WE ALL WANTED TO BE INNOVATIVE (SIX YEARS LATER…)

Six years after writing the article «We all wanted to be innovative» in July 2017, I revisit some ideas and revisit the topic, as it remains current in everyone’s mind.

In a globalized and constantly changing world, the idea that innovation has become a key element for business success is gaining ground. Companies that are able to innovate constantly are the most likely to stay at the forefront of their industry and outperform their competitors.

But the mere fact of innovating in something (especially when we assimilate it only to creativity), is not a guarantee that the expected success will be achieved. It is necessary to be careful when innovating, to always take into account the strategy that has been proposed, the moment that is lived, the foreseeable trends in the environment and above all that it solves a problem, for which the innovation provides an added value that some traditional solution does not do.

Processes for driving innovation

In order to try to ensure that the products of innovation have a positive impact on our reality, it is necessary to separate it from being a process of almost artistic inspiration, to a process based on a methodology.

Innovation is not a random process. It is important to keep in mind that it is a structured process that facilitates the generation of ideas, their evaluation and implementation.

A typical innovation process can be divided into the following phases:

• Problem identification: Although spontaneous innovation exists, it is not common. Therefore, a very good starting point is a problem to be solved or improved in a different and better way than what already exists.
• Generation of ideas: In this phase, we seek to generate as many ideas as possible to solve the identified problem. Not all ideas will complete the process. In fact, only a small number of them will, so it is important to ensure as many as possible, and to create an environment in which creativity and out-of-the-box thinking will be the main protagonist.
• Evaluation of ideas: The ideas generated must be evaluated to determine their viability and their potential for success. to do so, the environment, the market and trends must be taken into account. This will mark the feasibility of turning the idea into reality. Those that are not very viable are left on the way, but they are not discarded, what is not viable today, may be the perfect solution tomorrow.
• Prototype development: With the ideas that seem viable, prototypes can be made in order to see in a real and practical way the product working. By their nature, prototypes are a fast way to generate a finished product, although still with some limitations, but fully functional. For this it is important that the development team be multidisciplinary, to avoid biases and distortions. Technology should be just one participant among many.

This process can be tailored to the specific needs of each company, but in general, it is a good basis for driving innovation.

Personal qualities for innovation

We all generate ideas constantly, that is part of being human. What holds us back many times is not expressing those ideas, getting frustrated when something doesn’t work and not being able to contribute to someone else’s idea.

That is why there must be a culture of innovation that fosters and drives this creativity, in addition to making people understand that although most of the ideas will fall by the wayside, it does not mean that they are bad ideas. It may be that we do not yet have the right technology or the market is not mature.

Therefore, we must look for people who handle frustration well and see in every failure an opportunity to keep pushing, improving and generating ideas. They must also be able to embrace others’ ideas as their own in order to contribute their own points of view and promote their development in multidisciplinary teams.

It is important to focus on the following qualities:

• Creativity: The ability to generate new and original ideas.
• Problem Solving: The ability to identify and solve problems effectively.
• Adaptability: The ability to adapt to changes and new situations.
• Teamwork: The ability to work collaboratively with people from different disciplines.

Companies can look for these qualities in their recruitment and development processes.

How to handle failure

Innovation involves a certain degree of risk. Some ideas are likely to fail, even after careful evaluation.

It is important for companies to have a positive attitude towards failure. Failure should not be seen as a sign of weakness, but as a learning opportunity.

Companies that have a positive innovation culture encourage experimentation and risk-taking. Employees in these companies feel comfortable sharing their ideas, even if they seem far-fetched.

When an idea fails, it is important to analyze the causes of failure in order to learn from it. This will help the company to improve its innovation processes and reduce the risk of failure in the future.

That is why it is important not to punish failure, this in itself is not bad, because, even if we take all possible precautions, always an idea that may look great at the beginning, can fail completely when we try to apply it to a real environment. We have seen it before.

So, rather than feeling overwhelmed and failed, you have to work on the idea of how you can improve this. What was it that did not go as expected and what changes can be made to reverse that failure. At this point we can even restart the previous process just by changing what, already with the real case, does not work for practical application.

Companies can take the following steps to manage failure:

• Accepting failure: The first stage in handling failure is to accept that it has occurred. Companies should not try to deny failure or blame others.
• Analyze failure: Once the company has accepted failure, it should analyze the causes of failure. This will help the company learn from its mistakes and reduce the risk of failure in the future.
• Learning from failure: The analysis of failure should lead to concrete actions to learn from failure. Companies should implement changes in their processes or culture to reduce the likelihood of failure happening again.
• Continue to innovate: Failure should not discourage companies from continuing to innovate. Companies should learn from failure and continue to look for new ideas to improve their products and services.

Conclusions

Innovation is a key part of business success. Companies that are able to effectively drive innovation are more likely to achieve their goals and stay at the forefront of their industry.

Companies can drive innovation by implementing a structured process, finding people with the individual qualities needed for innovation and adopting a positive innovation culture.

My data should be private!… but in public.

---

Alicia suddenly faints in the middle of a busy street in an overcrowded metropolis somewhere in the world, in the middle of a crowd. Her bracelet detects the sudden fall and sends a message to the nearest emergency unit along with her identification record.
The emergency unit receives the notice, and sets out for the necessary help. Along the way, with the identification record, the emergency unit accesses Alicia's medical information, and obtains previous illnesses, general basic indicators, allergies to medications, etc. At the same time, collects the position of the medical parameters of her current location that the wrist device keeps sending.
Upon arriving at the scene of the event, the paramedic has the necessary instruments for the exact first aid care that Alicia requires, as well as as well as a clear idea of what to focus on. It performs a quick fingerprint scanner together with facial recognition, which confirms the identity and proceeds to carry out the planned procedures to promptly take it to the best option of care center indicated by the system, due to the urgency of the case, its nature, distance, traffic and availability of care.
Thanks to the fact that her information was available to be accessed by the different participating instances, Alicia was attended to quickly and accurately.

---

We are living in a moment in which a turning point is occurring as far as the concept of privacy is concerned.

But first, let’s review definitions in search of a starting point.

According to the OED, privacy is defined as:

The state or condition of being alone, undisturbed, or free from public attention, as a matter of choice or right; seclusion; freedom from….

And private :

Restricted to or for the use or enjoyment of one particular person or group of people; not open to the public.

As expected, the academic definitions do not help much and it is necessary to delve into other speculations.

Not so long ago, I heard Kade Crockford, Director of the ACLU of Massachusetts’ Technology for Liberty Program, refer to privacy as a matter of control. And, although she, as an activist and advocate, was referring to the loss of privacy through facial recognition, as a tool of control of one group over another to dominate it, giving a little twist to the approach, it seems to me that indeed privacy is very much about control, but more than between rival groups, it is about control and the decisions I have to make about myself, about how, with whom and for what purpose I reveal aspects of myself to a third party. At least, so far.

Privacy, as a concept and as a practice, is evolving. It always has, only now we are forced to change and we notice it more.

Athur Clarke and Stephen Baxter, touch on this theme in part of their novel «The Light of Other Days» in which a new technology completely eliminates privacy and humanity must adapt to this. The concept of intimate or private disappears as we know it, yet human activity continues to take this turning point as an opportunity to evolve as a race.

It is similar to what is happening today with the massification of the Internet and the avalanche of information caused by social networks. Currently in practice our activity is somehow captured and stored in the cloud being virtually impossible to avoid or put locks.

Our resistance to change makes us desperately look for ways to keep our data from being visible to those we don’t want, yet contradictorily we want it to be permanently available to us and our «allies».

Why? So that they are not misused, we say. But… what do we mean by misuse?

Let’s go back to Kade Crockford and his approach that privacy is not about hiding information, it’s about control.

Okay, good point and food for thought. We want to be in control of our own information so that it is available to whomever we want or it suits us at any given time. That would be fine.

But, let’s take a case. I’m walking down a dark street and, as usual (or should be), I don’t have any geolocation device activated… for safety, I think. Suddenly, however, a criminal comes out, points a gun at me and asks me to go to an ATM to withdraw money and rob me. Do I have time to activate the geolocation, or do I ask my assailant for permission? And once activated, how do I send this signal to the police or to someone who can help me?

So, we can think about always having it activated. Now everyone can know where I am at every moment…. also criminals (oh no!). It’s kind of a dead end street.

Well, we thought decided then, we’ll give an «Artificial Intelligence» the decision to identify when I’m in danger and give notice. Perfect, but am I not then delegating control to this technology and according to the definition of privacy = control, am I losing privacy?

We can also position ourselves on the assumption that if everyone always knows where I am, «the good guys» will always know and that will deter «the bad guys», therefore if we eliminate control (premise of the book) and everything will balance itself out.

Everything can happen, and we can imagine whatever we want, we will always have a blind spot that we will not be able to solve because we are prejudiced with keeping the concepts as we have handled them until today and we rarely open ourselves to think towards the future in an evolutionary way, and even when we believe that we do, it is in a limited way. The only certainty is that changes, in this case technological, make us lose control of our own information, and the issue is to know where this is moving and what is the new way to have control, before deciding not to have it.

It is a complex issue, but my intention beyond offering some magic answer, is to indicate the need to get rid of the prejudice that we should keep the concept of privacy as we have been doing so far, and go one step forward evolving our preconceived (or preconceived) ideas and find new paradigms for this.

Possibly our data should still be private, but in public.

The debate is open.

Omnilaborality

With the unexpected protagonism that technology has taken in the advent of a new work culture, in which the need for ubiquity and agility seems to take over the current ecosystem, the professionals who head the technology areas of companies have had to evolve towards a business conception that goes beyond, and have had to realize what has been commented for some time, not only must technology be applied to meet current requirements, they must also develop the necessary skills to be businessmen who accompany organizations in the economic language that they handle; This, among other things, consists of visualizing the possible scenarios to come in order to anticipate changes as far as possible.

Leaving aside for a moment the concept of «businessman», it is important to focus on the role of «futurologist».

A clear example of this is that the way of working has evolved, and continues to do so, at an accelerated pace towards a scheme that we cannot even call a hybrid environment. This last concept, in my opinion, refers to a binary conception: we can work in a traditional work environment (read office), or in a remote one (read homeoffice).

But in reality, this dual environment is not necessarily the end state of the way we work. Technology is constantly evolving and is allowing us to go beyond being stationed in one place to work at one point in time. We can now be completely independent of positionality if we need to be.

For example, and to be clearer about this, let’s take a work activity that intuitively lends itself to mobility: The Meetings.

We can well imagine participating in a meeting in a remote room using a computer, at a certain point transferring the meeting to our pefered mobile device and continuing by this means, and then finishing in the traditional office in person. Was it a home office or an office, or was it something different from these concepts?

It is a simple example, but I believe it is illustrative, and the scenario is rapidly becoming more complex and expanding to other work activities according to technological evolution and the needs of businesses and the people involved. Metaverse, Artificial Intelligence, Augmented Reality, Internet of Things and others are all working together to make this happen.

More than hybrid, we are now in the presence of OMNILABORALITY.

The collaboration and teamwork tools we know today will not be remotely similar in a few years, just as today’s tools are not remotely similar to those that existed before the pandemic.

Are we preparing for this yet?

One of the characteristics of the new technology executives is to think ahead and match what is coming with the current reality, so that there are no forced leaps due to unexpected external events such as the pandemic. At least that’s what companies should be looking for in their technology leaders today. In addition to technology and business, VISION and STRATEGY.

A sheep fable

A farmer had 30 sheep that he had to take out to pasture every day at the beginning of the day, to return them to his barn at night.

Since it was just him, the storage mechanics were next:

He would arrive with a sheep and throw it with a rope, tie it to the side of the stable door, open the lock on the door, take the sheep and put it in. He closed the gate with the padlock and went to the next sheep.

At one time, the farmer had to leave his farm for several days so he asked his neighbor to help him by taking care of his sheep where he was not. He explained to him in detail the procedure to be followed, and he left confident that his flock would be well cared for.

For the first couple of days, the friend followed the farmer’s instructions to the letter, even though he thought the process he was following was not the best, since having to padlock the fence for every sheep that came in seemed to be a waste of time. So, on the third day he decided to optimize the process. Instead of opening and closing the lock each time, he got slightly longer loops to leave the animals tied up inside the fence. This would save movement and time.

It worked perfectly on the 3rd and 4th, and the good neighbor was happy.

At a short distance, a prowling wolf was observing this change in the routine that was previously in place and was gradually approaching without the person in charge noticing, until in the evening of the 5th day and when many sheep were already tied to the stable inside the fence, he entered willing to obtain a succulent booty.

Finally when the neighbor returned with the next sheep to guard, he found that there were several loose ties from the sheep which, in their desperation, had managed to break free and flee; several wounded sheep and signs of blood on the ground indicating the dragging of one of them already dead.

---

Many times we do not understand what the processes are for and why there are safety regulations. We think they are to prevent us from doing wrong, when in most cases it is to protect ourselves from disasters and attacks. In view of this, and before questioning procedures and rules, we must try to understand why and what they are there for.

• A cumbersome process is better than no process at all.
• Security is not always to prevent something from escaping, it is also to prevent something from entering, and vice versa.
• Reducing process times does not necessarily mean more profit or better.
• Asking to raise any standard for comfort or agility, sure causes problems.

Just to mention some of the «morals» of the fable. You will have others, go ahead with your comments.

Could be Messi a top goalkeeper?

The Incident

May 2017.Telefonica Spain, among other companies, suffers a massive ransomware attack.

Those of us who follow this case, also remember the efforts made by Chema Alonso, (in charge of the company’s cybersecurity) to lower its profile or to dissociate itself from the problem.

El Mundo Daily, in its electronic version wrote:

Many Twitter users are blaming Alonso for contradicting himself, because in their tweets he denies being inside Telefónica and that security does not depend on him directly, despite the fact that the company’s corporate website assures that he is «responsible for global cybersecurity and data security».

The Manager

Chema Alonso is a famous Spanish hacker. Probably the largest in that country and among the most capable in the world. His biography mentions that he is a systems engineer and a doctor in Computer Security from the Universidad Rey Juan Carlos in Madrid (although today that doctorate is not published on the website of that university).

An infinity of awards and eminently technical articles really brilliant.

How, then, can this company be attacked and be successful?

Beyond the standard answers like no one is perfect or the best hunter will miss the hare, in my opinion the explanation goes for the subject of the skills needed to fill the position of security manager.

A hacker’s activity can be summed up as finding a vulnerability and concentrating on reviewing the different ways to exploit it, then concentrating on building and using the tools necessary to execute the selected form to complete its goal.

The activity of those who defend information systems is to worry about eliminating or mitigating each and every one of the existing vulnerabilities, known or unknown, in order to prevent, detect and prevent the information they contain from being affected or violated in any way.

Can you see the difference?

The incident mentioned is just one example of what is happening in some organizations. In light of the fact that cyberattacks have been increasing, the need for professionals to enable us to be prepared for them, prevent them, detect them and, if necessary, react appropriately has become a race against time and against the lack of this type of profile in the market.

It has turned to see, then, precisely those who in one way or another have the necessary skills to violate the security of companies, turning them to the «white» side, hoping that if they know where to enter, they can contain their colleagues in their attempts to do the same.

Unfortunately, with this approach, organizations will still be far from generating an integrated security strategy, and will continue to be filled with tools to stop the various types of attacks. Those that are fashionable at the time.

We’re misusing our cards.

We believe that by filling ourselves with successful and skillful strikers in all positions of a soccer team, we are guaranteed to win every game and we are not.

Anyway the solution is not, from my point of view, to think that we should leave aside the experts in attacks and vulnerability review. What needs to be understood is that each element within a cybersecurity scheme must have the right skills profile so that they can carry out their specific activities with complete freedom and confidence, in addition to interacting naturally with the other actors in this ecosystem.

In my mind, these actors in general can be classified in two Internal and External (or support).

Internals

Within an organization, it is necessary to establish, not always formally, two basic areas: a centralized one that must be in charge of the strategy and the analysis of information, and a distributed one that must execute the guidelines that the first group defines. I call the first INTELLIGENCE and the second EXECUTORS.

This is how the following action diagram is configured:

Intelligence members should be able to see the broad spectrum of attack possibilities, know the priorities of the company, and establish the priorities with which the different threats should be addressed according to the assessment made of the potential damage. It must be remembered that there is always more to protect than available resources, so the ability of this team to optimize these resources with the right strategies is fundamental. We are talking about defending and not attacking.

It should also be noted that the Executors do not necessarily belong to the information security team, but are mostly external, such as for example:

1. Infrastructure: setting up and maintaining perimeter security and network patrol tools.
2. Development: Including in its applications the codes necessary to ensure security in the use of these.
3. Users: Actively respecting policies and procedures, as well as actively participating in campaigns to generate a culture of security.

Externals

On the other hand, every security scheme needs to be reviewed and tested periodically. At this point the white hat Attackers are well received, since with their skills they can test the strategy that the internal team implements.

It is not convenient that these actors belong to the organization, since it is important that they do not know beforehand either the strategies or the implemented security tools. But at the same time, it must be a team that is trusted for its integrity, beyond its expertise. It must be remembered that they will know the weaknesses that they may have, so they must be reasonably sure that they will let us know the totality of the findings found.

Conclusion

With this organizational scheme, we will be able to better understand the competencies needed for each actor depending on the team in which they are located. Moreover, it is easy to implement as it makes use of elements that already exist within any organization such as the Executor team. It is only neSpanish Versioncessary to concentrate on the Intelligence team, which can be made up of only one person initially. While with the external team, you can wait until there is adequate maturity and eventually hire if it is considered necessary.

Each stroke leaves us with lessons to learn, I suppose the company I started with exemplifying the reality of many others has done so as well. The important thing is not finally the names with which the different positions are covered, but that the skills are adequate. We can’t put Messi on goal and expect him to be a good goalkeeper, his function is to attack.

Push or Wait

I’ve read somewhere that luck doesn’t exist, that is actually the result of the combination of preparation plus opportunity. And while in a way it’s right, and those who complain of «bad luck» I think it’s often that they haven’t had enough preparation to take the opportunities that present themselves along the way, I’m also not comfortable thinking that it’s all about being very prepared waiting for the right occasion to arise. I think this is just a part of the film.

We have at least two ways of dealing with the future, from a complex organization to even a personal one.

One of them is to draw up a master plan that governs our future actions and/or decisions, and to push the necessary changes to comply with it. If you like, it is a proactive way to move forward to where we want to go to the end. For this we must have clear from the beginning where we want to reach and what level of flexibility we will maintain if we admit the possible variations that may arise during the journey.

Another is to take advantage of opportunities as they arise, but this must be based on a very strong culture of strengthening of capacities above all other participants.

There are many success stories for both scenarios.

If we take it into the IT arena, and put ourselves in the CIO second level scenario (see CIO’s Path), we can see that both strategies are applicable. In this analogy the opportunities can be represented by the requirements (sometimes very challenging) of the business with systems, so a solid base of growth and constant training of the team to develop the necessary skills and competencies or above what is needed, would facilitate us to successfully leave each of the proposed challenges (or imposed as you want to see).

Another choice is to draw up a plan in accordance with the company’s strategic plan, so as to go even one step further than what the business needs at a given time, and thus ensure the appropriate IT support required. However, this does not free us from requirements not contemplated by us that must be met anyway, so we must also incorporate the flexibility factor in our plans.

Of course, these two sides have pros and cons, among which can be mentioned:

Planning

Advantages	Disadvantages
Organizes activities and causes them	If uncertainty increases, the accuracy of the plan decreases
Anticipate Changes	Unexpected changes destabilize it
Allows you to set up controls	Limits the scope in particular initiatives
Allows the team to know the direction it has	Masks opportunities outside the stated objectives

Strengthening of capacities

Advantages	Disadvantages
Allows to be prepared for the variable circumstances of the environment	Cannot anticipate long-term objectives
Responds to changes	Controls are only established for particular and not general activities
Uncertainty doesn’t affect her much.	Risk that enhanced capabilities will not respond to future demands
Allows flexibility in exploring particular initiatives

As can be seen, these advantages and disadvantages are annulled if we put them together with each other of each paradigm, so the question immediately arises: Can we carry out the two in parallel?

In my opinion, it is possible, although of course this involves a greater difficulty than only holding on to one of them.

In order to be able to do this, it is at least necessary to be clear that the following must be achieved permanently:

• Integral training plan for the work team

Ideally, there should be a constant flow of training in the work team and, although it is not possible for everyone to do it at the same time, look for at least part of the team is always learning something new or perfecting itself. In this way we are not only prepared for new tools or challenges that may arise, but also try to respect the interests of each individual in the team. With this it will have achieve as an added product a very important good for the group: loyalty.

• Knowledge of the business (or the businesses if it is a corporate)

As I have mentioned in previous articles, IT is not an isolated box that only has to make the lights of the site are on, it goes beyond and to leave the first level CIO, it is imperative to leave the room of systems and see that there is beyond there. First the business or company in which you work and at a slightly more advanced level the environment in which the company moves, environment and future.

• Knowledge of Directors/Owners.

I add this point because beyond the strategic plans, the mission and vision that the company has put into beautiful reports and charts (and that even some of these points in many companies are not even written), what is being thought and felt by those who head the organization will allow the best possible plan to be generated as an area both for strategic accompaniment, as well as eventually influence the direction taken as a business.

With these three points as a base, we can establish a framework that allows us to take advantage of both schemes to face the future. Is it more intense work? Yes, since we have to prepare in the specific aspects to carry out the guiding plan that directs in general the trip of the area, but we also have to prepare well in general issues and trends, allowing us to take the opportunities that present themselves along the way. However, I believe it is worth it, and in these changing times it is already a must.

My Way

Establishing a common thread that mark the CIO’s work, whatever the company or industry in which he operates is not easy. Each company, even if they belong to the same industry, has its own particularities, typical of an organization that, when formed by people, is changing permanently in its organizational culture and in its processes, especially in the present day in which the environment demands a quick and constant adaptation to it.

In this way, there are aspects that must be taken care of and increased, so that they form part of our good practices in terms of the management and leadership of our teams, which we must carry out.

1. Listen to your user (Customer)

You need to be always the «Best Friend» of people what you give your services. Especially because the specimen called «User», frequently to come to us with a solution in mind that, in my experience, is usually not what they really need. You have to look underneath everything that says what is their real need is and find a way to satisfy it in the most agile, simple and concrete way possible.

I have put some more comments about this in the article (in Spanish) «Primero lo primero» (click here)

We should always be borne in mind that the «User Experience» (UX) should not only refer to the final product that can be delivered to they, but to the entire process from the first contact to the satisfaction of their need. In this sense it is useful to think of them as our Clients, as if we were a consultant and we need them to buy the solution we are providing.

2. The important thing is business (information) NOT technology

Would you talk on the phone to a person sitting next to you?

I guess not (although I did see it done sometime). It is much more effective to turn around and speak to him directly in the traditional and analogous way, face to face.

What if he is at across the corridor, further away?…the answer is likely to be either «it depend» and different variables will come to play such as the immediacy with which the answer is needed, whether it is possible to move or not from one place to another, and even climatic factors to decide when the use of technology (telephone) becomes necessary.

The important thing is that the technology chosen is in function of the needs that must be solved and for that we must be clear about something that is very difficult for us to assume: Technology is not the goal, it is just the tool.

And it is in this way that in recent years progress has been made in the awareness of those who lead the technology areas that their functions are now more strategic than operational. You need to know who your customer is (business and systems), what they want and what they need (they are two different things). It can be very attractive to enter into Artificial Intelligence projects with Big Data to establish interfaces with the final customers, but if the problem is that Logistics does not have the right tools it needs, more traditional (therefore less challenging),use the latest technology in the front-end will be don’t any usefully.

Technology only for Technology, in a business it is useless.

3. Take care of your team

All that is done is through others, who are part, permanent or temporary, of the work team. The team must be able to know exactly what is expected of each of them and must be allowed to do what they do best. What we must always bear in mind at this point is that if we have been working in a sector for some time now, the team we have is the one that you have formed and decided to work with us, so if we cannot have confidence in what they will do, the problem does not lie with them but with the person who chose them.

But we must also be attentive to their motivations and needs, although not all of them can be satisfied at the same time, I have found that the knowledge that they can have personal achievements through collaborative or team work, keeps them permanently wanting to show what they can achieve.

Likewise, we must be grateful. The equipment is our hands and we must constantly be recognizing it. The thought of «They only do their job for what they are paid for» is the worst poison that can be used to achieve the synergies that will make the Systems area a real contribution to the business and not just a few equipment loaders.

---

Regardless of where I have been, I have tried to respect these three guidelines and it has worked to a greater or lesser extent, I have found it gradually along the way and they have become part of what I do every day.

How ever, the details and the «weight» given to each one at a given moment depends on the environment in which one finds oneself, the specific culture of the organization and the «intuition» of each one of us, that is where one has to find the right balance, and as each time is different only remains to do things in the way each one does. In my case, my way.

 

Seeing toward 2018

I definitely believe that the break-in of WannaCry changed the scenario in which technology has been moving until now.

Information security went from being a backdrop, to a protagonist in the plans and strategies of the IT areas of various industries.

In a painful way for many companies that experienced it in their own flesh, and in a distressing way for those of us who were close witnesses, this event put us abruptly into the reality that we were lethargic.

And Wannacry wasn’t hard to fight:

1. As always, and like all ransomware, It took advantage of the human carelessness that is the cornerstone of the penetration strategy of this type of attack.
2. It used a vulnerability not so new and familiar from the operating system in which it was installed.
3. It had a kill-switch that was easy to detect and use. Which finally stopped the attack.

When we recovered from this event, Information Security becomes from being the uncomfortable guest to the protagonist of the party. Among other lessons that have been learned from this are the following:

• An Antivirus and a Firewall is not enough to be secure.
• Operative System Updates must be permanent and not conditional on «Business Requirements»
• We need to worry about all dimensions of enterprise information architecture
• Network is not physical anymore, now is virtual, and security must to incorporate this approach.
• Each element of the information security architecture must interact and coordinate with each others. We need to do that all of them work together.

Perhaps because of the same reason, we have noticed that there is also another point that is beginning to be drawn on the computer security map, and that is that of prediction. Once we have the technological elements working together, they will be generating valuable information that we can store in some way. This information may be used to analyze and predict potential attacks or violations on our network, based on the behavior of each party and the interactions between them. For this it is necessary to use BigData tools and artificial intelligence that together can find interrelationships and patterns beyond what a human intelligence can do.

And it’s that in this year we have also witnessed the generalization of concepts such as Artificial Intelligence and the Internet of things, both together with very popular devices such as smartphones and wearables. The former have been the driving forces behind virtual assistants such as Siri or Cortana, while with wearable ones we can count on sensors that provide us with information about the most varied characteristics of ourselves and the environment that surrounds us. Thanks to this popularization, it has been demystified that this type of technology is unattainable due to how complex or expensive it can be.

Ok. it is not cheap, but it is true too that the current cost are affordable and completely justifiable according the benefits that they bring us.

Anyway, in the beginning year, and unless another technological meteorite like ransomware with witch I started this article hit us, I think that we are working hard in three things:

• Information Security Intelligence
• Interrelation and coordination of (poorly called) artificial intelligence and humans
• Predictive analysis with the information that we have accumulating.

I no longer eat silos isolated but interact with each other.

At least that’s what I’ll be working on.

Happy new year 2018!

We all wanted to be innovative

In the current times, innovation seems to have appropriated our activities and our work, in all areas. We are practically forced to do something «truly innovative» and in some conversations, several colleagues have commented to me that it is a question that they make to candidates to be part of their team: «How innovative do you consider yourself?«

Is it really a requirement to be innovative to achieve goals today?

I do not think so.

What happens is that changes (especially technological) are happening so quickly, what we do need imperatively is an ability to adapt to them, and an ability to adopt them quickly …. When needed.

However, in any case we are all innovative in a natural way, so that at the right time will arise that ability. We must bear in mind that innovation is not a brilliant idea that comes from a moment of inspiration. Although it does not seem like, innovation is almost always small things that generate important changes. Changing the tips of sticks for sharp stones meant a great innovation in their time (perhaps the first of humanity), or the appearance of the corcholata or crown cap for the bottles, in the nearer times, revolutionized their scope of action.

If we look around us we will find many examples of innovative ideas without which today seems impossible that it did not exist at some point. Precisely this daily life is what makes it appear that very little is really innovative, since the initial surprise disappears very quickly.

Another thing that needs to be taken into account is that technology (particularly that of information) is not a condition, nor does it necessarily intervene in the conception of the idea.

How can we do to establish innovation as leitmotiv of our activities?

It must be clear that innovation is the implementation of creativity , so the process is born from having creative ideas. And this is good, since we humans are eminently creative beings, a quality that society is opaquing us as we grow, but we always maintain. We can then use the 10% rule, in which we can point out that out of 1000 ideas, 100 are viable; Of these 10 are implementable and finally only 1 is successful.

Now the problem is how to generate this amount of ideas. For a single person it is quite complicated, because in addition you have to document them enough to make the selection and move on to the next step. However, we can then make use of another capacity in which the human being is quite good: teamwork. Using techniques already known as brainstorming, or encouraging company members to send their ideas (whatever) to a mailbox, we will get the raw material we need and the rest of the process is analysis and re-give ideas about those that have been selected.

That is, one way to generate innovation in my work team is:

1. Get ideas from everyone, no matter how crazy that they look.
2. Check them out and stick with those that have some application or viability
3. Of those that remain, works with those that can be implemented
4. Use them and wait for some to have the expected performance.
5. Go back to point 1, and include the ideas you’ve already discarded, sometimes an idea that seems crazy, with the passage of time is the one that gives you the solution.

Implementing innovation.

We must keep in mind that, finally, innovation is a type of change that must be handled in the best possible way. In fact, it is a change that violates our status quo, and so the resistance it generates in many individuals is greater than when it comes to changing a thing for another but different known.

Therefore, if product of the previous steps I have already obtained a viable innovation, it is necessary to take into account that when implanting it must be managed this change, which means to be prepared to handle the different barriers that are presented, people who:

• He just does not like new things
• Feel threatened by change
• They are afraid to make mistakes because they do not know about innovation
• They think «all past times were better»
• They feel handicapped because «It did not occur to them»

For all these attitudes, there are tools of the Change Management, which I will not review in this article. It is only necessary to know that these barriers exist and that they must be handled properly to minimize the risk of implementation failure.

And Technology?

As already mentioned, innovation does not necessarily require the application of technology, to be so. However it is of great help. Thanks to the new branches and trends of today, is that it has accelerated the appearance of new applications or improvements to the existing. And innovation is not only creating something out of nothing, it is also improving something existing. And in both cases the technology can act as a catalyst.

A clear example of this is the case of using tools of one specialty to achieve innovation in the products of another. For example, Chef Dianara Kasko, creating new forms of pastry using 3D printing .

Finally, regardless of how it is done, or how we do it, it is in our human nature to innovate, as it is part of the creative capacity we possess. In addition today we have more and better tools than ever before, and allow us to put our ideas into practice better.

You have to. Not because it is a requirement of business or to look very good professionals, but because it is what sets us apart from other living beings.

Sometimes what is truly innovative is doing what everyone knows what needs to be done … but nobody does.

(my) CIO Team

I have read some articles and opinions these days about whether the various IT C-Levels that have emerged in the last time, must be hierarchically dependent on each other, or all should be reporting directly to the CEO, or some mixed scheme.

Before reviewing this topic, and expressing my own point of view, I would like to quickly review the most common «C» today and what, in my opinion, is what they do or should do.

CIO: Chief Information Officer. As I have reviewed in a previous comment, there are different forms and levels that explain the role that should play in today’s organizations. For purposes of this, we will take into account the CIO as business driver and strategic management partner. This is because today «all businesses are, at least, IT businesses», so it is up to the CIO to be attentive to the possibilities that exist today and, if possible, to anticipate the coming changes, to establish the guidelines of where the IT development so that the organization to which it belongs advances in its business plans without our area being a problem. He must direct computer policies and systems equipment.

CTO: Chief Technology Officer. It is often confused his role with CIO, may be because in the first two levels their responsibilities are very similar. In reality, it must focus on the direct application of technology as such, and in that sense it is a position that has already existed for a long time and is no more than the head of the infrastructure area, of course, with today’s technological reality in day. Today you should be concerned about the relationship between service providers, platform and/or cloud infrastructure; Keep up with and support the traditional operation; And integrating both worlds so that the user does not notice the difference of environments while using the different tools in different environments.

CISO: Chief of Information Security Officer. He must take charge of the strategic planning of the security of the organization. This means that you should review the practices and risks to which the organization is exposed, evaluate them from the business point of view, establish a medium-term and long-term plan and see that it is implemented correctly. The actual execution, is not in his charge, but of each specific area.

These are the most popular titles nowadays, to which from time to time they appear others like: Chief Data Officer (CDO), responsible for the exploitation and analysis of the data; Chief Digital Officer (CDO), usually responsible for directing the digital transformation of the company; Chief Innovation Officer (CINO), responsible for generating and encouraging innovation; etc.

A separate mention must be made to the CMO, Chief Marketing Officer, who, given his great dependence on current technology, being one of the main users of it due to the great rise of social networks, the invaluable information given by Big Data And other tools, have been the main, but not the only, responsible for the emergence of «Shadow IT», which I will explore in a future article, but that should be an extra concern of IT head, which until recently did not exist.

Regardless of sound titles, the truth is that information systems should be an area that is already more than a support for current companies, and should be organized in such a way that the different responsibilities of support, plans and tactic executions, guidance and foresight (if possible) of the future environment and business counseling.

For this, then we will ignore the titles to focus on the activities.

We must ensure the operation of the systems that are currently operating, which must be in charge of who is in charge of the Infrastructure, whether physical or logical, and therefore this area must have the support to the users.

In the same way you must have an adequate maintenance and development of new functionalities for the systems that are part of the business architecture that counts (not everything can be bought, and yet you have to establish the link between the business functions with suppliers). Therefore we must have a systems development team.

Increasingly important is the function of analyzing and interweaving the avalanche of data with which we have so it must be a dedicated team.

And also, if possible, generate an area that will help to «drive forward», and is dedicated to assemble prototypes and pilots of possible new applications and functionalities, to take better advantage of the already installed technology base or demonstrate the Usefulness of new trends and systems.

Finally, the coordination of information security. I will repeat once again that this does not refer to a firewall or antivirus. This activity refers to a holistic review of the organization and the establishment of an appropriate strategy that encompasses all the dimensions that companies possess. At least: Users, Systems, Logical Platform and Infrastructure. This team must interact with all other areas of IT, as it is not responsible for executing, but to direct and see that it is executed according to plan.

So things, we end up having the following group of areas:

• Infrastructure
• Development
• Innovation
• Data mining
• Security of the information.

I must concede that although it may seem easy, it is not. Especially for the budget constraints we always deal with, however with a little creativity we can somehow cover those activities. In my case, I have not been able to develop a formal area that is in charge of innovating, but we do it through the collaborative work of all the others that contribute their grain of sand to be able to do new things that serve the business. I’m very proud of my team.

Finally, if you want to put names «C» to the schema I just told you, I leave the following diagram:

Please, comment if you think that I forget anything.