Monday, November 11, 2019

IT Compliance - It's whats for dinner.

NOTE: Please excuse the format of this, it is from my speaking notes for the Public Technology Institute Fall 2019 CIO Leadership forum. I was asked  to speak, briefly, on IT compliance. I figured what the heck, make a blog post out of it. 

 Managing IT Compliance Policy and Privacy

IT Compliance can be an enabler and help you deliver better service to your customers. See if you still agree with me by the end of this chat.

QUESTION: When you hear the word "compliance" what is the first thing that pops into your brain?
Penalty. Internal Audit. Standards? 

Government is the most highly regulated industry of all. Because we have the most lines of business, it stands to reason we will have the most compliance to worry about. And, because our funding is not our own, we have compliance efforts because we are just the stewards of the resources. Those are two of many reasons why compliance is important to us. 

Consider as we go through these challenges whether a particular compliance activity is elective, or mandatory.

So I have three primary challenges for us to consider and some thoughts on how to handle them.

Support for IT Compliance Efforts
Part of the problem here is that the workforce and the government leaders you deal with don't understand the WHY of what you are trying to do with compliance. They Get the WHAT and they get the HOW. Always start with why!  And, don't pull a mom on them and say things like "Because we have to…".

Most bureaucrats understand compliance, in their own area. Talk to an accounting director about GFOA, GAAP standards and GASB. Tell them you can't meet a certain GASB standard and watch them pucker up.

The good news is that everyone in leadership is in charge of compliance with something.  Leverage that! It can help move initiatives.

Example, the AUP (acceptable use policy) that everyone in my locality has to click through before they logon to the county network, mandated by Virginia elections infosec standards. It was important for county leaders to know it was a reaction to a compliance need, for elections. Put it in terms they can relate to, get out of your office and communicate it, use your personality, they  will support you whether it is an elective or mandatory compliance effort. 

Compliance in a fast changing technology world
Compliance used to be simple before smartphones, clouds and distributed networks. As we have adopted technologies that have pushed the "edge" of computing out to the end user over lots of networks, compliance has become tougher. Distributed technologies were not created to enhance our ability to be compliant, just the opposite. 
Compliance is one of those functions that you have to work into the culture of technology change. We all have a distinct culture for technology change. You might be adverse to it and slow to adopt, or you might find value in being an early adopter. Either way we consider a great number of aspects of the technologies when we look at them for adoption. Impact on data.  Cost implications. Customer expectations. Education needs.  Alignment with strategic plans. 

QUESTION: Who takes care of IT compliance in your department? 
If you don't have a name to answer that, or at least a group, you have a problem. 

When we adopted Office 365 we reviewed the list of compliance standards, there were like 50 of them. I remember asking the question "how do we know that’s all we need? Whats missing?" It was crickets, no answer.

Make sure someone is in charge of understanding both the compliance side of the house and the technology changes, and have them advise you. In small shops that might just be you. Remember this may be a good thing for you and drive adoption of new products. AirWatch was purchased by my locality primarily because we had a compliance need, now it drives a lot of efficiencies for us.

Tension: Compliance/Privacy and Openness/Transparency
I've always been fascinated by the ying and yang of privacy & transparency in government. Government is supposed to be very transparent with the way we conduct business and spend the money that is trusted to us. At the same time we are supposed to protect the privacy of the uses of much of that money and exactly who it helps.  How are we supposed to balance this? Think about it like this, for an individual piece of information (report, request, business transaction), what is the default level of openness? Two types of organizations:
Information closed/restricted by default - Open by exception (or need).
Information open/available by default - Closed by exception (or need).

QUESTION: Which are you? Do you start with yes and look for a reason to say no? Or do you start with no and ask to be convinced of a need?

My position in my IT department - Calendars, sharepoint online sites, meetings are all open by default. Make them private when you need to.  I think we can all agree that government should be open and transparent while protecting the privacy of citizens. It is  a lot easier to adopt "open by default" when you understand your compliance responsibilities, and have addressed the first two concerns from above. 

Compliance can be an enabler of IT initiatives and help you deliver better service. 

Wednesday, August 21, 2019

Adulting - CIO Style

I love the Urban Dictionary. I'm not sure why, I guess it makes me feel hip to read through some of the posts. I have contributed a few along the way like the term "Camel Up", my proudest moment.

The Urban Dictionary defines "adulting" like this. I like the part about being a fully developed individual.

Recently I was in a difficult steering committee meeting for a major enterprise project. After the meeting one of my staff members complimented me for my adulting skills. I thought that was odd, and it gave me pause to think about what it means for a CIO to act like an adult.

Don't Match Peoples Emotions
We all know them. The people that keep ratcheting up their gravitas and stress when things don't go their way, or they disagree with a position. I think about when kids throw tantrums, and adults throw tantrums in response. This is not just matching emotions, it is validation of the emotional response. Sure, understand them, even empathize with them, but don't validate them to the point that they think a tantrum is acceptable behavior. Stay calm, keep your voice calm, have relaxed body language. It tends to frustrate the hell out of people, and that makes is a bit fun (guilty pleasure). Others will take their clues from you.

Don't Take Bait
"Well, we know IT can't deliver the product on time, despite the rosy schedules, so lets spend time developing contingency plans" - Said the customer who wants to bait the CIO into over-reacting, and in the process of doing so, agreeing with them. In all likelihood, the customer probably knows they can't make the schedules work in their own department, and they are trying a classic deflection technique. Focus on the big picture, don't get defensive, smile and suggest that with a project as important as theirs, risk planning for all the partners in the project is important.

The Big Picture
It is very easy to get mired in the details. Part of being the adult in the room is keeping in mind what lay at the end of the road. Start with the "why", keep people focused on that. Never miss an opportunity to point out how the staff actions contribute to the journey.

Don't Eat The Twinkie 
I love twinkies. All time best bike endurance race food. Put a twinkie on the table in front of a kid and tell them if they wait 10 minutes to eat it, you will give them TWO twinkies. You will see what kind of impulse control they have. As the adult CIO, you have to leave the twinkie on the table. Don't invest time in project scope changes without solid, solid justification. Don't overreact when staff bring you problems. Don't panic when key staff members resign. Don't take the first offer from the vendor in contract negotiations. Don't be impulsive.

Being the adult is hard, but someone has to do it. Sometimes there might be only one adult in the room, just make sure it is you! Now, gimme that twinkie ...

Friday, March 9, 2018

Leadership Lessons From My Dog

Okay, so my wife I have a dog. This is different for us. I've never had a dog before. I wasn't anti-dog or anything, I was more ambivalent about them. It is funny how fast I went from being dog-indifferent to being a dog-lover!

After years of talking about it, thinking about it, researching it, being encouraged to do it, we got organized and located a reputable breeder of West Highland Terriers (aka Westies). That is a whole other blog-worthy experience. We tried to adopt a rescue Westie, but got tired of waiting.

I am the type of person that looks for inspiration in the ordinary parts of life. I spend a lot of time with my dog, Chester the Westie (#ChesterTheWestie). We walk a lot, play a lot, etc. I've observed some things about him that I can relate to, and being a technologist and leader, I draw some lessons from this.

Your viewpoint is not the only one that counts.
So when I look down the street I see certain things. When Chester, who is much shorter, looks down the street, he sees something very different. It is a valuable viewpoint. He can look under cars, under bushes, into pipes and down storm drains. How many viewpoints do you consider when making decisions? Is your view the only one that matters? As Col. Beak Howell (retired Airforce) used to say, "where you sit determines what you see". Technology leaders need LOTS of viewpoints. 

Don't bark at everything.
Chester is a terrier. A very cute terrier, but a terrier none the less. They are a bit barky as dogs go. I like Chester to bark when folks come to the door. I do not like it when he barks at leaves in the yard, or his reflection in the sliding glass door (although that is really cute). Knowing when to bark, and how loud and how long is a tough tough thing to teach a dog. It is even harder for us as leaders. If you bark at everything, loudly and longly, your organization will ignore you and avoid you. Choose your barking wisely and make sure you wag your tail more than you bark.

Puppies change rapidly.
When Chester was 8 weeks old, he changed almost daily. He did new stuff, learned new tricks, and found new and inventive ways to be cute. He never stayed the same. Now that he is 11 months old, we still work with him to learn new things. Dogs love learning new tricks, just love it. The focused attention they get from us in the process is what they crave. That is what we should be after with our employees. Constant change, constant improvement, continuous learning. Technology is constantly changing, and we need to encourage people to change too. Your people will love the fact that you want to invest in them and help them grow and develop in their careers.

My dog has more friends than I do.
Chester goes to "doggie day camp" twice a week. He plays with other dogs, like a lot of dogs, for 8 full hours a week. He has friends in the neighborhood he plays with on walks. He LOVES to meet new dogs. There are absolutely no dogs he won't sniff, circle, and play with. My dog is a lot more welcoming than I am. When Chester meets a new human, he rolls over on his back for tummy scratches. Automatically. He is being vulnerable when he does that. Chester sets a great example of being welcoming and inclusive. You want people to trust you and follow you? Be vulnerable. Want more friends? Set aside time for play, and stop working all the time.

Amazing what a dog can teach you! Hope you have enjoyed this. This post is approved by #ChesterTheWestie.

Friday, March 2, 2018

Innovation - Plant Your Garden Well

​Innovation is a big topic in civic circles these days. Creating value out of new approaches and ideas is at the heart of this. But first, an interesting example of innovation. 

The picture below is of bio-sensitive tatoo ink. Imagine not having to sample your blood to see the glucose level, just look at your tatoo and it will tell you by it's color if you need insulin. Or, if your are dehydrated. Or, if your white-cell count is up. Or, any number of other indicators. Just one example of innovation I came across recently​. ​​

Such a buzzword, Innovation. Means so many things to so many people. Can't live without it, can't be a successful organization without it, gotta have it. In local government we won't be designing bio-reactive tattoo inks, but we can have equally impactful innovations that help thousands of people.

I gave the keynote address at a lottery tech conference in October, and this is what they wanted to hear about. It gave me a great chance to get my thoughts together on the topic.

So what exactly is innovation? Ask ten people, you will get ten ideas. This isn't like project management where we can summarize the project by scope / schedule / budget. Innovation strikes a chord with many people, not always in a popular way. The first challenge is to get everyone on the same page.

I like to think of innovation like a vegetable garden. You don't just throw seeds into a weed patch and shout "GROW". You have to spend time preparing the ground. You have to get the soil right. You have to water it. You have to till it. You have to keep the critters out of it. All of this has nothing to do with what is planted, but it has a lot to do with how well things grow. A properly prepared and cared for garden will grow an amazing variety of vegetables.

I cannot drive innovation by telling people - "hey you, go innovate and do some stuff" any more than a seed will grow on it's own. It doesn't work like that. The correct culture needs to be in place. Preparing your organizational culture is sort of like preparing the garden.

Companies have made fortunes by helping organizations determine what innovation is, and what it means to them. I've spent some time over the last year looking at this. I am convinced that our capacity for innovation will grow as our culture grows and changes, as we till and prepare the soil.

Over the next blog posts, I will lay out for you the following:
  • The Myths - Stuff you will hear people say about innovation, where it may be misguided, and how you can deal with it. 
  • Innovative Culture - The three things you need to focus on to have an innovative culture. Will be three separate posts. 
  • Obstacles to Innovative Cultures - Here is the stuff that gets in the way of innovation. ​

So, stay tuned. More is on the way! Nothing like a goal and a commitment to incentivize me to keep up with the blog.

Saturday, January 7, 2017

New Years Resolutions - Technology Style!

New Years is a great time for reflection. A new start. A new set of opportunities. A time to do things differently. While you are cleaning out your closets and figuring out which gym to join, spend some time planning how you can do some new great things in your technology life. Here are five places to start. I've left "Backup your stuff" off the list this year. If you aren't already doing that, I can't help you.

Security - Let face it folks, it is time to get serious about information security. Why, you ask? Whats that? Never been hacked before? Good for you. Remember, the bad guys already have your information, they stole it from someplace else like the federal government, Yahoo, HomeDepot Target or any one of a thousand other places. They just haven't gotten around to you yet. Change passwords (see my next blog post for a method to remember them). Turn on two-factor for all your accounts that support it (also called second factor, enhanced security, second passcode, token generator). Delete old accounts. Review which apps have access to your Google & social media accounts. Make sure your virus protection is up to date.

Smartphone Love - Show your smartphone some love by updating the apps on it. Get it to the most recent operating system release. Use software like "find my iPhone" or "lookout" to be able to find it, wipe it or lock it when you can't find it. Smartphones are amazingly easy to lose, and it happens all the time. Make sure you do the minimum by turning on a password or passcode. Delete apps you haven't used in 3 months.

Learn Something New - Acquire a new skill in 2017. Learn a new coding language, become proficient in a new platform, develop a presentation on an emerging technology. Do something NEW. I don't mean play with something new. Part of the problem with technology these days is too many people play with it and not enough of them understand how anything really works. Above all else, be curious. This will impress your friends briefly at work and at parties.

Friends & Followers - Just like your closets, your lists of friends need to be cleaned out. Consider who the chatter-boxes are, and whether you still want them in your feed. The day I dropped Guy Kawasaki was the day I could start using my Twitter feed again. Take a look at your feeds for a day, and see where all the traffic comes from. Don't be shy about dropping people, they won't take it personally.

Emerging Technologies - The cycle for technologies to be conceptualized, realized, adopted and then mainstreamed is becoming shorter and shorter. We no longer have the luxury of waiting a few years to see how things will work out before paying attention to new technologies. Use 2017 to be more aware of what is new in technology and what it may mean for your future. There has never been a time in history when there has been more velocity in technology change. Don't get left behind!

There you go. Five things to get on the old to-do list. Technology is supposed to make our lives easier, more efficient. These things will help you help your technology do that. Good luck.

Saturday, December 31, 2016

Three Innovation Hints - Millennial Style

“If you want something new, 
you have to stop doing something old” 
Peter F. Drucker

Innovation has been the focus of our conversations recently on my job. How to innovate. What it means to have an innovative culture. How to define the value of innovation. Innovation is one part of my vision for the department. My deputy CIO recently gave an award for innovation within his area, and it went to one of our rockstar millennial employees, Christopher Long (@Chris_Long_VT). Chris innovates primarily in the GIS area, but that is just part of his reach. He also programs in Python and works with open data.

Two of his primary outlets are the county ArcGIS Online pages GeoSpace and OpenGeoSpace. Check them out, much cool stuff about our county. 

Chris accepted the award and made some remarks that I thought were insightful and instructive. The remainder of this blog post are his (somewhat) reformatted remarks below.


Wednesday, April 6, 2016

Fun Linux Things

Unix has always fascinated me. I was hired to be a Unix communications programmer in 1986. I taught myself C, learned the X.25 protocol, HDLC, the seven layer ISO model and started struggling with the bourne shell. By this time I had been coding for 11 years, having started with BASIC in 7th grade.

What stuck with me through all the years and versions and languages and floppy disks is the incredible versatility of Unix. For me there was, and is, a fascination with using free tools on inexpensive hardware to do impressive things. Fast forward 30 years. Unix has become Linux, and it is running on an amazing variety of devices. The source code can be customized by anyone. New lineages of Linux have emerged.Some are highly specialized, some are more generic.

I run Linux on a half dozen platforms at home. It is a great way to tinker. It is a great outlet for curiosity. Here are a few of the examples.

Raspberry Pi - I have a model 2 Raspberry Pi running Raspbian (A branch of Debian). It is about the size of a credit card and has 1 GB of memory.  It runs a twitter account that spits out a Game of Thrones quote each hour (, and hosts a web server that will provide a random quote ( and sigil from the series. This server also runs the network computing software from Berkley called "BOINC", which is a distributed grid computing environment. I participate in three projects on this server: Looking for pulsars in space, solving the original enigma code from World War II and looking for asteroids. See the list here, and look for the ones with the RaspberryPi symbol:
Late breaking note: My daughter just gave me (for my birthday) a Raspberry Pi model 3. Wifi, bluetooth, 4 USB ports, overclocked, all in the same form factor. Sweet! 

Pi Top - The Pi-Top is a crowd funded ( ) RaspberryPi laptop. The version of the OS is not too great, and the keyboard is abysmal, but it is an interesting package. Fortunately it runs the standard Raspbian distribution too, albeit without the battery management functions. I use it as a TOR relay (don't tell Comcast) and shovel about 8 GB of encrypted data through it a day for anonymous darknet users all over the world. Thats all it does. For now. See here:

Ubuntu - I run version 14 (in long term support) on a old Sony VAIO laptop. On this I run the BOINC grid computing software and participate in projects to map cancer markers, sequence the ebola genome and do AIDS research. There are over 700,000 volunteers in this program, through the World Community Grid. See here: This is all very legit research for which there doesn't exist enough super computer power in the world. The workstation also runs background music for me and runs the TOR browser so I can anonymously and confusedly surf the deepweb.

Netbook - Remember netbooks? I came across a ATOM-powered tiny little netbook in my home office the other day, an ASUS 900e. Circa 2009. A quick google search revealed not one, but several Linux distros that will run on this unit. The easiest, named EasyPeasy, is a custom package of Ubuntu made for this line of ASUS netbooks. In about 30 minutes I had Easy Peasy installed and working. I have yet to task it with anything but hey, it has wifi, ethernet, three USB ports and a 6 hour battery. Sky's the limit. Find it at:

So, to sum it up...
You don't need expensive gear and proprietary operating systems to do impressive things with computers. RaspberryPi computers are $35. The old laptop is, well, free. You get the point. What you absolutely need is a curious mind.

Be curious about something, even if it isn't computers! Or, in Linux-speak:

sudo apt-get update && sudo apt-get install curiosity