The opposition must be crushed.
Their allies must be kept in the dark.
The dominion must be protected.
Tuesday, December 5, 2017
Thursday, September 17, 2009
The Value of Timelines
Which has more value, a painting that took years to create or one that was done in a few hours? I would presume the one that took longer to create is more valuable. Even if the paintings were nearly identical- knowing that more time was put into something lends to a perception of value.
Some mastermind back in the early days of Corporate IT saw this concept and used it as a model for our SDLC. By adding time to our control points for code freeze and time windows for testing, staging and the like, the overall process is lengthy and thus, looks more valuable to the business stakeholders.
A project that may be a week or two of coding will take several months to allow for planning scope, creating and reviewing requirements, technical designs, Info Security reviews, Architecture reviews - all before the first line of code is written. Then with testing windows of a month for each environment and a code freeze that could be a month or more, depending on deployment schedules, it is easy to make even something smaller than a bread box take 6 or more months from conception to deployment.
This adds value. With this we are able to explain high project costs to our business stakeholders, the ones approving the budgets, while at the same time making sure we don't have to break a sweat to get things done. It is an almost perfect world for us.
Add to this that this model will stifle a small third party vendor and it is hard to pin the actual value of timelines. Small vendors try to remain nimble and react quickly- their model not only thrives on it but almost depends on it. They can hardly afford to sit on a tested solution for a month long freeze. They want to do something new or react to enhancement requests or respond to a bug. The Corporate IT Timeline hinders them from all of this. It brings them in line and reduces them to little more than ancillary outsourced coders.
If third party solution providers are forced to fall in line with the Corporate IT Timeline then they can be controlled. And it is easy to convince the business partners that this needs to happen. Business may appreciate and enjoy the agility of smaller firms but as we have said before, they can ill afford to fight the risk and career minded professionals won't stick their necks out for the small vendor most of the time.
So embrace your timelines. See the value in them. Use them to your advantage. As risk aversion grows, so will out timelines and our kingdoms. With higher perceived value, higher costs and longer guaranteed work, we expand what is ours and increase the barriers to entry, protecting our industry- Corporate IT.
Wednesday, April 15, 2009
Risk Aversion as a Tool
Non-technical business people are like sheep. They tend to move in a herd, make similar decisions based on that pack and are easily scared. This is especially true with management. They have one eye on their career health and the other on their bonus. Most don't have time or the stomach to challenge the herd mentality.
This fact makes Risk a weapon. Management fears Risk, for themselves and for the firm. All one has to do is make a case for Risk in doing or not doing something and the herd moves along. It makes IT the shepherd of the flock. Risk, conveyed discretely but powerfully, is a wonderful tool.
The honesty really is just that, Risk is a tool. Man times the Risk Aversion is much more expansive than the Risk itself. Spending weeks testing for any Risk in a minor change to code is more often more costly than the error that might ensue from the change and/or a rollback. But items like this keep IT pockets fat, as long as business pockets are deep.
And what does Risk Aversion gain? Obviously the Recession cannot be avoided no matter how many hours we sit and dream up the most obscure Risk scenarios to make sure "there isn't anything we haven't thought of". Risk seems especially important to firms in the Financial Industry and there aren't many firms in that realm who have not seen their stock prices drop like a rock and even bankruptcy as a possible future. So what Risks have they paid so dearly to avoid? Firm reputation? With many being bought and sold, who's reputation is being saved?
Perhaps one day the business herd will change direction, realizing that there is little value in much of the Risk Aversion. That through some careful analysis of the story IT is selling, they can decrease costs and still maintain an acceptable level of quality and Risk control. For now they are too focused on surviving the current economic crisis, kind of a forest for the trees effect. Until they decide to change, IT will continue to build its kingdom on their backs and use tools like Risk to do it.
This fact makes Risk a weapon. Management fears Risk, for themselves and for the firm. All one has to do is make a case for Risk in doing or not doing something and the herd moves along. It makes IT the shepherd of the flock. Risk, conveyed discretely but powerfully, is a wonderful tool.
The honesty really is just that, Risk is a tool. Man times the Risk Aversion is much more expansive than the Risk itself. Spending weeks testing for any Risk in a minor change to code is more often more costly than the error that might ensue from the change and/or a rollback. But items like this keep IT pockets fat, as long as business pockets are deep.
And what does Risk Aversion gain? Obviously the Recession cannot be avoided no matter how many hours we sit and dream up the most obscure Risk scenarios to make sure "there isn't anything we haven't thought of". Risk seems especially important to firms in the Financial Industry and there aren't many firms in that realm who have not seen their stock prices drop like a rock and even bankruptcy as a possible future. So what Risks have they paid so dearly to avoid? Firm reputation? With many being bought and sold, who's reputation is being saved?
Perhaps one day the business herd will change direction, realizing that there is little value in much of the Risk Aversion. That through some careful analysis of the story IT is selling, they can decrease costs and still maintain an acceptable level of quality and Risk control. For now they are too focused on surviving the current economic crisis, kind of a forest for the trees effect. Until they decide to change, IT will continue to build its kingdom on their backs and use tools like Risk to do it.
Saturday, February 21, 2009
Who is the Enemy?
Faster, Cheaper, Better. Get one right and you have an edge, an advantage. Get two right and you are the clear choice, all else equal, the winner. Get all three and... well, I don't even want to go there. The goal is to make sure you competition cannot gain the edge.
In the world of Corporate IT you have to play the game, walk the company line, do what it takes to advance your career, grow your kingdom. You have to ignore those who criticize, attack you for trying to push, perceive you as a brown noser, valueless.
But these are internal issues, ones you can control. One day the people who criticize will be working for you. And then we will see who is brown nosing.
The real enemy is the little guy, the development company that beats to a different drum. They don't have Regulatory and Audit breathing down their necks. They don't have to deal with CIS and Architecture. They don't have to follow the SDLC and environment rules to limit risk. They are cowboys, rebels, renegades.
They can put together an application without a spec. They can minimize testing. They can shortcut process. By nature, they are more agile, regardless of methodology. They can operate without a methodology. They can be faster to completion with less overhead and therefore cheaper.
And unfortunately, for a budget minded business customer, faster and cheaper is better. They don't care that this speed to market carries risks. They are willing to take the risks on the chin for the savings they can enjoy with this renegade process.
There are several ways to combat these cowboys. Convincing the business that they cannot operate this way typically leads to a rift between IT and the user base. So one of the best approaches is to make the vendor a partner to the organization. A preferred vendor with a contract that will ensure proper licensing of their products, payment, etc. And by doing this, by formalizing the relationship (with a smile like the Grinch), you can subject them to terms for which they are not prepared.
By becoming an official vendor of the corporation, the vendor will be forced to abide by the same Audit and CIS rules as Corporate IT. They will be required to build (or in the case of applications already in use, re-build) to the corporate security and architecture standards. They will be reviewed, scrutinized, required to test and document and meet to fulfill their obligations.
And this will destroy the cheaper and faster. This will level the playing field. This will remove their advantage and actually turn the tables. They will be unaware how to navigate the process, how to determine the right approach for those reviewing to give approval. They will be setup to fail. And fail they will. They will be exposed as the wild, loose cannons that they are and they will be found inadequate. Even their business friends will turn their backs on them as they must to save face in their corporate world.
These rogues are the enemy of Corporate IT. They are a plague, a cancer. But, they can be fought and more importantly defeated. This is my story on how I battle one vendor and, assuming I am allowed to fulfill my mission, how I destroy them.
Thursday, February 19, 2009
The Mission
My mission is to protect my kingdom. I struggled and toiled to build my world and I will not standby to see it invaded, overrun and destroyed. This is my job, my career, my life. And I must protect it by not only defending it against my enemy, but by destroying those who wish to conquer what I have laid claim to.
These are my tales of struggle and ultimately, my triumph.
I am the Corporate IT Hitman.
Subscribe to:
Posts (Atom)