammy of a cyber attack and loss of customer confidence. It’s a big problem. It’s a big, serious problem. And this isn’t just an IT problem. It’s a business problem. There are already businesses that have not survived the effects of cyber attacks. And unfortunately, they won’t be the last.
Someone said ‘There are two types of organizations. Those who know they have been hacked. And those who don’t know they’ve been hacked.’
It’s no longer about ‘If’.
It’s no longer about ‘When’.
It’s no longer about locking the doors and trying to be cyber secure.
It’s about being cyber resilient.
That’s minimizing risks through PREVENTION measures. DETECTION measures. CORRECTION measures. And RECOVERY measures.
Our aim with the Cyber Risk & Resilience Summit is to tell you what can be done to minimize the negative impact of these increasingly diverse threats to our cyber assets. How to be cyber resilient.
I hope you agree this is one of the most pressing problems we’re facing today, and I hope to see you in D.C.!
As I said, it’s going to be a busy year. And before you know it we’ll be in 2016! You’re probably thinking ‘Why’s he bringing up 2016? When we’ve only just started 2015!’ Well, 20 is an important number, it’s bigger than 19 and we want to make next year’s conference even bigger than this year’s.
Believe me, it’s going to be a big celebration. You only get to be 20 once!
And we want to get as many people as possible to experience our 20th anniversary celebration. SO next year we’d like you all to attend Pink16 for free! That’s right - no fee for attending. All we ask is that you bring a buddy. Buy one, get one free. Pink’s BOGO offer!
You’ll be hearing more details in the next few days days. As we get in touch to make sure every organization in this room takes advantage.
What do you think” Is that a good deal or what?
Well, let’s get on with this year’s Conference. To help us get things moving along I’d like to introduce you to your Conference host for the week - Executive Vice President at Pink Elephant, Mr George Spalding!”
Tuesday, February 24, 2015
Stunt Of The Week At Pink15
We got up to some silly stunts at last week’s Conference - but this was the one that will stick in my mind the most!
George Spalding - what were you thinking?!
Events • Photos • Silly Stuff • (0) Trackbacks • Permalink
Tuesday, February 17, 2015
My Top 5 Most Valuable Leadership Characteristics For ITSM
Here’s a copy of the visuals I used in my session yesterday afternoon at Pink15:
Friday, January 30, 2015
Leadership Learning At Pink15
I’m looking forward to hearing the fruits of Dr. George Westerman’s research on how some IT leaders have achieved significant advantages for their businesses through the application of a digital mindset.
I’ve been saying for a few years now that I don’t think our ITSM leaders have paid enough attention to the evolving world of IT services when it comes to the increasing effect of BYOB, cloud, mobile, social media and big data.
You can see George deliver his session “Leading Digital: Turning Technology Into Business Transformation” on Monday morning.
Friday, January 16, 2015
The Next Challenge For ITSM Leaders
The subject of “ITSM leadership” has been close to my heart for a few years now. So much so that we decided to launch a new annual event in 2012 - the “ITSM Leadership Forum” - to provide insights and advice to the people in ITSM charged with embracing a vision and leading their IT organization to enable positive business results. I felt as an ITSM community we had not done enough to stay ahead of the curve - which is one of the prime tenets of good leadership. Over the next two years, in 2013 and 2014, the event became a solid date in the calendar for many of our respected industry thinkers and practitioners. (Watch out for the 2015 program - to be published soon!)
As social media emerged in 2010-2012 we seemed to miss the boat to provide leadership to our businesses. And now, in 2014 & 2015, it’s starting to look like Cyber Security & Resilience could be the next big thing many of us just watch happen! For example, how many organizations have actually changed policies for email as a result of the Sony hacking scandal?. Is that just Sony’s problem? Or could it happen here? Remember, the damage was less about theft or destruction of assets (money, data, etc.) and more about embarrassment and brand damage. It wasn’t the technology that actually wrote those mean and unprofessional emails! We wouldn’t let our people make such remarks in a public speech, or an interview, or in an external letter. So why is it allowed internally? I think it’s time we extended our policies for professional behaviour to the heretofore world of trusted internal emails!
I can assure you that we aren’t waiting for the next ITSM Leadership Forum in August to reinforce good leadership practices. In just a few weeks many of us will be at Pink15, and the program there is rich in guidance for the aspiring, and incumbent, ITSM leader. We have two whole tracks aimed at leaders: “The 3 I’s of Leadership” and “CIO Forum”.
Over the next couple of weeks I’ll profile some of the sessions in these tracks I feel are not to be missed. So come back here over the next few days and join me in whetting our collective appetites for Pink15!
Events • Industry News • Leadership • Practices • (0) Trackbacks • Permalink
Monday, January 05, 2015
Cyber Insecurity Comes As Much From People As From Technology
These days I’m doing lots of reading about cyber insecurity - seems like there’s a never ending series of security breaches related to IT hitting the news every day. (I won’t bore you with the list - you know what I mean, they’ve been in all the papers!)
For the layman is appears that our computer systems are just not robust and resilient enough. But when you scratch below the surface there’s more to it than that. We’ve always been good at blaming the computers when something goes wrong. IT folks seemed to have a free pass for years when their poor planning and lack of testing resulted in downtime. The reason for the outage, or screwed up data, was simply described as “... a computer error ...”
But today we’re all a bit more knowledgeable and demanding as IT consumers and we won’t be fobbed off with that type of excuse anymore. We have our own devices and personal data, and the average person is their own IT organization - from strategist to support officer. However, I think we still put too much emphasis on the power and role of the infrastructure and have not yet fully realized the responsibilities of the users - that’s us!
Cyber security is as much about human behaviour as it is about the latest security systems and technologies. For example, that smartphone you’re carrying around has a ton of security capabilities built into it, but if you leave the device laying around with no passcode to prevent unauthorized access .... well, you don’t need me to spell out how all that corporate data can be compromised.
This whole human dimension on security is illustrated perfectly by Eugene Spafford, Professor of Computer Science at Purdue University when he says ...
“Using encryption on the Internet is the equivalent of arranging an armored car to deliver credit card information from someone living in a cardboard box to someone living on a park bench.”
Get the message now?
As I said, I’m spending time researching this subject - in preparation for some very important new Pink events later this year. Starting with Pink15 - the 19th Annual IT Service Management Conference in Las Vegas next month - where we will, as usual, address a host of ITSM issues, best practices in Lean IT, and more. We’ll also be introducing news about our inaugural 1st Annual Pink Elephant Cyber Resilience Summits (in Washington D.C. and London, UK) in June.
I hope to see you in Las Vegas! Meanwhile, think about what you can do to keep your data and infrastructure safe. And when you hear news of the next high profile security breach, try to resist the temptation to giggle. Instead, think to yourself “How can I be sure that won’t happen to us?”
You might not know what else to do to be more cyber secure, but you can always be more cyber resilient.
Events • Industry News • Practices • (0) Trackbacks • Permalink
Sunday, December 07, 2014
The First ITSM Conference In Asia - July 1998!
I was cleaning up in my office today (yes, I know, it’s Sunday!) and came across some documentation from the very first event that introduced “IT Service Management” to the IT marketplace in Asia.
Specifically, in partnership with PDA, we presented a 2-day conference in KL and later the same week in Singapore - July 27-31, 1998. The very first ITIL Foundation courses in Asia were presented that week too!
The program was not too extensive, but the speakers were real ITSM heavy hitters at the time!
Events • Pink History • Travel • (0) Trackbacks • Permalink
Monday, November 17, 2014
Pink’s CEO Scores A Hat Trick!
At Pink we already knew we had the best female business owner in Canada, now it’s official!
Last Friday night in a glittering ceremony in New York City, Pink Elephant’s CEO, Fatima Cabral, walked away from the Stevie Awards with recognition in 3 different categories!
Gold Stevie Award
Female Entrepreneur of the Year in Canada
Silver Stevie Award
Woman of the Year - Business Services
Bronze Stevie Award
Female Entrepreneur of the Year - Business Services (11 to 2,500 Employees)
Friday, November 14, 2014
Good Luck At The Stevie Awards!
Pink’s CEO, Fatima Cabral, is at the Stevie Awards in New York City tonight. She’s a finalist in the category “Female Entrepreneur of the Year: Business Services”.
Good luck Fatima!
Thursday, November 06, 2014
I Got A Full Dance Card For PinkNORTH!
Let me make this clear - you won’t be seeing me dancing, at PinkNORTH or anywhere else soon. Trust me - not what you want to see.
Instead I will be busy, busy, busy with the following sessions:
Is The Service Desk Dead? - A panel discussion seeking to clarify and predict where the Service Desk function is headed. With Tony Krasinski (Eerie Insurance), Ellen Daley (Acorio) and Zahra Rahemtulla (Enigma Consulting)
Scary Movie: Part 6 - Another panel discussion, this time about the various disruptive technologies that make delivering and supporting corporate IT services such a challenge today. At Pink we introduced this topic way back at the Pink11 Conference with the introductory video “Are You Ready?” I’m joined on the panel by David Mainville (Navvia), Andrew Moses (Freshdesk) and Kevin Brown (Cogeco).
The Dragon’s Den Of ITSM: Or, How To Justify An ITSM Improvement Project To Executive Management - One of the more popular sessions I’ve delivered at a few other industry events in the past couple of years. if you want to be well prepared to argue your case with your boss - I’ll tell you how to do that!
Leading Change: Kotter’s 8 Step Model- One of the most enduring subjects we’ve presented at Pink events over the years. Since we invited Professor John P. Kotter to speak at our very first Executive Forum in Toronto this topic has been a mainstay in the raft of advice our Consultants give to ITSM practitioners the world over. If you’re expecting people to embrace your good ideas, better make sure you’ve double-checked your approach against Professor Kotter’s 8 steps!
10 Key Actions To Implement When You Get Back To The Office - A fine wrap-up keynote session to mnake sure you leave this year’s Conference with some specific and practical tasks to get started on the very next day! In this quick-fire session I’ll be introducing some of our best local Pink talent: Graham Furnis, Barry Brown, Troy DuMoulin, Jennifer Wels, Graham Price & Matt Bowles.
Monday, November 03, 2014
Leadership Sessions At Pink15: Colin Powell’s Book
I’m really looking forward to this session. It’s always great to discuss a book you loved, and with there being so many books on Leadership in the stores today (Amazon has an amazing 124,582 Leadership books listed!) - to find one that you cannot put down makes it really special.
There’s tons of recommendations, experiences and stories I’ll be sharing from Gen Powell, so I hope to see you in the session!