I finally worked all the way through Antifragile: Things That Gain from Disorder by Nassim Taleb.

An amazing book. Amazing obvious ideas.

I’m now thinking about how to apply this in IT. How do we build processes and IT infrastructures that gain from disorder. Systems that don’t fail from stress, but instead get stronger.

I’m thinking that the redundancy we’ve put into our network structures might get stronger over time due to disruptions. Over time, we adapt, put in more capacity, more redundancy, work out triangle WAN links between sites, design in excess capacity, etc. as a direct result of events that hurt the network. The net impact of the negative events is that the whole gets stronger. Does that count as one way antifragility increases in the system? We do seem to have less negative impact from outages because the ‘whole’ is more capable of adapting to outages.

Do our information systems get more antifragile over time as we experience issues, problems, outages, etc. and then adapt and improve and improve the ‘whole’ to lessen the impact of those events? Are we learning from these events and getting stronger as a result? Are our management teams getting more antifragile as we learn, adapt and improve over time?

Think about storage and how it used to be the drive failures resulted in outages in the data center. Such outages are hardly an event at all any more due to much higher MTBF on drives and due to RAID and other technologies that have been honed and improved over the years. Fragility has been reduced in our storage systems.

Lots to think about here.

Audit and Security

I heard of a place where internal audit was told to do a comprehensive security of all aspects of an organization. All aspects.

How is that possible?

The IT organization is likely working at 110% with all their energy and effort to manage, monitor, invest and improve an organizations security so how can a short audit effectively grade how they are doing? Now I suppose that if the auditors were knowledgeable about security aspects and if there were huge gaps in what IT was doing then those would surface in the audit. But how could an audit detect deep matters in the enterprise in a short audit?

Further, how can an IT organization comprehensively know that all is in control? Further, how can a CIO assure a board that everything is under control?

They can’t.

They can only attest that they are doing all they know to do, they are vigilant and they are working to set the tone across the enterprise that all must work together to secure the organization.

They can only assure that they are doing all they know to do.

These are difficult times for CIOs.

High-Skill, High-Focus

Those of you that I talk with know that the cyber attack on Sony of a few months ago made a huge impact on me. I’ve thought about it for days and weeks since and talked to many about it in informal and formal conversations.

It is so easy to sit back and say, “how could Sony have let that happen?” but as this article in the WSJ points out, it could happen to anybody. Sony was the victim of a high-skill, high-focus attack. Very likely, most individuals and organizations would fail against such an attack. There but for the grace of God, go we…

An article in Forbes last December said such a hack could crater a company. I believe that day will come. I wrote about what the future might look like last year here.

Finally, we should all be reminded that we shouldn’t say things in email that we wouldn’t want post on the front of a newspaper.

Getting Better at Getting Better

Wonderful article over in the New Yorker called, Better All The Time. I saw it in the context of getting better at running which someone had referenced in that regard. However, it applies to work, to running, to most things. We need to think about getting better at getting better.

I’ve started running and I’m planning to run a marathon in a few months which is something inconceivable to me just a few years or even months ago. Now I’m running several times a week and recently did a 15 mile run with my running partner which is the longest run I’ve ever done. Now I’m running half marathon lengths just to train for the marathon!

All of this running has started me thinking about how do I become a better runner who can not just complete a marathon, but actually enjoy it and finish it in a strong, heads up fashion? There are lots of web sites and training plans and tools to help one prepare for this, but what is interesting to me is the idea of deciding to get better and then doing the research and taking the steps to get better. When exactly should I drink water, or consume some energy (Gu)?

We need to do the same in our IT shops and in all our organizations.

  1. We need to measure results, times, costs, efforts, etc. in our processes. Not in a needless fashion or dumb fashion, but measure the right things.
  2. Ask the people who are doing the work how to do things better. They are doing the work so ask them what are their obstacles and what is slowing them down. Likely they know how to help get things done better and faster.
  3. Don’t be arrogant and assume the way you are doing is the right way. Keep asking questions. Ask your vendors what ways they’ve seen things done better? Be open to all good ideas.
  4. Keep looking, even when you do find an improvement because there is another one behind it.

I’ve been learning when to hydrate, when to consume Gu, when to drink Powerade and I’ve discovered I’ve been taking these things in the wrong order and not enough. I’ve also learned different training methods than I had not heard of before. I think these things will help me get better and improve my ability to be successful at the marathon.

We need to be thinking this way in our IT shops.

Celebrate Those Who Get Things Done

Read something a few days ago that I can no longer find to reference. It got me thinking that we should celebrate those who get things done, not the ones who cast a vision or who are the appointed leaders. The ones who get things done are the ones we go to when we need help, when we have problems, when there are hard problems to solve. We don’t need a vision in those situations, we just need to get something done.

We need to be better at identifying these people in our organizations and honoring them in whatever fashion is appropriate. And we need to develop a sense of think about them, looking out for them and helping them get things done faster.

Maybe leaders should focus on getting obstacles out of the way of those who are getting things done?

Been gone for a while. Been busy, but aren’t we all? Wrote a bit about it over here.