Pro Tips On How To Do Tactical Meetings…

From the mailbag, here is an old email given to team members, old and new, pro-tips for how to approach the Tactical meeting every Monday.

Why?

If your curious where this comes from, check out the book Death By Meeting, by Patrick Lencioni.  His suggested meeting structure mentally optimizes and focuses on the tactical subjects of the week.  It’s far too easy to stray into the strategic or get into the weeds, which traditional meetings suffer from.

How?

Here are my tips for team members

1.    Lightening Round – Round table allowing 2 minutes per speaker to give what was accomplished last week and what is on your task list for this week.

The lightening round asks two questions:  What you got accomplished last week and What you have on your plate for this week.

  • Come prepared before the meeting. Don’t muddle through.  It’s obvious when it happens and doesn’t reflect well.
  • Talk about the top 5 or most significant things you accomplished during this round.  Think about your audience and what you would like the team members to know. Especially if it’s project work, client-related work, or tasks of high importance.
  • Don’t waste the teams’ time by telling the teams the obvious things, like “Did my security training” or “Cleaned up my tickets”, or “Went to Team Meeting”. This is what is expected of you.
  • It’s ok to say “Tickets” and/or “BAU” (Business as Usual).  This indicates you were head down focusing on what’s in your queue and don’t have anything of significance to share.

2.    Metrics/KPI Review – 10 minutes to review last week’s SLAs and KPI performance.

The teams leaders are responsible for asking team members what is important to measure.  If you’ve been asked to create a slide for KPI review, consider these points:

  • What is your KPI trying to communicate? What is “good” performance?  What is our current performance?  State the “good” on your slide.
  • Avoid busy or cluttered slides. Jamming a bunch of charts and graphs on your slide does not communicate or relay the message well.
  • Don’t “Wing It”.  KPIs are designed to get everyone on the teams aligned, goal in hand, and hitting targets.  If the KPI isn’t relevant to those ends, then skip it.
  • Use KPI’s to communicate problems. Got a particular problem you need to communicate but no one is taking notice?  Use KPIs to measure the “bad”.

3.   Adhoc-Agenda – Group comes up with an agenda on the spot based on time remaining.  Keep topics tactically focused.  No strategic discussions during this meeting.

Adhoc is where questions, answers, or announcements that pertain to the coming week are had.  Key goals are ensuring alignment and communication between our two teams!

  • This is not the venue to vent or rail against “something”.  Again, show professionalism by using time wisely, refrain from bloviation, and overly wordy.  Straight, to the point, and informative/questioning.
  • This is not the venue to challenge or have academic debate.  Take those topics offline, if needed.
  • Keep Adhoc discussion focused on items needing to be discussed tactically this week.  Shift “strategic” items somewhere else and talk to your manager about when/where.

Always forward, team!

\\ JMM

Begin Your Culture With a Mindset that you Cannot Force Culture…

“Begin your culture with the mindset that you cannot force a culture into existence.  Think of culture as needing a set of boundaries, but allow the culture to build itself using those brains that you have brought into the company to share and mold it into something that is a living breathing thing.  If you expect to build a culture of a PowerPoint presentation – you will be sorely mistaken that anyone will take you seriously.”
– Chris Hatley, Produt Manager for AT&T at Austin CSI.

I talk a lot about the importance of culture. More importantly about how leaders influence culture. But, never enough time talking about how to put the desired culture in place. It’s not easy. Arm chair quarterbacking culture produces a lot of hot air…

Here is my top 5 observations on planting effective culture roots:

5. Vision, Mission, and Values.

It all starts here. What is the vision and mission of the organization? Department? What are the organizations’ values that drive our actions? Where is it in writing? Ink signatures for acceptance. The absence of articulation and promise leads to gray areas.

4. Hire Leaders Who Are All In.

Leadership needs to not just talk the talk, but are all in on vision, mission, and values. Do you have their commitment? Are they driving not just results, but growing their people? Are you watching your leaders? Are they effective?

3. Eliminate “Toxic” and “Donkeys”.

Somehow, they seep in. Whether by best intentions, accidents, or inheritance, culture is most deeply affected by toxicity and donkeys. Kill toxicity where it grows, quickly. Let go the donkeys. Replace with thoroughbreds who can connect to vision, mission, and values.

2. Live and be Accountable to the Values.

People watch their leaders carefully. The best leaders attract disciples and model the desired behavior. The worst, drive people away. How do you model the culture? Are you accountable to yourself? To your team? Time to be real about culture: Are you a part of the problem? Fix it.

1. Reinforce Culture At Every Turn. Teach, Rinse, Repeat.

We joke on my current team about talking/forgetting about things said and “must say it ten times” for it to sink in. There is truth to this. To make change, you must drive it, and drive it, and drive it. Monthly, quarterly, annually. If culture is truly important to you, then make it a priority to teach it, display it, reinforce it, and award it.

\\ JMM

Understanding the Why Behind Blocking Social Media

Below is an article I republished to our internal employees via our monthly news letter, which I felt is very applicable these days. The why is an interesting topic. Companies operating today varying opinion on social media in the work place is truly a mixed bag. Ultimately, it depends on culture. Internet access and social media coupled with privacy data equal a degree of risk. This article highlights the legitimate reasons, where privacy and risk collide.


Data loss (i.e. data exfiltration, data extrusion, data leakage) is the unauthorized transmission of sensitive information from inside a privileged access point. Because it can closely resemble the normal flow of data traffic, it is difficult in practice to detect and therefore right the sinking ship. Traditionally viewed in the context of the network, endpoint or email, data exfiltration can enact huge financial and reputational losses upon victimized organizations and individuals.

Social media is a formidable and porous attack surface due to its sheer size. With ever-increasing volumes of data being poured across different networks on a daily basis, detecting data exfiltration posts can be like finding a needle at the bottom of the ocean. The tides have shifted even for the largest and most talented security teams, as it’s become humanly impossible to navigate through this information to identify harmful threats. Social media poses additional risks that are not typically encountered on traditional points of access like email. From hashtags to mentions to lists, it provides a flood of different ways for users to instantly broadcast data to large global audiences. Social media also lacks any industry security precedent as a platform like email, which has weathered wave after wave of high-profile attack.

It comes as no surprise then that organizations both large and small are woefully unequipped to address data loss prevention when it comes to social media. The security industry readily admits these shortcomings too, with 43% of fraud prevention managers and IT directors recently reporting that employee access to social media websites and services is their biggest obstacle when it comes to data loss prevention.

Fig 1 outlines three different ways that data loss can occur through social media. At a high level from left to right, we identify 1) Inadvertent data loss involving sensitive information posted directly to the social network, 2) The Insider Threat involving a disgruntled employee divulging company secrets through encoded social channel data, and 3) Intentional data exfiltration by bad actors looking to hack into the corporate network and establish Command and Control (C&C) to maintain their data siphon.

Such accidental social media data loss is an all-too-common occurrence for employees who take selfies at the workplace, which may display personally identifiable information (PII) or sensitive organizational information like product roadmaps, architecture diagrams, software stacks or customer information. The cost of social media data loss can multiply when culprits unknowingly violate industry-wide compliance mandates, potentially resulting in hefty financial penalties for the organization in question. Embarrassing moments have affected one of Instagram’s most followed users and the Twitter CFO. Indeed, if one of social media’s own executives isn’t even immune to this risk, this demonstrates the realistic situation every organization faces.

** This article was republished.

\\ JMM

What happens if we don’t invest in developing our people…

CFO asks CEO: “What happens if we invest in developing our people and then they leave us?”

CEO: “What happens if we don’t, and they stay?”

The Lesson: Train people well enough so they won’t leave. Treat them well enough so they won’t want to leave.

Numerous LinkedIn Postings

We see this advice over and over. As leaders, are we walking the walk? Or just more of the same. I talk to colleagues and training is still a problem. Fear of making the investment and watching that investment walk out the door cited as the primary reason.

In today’s economy, junior people are far more skilled than 10 years ago. I see the resumes. We live in times where candidates are highly competitive, highly motivated, and have goals. Financial goals.

Leaders: You are either a part of the solution. Or part of the problem. Invest in your people. Technical and professional. Hard skills and soft. Teach people how to win. Otherwise, your people will move on. And waiting till your top talent leaves you… is on you.

C-Levels: Culture starts at the top. Invest in your leaders. Values and culture matter. Establishes tone. What is and is not acceptable. Mentor the gaps, but hold the line on the winning culture: That you built. Otherwise, your leaders will move on. Waiting till one of your top leaders leaves the organization is on you. Money doesn’t solve the aggravation or feelings of having no support.

Invest in your people. Constantly.

\\ JMM

Technology solutions shouldn’t replace people management responsibility…

Let me give you an example:  In my healthcare days, hospital nurses often have downtime in the overnight shifts.  Nurses often loaded games and streamed videos on their workstation, which was against company policy.  When we approached hospital leaders, they asked for a technology solution:  Block the nurses from loading games and streaming videos.  I argued overnight managers should keep an eye on nurses and keep them busy.  Technology solutions shouldn’t replace people management responsibility.  In the end, technology solution won. And in the long run, this technology hurt that hospital’s culture and relationships with IT as an enabler.

Our SOP for these detection’s should be to report these incidents to their leader and HR.  Let people processes work and govern themselves.

Jonathan Merrill, 2018

Technology solutions shouldn’t replace people management responsibility, but it does. And often. And not much as changed in 10 years, other than information security awareness is now a mandatory thing. Which should have changed the conversation. But it hasn’t.

Culture will trump policy every time.

\\ JMM

How to Let People Go…

My advice on firing is simple: Treat that person the same way you’d want to be treated if you were in that situation. They’re still a good person, just not the right fit. So how do you help them move on in a productive way that allows them to maintain their dignity?
– Mary Barra, CEO, GE

Letting people go is uncomfortable, creates anxiety, and often a dreaded part of people management. It’s not surprising that it’s often done poorly. Here is my advice for leaders who face this difficult task.

  • Don’t do it on Friday at 5pm.
  • Have a plan. Assemble a team.
  • Keep it short.  And respectful.

Unsurprisingly, EntreLeadership has the best advice for this subject:

How to Fire Someone the Right Way (Highly Recommended)

Why You Need to Hurt Someone’s Feelings

Should They Stay or Should They Go?

\\ JMM

Enter Predictive Index For New Hires and Retention…

Ask any military leader the difference between winning and losing on the battlefront is effective battlefield intelligence.  Hiring for culture is no different.  This is why EntreLeadership lessons focus on extending the recruiting process, creative interviews, and not making decisions purely on skill.

For years, I’ve advocated either DiSC or Style of Influence (SOI) in lieu of the Myers-Briggs.  I’ve taken all three in business settings and I would say each has strengths, but all three focus on approaching communication and collaboration.  I found something different.

On September 21, I attended Security Advisor Alliance‘s conference.  Arguably, one of the best conferences for information technology leaders in 2018.  One particular break out session caught my eye:  Using personality analytics not just for culture, but learning capability.

Here is the front page of my report:

Nevertheless, I was and still am throughly impressed by this tool.  Not only did it eerily get me as a possible candidate, it perfectly got my strengths and weaknesses as employee.  Things managers need to know as they give role and responsibilities, including things to look to ensure performance.

Check out these links:

// JMM

Why You Are Being Asked To Be in CAB

Today’s blog is from the mailbag of notables.  The context of this email is when I was “leading by walking around” and overhearing a few employes not wanting to go to CAB.  Not wanting is putting it nicely.  CAB is “Change Approval Board”, which is mostly a call to talk about the changes happening to the production environment.

From: Jonathan Merrill
Sent: From My Desk
Subject: Why You Are Being Asked To Be in CAB
Importance: High

Just overheard “Why do I need to be at CAB. I don’t have changes”. Not the first time this has been said. And it’s not unnoticed those team members who don’t show up. Before you say, “busy”, I know everyone is busy. We are all busy. Nevertheless, here is why I encourage you to be at CAB every time:

1. If you do have a change, you need to explain to CAB what the change is, what it will impact, and allow architects and SMEs to chime in. We’ve had one over-ride since we started CAB, which saved us from an embarrassing situation.

2. You listen in on what’s changing in our environment. Operations teams must have the pulse on what’s going on. If you don’t know, how can you react? Putting things together is a skill, just like listening and comprehending. All three should be applied in CAB.

3. Opportunities to sharpen your saw putting in changes. Once we get some consistent muscle memory on non-standard changes, let’s talk about standard changes. Until then, let’s learn from each other and ensure we understand the why about change management. I’ll need your help to train other teams once they get incorporated into our change system.

If you’re working on a critical ticket, production outage in flight, or anything affecting a client ability to process, then your at least armed with what changed.

If your actively engaged in a production issue, clear it with your manager and let him or another team member represent your change in CAB.

Any other reason… eh, no. Knowledge culture, folks. Root word is “Know”. We need you to know. I need you to know. This is the culture we are building. Please participate. Everyone…

\\ JMM

When A Leader Told Me To Stop Reading Books…

“Jonathan, you need to stop reading books.  They are hurting your career.  Read the email I just sent you.” – Name Withheld (Obviously)

I would bet in any career field, you run across people who say things that are incredibly damaging in multiple ways.  Causes pause for how toxic or caustic people get into leadership positions.  Nevertheless, the most outrageous comment I’ve ever been told is to stop reading books.

If you know my leadership style, then you know I perpetuate the knowledge culture, which is heavily based on DevOps’ CAMS (Culture, Automation, Measuring, and Sharing).  Working with other teams who don’t embrace that philosophy can and does create friction.  Which is where education is applied.  Culture is critical, we all agree.

So, if your wondering what the email said, I’ve kept it in my personal journal.  Sharing it’s entirety to you editing out business bits:

From: Director, Information Technology
Sent: Long Long Time Ago…
To: Jonathan Merrill
Subject: Communication

I wanted to tell you something I learned a long time ago.  What you did yesterday or last week or last year is almost worthless.  I too have won [people] awards.  They mean nothing.  The business world is focused on what have you done for me now.   The growth of teams is far more important than most anything else.

One of the main things that I desire is that I would rather make progress than simply prove that I am right.   As long as the progress is in the best general direction then it will likely make things better.  In time possibly it will convince people (that aren’t under me) that it was a good idea.  Maybe it shows how it wasn’t.  But I don’t try to emulate anyone.

The people you list (Leonici, Maxwell, Wooten) are mostly wrong in any approach they suggest.  Each approach has to be custom tailored for the situation.  I find that most of the books people write all say basically the same thing.  Many of them are worthless and if they are good I take only a few points from each of them that I have found worked.

For example I remember when everyone said emulate Jack Welch and his leadership style.  I started reading about him and it sounded impressive.  Then I started learning that it wasn’t uncommon for the company to lay off people all the time just to improve stock price.  I found that his words lacked practice.  So he said the right things but practiced a form of management that basically resulted in turn over at all levels (forced or not forced).  In time I figured out that in my opinion he was just another useless manager who had some good ideas but his ideas likely only worked one time in one situation and me saying I would use them was highly suspect.

So really I hate to say it (good or bad) but I don’t study anyone.  I keep a list of things I have learned and try to put who taught it to me.  Outside of that I don’t worry about it.  Graduate school taught me that for the most part.  Good management is 50% how you treat people and how they perceive you and 50% of your ability to define what you want.  Combine those and you likely get progress.

Sounds seat of the pants I know but how I work.

Let’s dig into a few of these statements, as parts of his email is peppered with logic, and where it goes off road.

#1.  What you did yesterday or last week or last year is almost worthless

Leaders are always judged positively by their achievements.  Finding the achievement pattern leads to good hires.  Not tracking your achievements nor having a track record of your achievements is a professional miss in self-development.  I argue all people, from help desk to VP, IT should actively track achievements.  Marry them up with your personal and professional goals.  Minimally, present them annually during the evaluation process so the organization understands what your about and the value you bring.

#2.  As for selling on approaches or styles I rarely if ever do that.  Nor will I start.

Managing a team on democracy and goals is good, but if the culture isn’t set to create the operating context of expectations, then that team is no different than a mob.  People want great cultures.  People desire to know the boundaries so they can freely do their job.  I would argue effective leaders have a style and actively sell/mentor approaches to their people.  Ineffective leaders do not try.

#3.  The people you list (Leonici, Maxell, Wooten) are mostly wrong in any approach they suggest.  Each approach has to be custom tailored for the situation.

How can you argue with the results of those leaders who study and embrace good leadership principles versus those that do not?  We take what is learned and apply it to any situation.  Most situations require customization as no one things fits.  I argue studying principles of success does far better to educate versus only depending on your last leadership experience.

#4.  I remember when everyone said emulate Jack Welch and his leadership style… I found that his words lacked practice.

I too have read Jack Welch and found many things that didn’t align with my leadership philosophy or brand.  I don’t advertise leading this way, but learning how he led isn’t less important.  We should not read any book and apply it to our life prima facie.  Books should educate us, challenge our thinking, and give us opportunity to change us, make us better, or just entertain us.  I argue practicality alone shouldn’t be a reason to not read books about leadership.

#5.  I don’t study anyone.  I keep a list of things I have learned and try to put [into practice] who taught it to me.  Outside of that I don’t worry about it.  Graduate school taught me that for the most part.

I would argue that going to college should just be the beginning of your life long learning journey.  Not the end.

#6.  Good management is 50% how you treat people and how they perceive you and 50% of your ability to define what you want.  Combine those and you likely get progress. 

Of everything said here, this statement rings most true.  And worthy of underscoring as working with this leader for over a year, I can say he wasn’t intentionally “toxic”.  He was a grounded guy, with a family, bills, car, and problems just like us all.

However, looking back on what he got accomplished during his time, he achieved very little.  Not many strategic things got done.  He touched no one.  Influenced little.  And was quickly forgotten as he left.  Does anyone enter a leadership gig with the desire to leave no legacy?  I would argue no.

I ran across this comic today and it reminded me of that leader and his email.

Source: Jake Likes Onions

If anyone knows the author of this book, please let me know.

\\ JMM

Who Is To Blame For The Culture of No?

“If there’s a big problem in corporate America, it’s that we say ‘Yes’ too much at times. There’s a whole lot of yes going around. The problem? Only about 1/2 of the “yes” responses are followed up with action that is representative of all of us living up to the commitment we made. That’s why you need to say ‘no’ more.”  – HR Capitalist

You haven’t experienced all the fulfillment of service delivery management until your told something that is so foreign, so alien, that your first reaction is bewilderment. With a dash of astonishment. What the heck did this guy just tell me?

What could anyone say that would create such a reaction? When someone says someone represents the culture of no.  Traditional help desk, engineering, and information security has thrived in a culture of “no”. To be accused of perpetuating the culture of no.  Seriously?  Let’s break it down…

What is the Culture of No?

“Rather than encountering a world that encourages you to dream big, you may find yourself mired in a ‘culture of no’ — one where fear of failure means that great ideas don’t even get a try” – Wafaa El-Sadr, director of the International Center for AIDS Care and Treatment Program

“We have all met that wall. And when those walls exist, people find ways around them. The workarounds make their lives easier. They implement what they think is best. Their efforts are not intentionally destructive but can lead to unintentional vulnerabilities and, potentially, harm.” – Article from DZone

Let’s unpack the why…

First, is to acknowledge no one in management wakes up in the morning and says, “I’m going to tell 10 people no today”. Talk about a crazy goal. No is a often considered an emotionally negative word, so delivering it is avoided.  Sometimes, at all costs.

Second, is often ‘no’ is grounded in policy and standard. Especially if it’s a politically sensitive subject. In my early career, I’ve been directed, a couple of times, to refresh my memory on a policy as the no was delivered.

Third, Leaders are often asked to get creative to say no without saying no. Wordsmithing ‘no’ is a career maker for many leaders, especially in the public relations functions. I’ve been told this falls into the “interpersonal savvy” characteristic, which is a sought after leadership trait.

So mix all that up in a information security or systems engineering context, and you have an explosive mixture pitting IT against business units and developers alike. It’s not surprising there are movements like DevOps to correct the cultures behavior.

Again, all that said, the why of the problem is commitment delivery and lack of clarity that is so succinctly described by the HR Capitalist’s quote above. It’s far easier to just slide into corporate ambiguity versus a clear response.  Yet clear responses are sometimes not appreciated by types of leaders.

So, Who Is To Blame?

Many employees  who are described as being a part of the culture of no are often swimming to stay alive in a toxic company culture. DevOps won’t solve that problem, nor any other service management framework. If CAMS represents DevOps’s core values, start with the first letter: C = Culture.

If your organization is mired in the culture of ‘no’, look hard at your company’s culture and how you are affecting it.  This article isn’t about saying ‘no’.  It’s about having the right culture so ‘no’ is not political, but academic.

\\ JMM