Postmortem (learning from failure)

Assembling the IT emergency kit

Much of the world is consumed watching the coverage of the enormous disaster that recently struck Japan. As if a massive earthquake and subsequent major tsunami didn't cause enough death and destruction, they unleashed a cascade of failures that led to serious nuclear power plant accidents that have yet to be contained, and that threaten lives and indeed the inhabitability of an entire area of Japan. It's simply horrific.

We humans think that we're in control of, well, everything. We have plans and lists and goals and policies and fallback positions. Then something like this comes along … Read more

Avoiding the cost of entanglement

Modern IT is very focused on economics. We talk endlessly about cost. We debate capital costs vs. operational costs--CAPEX vs. OPEX, in the lingo. We look at Total Cost of Operations (TCO) and we try to calculate our projects' Return On Investment (ROI). But even with all of these economic metrics, we miss an enormous source of costs: Our long-term entanglement with the products, technologies, and approaches we choose.

Long ago, we had a bright idea. "We could represent the year portion of dates with just two digits--that would save space!" We happily did that for a few … Read more

IT crisis: When the fire truck rolls

I was recently asked to help fix a high-visibility Web site that was performing poorly. I'd like to share some of the lessons--not learned, but reinforced--by the experience.

Fix the problem, not the blame. "We're in trouble! Help!" calls are fraught with embarrassment. Who, after all, wants to admit they have a problem? Many feel they "should" be able to "handle it ourselves," without sending up an emergency flare or asking for assistance. This latest was a straightforward "we can't get decent performance, and it's getting critical!" situation. … Read more

Failure is an option

I recently discussed techniques for reviewing projects to improve their likelihood of success. Underlying this is the reality that projects do fail often, at a greater rate than we'd like to admit.

Some failures are spectacular. After spending tens or hundreds of millions of dollars over a period of years, nothing ever really works. The entire investment of time, money, energy, effort, and focus has to be completely written off. Those are the legends. The laughing stocks.

But it's a mistake to conflate failures and catastrophes. Most failures are mundane and much smaller scale. They result from changing … Read more

Protecting your blind side in IT

I recently argued that everyone has a blind side. When people or organizations miss important threats or opportunities--ones that are perhaps obvious to you--it's easy to think badly of them, to assign blame. My goodness! Why ever could they not see that coming?! Idiots! But it's not simple to avoid being those idiots.

I've dealt with department managers with unimpressive budgets who truly "get it." And I've worked with international governments and captains of industry who wouldn't recognize a clue if it dressed up as Colonel Mustard and bludgeoned them with a lead pipe in the conservatory.

In my experience, truly incompetent individuals and outlandishly oafish organizations are the exception. What I usually find are intelligent, well-meaning folks who can't see what they're missing--not because they're stupid, lazy, or in any other meaningful way blameworthy--but because they're focused on other tasks and looking the other way.

Last week, I promised to share some techniques for dealing with the blind side. I wish I could say "Combine a pound of black beans, a quart of skepticism, three eggs, four product evaluations, and a dash of focus group feedback in a large mixing bowl; stir until creamy; pour into well-greased pan; and bake for an hour at 325 degrees." But it's not like that. Improving your perception and handling of things that are over the horizon, camouflaged, latent, or visible only in the "negative space" (i.e., what's missing rather than what's there)--those are skills to be learned, not recipes to be followed. Nevertheless, I've used these these techniques with excellent results:

Admit It, Move On People tend to be embarrassed by, thus defensive about, their blind spots, weaknesses, ulterior motives, errors, and failures. Ego drives us to pretend they don't exist. But when you're pretending something isn't a problem, it's hard to do much about it. So get over it. Accept that you have significant weaknesses, fears, and other assorted ugly bits--that there's an often large gap between where/what you are and where/what you want to be. Getting over shame and blame and getting your ego out of the way lets you get on with the real work. If it's not your ego in the way, help whoever's ego is in the way to get out of it.… Read more

Looking for the blind side in a complex world

I spend a fair bit of my working life meeting with people, listening to their plans for their next product, project, strategy, initiative, or campaign. My job? Review, evaluate, and give feedback. It's great when I can confirm they've got things right. Check! Good! Yep! Oh, yeah, I like that! I help confirm and build confidence in the plan.

It's a good thing I have the opportunity to be positive, because the larger and more important part of the job is decidedly less affirming: figuring out where they've gone wrong. What's missing? What's vague … Read more

Why we can't have nice security

I know this is TLDR fodder of the highest order, but I'd like to read to you from a press release--for a security product, even. Here it goes:

The entire line of Spyrus Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair … Read more