Change management

In this enlightening episode of Breakfast Bytes, Felicia King draws upon her three decades of business experience to guide us through the crucial steps organizations must take to flourish amidst today's challenges. With a focus on operational maturity, Felicia unravels the strategies businesses need to implement to harness the power of AI without compromising data security.
Explore the pitfalls of inadequate governance in the age of rapidly advancing technologies and discover why the absence of a robust data policy could be detrimental. Felicia also delves into the cultural shifts required within organizations to ensure not only survival but also increased profitability.
As businesses navigate generational labor market shifts and the complexities of AI integration, this episode serves as a narrative roadmap. Listen in to learn how to foster a culture that supports both employee growth and organizational resilience.
Summary
 
 
Addressing Labor Challenges With AI
Felicia King discussed the challenges faced by businesses in finding reliable, capable, and dependable employees. She highlighted the increasing use of robotics and AI as a response to these challenges, and the need for organizations to decouple their business processes from individuals. Felicia emphasized the importance of operational maturity for organizations to effectively utilize AI, and the lack of executive management wanting to put constraints around AI. She also noted that sales executives often drive the agenda in organizations, which can lead to a lack of focus on protecting company assets and customer data.
 
 
Unregulated AI Usage Risks and Solutions
Felicia discussed the dangers of unregulated AI usage in an organization. She emphasized the importance of having company policies and employee training to ensure proper use of AI technology. She stressed the risks of losing company data and increasing legal liabilities when AI is not controlled and its boundaries are not set. Felicia also highlighted the need for security measures like data loss prevention and digital rights management in AI usage. She noted the difficulty and time-consuming nature of implementing such measures, and the need for a paradigm shift in an organization's approach to technology.
 
 
Data Retention Policies Drive Operational Maturity
Felicia discussed the importance of data retention policies, data classification, and data sensitivity labels in driving operational maturity and cultural change within a company. She emphasized that these measures are crucial for an organization's readiness for AI and can lead to increased profitability. Felicia also highlighted the challenges faced by Generation Z workers due to their habits, which can negatively impact their employability. She noted that some employers have found it more cost-effective to deal with the gap of not having an employee than to manage the negative impact of an unprofitable employee.
 
 
Operational Maturity in AI Adoption
Felicia discussed the importance of operational maturity in organizations, emphasizing that it is crucial for adopting AI without risking data and customer safety. She highlighted the need for policies, standards, processes, and key performance indicators (KPIs) to drive cultural change and achieve higher profitability. Felicia also warned against solely focusing on metrics like time to close a ticket, as it could lead to ignoring potential issues. She suggested that operational maturity is necessary to prevent employees from becoming the biggest risk factor. Felicia concluded by stating that she would provide more tangible steps to achieve operational maturity in a future discussion.
 
 
Addressing Common Business Challenges
Felicia discussed her extensive experience in consulting for over 450 businesses, highlighting common problems such as underutilized resources, inconsistent outcomes, and compliance issues. She emphasized the importance of maintaining consistent outcomes, adhering to compliance requirements, and avoiding policy violations. Felicia also stressed the need for businesses to make tough decisions, such as firing underperforming employees, to ensure operational maturity and avoid adverse impacts on the organization.
 
 
Understanding Monthly Expenses and Profitability
Felicia discussed the importance of understanding the monthly expenses per knowledge worker employee, excluding salary, which can range from $300 to $400 monthly. She emphasized that businesses should aim to cover total per-employee expenses three to four times over to ensure profitability. Felicia also highlighted the shared responsibility model for profitability, stressing the need for both the organization and employees to improve their operational maturity and skills. She concluded by noting that this approach is not only beneficial for profit-making companies but also for nonprofits seeking to provide wage increases while staying within budget.

In this riveting episode of Breakfast Bytes, host Felicia King delves into the often overlooked but crucial aspect of business technology: document management platforms. With a sharp focus on how organizations of all sizes can benefit from these systems, Felicia underscores the importance of operational maturity and strategic decision-making.
Through compelling narratives and real-world examples, she illustrates the perils of inadequate technology leadership. From misguided IT directors to costly missteps, Felicia shares stories from her 30-year career, shedding light on the vital role a Chief Technology Officer (CTO) plays in safeguarding a company's resources and ensuring seamless technology integration.
Listeners are invited to explore the intricacies of technology planning, from policy formulation to platform selection, and the far-reaching consequences of neglecting expert guidance. This episode is a must-listen for business leaders eager to avoid lighting money on fire and to achieve sustainable growth through informed technology investments.
 
Quick recap
Felicia King discussed the importance of document management platforms and the need for a technology executive in organizations of all sizes. She emphasized the significance of strategic architecture choices, operational maturity, and inclusive decision-making in implementing these platforms. Felicia also highlighted the challenges of managing contracts with consulting firms and stressed the importance of having a clear engineering and implementation plan before purchasing any technology.
 
 
Next steps
• Business leaders to consult with a qualified CTO before making strategic technology decisions, especially for document management platforms.
• Organizations to develop written requirements, document business processes, and create an engineering/implementation plan before purchasing new technology systems.
• Companies to review and potentially modify contracts with technology vendors to ensure compliance with organizational policies and support protocols.
 
Summary
Document Management and Operational Maturity
In the meeting, Felicia King discussed the importance of document management platforms for organizations with more than one employee. She emphasized the need for operational maturity and the use of systems to scale a business. Felicia also highlighted the necessity of a technology executive, even for small organizations, to navigate complex issues. She stressed the importance of understanding these matters, as they are too complicated to be handled by IT support alone.
 
 
Importance of Technology Executives in Orgs
Felicia discussed the importance of having a technology executive in organizations, emphasizing that an IT director often lacks the necessary skills and capabilities. She shared a past example where an IT director made a costly mistake due to lack of oversight, leading to significant financial losses and compliance issues. Felicia advised business decision-makers to use their technology executive in an advisory capacity to avoid such problems, particularly when making large purchases or embarking on significant projects.
 
 
Avoiding Costly Technical System Mistakes
Felicia discussed a long-standing relationship with a client that migrated to a new system, resulting in numerous issues. She reviewed the service contracts and master services agreements, discovering that the client was sold a system that was technically impossible to achieve an effective outcome with. The system violated its own requirements, leading to constant issues and financial losses for the client. Felicia emphasized the importance of using a chief technology officer to avoid such costly mistakes.
 
 
Strategic Architecture Choices in Document Management
Felicia discussed the importance of strategic architecture choices in document management platforms, emphasizing the need for operational maturity, understanding of business processes, and inclusive decision-making. She highlighted the cost implications of using platforms like Atlassian, Sharepoint, and iManage, and the need for a written set of requirements for any project. Felicia also pointed out the challenges of outsourcing document management platform implementations and the need for a highly qualified CTO for consultation. She suggested that Microsoft 365, with its advanced premium licensing and purview, could be a viable alternative to other platforms.
 
 
Managing Contracts With Consulting Firms
Felicia discussed the challenges of managing contracts with consulting firms and the importance of having a CTO to navigate these complexities. She highlighted the need for clear communication and contractual agreements to ensure project success, as she has often encountered issues with support protocols and project kickoffs. Felicia emphasized the importance of having a CTO who understands business, legal, and economic aspects to ensure smooth project implementation, completion, and ongoing support.
 
 
Clear Engineering Plan for Tech Purchases
Felicia emphasized the importance of having a clear engineering and implementation plan before purchasing any technology, likening it to buying a server without understanding its capabilities. She stressed the need for a Chief Technology Officer (CTO) to review proposals and ensure they meet the business's requirements, as well as to avoid potential breaches of contract with other vendors. Felicia also highlighted the value of having a CTO with the right skills, rather than relying on IT personnel, to make informed decisions.

Felicia is joined by Laura Conrad, a Security Architect with 30 years of experience in enterprise environments. Laura currently reports directly to a CISO, and has been an integral part of the information security program at two large enterprises.
Felicia has consulted with 26 large enterprises and numerous SMB organizations in the last 30 years. She finds that the same problems occur in every organization that lacks operational maturity. 
Are you a person working in information security frustrated by the lack of progress of a security program in an organization because of the org's lack of operational maturity? Do you struggle in dealing with toxic, unproductive people? What approach could address these problems and more? Learn from two experts how they have seen companies engage in self-destructive and resource wasting approaches simply due to the lack of drive by executive leadership to install a structure for governance, accountability, and transparency in the organization. 
Org structure required for CISOs to be effective
This article and its impact are briefly covered as they are related to this topic.
https://www.darkreading.com/cybersecurity-operations/cisos-struggle-csuite-status-expectations-skyrocket
It is quite a good article, but it implies that if the CISO reports directly to the CEO, the problems in an organization will be reduced. While that is partially true, that by itself will absolutely not fix the problems. Felicia and Laura deep dive the decision-making failures that occur throughout an organization and what drives them. Also discussed are methods to truly and structurally correct the problems across an entire company.
95% of information security risk management issues are HR management issues
Executive management want to run the company, not manage people. This leads to toxicity and unproductivity being tolerated when personnel issues are not fully investigated and actioned. The desire to make an emotional problem go away cannot override the need to get to the core of the issue and put a system in place to prevent it from happening again. This is not about firing people. This is about instilling a culture where the facts matter, personnel issues will be investigated, and structural systems will provide the governance to drive productive staff behavior.
Org executives are unaware of the real costs of inputs
It seems to be a pervasive problem across most organizations that there is no financial management structure which facilitates the tracking of expenses as inputs to a service or product delivery to customers. Without this real understanding, leaders persistently price products and services incorrectly. This leads to one business division or a product line losing money and needing to be subsidized by another.
Executives rarely understand that by tolerating operational immaturity in their organization, they are actually failing in their duty to stakeholders to effectively manage the assets of an organization to maximize value.
Drive change and org-wide staff effort alignment with dashboards that drive transparency and healthy internal competition
Felicia and Laura discuss in detail the how and why of dynamically updating dashboards which help CTO, CIO, CISO manage upward to the CEO and board, while driving downward alignment to objectives.
Governance, Accountability, Transparency in IT Security
Felicia and Laura discussed the importance of governance, accountability, and transparency in IT security and business processes. They emphasized that these principles could help prevent problems caused by a lack of collaboration and understanding between IT and business units. Felicia cited instances where poor prior planning led to unnecessary expenses and internal toxicity, which she believes could be avoided with a more mature approach to operations. Laura added that these principles could also lead to cost savings and risk reduction. 
Harden the procurement policies
Felicia and Laura provide many examples of problems that could have or were avoided by having an enforced procurement policy which resulted in all technology purchases being signed off on by the CISO or security architect and often the enterprise architect. It is infinitely easier to rectify issues before an implementation and before signing a contract than to do so after a purchasing decision has already been made.

Felicia shares insights on the pitfalls of changing IT service providers or MSPs for both clients and the IT service providers themselves. This content is based upon a number of questions that other MSPs have posed to Felicia asking for advice as well as numerous first hand experiences on the subject.
This podcast is primarily for IT service providers or MSPs, but business decisions makers who are considering making a change would also benefit from the content.

What is information security versus cybersecurity?
What are policies and why do we care?
Isn't that IT's problem?
Examples to learn from