Gerard Forbes Joins Team

Gerard Forbes has joined the Trility team as Director of Business Development in Omaha, Neb.

Trility Consulting® is proud to announce Gerard Forbes has joined the Trility team as Director of Business Development in Omaha. In this role, Gerard is responsible for business development, strategic and client partnerships in Nebraska. His focus is to build trusted relationships by understanding when and how our team can help organizations create predictable, repeatable, and auditable digital solutions – one iteration at a time.

Gerard Forbes
Gerard Forbes, Director of Business Development in Omaha, joins the Trility team.

A Proven Approach

Forbes relies on his diverse professional and technology background to help clients understand and define challenges and align services to outcomes that help those clients take leaps forward. 

“Gerard is going to be a great asset for Trility and our clients,” said Brody Deren, Chief Strategy Officer for Trility. “He has a great ability to meet clients where they are, understand both their business and technical challenges and opportunities, and help them find the best approach to solving their most critical problems.”

Gerard will leverage his experience working for a technology consulting and recruiting services firm, where he additionally played roles in leadership and corporate training in the consumer packaged goods and retail industries. He also serves an adjunct professor at the University of Nebraska-Omaha where he instructs business students on Leadership theory and application.

About Trility

Trility is a collection of value-driven advisors, technologists, and business people who have critical skills and experience to help clients win in the modern digital economy. We solve complex problems, help guide clients down roads they’ve never ventured, and offer solutions in Cloud & Infrastructure, Product Design and Development, Data Strategy, IoT, Information Security, and Operational Modernization.

Trility’s proven approach is to provide observations and recommendations along the way, presenting options for clients to iterate for the best, high-priority outcome. We never compromise on security and leverage our team’s full-stack expertise and ability to train your team to question security requirements from Day 1 and build with continuous delivery everywhere.

Interested in learning more?

Connect with Gerard Forbes on LinkedIn, email or call him at (402) 212-7835.

Pinky Swear Security

No one in your organization gets to be clueless about information security.

This article was originally published on LinkedIn.

“We hire great people” is something we all hear companies regularly communicate.

How do you feel about a hypothetical company that believes the risk of an information security breach is low largely because they hire good people? In other words, their information security strategy is to hire good people and trust them individually to do the right thing. Maybe they even sign a paper pinky swearing they’ll always do what’s right.

Let’s say this hypothetical company houses some of the most sensitive data about you and your family or company that exists. Your information is passed around via email or attachments inside and outside the company. Information is even passed between teamates via chat tools sometimes. Said information is also accessible, editable and exchangeable between partner/vendor companies in the background. This data is unencrypted when stored (at rest) and when passed around (in transit).

Do you know about companies like this? Is this your company? Is a company like this minding your personal data?

While information security is everyone’s responsibility, it is first the responsibility of the company itself. Hiring great people does not alleviate, or defer, the responsibility an organization has to be compliant with information security policies, legislation and industry best practices. If we can’t trust a company to do the right thing, why would we value their brand?

Interesting Things We’ve Heard Through the Years:

  • “Our people, vendors and partners do the right thing. That’s why we work with them. I don’t think we have anyone in the company who would abuse our customer data.”
  • “First, we must get product to market and prove the idea is viable. We’ll validate viability of our product by customer adoption velocity and demand for new features. If the numbers suggest customers want to buy and use our product, then we’ll figure out what security we need thereafter.”
  • “We’re going to wait and see if this policy/legislation has any teeth. If we start getting fined for non-compliance, then we’ll begin considering if, how and to what extent we need to invest in information security.”
  • “Our industry is not very interesting to most folks. We don’t believe our company, products or services are really a threat to anyone. And we believe the likelihood of being attacked or otherwise exploited is pretty low to non-existent. We’ll wait until it makes sense before investing in some of the information security measures we hear about. It all sounds so expensive anyway.”
  • “It is actually cheaper for us to pay the fines.”
  • “Our customers don’t know any better.”

“Security first” or “security by design” is a choice. And it must first be the choice of the governing board and company leadership before it will become a reality for employees, partners and vendors. If it is not a top-down, constantly communicated, verifiable expectation, it does not exist.

7 Steps to Become a Security-First Organization

1. Internally declare that your company will become “security-first”

When initiatives start at the bottom of the company, they risk dying out due to lack of energy, resources and attention. Sometimes they risk actually burning up the people trying to get the changes implemented as hope turns into apathy. It is the proverbial “fight against the man.”

As a Board or Senior Leadership of a company, what is important to you is important to the company. If it isn’t, that is a different problem altogether.

For a company to become a security-first focused organization, the declaration of importance, direction and expected actions must come from Senior Leadership first.

An example “From the CEO” communication:

“Folks, effective immediately, we will put security, privacy and compliance first in our daily operations. This means with every product, service, interaction and communication, internally and externally, we will consider what must be secured, how it must be secured and under what conditions we must secure it – data, systems, teams, company and client interests inclusive. It is not a task to accomplish and be done. This must be our DNA. It must be our daily lifestyle. And it will take time to get to a proper baseline of competency and time to maintain, evolve and increase it.

From this day forward there will exist training expectations that must be pursued and accomplished monthly, quarterly and annually. Look for them in your Learning Management System (LMS) assignments. All roles, titles and capacities. No exceptions. Me included.

And from this day forward you will see our CISO take a more prominent role in defining our pursuits, our strategies and validation of our compliance readiness. We as a leadership team choose to proactively educate our teams, protect our assets and behave in a manner expected by our Founders and those who have come before us to build this great company.

Thank you for your commitment to being the best.”

Top-down declarations become realities.

2. Determine what industry regulations apply to your company

Information Security / Regulatory Compliance is a career. And there is a shortage of people who do this type of work. Find them. Hire them. Leverage them. Knowing what you must align to will save you money. Knowing what you need not align to will also save you money.

There are quick determinants to flush out directions, follow-up actions and investment. The road will not be small, nor easy; though this list will help point you in a direction of what matters, when it matters and to what extent.

  • In what industry do you operate?
  • Is your business localized to your state only? Your country only?
  • Do you do business internationally? What countries?
  • Do you exchange money with customers?
  • Do you ask for and store personally identifiable information?
  • Are you working with non-governmental organizations? Charities? Governments? Militaries? Public companies? Private companies?
  • Have you failed any previous compliance audits?
  • Have you been fined by a third-party organization for non-compliance?

3. Determine what industry best practices will help your company

You may discover your information security folks want impenetrable castle walls, which eventually mean your employees are unable to use the bathroom in the name of security. An extreme.

You may also discover your engineers want the freedom to use anything at any time for any reason in the name of innovation, digital transformation or being competitive. Probable.

And your business unit leaders? You’re expecting them to grow the business, delight the industry and client base. They want to do whatever is necessary and appropriate to meet the goals expected of them as well.

Security, innovation and growth are not mutually exclusive. They must be collaborative and it will require constant, purposeful and involved leadership. Otherwise, it is just theater.

Regulated industries communicate best practices and compliance expectations, which makes it easier to know what matters and what doesn’t. Where your time will be spent is determining how tightly to dial up the security requirements on your operation and how they will impact friction, flow, deliverable velocity and value from the organization.

Unregulated industries still have communicated best practices and compliance recommendations. In the absence of all knowledge, ask the following questions of your Chief {Information Officer, Information Security Officer, Product Officer, Technology Officer}:

  • Against what information security / regulatory compliance standards must we be measuring ourselves?
  • How are we training our people to be predictably and repeatably compliant with these expectations in our everyday lives?
  • How can we regularly prove that what we expect is actually being employed?
  • How do we culturally make security and compliance a behavioral assumption versus a Learning Management System (LMS) assigned task?

4. Implement role-based security awareness training

No one is exempt from information security. No person, role or title. Like leadership and teams, security is a “we” endeavor.

Not all roles in the company have the same requirements. Some roles are specialized while others are more general. Below is a simplification of this idea.

Specialized: Information Security folks may say higher-level things like confidentiality, integrity and availability. They may roll out policies, procedures and learning courses while facilitating internal and third-party audits. They’ll even be discussing Plans of Actions & Milestones (POA&M or POAM) items resultant from audits. They’ll need to know frameworks, behaviors, implementations, monitoring methods and reaction/response ladders and industry standards like NIST-CSF, PCI-DSS, HIPAA and so many more.

Specialized: Engineers who focus on infrastructure, networks, data and software technology stacks need to know about the what, but more importantly, they need to understand the why and how as they do their work. For example, data encryption at rest and in transit, authorization and authentication, securing failover infrastructures, hybrid cloud solutions, bring your own device security, separation of duties, least privilege and need-to-know principles. There is more than one way to implement any one of these concepts and Engineers need to know them.

Generalized Awareness: Everyone else.

Figure 1. The diagram above demonstrates at a high level how role-based security awareness training could be rolled out and that everyone is a part of it. No one ever gets to be “clueless.”

5. Include the information security role in solution delivery teams

Whether your company calls them Scrum, Strike, AgileProduct or Project Teams, the team construct used to deliver an idea from inception to conclusion often contains multiple roles and therefore multiple people.

In order to become a security-by-design or security-first company, your teams must be shaped to enable the desired outcome. Which then suggests that an information security/regulatory compliance expert must be included from project inception through the course of the project.

This conversation is less about the recipe for roles and teams and more about the desired outcome. Context-driven teams influenced by desired outcomes.

Strike Team Delivery Model
Figure 2. Trility’s preferred team pattern is the use of a Strike Team that always includes an Information Security/Regulatory Compliance expert involved throughout the lifecycle of the project or product. While we tend to construct teams based upon the desired project outcomes, we include an Information Security expert on the team by default.

If the information security people are technical, they may be helpful with design, development and implementation every step of the way, all day every day. If the information security people are non-technical, they may be more aptly leveraged in a principle-based guidance role during iteration planning, stand-ups, demos and reviews to ensure the project continues to move forward between the fences.

Either way, there must be a full-time champion for the company and clients in terms of privacy, compliance and best practices to achieve the desired outcome.

6. Determine how you will proactively test your ongoing compliance

There are any number of methods to test ongoing compliance. Blind trust. Word of mouth. Internal (infrequent) manual inspection. Third-party annual inspections. Or continuously through automation.

Our typical practice is to identify what attributes of compliance must continually exist, automate those attributes into a series of tests that are called, executed, logged and tagged every time new infrastructure and applications are built. When non-compliance happens, alert someone (as shown below). Otherwise, keep moving. We have some examples out there in the ether for you to thoughtfully consider.

Automated Security Tests
Figure 3. The diagram above shows how you can build-in automated security/compliance tests such that every build now has the capability of logging activity, events, alerts and compliance status.

7. Attach quality and compliance tools to the delivery pipeline

Continuous delivery pipeline behaviors are not new. Wide-spread awareness and adoption of new concepts takes time to expand across industries, companies, leaders and teams. As more companies implement continuous delivery principles, more of the things many companies used to exclude because it took too much time, or did perform, but manually in arrears and infrequently, will be automated providing real-time information radiators.

Look for vendors and tools that are API-driven, have a great online community, openly available developer and administrative documentation, as well as, active tool support. These tools enable you to perform automated analysis-refactor loops now versus waiting until later and hoping for the best. It is worth your money to know your risk exposure now.

Continuous delivery pipeline with security built-in
Figure 4. This diagram illustrates where in the continuous delivery pipeline predictable, repeatable and auditable security behaviors may be baked into the solution delivery process now versus waiting until later.

Hire great people. Cast a vision, communicate desired outcomes, define clear objectives, give them the resources to be successful, give them rules of engagement and stay involved.

Great people make mistakes. And even great people some times do not know what to do. Security frameworks help mitigate oversights, mistakes and provide guidance when people are in new, different and complex situations.


I drink a lot of caffeinated coffee and tea. And I’m on airplanes a lot. Drinking coffee and tea. I’m making a commitment to write more articles in 2020 – and increase the number of speaking engagements at which I drink coffee and tea. It is material we discuss every day at Trility and with our clients. It is material that you may find helpful as well. If you’d like to keep informed, and even interact, please connect or follow me on LinkedIn. Or we can send you an email

We are also always looking for system thinkers to join us – those who can see the larger landscape and do the work as well. If this resembles you, email us.

Leadership In Absentia

Ensure people are empowered to grow, learn, and care about successful outcomes when pursuing innovative digital transformation

This article was originally published on LinkedIn.

Hire new people. Separate them from the rest of the company. Give them a landfall budget. Tell them to innovate using the newest cool words. Maybe all of the words at the same time. Tell them they do not need to care about the existing people, teams or operations that currently and historically generate revenue for the company. Do not give them a time limit to show results. Don’t create it, but allow a “they are special” mentality in the culture. Tell the folks on the existing (legacy) side of the house to “keep the lights on” while the new folks bring fresh ideas, play with all the new technologies and receive the accolades.

If you want people to leave, let them know they aren’t working on the most important things, aren’t valued as much as the others and there is no budget to explore ideas for improving their situation. Just tell them to keep working. For good measure, yell at them.

This recipe sounds horribly negative and absolutely does not value people.

There will be no culture that builds a company using this recipe because there will be no people. Taking a company and splitting it down the middle using, “old stuff” and “new stuff” mentalities breaks the culture, the loyalty, commitment and positive outlook of the people. And it guarantees time and money will be spent. Not guaranteed is whether the company will be better in the end.

A healthy company is “we.” An unhealthy company is “us/them.” Which one you experience is attributable either to active, purposeful leadership or leadership in absentia.

No one does that. Do they? Sadly it happens in the conversations which also use the words “innovation” and “digital transformation”. The goal is quite logically to move a culture and company into the next chapter of life.

We see quotes from Peter Drucker, Lee Iacocca, Bill Gates, Steve Jobs, Richard Branson or Jim Collins floating through social media and other published material regularly. They are leaders with a history of influence and success. And what we often hear they said is, “Hire great people and get out of the way.”

What we do not hear in the same conversations is, “getting out of the way” is predicated by giving people the direction, parameters, latitude and resources to do great things and then get out of the way. “Hire great people and get out of the way” makes it sound like people require blank checks, blue skies and absolutely no friction, pressure, expectations, knotholes, constraints, guiding attributes, parameters or leadership.

Getting out of the way still requires active leadership.

Getting out of the way as a leadership tenet still requires two crucial attributes: (1) there must exist a clear objective, and (2) there must exist rules of engagement.

Before you cast off this material as drivel, ask yourself this: If you needed to liquidate personal assets to grow a company, would you want clear objectives and rules of engagement to exist before your personal money left the bank? As you spend your employer’s money, are you similarly disciplined?

The recipe for growing and transforming people and companies isn’t hard. It is time-consuming. It will require active planning, re-planning, leadership and management. It will require communication and over-communication. As many companies attest, there is no shortcut. Organizational change must be all-in, top-down, on-purpose.

It will absolutely require work.

1. Cast the Vision (What)

A vision tells people at a high level where you want to go compared to where you are.

Examples of vision:

  • Build a shareable smart city platform.
  • Move us completely into the cloud and out of brick and mortar.
  • Practice test-driven development for all product development and evolution.
  • Be EBITDA positive.
  • Implement a document management solution for our enterprise.
  • Implement an automated build, bundle and delivery process.

2. Describe the Outcomes (Why)

Outcomes tell people what it will look like when the desired vision is reached.

Examples of outcomes:

“By building a shareable smart city platform, we will enable approved third-party partners and vendors to work with us to serve our clients through real-time bi-directional sharing of information, more systemic feature and function opportunities, greater influence over the direction of the smart city industry, as well as, increasing the value of our data and brand along the way.”

“We are an insurance company. We irrevocably owe it to our clients to manage data privacy, provide real-time interactions and always be available to their needs at all times. We also owe it to them to be wholly focused, wholly available for their needs. We do not want to be in business of owning and managing physical data center assets in the future. By moving into the cloud we enable a larger percentage of our company team members and assets to focus on serving the real-time, interactive insurance needs of our clients than ever before.”

3. Identify Desired Objectives (Attributes of Done)

Objectives are explicit statements that are tangible, have a clear definition of done and are usable/useful solutions in the end.

Example objectives:

  • Enable a complete digital exhaust picture for all documents that enter, exist within, and exit our corporation including, but not limited to: when create, edit, delete, by whom, from where, sent/shared to whom or to what.
  • Enable a complete digital exhaust picture for all software that enters, exists within and exits our corporation including, but not limited to: create, edit, delete, by whom, from where, to whom or what, how and when tested, how and when statically and dynamically inspected, how and when assessed for vulnerabilities, how and when penetration tested, when deployed, what was in the bundle, sent where.

4. Provide Resources

To enable success for any team, they need access to the resources necessary to achieve desired objectives and outcomes. Sending them off with duct tape, hope and zeal will have results. Whether they are the results you desire remains to be seen.

Great People + Clear Objectives + Required Resources = High Probability Outcomes

This is the step people sometimes mistake as the entire recipe for, “Hire great people and get out of the way.” If we give them time, people, money and latitude, magical things will happen.

If you want dependable outcomes, the “hire great people and get out of the way” mantra also requires clear rules of engagement.

5. Set Rules of Engagement

Rules Of Engagement (ROE), also known as constraints, parameters or attributes, help define the context and conditions of done. They are not designed to limit innovation opportunity or success. Rather, ROE help direct all of the great people, time, energy and resources into a direction that is most beneficial for the context.

Examples of bad/no constraints:

  • Hire a building contractor. Whether they build homes or commercial buildings you don’t know. Write them a check. Tell the contractor, “You have one year. Surprise me.”
  • Schedule an appreciation party for your project team. Hire a chef. Tell the chef to prepare enough food for twenty people. Tell the chef your folks like exotic meat and hot, spicy things and to make it memorable.

Examples of good constraints:

  • Our time to market must be six months
  • Our time to revenue must be nine months
  • Use only open-source software
  • Ensure we are NIST-CSF compliant for Day 01 launch

6. Create Teams that Consider the Whole Company

Oversimplified, there are two types of people in companies:

1) Those who only see what is in front of their face (component thinkers); and

2) Those that know what is in front of their face is only a fraction of what can be seen in the larger landscape (systems thinkers).

Hire people who naturally think about the whole business and client experiences, not just the parts they want to think about. Set clear expectations with teams and projects that they must consider end to end implications of decisions and solutions, not just the parts they know about. Create cross-company teams that consider yesterday, today and tomorrow to ensure you bring along your people, your company, your clients and your future.

If you truly value your people, include them in defining tomorrow so that they take ownership of the journey and the result.

7. Stay Actively Involved

When leaders hire people they trust, it is easy to step back, get out of the way and just believe all will be well. If leadership defines the vision, outcomes and objectives for the company, leadership must stay involved in the journey until realization as well – that is leadership.

  • Regularly meet with the teams to let them know the project is important, their contribution and effort is important and that you want to hear what they have to say regarding activities, challenges, roadblocks and progress.
  • Request and expect to see tangible, demonstrable output on a regular basis. Do not take someone’s “word” that progress is happening; nor should you accept status reports, presentations or glossy materials discussing output. See the output or there is no output.
  • Regularly ask people how they are making the business better, how they are making better experiences and solutions for clients and what the time to value, time to market, time to revenue will be as a result of this investment.
  • Eliminate toy boxes. All money must lead to a return on investment in some way that benefits the people, business and/or clients. If there is no evidential relationship between investment and return, the effort is likely a toy project for someone, but not a high-value proposition for the business. Eliminate toy boxes or they will eliminate your money.

8. Know When to Say When

Knowing when to stop investing in an idea is something you must determine before the investment begins. After you’ve been on the journey for a while, it has the propensity to become personal. After all, you’ve labored over this idea, spent time, money, blood, sweat and tears.

Decide before the effort begins and regularly and iteratively ask the same questions:

  • What do we want to see from the team that shows us this is a worthy investment?
  • How much time and money is enough to validate, refactor or trash the idea?
  • How much risk exposure exists now and will exist as a result of the current solution direction? Will this solution increase or decrease our business and technical risk exposure? What is our risk appetite?
  • What are the triggers that make this investment good, at-risk and a candidate for termination?

Active leadership is great deal more than getting out of the way. It means you hire great people. You don’t leave others behind. And you go on the journey with them once you’ve cast the vision, expressed the desired outcomes, provided the ROE and resources to be successful. 

If you truly value your people, include them in defining tomorrow so they take ownership of the journey and the result.

I drink a lot of caffeinated coffee and tea. And I’m on airplanes a lot. Drinking coffee and tea. I’m making a commitment to write more articles in 2020 – and increase the number of speaking engagements at which I drink coffee and tea. It is material we discuss every day at Trility and with our clients. It is material that you may find helpful as well. If you’d like to keep informed, and even interact, please connect or follow me on LinkedIn. Or we can send you an email

We are also always looking for system thinkers to join us – those who can see the larger landscape and do the work as well. If this resembles you, email us

Veterans Day: Honoring those who understand “true requirements” of service

Honoring Veterans on our team and everywhere

The majority of Americans will never experience the true requirements of service. But we are surrounded by those who do in our day-to-day lives. Today, we say thank you.

Our office is closed today for Veterans Day. We’d like to share something one of our team members, Jennifer Davis, shared last week reminding our team about today.

Jennifer Davis, Director of Operations

“On November 11th, our company will observe Veterans Day. First and foremost, if you are a Veteran, we here at Trility want to thank you for your service. For those of us who haven’t served, we can never fully understand the sacrifices you’ve made for our country, our safety, and our freedoms.

Thank you.

Almost all of my life, I’ve lived a few minutes from the world’s biggest naval base, Naval Station Norfolk, and close to U.S. Navy master jet base, Naval Air Station Oceana.  I get to see and hear jets fly over regularly. I can watch the Blue Angels and still get excited every year for their powerful display at the Oceana Air Show. From the beach, I’ve watched massive aircraft carriers leaving for or coming home from deployment. With my toes in the sand along the Chesapeake Bay, I’ve seen hovercraft vessels practicing for missions.  

The Blue Angels running laps over my house practicing for this weekend’s air show. – Jennifer Davis

Growing up and into my adult life, these sights and sounds have had a great impact on me. But I’ve only watched from the sidelines. My exposure has been limited to the displays of the awesome power of our Nation’s military. What I haven’t seen are the true requirements of the service itself. As we look forward to Monday, I want to celebrate and honor those who have served. I want to be reminded of what it takes to serve others. I want to be thankful for the freedoms I get to enjoy because of those who have served. And I want to encourage you to do the same.” 

– Jennifer Davis

Ways To Die While Scuba Diving

Explore how diving and leading companies require continuous data, preparation, situational awareness, emotional maturity and a willingness to adapt.

Originally published on LinkedIn on Oct. 26, 2019.

Years ago when I began diving, I had originally viewed diving as blue water with whales, dolphins and gorgeous coral reef. I quickly learned how diverse diving could really be.

I was trained in cold, brown water. Like all forms of diving, cold, brown water diving requires special attention to detail. Gear for staying warm, tools for extricating myself from unplanned situations such as fishing line, vines, branches and roots, multiple lights for seeing in the dark, murky waters and very good compass navigation skills.

As I expanded my learning and experience portfolio, I came to realize the preparation and skills necessary for warm, cold, caving, cavern, blue-water, brown-water, ocean, quarry, lake and river diving may seem the same, but each and every one of them have unique requirements within themselves. What I knew yesterday helped with today, but there was always more to learn. I realized a pattern of behaviors always required: plan, execute to plan, situational awareness and prepare for adversity, always. In all cases, be disciplined before, during, after and between dives.

Diving

I enjoyed compass-diving in brown water with 0-12 inches of visibility where many times I couldn’t see my hand when fully outstretched. I loved every minute of it because I never knew for sure what was coming and I needed to be ready for anything, at any time. Blue-water diving in the ocean offered infinite views in all directions. Nothing below, beside or above me other than sunlight coming down through the water – just blue infinity. Night diving meant that sometimes, were it not for my equipment, I could easily be upside down at 100 feet thinking I was right-side-up at 35. Like all forms of diving, all three of these experiences require many of the same skills.

Diving

And like all forms of diving, in all three of these experiences, one could become disoriented and make the decision to continue doing what you’re doing, make incremental and adaptive changes, or make poor, reactive and over-corrective decisions, which make things worse immediately. Over and over again diving – and living – came down to education, experience, discipline, planning, situational awareness and the need to make informed, responsive, level-headed decisions.

As I gained more experience, I made more diverse decisions increasing risk, complexity and potential return on decisions. Which then required more experience and more on-going education. To amplify learning diversity, I began to study how divers die and sought to understand how these deaths could have been prevented.

Reasons Divers Die (listed, not rank ordered):

- Failure to plan
- Failure to maintain and improve equipment
- Failure to maintain personal health and fitness
- Failure to keep themselves in check (emotions, ego, risk-taking)
- Failure to practice/improve/increase skills and knowledge

Diving is fun, adventurous, character-building and educational. It does not have to be deadly. The National Center for Biotechnology Information and the Diver’s Alert Network reported 59 diving-related deaths in the United States in 2016. That is a small number. Yet it is 59 too many. I encourage you to explore snorkeling and scuba diving for yourself. Get educated. Be disciplined. Have fun.

Why do you believe leaders and companies fail? It would seem that companies and diving have nothing in common until we compare the lists.

Reasons Leaders and Companies Fail (listed, not rank ordered):

- Failure to plan and adapt
- Failure to maintain and improve themselves, teams and systems
- Failure to maintain and improve personal health and fitness
- Failure to keep themselves and others in check (emotions, ego, risk)
- Failure to improve skills, knowledge and experience

How would you rank this list as it relates to you? Your boss? Your company?

Like diving, leading companies and teams require continuous data and decision-making. And in order to have continuous data that enables decision-making, there needs to exist a plan, situational awareness, a data feed, a pre-meditated, cool-headed ability to make decisions and the willingness to adapt.

Plan Your Dive or Plan For Failure

- Have a plan. Continually evaluate the plan. Be prepared to change.
- Know where you are in relation to the plan. Be prepared to change.
- Continue to purposefully improve yourself, your teams and your company. 
- Practice being thoughtfully responsive versus thoughtlessly reactive.

When you’re the only diver in the water, you are welcome to make any and all bad decisions available to you. You may (or may not) be the only one that will suffer from your mistakes.

However, when you’re in the water with others who rely upon your plan, your ability to see, hear, realize and adapt to incoming data, and they trust that you are capable of making the hard decisions in hard circumstances – your preparation, emotional maturity, adaptability and decisions matter.

Early on in my journey, an old, crusty diver made a dark comment to me that stuck with me permanently and heavily influenced my preparation, maintenance and overall discipline:

“When you’re down there doing what you do and you’ve failed to plan, failed to maintain your equipment, didn’t pay attention to the information in front of you or just plain didn’t keep a cool head, just remember, at 200 feet below the surface, no one can hear you scream.”

His point? Be disciplined. Plan. Be aware. Be adaptive. Keep your head screwed on correctly. Make context-driven decisions. Live to dive again. Make sure others with you have a good experience, learn and live to dive again.

The teams at Trility regularly help people create, modify and implement plans for successful dives, gain access to data in real-time so they can adapt, as well as, equip people with the solutions they need to keep cool heads at 200 feet.

Authors Note: We’re not really going to help you plan your dives. In fact, we may never dive together. You might be crazy. I just wanted to keep the analogy going. If you want to dive, join the military, attend a commercial diving school or reach out to diver training organizations like PADI.

If you want to learn how to digitally transform your company, influence your leaders, train your teams, plan and deliver some of the dirtiest, nastiest, most complex projects from the bottom of the deepest, darkest ocean that no one else wants to do – then do call or email us.

7 “Not Easy” Steps for Securely Using Data for Real-Time Decisions

A step-by-step roadmap for taking control of your data, securing it and making it meaningful to everyone at the same time, in the same way.

Originally published on LinkedIn on Oct. 22, 2019.

Companies have data in many places. And many companies do not know what data they have, where it is stored, who and what has access to it, the trustworthiness of the data or how to organize it in a timely manner into decision criteria for leadership teams.

The easiest way to know if what I’m saying is truth is to ask someone on your technical staff to provide you an asset and access inventory. Ask them the following:

Tell me:

- All software applications used in the company
- All places data is stored in the company
- All hardware used in the company to host, edit and manage both
- Who/what has access to these things and with what levels of power

And

- How the data is secured in transit and at rest

Give them one business day. Their reaction will reveal your truth.

Running a company minimally requires two things: knowing where you want to go and having access to timely, trustworthy data that will guide your journey. This article discusses the data aspect only.

And as you may already hope, suspect or know, addressing unsecured, unmanaged, disparate applications, data and permissions is a solvable problem. Accessing one view into your company is also solvable. Let’s look at the plan.

1. Find Your Data

Inventory all software applications and data repositories inside and outside your company, as well as, anything interacting with or exchanging data with your applications and repositories.

2. Determine The State of Your Data

What is the technology collecting, managing, editing your data? Where is it hosted? By whom? Is it good, questionable or corrupt data? Who and what has access to it? What are they doing to the data? Who is managing the security and sanctity of the data? How do you know you can trust the data? Is the data current and with what frequency?

3. Secure your data

Is the data managed via role-based permissions or is it wide-open for too many people and systems to manipulate, extract and exploit? Is it direct-connect? Copy-paste? Batch-uploads? API-accessible? Is it secured while at rest? Is it secured while in transit?

Think your company not likely to be attacked, corrupted, ransomed or otherwise exploited? Consider your brand value, consumers, privacy laws and bad company press. Do people trust your brand today? Will they after a breach?

4. Establish a Common Data Format

When data originates from multiple data sources, the structure of the data is usually non-uniform. The first step is to understand the current structure and state of all data at the origination point.

The second step is to determine to what Common Data Format (CDF) all data will be funneled and/or otherwise re-organized. In other words, if your company’s growth strategy has been through Mergers and Acquisitions, you likely have many data stores with similar types of data, but with different states of sanity. If you want one view across all of these data stores, words must have the same meaning for all instances of all data. Establishing the same meaning for all similar instances is “normalization” or “establishing a Common Data Format”.

Many to one.

Only after there exists a common data format are you able to see, understand and make decisions that confidently and consistently take into consideration all parts of the company.

No alt text provided for this image

5. Extract, Normalize and Put

When you understand all places from which data originates and have a CDF, your teams are then able to write predictable, repeatable and auditable methods of extracting, normalizing and putting data into your new, single source of truth.

To be clear, the methods of extracting data, normalizing data and putting data must be predictable, repeatable and auditable. And the structure into which all data is put is itself the CDF. Anything less and you will simply be creating a new mess that must be managed on top of your existing ecosystem — whatever the state.

6. Pull Data Predictably

Now that you’ve made the effort to ensure all data, from all locations, is secured and normalized, protect it. This means there must exist a predictable, repeatable and auditable manner by which applications, systems and companies access your data. Notice I didn’t say people.

To access data from the single source of truth, there must exist predictable, repeatable and auditable set of actors, permissions and activities. If there is variability in actors, permissions and activities, it will no longer be a single source of truth.

Require anyone or thing that wants access to your data to follow your rules. Non-negotiable. This includes people in Mensa, people with twenty years of tenure who have been there since the company started, the CEO’s nephew and your mom.

Your single source of truth is special. No one who wants access to the data is special. Despite what their mom told them when they were young.

7. Use Your Data to Inform Your Decisions Dynamically

Attach reporting solutions. Attach streaming solutions. Attach elastic search. Attach dashboards. Follow the rules. Enjoy peace.

Now you can trust that your data has integrity. You can trust it is secure. You can trust your data is predictable, repeatable and auditable. You can trust your company has one message.

And you can trust that you know all applications, repositories, data management and security behaviors, actors, hosting solutions and reports are something upon which you can bank your company’s reputation.

____________________

If you would like to take control of your data, secure it and make it dynamically meaningful to everyone in your company, the teams at Trility help companies solve these challenges with a focus on predictable, repeatable and auditable behaviors. Email us at forthejourney@trility.io.

Recalculating…

Our new Chief Strategy Officer shares “why” he chose to join the Trility team.

Originally published on Brody Deren’s LinkedIn Profile on Oct. 3, 2019.

This is not how I drew it up; it’s not how I planned it. I’m type A. I like to be in control… and this wasn’t my original Google Maps route.

I have joined Trility Consulting as Chief Strategy Officer, and I couldn’t be more jazzed about it!

Wait… what???

“You just started a business 5 years ago, didn’t you?” Some might ask. “Why would you want to work for someone else?” they’ll say. “Why not start another company?”

I did start a company 5 years ago, yes. A technology recruiting and staff augmentation company called Dynamo. It became profitable within 12 months, grew every year (became an Inc 5000 Fastest Growing Company), supported a bunch of great customers, and built a great brand with a great group of people.

I was honored to help lead that company, from its initial twinkle-in-the-eye to becoming a growing and recognized brand.

It just wasn’t the right organizational arrangement at the right time. I eventually came to the realization that it would be healthier if we restructured the company, and that led to me exiting. It was hard, yes. It was emotional, very much so. But it was the right decision.

Since my exit, I’ve listened to a bunch of people and considered numerous ideas for my next road to travel. Over the years, I’ve been lucky to grow a network of great contacts, gained know-how, and have a number of potential customers to pursue if I were to start another recruiting and staff augmentation business. It’s a compelling opportunity to consider, and I’ve given it a lot of thought. So why not do it?

Trility is why not. Matthew Edwards is why not. Brenton Rothchild is why not. And the rest of the great team of people at Trility are why not.

Trility is a collection of incredibly bright, value-driven, people-first advisors, technologists, and business people who have critical skills and experience to help clients win in the modern digital economy. They are a business and technology consultancy that delivers results, predictably and repeatedly. They solve complex problems, help guide clients down roads they’ve never ventured, and offer solutions in areas like Cloud, IoT, Cybersecurity, Strategy and Roadmapping, Operational Modernization, and Data/Analytics. They bring products and services to the table that are helping lead enterprise companies (I mean huge Fortune 100 companies) through transformational efforts. And they do it all with security top of mind, all of the time.

I’m also ready for a new challenge. I’ve spent the last 14 years of my career in the recruiting and staff augmentation space. I learned a lot in the industry, and it provided a great foundation. This next chapter comes with different challenges, a different business model, and a bigger opportunity to impact the customers we serve. And Trility does it better, with a more human-centered approach, with more satisfied customers than its competition (think 7-star service, on a 5-star scale).

My personal roadmap has often been in a state of “recalculating” over the years. Heck, I went to Creighton University as an exercise science and business major, and I thought I was going to become a Physical Therapist and start a PT practice. A few unexpected reroutes since then, and I certainly haven’t arrived at that destination. And that’s okay. I’ve learned to adjust my outlook and path, based upon passions, priorities, and opportunities.

I’m blessed to have worked with a ton of great people in my career. I’ve learned so much, from so many. I only hope to give back a sliver of wisdom, inspiration, and know-how that I’ve gleaned from colleagues, consultants, clients, mentors, students, and contacts along the way.

It’s time to get started down the next road. In my role, I will be helping the Trility team expand its markets, customers, offerings, partnerships, impact, and growth. I’ll be looking to help the team promote and reinforce the innovative, always-improving, and team-first culture that already exists. We will be growing, we will be hiring, and we will be ready to partner with companies looking to defend or extend their market share in the digital economy of today. If you’re interested in learning more, please reach out.

My new route is set. I’m not sure what surprises are in store on this road, but I’m sure there will be plenty and I’m looking forward to each of them.

A Repeatable, Custom Solution for CCPA

VIDEO | This video breaks down the business problem CCPA presents and outlines a solution approach to comply with the privacy law.

California Consumer Privacy Act: Solution Approach

How to Comply with CCPA Requirements

In this video, you’ll gain a high-level understanding of how your organization can comply with the California Consumer Privacy Act (CCPA) using a solution-based approach.

1:00-3:29 Minutes | Defining the Business Problem

You’ll gain a basic understanding of the business problem CCPA presents to organizations by looking at it from two perspectives: The consumer making a request and an internal employee who is tasked with responding to the consumer request.

Demonstration of a Solution Approach to CCPA

3:30-5:42 | Consumer Request

You’ll walk through how a consumer would make a CCPA request from your website. CCPA requires organizations provide a Do Not Sell My Personal Information link on their websites that allows the consumer to make that request, as well as a request to delete their personal information or have their personal information shown to them.

5:42-10:00 | Internal Process

This section of the video shows how an internal team member can review and respond to a consumer requesting to have their information shown to them. This solution approach also allows for a manual review process that can be integrated with an automated one.

Not sure if CCPA applies to you?

Take a free assessment to determine if this privacy law impacts your business.

Internet of Things: Connecting the Physical World to Your Business

Leverage the Internet of Things (IoT) to make the ever-growing network of devices talk to existing services or new products.

Companies are looking to use Internet of Things (IoT) to connect, modernize, or invent services and products. Extremely large volumes of sensitive data come out of IoT ecosystems. Preparing for how you plan to use and secure the data are essential conversations to have from the start.

See how Trility helped three clients build new products and services, expand solutions, and invent new ways to create efficiencies and experiences to their customer’s delight.

When we needed a team that could come in with practical solutions to our aggressive goals, we went with Trility because they offer predictable, repeatable software development processes that can scale to our needs.

Jesse / Samsung SmartThings

Four Things Cloud Service Providers Won’t Tell You that Could Be Costing You Money

Cloud adoption requires adopting a new mindset to provide a return on investment.

The Bottom Line // Moving to the cloud requires a new way of thinking and managing services. Cloud adoption requires adopting a new mindset to provide a return on investment. Start with a clear goal, preferably a specific application or service, as you take your company to the cloud to minimize the cost of acquisition while your teams learn and grow in the new environment.

Download our handout and read the four things you can do to ensure the cost of acquisition is minimized and the return on investment is maximized.

[ OPTIMIZE CLOUD ADOPTION ]