Apply to MSS

First Name

Last Name





Check all that apply

Experience with a major consulting firm

Check all that apply


Check all that apply


Check all that apply

Functional Experience

Check all that apply

Attach Cover Letter

Attach Resume

Join Our Talent Community

First Name

Last Name





Check all that apply

Experience with a major consulting firm

Check all that apply


Check all that apply


Check all that apply

Functional Experience

Check all that apply

Attach Resume

facebook gplus linkedin sharethis
  • Blog

    blog banner
  • Tag Archives: Digital Transformation

    The Case for Ambiguity – How to Set Your IT Project Up For Success

    ambiguity game

    I really enjoy playing guessing games – you know, the types that you would do in a case interview, in business school, or with your nerdy, analytical friends (and yes, my friends and I would fall into this category). It’s fun to try and give your guesstimate on how many golf balls could fit into a 747 or how many cigarettes are smoked a day in Montana. Even though I enjoy it quite a bit, I couldn’t imagine having my job hanging in the balance based on the accuracy of a hypothetical exercise. However, that is exactly what happens to an overwhelming number of leaders on a regular basis with their technology projects.

    A McKinsey-Oxford study found that large IT projects go over-budget 45% of the time, over-schedule 7% of the time, and under-deliver 56% of the time¹. This translates to an awful lot of Steering Committee meetings where a Project Sponsor is forced to have an uncomfortable conversation with company executives on why their project is not meeting the metrics that were promised. But why does this happen? Why do very capable individuals (who called in experienced implementation teams) consistently find themselves in the hot seat with their projects? In many cases, the projects were doomed from the beginning due to basing the foundation of the project off of hypothetical exercises and guesstimates. Let me show you what I mean…



    Projects tend to start by following a fairly predictable pattern:

    MSS was recently brought in by a client that was experiencing significant difficulties during a Back Office Transformation project. The implementation partner was well over a year into the project (and already several months late from the planned go-live date), with very few tangible deliverables to show for their efforts. After a brief assessment we were able to quickly determine the cause of the issues: there was not enough effort early in the process focused on the true needs of the organization and the development of a corresponding scope. Instead, the organization was focused on finding a cost-effective supplier based on limited information of the business needs. This lead to the organization selecting a solution that did not meet their future state vision with an implementation partner that did not have experience in delivering the necessary scope (focusing on developing what they did have experience in delivering, instead). Fortunately, we were able to work with the client in developing a relatively quick course correction, but not until after they had already accrued a significant amount of sunk cost before realizing the project was doomed from the beginning.

    In this case, the project failed its metrics the moment it is approved based on a rough, uninformed estimate. However, we have seen that this is not a unique case – it happens to a surprising number of companies regardless of company size, budget, industry, or even level of experience of the Project Sponsor. Bad things happen to good executives, but there is a way to avoid being put in this situation.

    How to Avoid Project Estimation Errors

    Chances are, you know all of this already – you have had a project (or maybe several projects) that quickly grew over-budget and/or under-delivered. But what can you do about it?

    The single biggest thing you can do to set yourself up for success is to live in cost/timeline ambiguity during an early assessment phase to get an accurate scope that focuses on the true success of the project.

    Once the initial problem is identified and documented internally, allowing an experienced team to evaluate your environment, account for potential complexities, and develop an agreed upon scope upfront can help provide a far more accurate understanding of the true efforts needed. It is critical to also use this initial assessment to identify what is needed to truly make this project successful. Answering questions like ‘Which resources will we need for this project?’, ‘What success metrics will we orient our decisions toward?’, and ‘How will we prepare our End Users for success on day 1?’ will go a long way in achieving the goals of the project.



    This re-imagined launch of the project is as follows, focusing on a more success-oriented process and list of activities:

    We live in a world where rapid technology changes and advancements are more than the norm – they are a requirement to survive in business. Before the whirlwind of a project begins, make sure to take the time to set your organization up for a successful project, rather than for a project doomed to disappoint. Being comfortable with living in temporary ambiguity will save you from a revolving door of unfortunate conversations with your Steering Committee.

    ¹ Bloch, M., Blumberg, S., Laartz, J. (2012) Delivering large-scale IT projects on time, on budget, and on value.

    Are You Ready for Analytics? 3 Aspects to Your Organization’s Analytics Maturity

    In the previous article, we talked about the importance of a business/outcome-driven mindset to derive value out of your data and introduced the “Question-to-Value” approach. So, are you ready now for analytics? It is a critical exercise to assess your readiness before launching the actual effort. In this article I will share the three components for evaluating the maturity of your analytics: technology, business competency and culture. Also, stay tuned for our upcoming BTI workshop that will arm you with a practical assessment and more strategic guidance to steer your organization’s analytics journey.

    With all the hype around data and analytics, it is nearly impossible to ignore it as a leader. If you are reading this article, you are most likely seeking the answer for: Am I (Is My Organization) Ready for Analytics?

    It is a very useful and almost essential exercise to assess the maturity of your organization for analytics before launching any analytics effort. When doing this, there is more to consider beyond the usual suspects, i.e., the technology side such as data infrastructure and technical talent. The assessment should take a more holistic view of your organization, for although critical, technology maturity is not the only ingredient required to succeed in deriving real business value from data and analytics.

    There are three components to consider when you assess your analytics maturity: technology, business competency and culture. They should be assessed and improved in a balanced way to ensure the success of any analytics project to be developed in your organization.


    The core of a successful analytics practice is, without doubt, the technology capability. There are three major aspects: data infrastructure, data quality, and technical talent.

    Data infrastructure lays the foundation for analytics by consolidating the organization’s available data sources into one single repository. This might be a lengthy process; therefore, it is important to invest in the agility of the infrastructure. When there is need for previously unavailable data, possibly from your analytics initiatives, an agile infrastructure can quickly enable capturing of new data field and sources, and make adjustments. In this way, you do not have to wait upon a perfectly comprehensive data infrastructure, which may take forever to build, to start conducting analytics and realize value from your data. (see previous article)

    Analytics starts on a solid foundation of good data. Bad data quality can severely impair an organization’s ability to gain any useful insights from their data. When building your data infrastructure, it is critical to design appropriate data collection and storage process, and build proper data QA/QC (quality assurance and quality control) process. The tolerance level for errors varies greatly depending on your business setting and should be carefully selected through discussions with the technical team, as well as business leads. Good data quality is vital for your organization to start leveraging data as an asset.

    The third component is talent. Don’t jump to the conclusion that you are locked in a battle for rare, expensive analytics talent and get intimidated. Most likely you are not competing against the employment propositions of digital-native brands or the salaries of investment banks. Find the talent you need for a competitive advantage against your actual competitors, not Facebook, Goldman Sachs, or Google. Start by looking for the analytics talent you already have and ask if you are putting this talent to its best use, before looking externally.

    Business Competency

    Again, technology maturity is not the only component when assessing your readiness for analytics. You need the “Brain” to give directions to your talent on how to use your data to arrive at business insights and action items, which are the ultimate goals of analytics.

    One of the first things needed is leadership that believes in leveraging data for making decisions. Data-driven leaders not only trust data to prove/disprove their own beliefs about business opportunities but are also open to learn from data, regardless of their beliefs. Once the organization has the majority of decision makers wired to leverage data, half of the battle is won.

    Once leadership is in place, next comes implementing the appropriate analytics approach, which often means that data needs to be inserted into the decision-making process. We have covered this point extensively in the previous article (The Biggest Myth Preventing You from Deriving Value out of Your Data), and the key to success is to always start by thinking “what is my biggest business question that I wish to answer, or business issue to solve, that could potentially be opportunity for analytics?”

    The final component is again, people. In addition to the technical skills to analyze data mentioned in the session above, the right analytical skills also include interpersonal/business skills to bridge the gap from data to business. Investment in analytics training for your key business analysts, and basic business knowledge training for your data analyst is a great idea. It will help build seamless communication between data and business and move the organization further towards analytics maturity.


    Once the organization knows how to use data effectively through technology capability and the right business process, it must somehow apply the findings. That usually means, among other things, a change in corporate culture. While it seems like something to consider “after the real work is done”, culture is real, and is something better addressed sooner than later. According to a McKinsey report, companies in the top quartile of culture health return to shareholders three times higher than the rest.

    Getting your culture right by making it suitable for your strategy is one of the biggest levers management can pull. And it is possible to achieve culture transformation in a way much more structured than you thought. The fundamentals are very similar to many other generic cultural transformation lessons and include: measurement, role modeling, change messaging, incentives, and skills. More specifically for analytics, four key steps are of high importance:

    • Define the outcome
    • Set measurable targets
    • Build relevant skills
    • Provide incentives

    and, they should all be directed toward not only the employees handling data and analytics, but also the frontline employees using the outputs (marketing staff, operations managers, sales team, customer-facing agents, etc.)

    A Thorough Assessment

    I hope you have learned the theory of the three-pronged assessment methodology for your analytics readiness, and are now eagerly thinking: How can I do this assessment in real life?

    At MSSBTI we provide more than just the theoretical knowledge. We have developed a practical exercies to provide quantified assessment for your analytics maturity. This exercise is conducted in the form of a questionnaire and visualize your results via a triangle spider diagram, as shown on the right. Armed with this assessment, you will be in a more informed position to decide how to improve your analytics readiness and how to best proceed with your analytics efforts. This assessment is only a small part of our Analytics Assessment and Strategy Workshop, which is designed to help steer your organization’s analytics journey, in a hands-on and collaborative way.

    More details about our upcoming Data Analytics: Becoming an Intelligent Organization workshop can be found here. If you are interested, please register, connect with us, and feel free to reach out for more information.

    Adapt or Get Left Behind: Realities of Digital Transformation and IT Service Management

    “No man steps in the same river twice.”

    – Heraclitus, Greek Philosopher (535 – 475 BC)

    Heraclitus reasoned that by the time we walk from one river bank to the other the flowing river and the person that crossed it will never be the same. This theory of constant change is called “Flux.”

    We’ve all heard the adage that the only certainties in life are “death and taxes”. Well, constant change is another certainty. Organizations that doubt the veracity of Heraclitus’s theory and don’t adapt to disruptive and emerging technologies will get left behind. In fact, organizations that attempt to adapt without a mature approach to IT Service Management will get left behind as well.

    There is widespread consensus that if organizations aren’t leveraging Digital Transformation, Predictive Analytics, and Artificial Intelligence, they reduce their ability to remain competitive.¹²³

    There is also widespread agreement among Chief Information Officers that mature IT Service Management (ITSM) Processes are necessary for organizations to seize the surplus of opportunities associated with disruptive and emerging technologies.

    To be sure, in 2017, Forbes Insights surveyed 250 worldwide IT executives, of which 88% said ‘lack of a Service Management approach’ is hurting competitiveness as a business. Likewise, these same IT executives also believe ITSM as important to related initiatives around cloud computing (86 percent), mobility (83 percent) and big data (83 percent).4

    They also noted despite increases to their IT budgets the majority of the spend was on activities running the business (i.e. keeping the lights on). This disproportionate allocation of the budget and resources prevents IT from engaging in activities that allow them to change the business.

    As Heraclitus proved, change is constant and how we deal with change is the difference between success and failure. The evolving expectations from customers means that IT must quickly develop solutions enabling the business to go to market faster, be more agile, responsive, and adaptive to meet those expectations.

    The purpose of this article is to provide a point of view that addresses a fundamental question: Do traditional IT Service Management Frameworks, such as ITIL have the capabilities to meet today’s ever changing organizational demands?

    Let’s find out.

    What is traditional ITSM?

    Traditional IT Service Management (ITSM) it is most aptly defined as “A Strategic Approach for Designing, Delivering, Managing, and Improving IT Services”. The premise is to follow a framework like the Information Technology Infrastructure Library (ITIL), which is a set of detailed practices for ITSM that focuses on aligning IT services with the needs of business. Over time, the IT department can increase the maturity levels of service management through efficient processes which result in fewer interruptions, less unplanned work, thus providing value to the organization.

    Unfortunately, ITIL has been met with a lot of negative perceptions such as it’s too rigid, too slow, too expensive, and takes too long to achieve desired maturity levels to realize value. While we can certainly refute these incorrect perceptions, during the infancy of our careers we realized perception is reality, so it’s better to accept it and move on.

    The Need for a New Approach to ITSM

    Today’s constant changes in technology and customer expectations require businesses to be more innovative, agile, and demonstrate a high sense of urgency, responsiveness, adaptability, and to move away from traditional thinking to remain competitive. If a customer experience doesn’t meet their expectations they’ll quickly move on until they find an organization that embodies the qualities they desire.

    Similarly, IT has never been asked to do more with less and at unprecedented speeds. And they won’t be successful without a mature ITSM organization. Sean Kirby Vice President, Support Center, at Buchanan Technologies puts it best when he says:

    “The absence of a mature IT Service Management Process is like having a brand-new, state-of-the-art sports car, but with no systems or gauges of any kind to tell you when something is going wrong. It can be great for a while, but eventually it’s going to result in a catastrophic failure.”

    What we need first is a more expansive set of tools that foster a faster, more agile, and more responsive ITSM organization by leveraging best practices from myriad philosophies. (e.g. ITIL, CoBIT, VeriSM, IBM BPM, Agile etc.)

    One such approach is “Agile Service Management” developed by Jayne Gordon Groll.5 Ms. Groll correctly surmises that if we leverage some best practices from DevOps, Agile/Scrum methodologies and merge them with Service Management best practices we can achieve the flexibility necessary to add value to the organization. By extension, value-added ITSM allows the organization to remain competitive and pivot from supporting the business to changing the business to meet ever changing demands.

    At the beginning we set out to answer whether traditional IT Service Management Frameworks, such as ITIL have the capabilities to meet today’s ever changing organizational demands? Absolutely! However, it may be time to change how they’re used. One idea is to adopt a “data driven” and “a-la-carte approach” to ITSM.

    Why take data driven approach?

    A data driven approach allows us to begin where we are. That is, when we analyze the data an organization has, we allow it to make decisions on what is “known” rather than what they “think”. We may very well conclude the data is useless because it lacks the specificity to make meaningful measurements. After all, how can one manage what can’t be measured? Alternatively, our analysis may prove the organization has perfected basic blocking and tackling and is ready to become more automated, proactive, and predictive in its service offerings.

    Either way, a data driven approach allows us to start where we are, to identify and prioritize what needs to be done quickly to ensure People, Processes, and Technologies produce the most value to the business and its customers as possible.

    Why take an “a-la-carte approach”?

    My first IT mentor was a transformational CIO with a successful track record of turning around underperforming IT organizations by aligning business and IT. I can still hear him saying, “Tony, Applications and Infrastructure doesn’t just break; rather it’s more likely somewhere there was a change to People, Process, or Technology”.

    So, when I perform ITSM assessments I often begin by first examining Change, Release and Deployment, or Service Desk processes. If an organization has no formal Change Management process, I know where to begin. Similarly, immature or non-existent Incident, Problem, or Release and Deploy processes provide an opportunity for quick wins and instant value.

    In a world of constant change, ITSM needs to be prepared to shift from slow, outdated processes into agile and responsive approaches to market demands. Approaching an ITSM transformation is a difficult decision, and all IT departments need to consider how well they are serving their business and their customers with their ITSM systems.

    One thing is certain, when you come out of this river, you’ll never be the same.

    Stay tuned for my next ITSM article where we’ll dive deeper into ITSM transformation, including a discussion on the cultural and behavioral adjustments necessary to transform ITSM.


    The Biggest Myth Preventing You from Deriving Value out of Your Data

    In the previous article in the analytics series, we introduced the next disruptive innovation in data and analytics and the importance of getting ready for it. But how? In this article, I will share what I believe to be the biggest misunderstanding about launching your data and analytics effort. I will also introduce the “Question-to-Value” approach to help set you on the right track for deriving value from your data faster.

    No trend in the past 10 to 15 years has created as much buzz as big data and analytics; these initiatives have climbed to the top of the C-suite agenda for many organizations. According to the Harvard Business Review (, companies that inject big data and analytics into their operations show productivity rates and profitability that are 5% to 6% higher than those of their peers. And Forbes found that analytics have been successfully used to improve pricing, and promotions to optimize 6% or more increase in revenue. (

    However, skepticism and hesitation abound. Leaders often convince themselves that their organizations simply aren’t ready for the change. The most common remarks I hear from senior leaders include: “We are not there yet”, or “A better timing for analytics will be after we accomplished our data warehouse project”, or “We need to build our BI team before getting into advanced analytics.”

    All these comments are founded on one single myth: the idea that a data and analytics-enabled business value must be accompanied or even preceded by a fully upgraded and implemented data infrastructure (data warehouse, data lake, database…, you name it).

    This is the biggest misunderstanding surrounding the big data question. And whoever realizes it and adjusts his or her mindset accordingly, will win big.

    True, data infrastructure is important for the long-term health of your analytics program, but infrastructure is not an indispensable ingredient for you to generate business value out of your data. If you are waiting for a perfect data warehouse to start on analytics, you’ve probably already deployed a process that is driven by data availability, which often means using whatever data that’s available to cook a data soup and see what problems bubble up. This is a lengthy approach, and it often leads to random correlations rather than meaningful insights. Therefore, a very likely scenario is after spending piles of money on data-warehousing programs, you then invest on powerful analytics programs analyzing all your data but are still unable to yield any insights that can be put to use.

    This is why data should serve the purpose, not drive the process. In other words, data analytics is not a crystal ball into which you dump all the data and ask, “what does my data tell me to do?” (see previous article Predictive Analytics Ain’t No Crystal Ball). Instead, the right question to start with should be “what business issues I need to solve that could potentially be solved using data and analytics?”. With this change of mindset, you are shifting from a data availability-driven process to a business-driven process, where you start by thinking about the desired business results. This mindset better fits the agile company needs to create value from data and to create it fast. You should tie analytics tightly to your biggest value drivers and largest pain points, and focus on how to use data to make better decisions.

    To help implement this business-driven process, the “Question-to-Value” approach (below) provides a pragmatic solution. This approach involves six key stages to help set you on the right track to start using your data and gaining business value in no time:

    1. Question: Too often we find that companies launch analytics or big data efforts without a clear view of what exactly they want to accomplish, which results in a solution that is not tied to a business problem. Asking the right question is half of the answer. Therefore, the best way to start the process is to first identify the business question, or issue that you wish to answer/solve through data and analytics. The question often does not emerge naturally. It takes deliberate effort of identifying, understanding, and focusing on the main business drivers. It is also a collaborative process where analytics project leaders need to communicate with key business leads and stakeholders to gain a holistic view before deciding on the right question.
    2. Data: With the right question in mind, you should then identify the necessary data to solve the puzzle. This process includes examining the data collected in your organization and select only the relevant segments of data: a specific time range, a handful of factors that have a direct impact on bottom line and a set of business levers you could manage to pull. In addition to the internal data source, it is also worthwhile to explore external data sources available that might contain key influencers, such as customer demographics data.
    3. Analytics: The next step is to choose the right analytics models that could best deliver practical insights. The model designer should have mixed background in IT and business. This hybrid role needs to understand the basics behind predictive modeling, as well as the types of business judgments made in the day-to-day operations. Conversations with frontline managers will ensure that analytics and tools complement existing decision-making processes, so that the ultimate goals can be met.
    4. Insights: Analytics modeling in step 3 reveals hidden patterns in data, which may or may not be useful to the business. The next step is to interpret these patterns into business insights. Findings should be shared with business lead(s) who understand the day-to-day operations to be framed into a business context. And based on their feedback, the analytics models might need to be fine-tuned and re-ran to derive the most impactful business insights from the data.
    5. Action Items: The business insights discovered in step 4 need to be developed into customized action items. The business lead(s) should identify the feasible action items to address the insights, and these insight-driven action items should be aimed at the goal/expectation identified in step 1. Analysts are also responsible for developing hypothetical scenarios to quantify the expected improvement from different action items to help with the final decision making.
    6. Value: The final step is the execution of the action plan. This means getting the insights into the hands of your frontline employees who will ultimately realize the value from data through day-to-day operations. For this, the business needs an adoption strategy, both for short-term implementation and long-term organizational culture transformation.

    Analytics will take root faster only when it is tied directly to business outcomes. Therefore, taking the “Question-to-Value” approach is critical because it puts the focus where it should be: on tying analytics directly to outcomes, taking action and delivering value, in an agile way. It provides a value realization mechanism that helps move organizations from a data-based mindset to an outcomes-based mindset and minimize needless or unproductive analytics efforts. It also helps break down the organizational barriers that impede information sharing by setting clear goals and expectations up front.

    When you leave this page, start writing down the single, most pressing question that you have with your organization. Then, go through the “Question-to-Value” chain. Sooner than you expect, you will see opportunities to derive true value from your data rather than see a misguided use of R&D funds on the latest business fad.

    Already thinking about what’s next: acquiring talent, deploying tools, or building your analytics team? In the following articles we will touch upon all these aspects and help you better prepare your analytics strategy. Stay tuned.

    Cyber Security: Bridging the Gap between the Cyber threat landscape and Business Culture

    It is difficult to quantify cyber risks in terms of business impact to executive leaders; and CISOs are having a tough time in communicating the value cybersecurity programs have to leadership. Using the ‘The Six Principles of Resilience for Digital Business Risk and Security’ this 2-day workshop aims to collaborate with security and c-level leaders to educate, communicate, and build a strategy to define business impact in relation to cyber threats. Using recent attacks and breaches as examples, participants will use tools and techniques to explain cybersecurity value and impact to the business from both a quantitative and qualitative perspective.

    Dr. Roméo Farinacci is a senior security consultant with Terra Verde Services, specializing in security program development, risk management, security architectures, and risk assessments. He brings over 20 years dedicated IT/Security experience and 5 years consultation of complex enterprise infrastructures in public, private, and government sectors.  Roméo’s passion in cyber security enables him to effectively develop and communicate change strategies for improving the security posture of organizations. His education portfolio includes a Doctorate in Management with an emphasis in Information Systems Technology, an MBA in International Business and an MS in Information Technology.

    To learn more about the Cyber Security workshop, contact MSSBTI at 602-387-2100 or


    • C-Level Suite (e.g., CISO, CSO, CFO, COO, etc.) and Security Leaders


    • Facilitated program, with exercises and handouts to include Cyber-Risk to Business Translation tools


    Research identifies a gap in appreciation and appropriate leveraging of the security leadership role in bridging cybersecurity with business. The six principles that include, “Move from checkbox compliance to risk-based thinking” and “Move from protecting the infrastructure to supporting organizational outcomes” (Peter Firstbrook, of Gartner) highlight the type of transformation needed as organizations assimilate cybersecurity into their business. A cybersecurity program that is truly integrated into business strategy is lacking in many organizations, treating cybersecurity as insurance or simply suggestions. Recent attacks have proven cybersecurity must be leveraged to ensure the competitive advantage and longevity of the business; this workshop will help explain how. Security leaders and business executives will benefit from this program by gaining the ability to quantify and communicate cybersecurity business value.


    • Leadership development on communicating how to establish and/or enhance enterprise cyber presence and resiliency
    • Making cybersecurity a part of an organization’s strategic action plan

    Expected Outcomes

    • Cybersecurity transformation to business culture
    • Persuading board and executive leaders to leverage security leaders in a proactive and prescriptive manner, rather than a reactive one
    • Efficiencies in security leadership collaboration with C-level suite and board members
    • Cybersecurity integration into company strategic action plan
    • Enrichment of cybersecurity program to advance enterprise cyber resiliency and business strategy


    Case Study: Welcome to the Digital Age

    Improving Efficiency through Digital Transformation at an Arizona State Agency

    Ours is a world of efficient convenience and in this world it is not acceptable for a customer-facing process to take up to two years to complete, nor is it acceptable to offer only paper-centric interactions with agencies/companies. This is true of commercial organizations and it also applies to government agencies. To serve clients, an organization must be faster and more customer-centric.

    Recently, I was part of a transformation team engaged to lead a large State agency through their digital transformation, automating the application process to lease parcels of land from the State. Prior to the transformation, the only way to submit applications was to manually complete them and mail or email them for processing. The turnaround time to process an application ranged from a few months up to two years, and the process did not allow applicants to check the status of their application. Determining interim status was also very manually intensive.

    This digital transformation was an exciting opportunity to help this agency completely revamp their processes, both internally and externally. Our team developed the strategy, created the solution, and managed the transformation process of the agency from a manual, paper-based system to a paperless digital operating model.

    The effort to drive the transformation encompassed key processes at the agency, including electronic workflow, paperless application processing, real-time information availability for internal agency personnel, and a user-friendly customer interface. Key items to include for success during an effort of this magnitude include the following:

    • Plan for and execute the digitization of the current documents
    • Utilize a user adoption model, including training planning, managing resistance, and deployment
    • Plan for migration of data from the existing legacy systems to the new digital platform
    • Utilize project management and governance to ensure the program remains on track
    • Document current and future State functional and technical requirements to be implemented
    • Implement a digital solution platform

    The agency’s legacy system acted as a database and an enterprise resource planning system, interfacing with multiple functional areas. In the first phase of the transformation, our team was responsible for leading the replacement of the transactional activity portion of the legacy system, leaving the underlying database in place. We wanted to provide open communication with the entire agency so all of the impacted stakeholders felt like they were a part of this major change in processes.

    Throughout the project, we used periodic surveys for this communication to inform the employees of the upcoming changes, and to take the ‘pulse’ of the agency. We also communicated to the public by updating the agency website to post announcements and build excitement about the upcoming changes to go paperless.

    One of the major challenges we faced was determining how to contact one segment of the customer base: ranchers and farmers. Would they be able to be part of this new transformation? Do they have access to the technology needed to access the online applications and transact business with the agency? As part of our change management methodology, we decided to send postcard surveys to the customers in this demographic to determine if they would be able to take the leap with the agency. Interestingly enough, nearly three-quarters of these customers had some access to the internet, computers, and scanners, even if they had to utilize public access, family, or friends to do so. Tackling this challenge helped the team feel much better about the final solution meeting the needs of that portion of their customer base.

    Additionally, prior to go-live, we posted frequently asked questions (FAQs), and solutions, for the most common inquiries on the customer-facing website. We also provided a support structure to accommodate questions and concerns as they were submitted. Posting the FAQs, resulted in very few support calls and emails from customers.

    As part of the transformation, we assisted the agency in digitizing their in-process application files. There were over 1,000 of these file types, presenting a significant digitization effort. We did come across some resistance when we asked the administrators to ‘give up’ their paper application files to be scanned and indexed. One of the biggest challenges was helping them to realize they needed to do this to be part of the digital transformation to a paperless system. We had to be creative in determining plans to meet the goal of scanning all open applications. We also assisted them in realizing the vision of accessing this same information they needed to perform their jobs, only in a different manner – online through their document management system.

    As we neared the testing, training, and go-live activities, the Subject Matter Expert (SME) team became concerned about the time commitment needed to support the project. To mitigate this discomfort, we developed a resource requirements matrix, detailing their weekly time commitments required over the final two months of the project. By breaking up the responsibilities into manageable chunks, and providing realistic expectations for involvement, they were able to plan for and manage their time more appropriately. Separately, we created an execution roadmap, which was communicated to the steering committee, so leadership was aware of the tasks to be done and the weeks where a significant workload was required from their teams. This helped management provide the support needed to the SME team, so they were able to be successful.

    Based on the trends and expectations of the public, if the agency did not become digital and update the application process (and associated internal processes) they may have experienced customer dissatisfaction and internal disorganization. Remaining with the status quo would simply not support Governor Doug Ducey’s goal for state government to operate at the speed of business.

    By utilizing a structured approach to project and change management, we successfully completed the transformation project on time and within budget. The digital transformation should take the original lease application process time of up to 2 years, down to days or weeks, with enhanced communication and customer updates.

    Based on this experience, it is realistic for an organization of this type to be more customer-centric and bring it into the digital age. To manage a transformation such as this, there are three strategies to consider:

    1. Make both internal and external communication and support a priority
    2. Don’t be afraid to ask questions to determine if resistance exists, so that it can be addressed before it becomes a barrier to success
    3. Utilize a proven project management and governance strategy to monitor and control a transformation of this magnitude

    Podcast – Cyber Security: Not a Technology Issue – A Transformational Business Strategy

    cyber security podcast

    Airing on December 5, 2017, this podcast provides C-level perspective on building a transformational cyber security strategy that creates value for the organization while protecting its most valuable – nonhuman – asset; its data. Our expert panelists address the ubiquitous nature of the cyber security issue, how to set and achieve expectations from your cyber security strategy, what to expect from a Chief Information Security Officer, and how cyber security adds value in business terms.

    Dr. Roméo Farinacci is a senior security consultant with Terra Verde Services, specializing in security program development, risk management, security architectures, and risk assessments. He brings over 20 years dedicated IT/Security experience and 5 years consultation of complex enterprise infrastructures in public, private, and government sectors. Roméo’s passion in cyber security enables him to effectively develop and communicate change strategies for improving the security posture of organizations. His education portfolio includes a Doctorate in Management with an emphasis in Information Systems Technology, an MBA in International Business and an MS in Information Technology. He also has the following professional certifications: CISSP, CISM, PMP, GSLC, and Six Sigma Green Belt / Lean.

    Kim L. Jones is a 31-year intelligence, security, and risk management professional with expertise in information security strategy; governance & compliance; security operations; and risk management. Professor Jones is a former Chief Security Officer who has built, operated, and/or managed information security programs within the financial services, defense, healthcare, manufacturing, and business outsourcing industries. Jones holds a Bachelors Degree in Computer Science from the United States Military Academy at West Point, and a Masters Degree in Information Assurance from Norwich University.  He also holds the CISM and CISSP certifications.

    Download the podcast


    From Around the Web: Cybersecurity and the IoT


    Glenn Schulke (IoT expert, writer of IoT: A Tidal Wave of Trouble) recently shared with us what hackers could be able to do once cities reach a connected society. We thought of many petty pranks such as:

    1. Requesting your smart fridge to order 20 jars of pickles
    2. Adjusting the smart fridge temperature to 60 degrees Fahrenheit (spoiled food)
    3. Changing the smart thermostat every five minutes (higher electricity bill)
    4. Turning off the hot water heater from 5:30AM to 8:30AM (cold showers)
    5. Scheduling a time to turn the smart lights on and off at 3AM every night (haunted house)

    It reminded us of haunted houses. Once you are out of a haunted house you can separate the scary events from reality and move on with your life. While many of the petty pranks above are relatively harmless, the results of hacking could be much more malicious. According to CNBC, in 2016 “cybercrime cost the global economy over $450 billion, over 2 billion personal records were stolen and in the U.S. alone over 100 million Americans had their medical records stolen.” The results of these cybersecurity breaches are horrifying and heart-breaking to those businesses and individuals affected. With IoT, this reality is coming to fruition, fast. However, business owners can protect themselves by taking necessary precautions with cybersecurity.

    Cybersecurity will be crucial in the purchase of IoT devices with the Botnet of Things. The global IoT security market has been forecasted to increase by 55% year over year. The latest Botnet of Things hacking incident was not random regarding the devices it hacked. The connected Internet of Things devices were all unprotected and had the same default passwords. The combination of these hacked connected devices was able to shut off access to popular sites like Netflix, Amazon, etc. up and down the eastern coast of the United States. Something as basic as changing a default password could make all the difference in not getting hacked. The Federal Trade Commission offers the following advice in securing IoT devices:

    1. Don’t just click “next” when you set up your IoT device. Review the default settings carefully.
    2. Download the latest security updates for your IoT device.
    3. Change your preset passwords.

    Ensuring the security in the setup of IoT devices is essential before purchase. According to a Forbes article on Cybersecurity and IoT, “One critical but overlooked IoT security best practice is changing default credentials.” Purchasing IoT devices requires more care for security, rather than less care. Cybersecurity measures are even extending to the medical industry. Hacking medical devices has been increasing throughout 2017, resulting in attention to the ways that the devices are secured. In August 2017, the FDA issued a recall on 6 types of pacemaker devices. The pacemakers were recalled because they were susceptible to cybersecurity attacks. This recall affected nearly half a million patients across the U.S.

    The Threat Is Real

    The 2018 Insider Threat Report produced by Cybersecurity Insiders surveyed 472 cybersecurity professionals on the current state of insider threats and found that:

    • 90% of organizations feel vulnerable to insider attacks.
    • A majority of survey participants (53%) have confirmed insider attacks against their organization in the previous 12 months.
    • Organizations are shifting their focus to detection of insider threats (64%), followed by deterrence methods (58%), and analysis and post breach forensics (49%).
    • The most popular technologies to deter insider threats are Data Loss Prevention (DLP), encryption, and identity and access management solutions.
    • Most organizations that participated (86%) already have or are building an insider threat program.

    The Insider Threat Report was produced in partnership with leading cybersecurity vendors: CA Technologies, Dashlane, Haystax Technology, HoloNet Security, Interset, Quest, Raytheon, RSA, Securonix, and Veriato.

    Securing Valuable Assets

    We know that valuable assets should have higher security measures and these measures can reduce the costs of data breaches. A comprehensive list of security strategies for IoT devices can be found here. However, these are the most basic requirements that CIOs should consider before setting up security settings to prevent breaches:

    Keep it simple

    • Assume your users are 5 years old
    • Create ways to prevent accidental access
    • Provide additional barriers for malicious access
    • Allows for easier fixes
    • Multiple failure modes increase potential for mistakes

    Never secure by default

    • Default security measures are also known as “failing securely”
    • Make users change default passwords
    • Creating a default setting for just about anything in cybersecurity is not good
    • This often brings in some complexity, but it is worth the effort

    Know your environment

    • Patch issues as quickly as possible, otherwise hackers can exploit these issues
    • Review user access privileges regularly
    • Continuously test and validate your security for risk readiness
    • Consider edge use cases
    • Don’t use a public network for critical devices
    • Vet your suppliers to ensure they follow proper security procedures

    In a world that is advancing towards more technology and innovation, connectivity is valued at a premium, while cybersecurity is often the after-thought. Consider cybersecurity in the setup of all of your devices.

    To learn about Cybersecurity as a transformational business strategy join MSSBTI for our FREE workshop on December 5.  Register here.

    Charles Zulanas, MSS Senior Consultant, contributed to this article.

    Other articles From Around the Web

    From Around the Web: You’re Being Disrupted!
    From Around the Web: Managing Office Politics and Generational Gaps
    From Around the Web: Supply Chain Management
    From Around The Web: Automating Legal Services
    From Around the Web: Automation and the Technological Advances of Yesterday
    From Around the Web: Have You Thought About Safety?
    From Around the Web: Is Your Company Innovative?
    Could Decision Fatigue Be Bogging Your Customers Down?

    Embracing Business Transformation through Digital Technology Should be a ‘No-Brainer’

    Charles Zulanas, Senior Consultant of MSS Business Transformation Advisory, in this final installment of his 3-part series on decision fatigue, shows how organizations can increase efficiency and maximize profitability by embracing business transformation through digital technology.

    Technology does not eliminate the need for people to navigate their internal systems, but instead requires fewer technical and process-oriented roles which can be replaced with big-picture, strategic employees. Time-consuming and laborious processes can often be streamlined by technology and, as stated in previous articles, companies want to make processes as efficient as possible.

    3-D and augmented reality companies have created the best way to try furniture without going through the process of bringing it home then realizing it doesn’t fit the space or match the decor. This does not eliminate the need for sales people, but rather adapts their role into the bigger picture of customer-centric sales. Charles instructs regarding the best ways to gain profits and win customers through making “no-brainer” investments in technology.

    Click here to read the full article

    The Evolution of Digital Transformation and the CIO

    Ralph Stauffer, Management Consultant for MSS Business Transformation Advisory, explains the evolution of digital technology throughout the world. The Digital Age is likened to biological evolution as a result of millions of small innovative changes that take place before the next technological era occurs.

    Many innovations, discoveries, and failures were made over the last few decades culminating in the digital age. Stauffer identifies some innovations of the digital age that include blockchain, drones, Internet of Things (IoT), robots, 3D printing, virtual reality, augmented reality, and artificial intelligence. The CIO has to evolve as well, but in a way that responds rapidly to the new environment, determining the correct strategy to pursue and when to pursue it, even if uncertain of the requirements. Stauffer identifies different strategies CIOs can take to attack the digital age with success in their digital transformation efforts.

    Click here to read more