Essential Tech Due Diligence Skills: Reasons to Avoid the ‘We’ve Got a Guy’ Shortcut

by Leave a Comment

When it comes to technical due diligence, some investors opt for big-name firms, investing significant resources to ensure thorough tech evaluations for their deals. On the other end of the spectrum, some skip tech diligence altogether or rely on “a guy” in their network to handle this crucial task—often a portfolio company CTO or a connection who can manage it “on the side.” While this approach may have sufficed in the past when technology was simpler, today’s rapidly evolving and complex tech landscape demands much more. Effective technical due diligence now requires specialized expertise, diverse skill sets, and a high level of emotional and business intelligence. It’s unrealistic to expect that “a guy” can meet all these critical needs and mitigate the associated risks.

Breadth of skillsets

The level of technical complexity in modern applications is increasing exponentially. The days when a single resource could effectively assess and identify risks across all technical aspects of a business are gone. Think of 50 years ago when a good MD was all you needed as opposed to the myriad of specialists required today. Different technologies and development frameworks require specialized skills that are unrealistic for one person to possess. Similarly, technical due diligence now almost always includes Security diligence, and increasingly, we are seeing it expanded to include Product diligence. With these additional elements, you are certain to outstretch the capabilities of any single person. For a deeper dive into the process, the full scope of what’s involved, and checklists that highlight just how many factors need to be considered, our Benefits, Process, & How-To Checklist blog post lays out the complexity in stark detail.

The importance of emotional intelligence

Another fallacy of the “we’ve got a guy” approach is that because someone is technical and understands code, they can perform this diligence. There is far more to conducting great tech diligence than just the technical part of digging into source code and evaluating architecture. Knowing the right questions to ask and, more importantly, knowing HOW to ask the questions makes a major difference in the quality of the diligence. Building trust with the team from the target company is essential. Tech leaders in target companies are commonly resistant to the process. This is understandable as the diligence process has the potential to put them and the application they have built in a negative light. As such, very guarded answers can be provided, making quality diligence impossible. So, excellent emotional intelligence is required to break through that resistance and get the transparency and cooperation needed to identify risk successfully.

Just pulling in a resource from your network to perform tech diligence increases the odds of ending up with someone who does not possess the critical emotional intelligence to elicit the most transparency from a target team.

The importance of business intelligence

Another critical aspect of effective Technical Due Diligence is the ability to discern which technical issues are relevant to the deal. Furthermore, explaining those technical problems in clear, non-technical business terms is essential. Both of these considerations highlight the importance of having a technical due diligence partner with not only great technical skills but strong business skills as well. This is a rare mix in the technology world. Using “a guy” who is not deeply experienced in tech diligence introduces the unnecessary risk that the diligence may raise issues that are not critical to the deal. Or even worse, it doesn’t raise issues because they are not technically critical but happen to be very important to the deal from a business perspective.

An experienced diligence resource would know the difference and could save a lot of time and risk by highlighting the issues that might otherwise be missed.

Helping after the close

In many cases, meaningful issues identified in technical due diligence must be remediated after closing. The new portfolio company often doesn’t have the expertise or bandwidth to address these issues on its own. An important consideration in selecting a technical diligence partner is to choose one with the breadth of expertise and the capacity to help remediate all problem areas identified post-close. It is rarely the case that “a guy” has either.

Summary

In summary, technical due diligence requires specialized skills beyond just the capabilities of the particular field. Investors intuitively appreciate that distinction for areas they are familiar with, such as sales, finance, and marketing. However, technical expertise is typically more of a blind spot for this group, so the assumption is pervasive that anyone technical can do tech diligence. Performing tech diligence with a resource who does not possess the variety of skills outlined here introduces a real risk that issues material to the deal may not be brought to light until after the close. They may be a “friend of the firm” and may have even been a great CTO for a prior or current portfolio company. However, great technical skills do not equate to great technical diligence skills, and assuming they do can lead to oversights and misjudgments that introduce risk. To ensure a thorough and accurate evaluation, ultimately safeguarding the investment and moving the deal forward with confidence, it is important to engage professionals with a proven track record in technical due diligence.

You very well may “have a guy” that you like, but a team— with skills, expertise, and experience in technical diligence— is the best way to ensure you uncover the risks that could impact the deal.

For more information on TechCXO’s Technical Diligence services, please visit https://www.techcxo.com/technical-due-diligence/

Technical Due Diligence: Benefits, Process, & How-to Checklist

by Leave a Comment

When investors are considering acquiring a company, they often say, “We bet on the founders.” This sentiment becomes a rationale for skipping technical due diligence — an in-depth assessment of the target company’s technology strategy, assets, systems, security, and processes to identify potential risks, weaknesses, and opportunities.

Instead, their approach is rooted in faith in the leadership’s track record, implying that a strong team guarantees a well-built, secure, and scalable product—a seemingly logical approach. While this perspective was perhaps reasonable ten years ago, the dynamic shifts in technology and cyber-security and the technical sophistication of all the stakeholders involved in deals today highlight the need for a more disciplined approach to technical due diligence.

What’s Changed?

The technological landscape is no longer what it was ten years ago; it’s changing at an unprecedented pace, supercharged by near-daily advancements in areas like artificial intelligence. These changes aren’t just technical—they reshape entire industries, altering the stakes for investors and companies alike. This heightened pace of innovation demands a deeper understanding of a company’s technical infrastructure and leadership, not just to assess its current state but to identify opportunities for the company to uniquely position itself in the market through technology.

Moreover, cybersecurity has transformed from a niche concern into a central element of investment decisions. What used to be important only in sectors dealing with payments, healthcare, or sensitive personal information (PHI/PII) is now crucial across all industries. Technically sophisticated investors increasingly prioritize security measures to safeguard their investments, often making cyber insurance a prerequisite – something that is impossible if the company doesn’t at least have the basic security measures in place. This highlights the need for intelligent and comprehensive identification and addressing of all technology risks at the start of any deal.

Uncovering Critical Issues

Another common excuse, particularly in M&A, is the belief that “we will figure it out” after the deal closes. However, without rigorous tech diligence, there’s a risk of overlooking critical issues that could significantly impact the success of the deal and can lead to significant financial losses or even failure to scale as expected post-close. While some may attempt to save costs by skipping this step or relying on internal technical resources, proper tech diligence requires objectivity, expertise, and experience. Through hundreds of projects, we’ve identified core architectural issues and lax security measures that can pose substantial risks and outsize costs to the business, even in companies with strong leadership. We know what issues to look for, where to find them, and how to analyze and clarify them for all stakeholders involved.

The Overlooked Benefit: Technical Roadmap

Tech diligence should be viewed as more than just a checkbox item. This thinking misses out on one of the major benefits of tech diligence—creating a technical roadmap to success post-close. This process facilitates “forced introspection,” allowing the business to get an objective assessment of its technical strengths and weaknesses. This almost certainly wouldn’t happen without the forcing function of an imminent potential transaction.

Often, we uncover hidden and unexpected opportunities for improvement that can enhance scalability and security for investors. Moreover, the specific recommendations from tech diligence provide a framework for holding the technology team accountable and driving meaningful progress. These are invaluable resources for stakeholders and are best identified during the technical due diligence phase.

Keys for Conducting a Successful Technical Due Diligence

Several factors impact the effectiveness of technical due diligence that are commonly left to chance.

Areas to include

While each deal is different, multiple areas within the target company’s product development and technology functions should be considered for inclusion in the project. Not all of these will be appropriate for every deal, depending on the company’s stage, product offerings involved, and any previously completed diligence efforts. However, each should be considered and only excluded when there is a clear reason to do so.

  • Product – Is the Product complete? Is the roadmap well-defined, and does the go-to-market strategy make sense? What does the competitive landscape look like?l
  • Architecture—Is the application built securely? Is it maintainable? Is it scalable? Will a major additional investment be required in the near future to enable it to support the planned sales goals?
  • Deployment—Is the hosting environment (e.g., AWS, Azure, etc.…) both secure and scalable? Are there opportunities to significantly reduce hosting costs?
  • Team – Can the current team support the business in achieving the projected growth? Are there key missing roles, and can the leader lead the team to the next level?
  • Process – Are there solid product development and support processes in place that will facilitate growth and a consistently high level of quality in the application?
  • IT—Is the business’s IT infrastructure adequate for its current state, and where it needs to scale? Are employees able to work effectively, and is business continuity properly considered?
  • Security—Does the business have solid security policies and practices in place? Do they have the proper compliance (e.g., HIPAA, SOC2, HITRUST, etc..…) for their industry?

When to Perform It

Technical Due Diligence is typically performed toward the end of the overall diligence effort. This is understandable, given the many other reasons a deal might not work out and the desire not to spend the money or effort here until there is reasonable certainty that the deal will go through. However, a few things can be done earlier in the overall diligence process to help ensure more effective technical due diligence.

First, set the expectation that access to the source code will be required if a software application (either SaaS or tech-enabled service) is to be assessed. It is common for the leadership of the target company to either have concerns about sharing access to source code or try to avoid it because of concerns about what might be found. When these concerns come out towards the end of diligence when technical due diligence begins, there is seldom the appetite for the acquirer/investor to push for it in fear of derailing or slowing down a deal at this late stage. The result is less thorough tech diligence and an increased chance of serious issues hidden in the code that won’t be discovered. Setting the expectation early that source code access will be required will help to avoid this late-stage reluctance to push for it.

Secondly, the expectation of who will be required to participate should be set. Frequently, when technical due diligence starts, it is discovered that the technical resources needed are unaware of the transaction and cannot be included, resulting in a less-than-optimal assessment. In some cases, this will be unavoidable; however, setting expectations early in the diligence process that technical participation will be needed can give the business a chance to consider including the necessary people.

Finally, a good amount of information needs to be collected before technical due diligence to facilitate the process (see our Technical Due Diligence Checklist). While it doesn’t make sense to have the technical team start on that too early for the reasons mentioned above, beginning the process a week or two ahead of the start of technical due diligence is helpful. This gives the target company time to gather the necessary information, allowing the diligence team to hit the ground running!

Execution of the Process

Multiple steps should be understood and followed with each deal to ensure a proper technical due diligence effort. They are as follows:

  1. Investor Kickoff – The technical due diligence partner must have a solid understanding of the business you are looking to invest in and your goals for the company after closing. The technical requirements and skill sets needed for a business to grow 10x and launch multiple complementary products are very different from those of a company where the product is very mature, and there is no need to do major things with it. The scope of the project is also discussed here so the diligence provider knows what areas to focus on and any special considerations to take into account, such as specific concerns to look into or areas that may not require as much focus as others,
  2. Information Collection – Gathering any information the company has documented related to the roadmap, process, team structure, architecture standards, security policies, etc… is very helpful in getting a full picture of where things stand ahead of direct meetings with the team. Getting this information to the diligence team up front goes a long way towards reducing the time required for the product development team to meet with the diligence team. (See the link above for a comprehensive checklist of questions and material to request.)
  3. Company Kickoff – A kickoff call among the Investors, Tech Due Diligence team, and key Product/Technical leaders in the target company is crucial in getting everyone aligned on the technical due diligence process and their roles and addressing any team questions. As part of this meeting, the tech diligence provider will establish key contact points for the various workstreams, get key follow-up meetings lined up, and provide an overview of the process.
  4. Function-Specific and Individual Meetings Following the Company Kickoff, several “function-specific” meetings (e.g., Product, Architecture, Team, Process, Security, etc.…) are typically scheduled. In some instances, when deeper insights are needed around the team and leadership, multiple individual contributor meetings will likely be held.
  5. Assessment – Equipped with all the information provided and notes captured from the meetings above, the team can now dig in to do their actual assessment. This includes reviewing documents, reviewing notes, digging into the source code, looking through the team’s project management tools, inspecting their cloud hosting environments, etc….
  6. Report Compilation – The technical due diligence team will write up their findings and recommendations in a report using the insights gained above. This must include both the technical detail the team will need to remediate issues found but also a clear and easy-to-understand “snapshot” for the investor outlining where things stand, what issues they need to pay attention to, and whether there is an excessive risk to the deal based on the findings.
  7. Stakeholder Review – The technical due diligence team will walk the investors and other stakeholders through the report, outlining the important things the investor needs to know, why they are important, and what the company needs to do to rectify each issue.
  8. Action Plan Review With The Company – A technical due diligence effort and resulting findings should not just be used as a go/no go decision point for investment. For most deals, many other issues are identified that don’t raise up to the level of interest for what the investor is looking for. Having the provider walk the company through the findings leverages the effort spent on technical due diligence to help update the company’s technical roadmap. This process can highlight valuable recommendations that may not have previously been on their radar.

Selecting the Right Technical Due Diligence Partner

The final step to ensure a successful Technical Due Diligence project is to select the right partner – there are several considerations here:

Using an individual versus a firm specializing in technical due diligence – while it is common to use an individual who is either part of the firm or a friend of the firm (possibly a CTO from another portfolio company), this approach is limiting. Looking across the scope of what should be covered (see above), one person can’t have the requisite expertise across all those areas to be fully effective. Furthermore, effective technical due diligence is just as much an art as a science, requiring emotional and business skills that go beyond the capabilities of many technical professionals. Using resources not experienced in tech diligence will limit the value obtained in the effort.

Capacity and Bandwidth—It is important to work with a provider who can take projects on quickly, complete them quickly, and have expert resources across all the areas mentioned above, including multiple architect resources with expertise across a wide variety of common tech stacks.

Clear and Actionable Report—Spotting technical issues is not the hard part of tech diligence. The best providers stand out by having the discernment to understand which issues are important to the deal and being able to present those clearly and concisely to non-technical stakeholders. Ask to see examples of previous reports.

Ongoing Support—While it is good to be aware of the key technical issues identified in diligence, it is common for the company not to have the expertise or bandwidth to remediate those issues. Work with a partner who can provide expert, ongoing fractional support (CPO, CTO, and/or CISO) and be available to jump in to help clean things up after the close.

Conclusion

In today’s tech-driven landscape, technology due diligence is indispensable in any investment or acquisition scenario. Betting solely on founders or assuming any technical issues can be figured out post-close is no longer viable. With stakeholders’ increasing technical sophistication, informed decision-making pre-close and strategic planning post-close are imperative. Embracing tech diligence is not just about mitigating risks but maximizing the potential for long-term success.

For more information on TechCXO’s technical due diligence services, visit https://www.techcxo.com/technical-due-diligence/ or contact me at greg.smith@techcxo.com.

FAQs

Q: What is technical due diligence?

A: Technical Due Diligence is the evaluation of the technical aspects of a business, typically within the context of an acquisition or an investment. These technical aspects include product viability, application architecture, cloud infrastructure, product and technology teams and processes, IT infrastructure, and security posture. Outside experts in the areas outlined perform an audit to compare the target company’s people, process, and technology against industry best practices, seeking to identify any risks stakeholders need to be aware of before proceeding with a transaction.

Q: What are the benefits of technical due diligence?

A: The benefits of technical due diligence include visibility into a company’s technical risks that can negatively impact scalability and/or require significant unplanned additional investment to remedy. In addition, proper technical due diligence will leave the target company with a technical roadmap outlining the items that must be addressed to ensure scalability and continued customer retention.

Q: How much does due diligence cost?

A: The cost of technical due diligence can vary very widely depending on the scope of the assessment, the size of the target company, and the number and size of the applications the company has developed. As a high-level guideline, below are estimates for the various stages of investment:

Seed: $10k – $15k

Early: $20k – $35k

Growth: $40k – $55k

Mezzanine: $60k – $80k+

Q: How long does technical due diligence take?

A: The duration of a technical due diligence project depends on several factors, including the scope of the assessment, the size of the target company, the responsiveness of the company, and the number and size of the applications the company has developed. As a general guideline, below are the typical durations for the various stages of investment:

Seed: 2-3 weeks

Early: 2-3 weeks

Growth: 3-4 weeks

Mezzanine: 4-6+ weeks

Q: Is technical due diligence required?

A: As the pace of technical advancements increases and business reliance on technology increases, ensuring that a business’s technical capabilities are in good shape is required. It is critical to understand any inherent technology risks and to get a clear picture of any significant unplanned costs that would only come to light when the business tries to scale. Additionally, unlike five years ago, cybersecurity is now a significant consideration in technical due diligence for all types of businesses, not just product development companies. Skipping technical due diligence significantly increases the risk profile of potential investments.

Q: Can I use a technical person I know (perhaps a CTO from one of our portfolio companies) to perform technical due diligence?

A: You can; however, there are several reasons this will limit the value that you receive from the technical due diligence. First of all, the breadth of the technology landscape is expansive (and growing) – to think one person can adequately cover the different aspects of tech diligence and the multitude of tech stacks is unrealistic. Secondly, quality technical due diligence is something that only some technical people can do well since there is just as much art to it as science. Finally, an individual will not likely have a structured report that contains not just the technical details but also the discernment from an investment perspective of what the investor needs to pay attention to. For a more in-depth discussion on this topic, see the article ‘Why ‘We’ve Got a Guy’ Falls Short in Today’s Complex Technical Due Diligence.’

Q: Why can’t we just “bet on the leadership team”?

A: Some firms don’t perform technical due diligence as they are betting on the leadership team. The logic is that if the leadership team is strong and there is a product with happy customers, then any technical issues that come to light later can be figured out. The problem with this logic is that it is very common for companies to have an application in the field that is working well from a customer’s perspective but will not scale, requiring significant additional investment down the road. Similarly, there could be a tech leader in place who presents well, but when you dig in, is really not the right person to take the team to the next level. Having an objective and expert assessment removes the gaps that are left when you just “bet on the leadership team.”

TechCXO Returns to Inc 5000 List

by Leave a Comment

TechCXO, the pioneer of on-demand executive leadership services, returns to the Inc. 5000 list of Fastest Growing Private Companies. The company has been on the list for 15 of the last 16 years.

ATLANTA, AUGUST 28, 2024In an outstanding affirmation of its enduring excellence and growth, TechCXO, the pioneer in providing on-demand executive leadership, proudly announced its return to the Inc. 5000 list of America’s fastest-growing private companies for 2024. TechCXO’s consistent presence on the Inc. 5000 list for 15 out of the last 16 years is a testament to its unwavering commitment to empowering clients and fueling their growth. The firm appears on other Inc. lists: #199 in Georgia, #500 in Business Products & Services, and #187 in Atlanta.

TechCXO was founded in 2003 on the premise that companies can benefit from having the best executive talent available to serve as their CFOs, CTOs, CSOs, CMOs, CROs, COOs, CHROs and other executives on a fractional, part-time, or project basis. Companies might not otherwise be able to access the talent and experience level of a TechCXO partner and teams due to cost or availability.

Kent Elmer, Managing Partner of TechCXO, expressed his enthusiasm for the company’s latest accomplishment, “Being recognized once again on the Inc. 5000 list is a testament to the hard work and dedication of our team to excellent client service. Over the past 20 years, we’ve been committed to changing the game in fractional executive leadership, and our repeated inclusion in the Inc. 5000 underscores our success in this arena.”

Read Full Press Release

TechCXO Reports Full-Year Revenue Growth for 2023; 20th Straight Year of Top-Line Growth

by Leave a Comment

ATLANTA, MARCH 12, 2024 – TechCXO, a pioneer in providing industry-relevant, on-demand executives delivering fractional and interim professional services, reported an increase in annual service fees in 2023 over 2022 to $56 million. TechCXO has increased revenue every year since its inception in 2003.

“TechCXO is in the strongest position in our history. We now have more than 120 partners – the most ever. Our partners love our collegial environment and how our model enables them to impact their clients directly and positively,” said J. Kent Elmer, TechCXO’s Managing Partner.

“Today, we’re seeing staffing and search companies, consultants, and business coaches claim to provide fractional executive services. That’s a testament to the success of our model,” Elmer added. “However, we know after two decades in business that the depth of partners’ expertise – every one of whom has been in multiple c-suite roles – and the team of professionals supporting them is a big differentiator.”

TechCXO was founded in 2003 on the premise that companies can benefit from having the best executive talent available and serving as their CFOs, CTOs, CSOs, CMOs, CROs, COOs, CHROs and other executives on a part-time or project basis. Companies might not otherwise be able to access the talent and experience level of a TechCXO partner and teams due to cost or availability.

Read Full Press Release

TechCXO has assisted thousands of start-up and growth-stage clients in its history. In addition to executive support, companies can also outsource their entire Finance, Sales & Marketing, IT, HR, and Operations functions to TechCXO for 50-75% less than it costs to staff full-time, loaded salaries. All TechCXO partners and staff are U.S. and U.K.-based.

About TechCXO

TechCXO is a pioneer in providing high potential companies across the country with industry-relevant interim and part-time executives on-demand. More than 5,000 companies, from startups to the Global 1000, have entrusted TechCXO to help with their critical functions by calling on TechCXO executives and teams as their CFOs, COOs, CSO, CTOs, CMOs, CHROs and other executive roles. TechCXO has appeared on the Inc. 500/5000 Fastest Growing Private list every year since 2008. For more information about the firm, please visit https://www.techcxo.com.

Wake Up Warrior

by Leave a Comment

[fusion_builder_container type=”flex” hundred_percent=”yes” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ padding_left=”0px” padding_right=”0px”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_imageframe hover_type=”none” align_medium=”none” align_small=”none” align=”center” lightbox=”no” linktarget=”_self” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ image_id=”12322|full”]https://www.techcxo.com/wp-content/uploads/2023/03/Wake-up-warrior.png[/fusion_imageframe][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ type=”flex”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” hover_type=”none” border_style=”solid” border_position=”all” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” animation_direction=”left” animation_speed=”0.3″ filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ last=”true” border_sizes_top=”0″ border_sizes_bottom=”0″ border_sizes_left=”0″ border_sizes_right=”0″ first=”true” min_height=”” link=””][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

Wake Up Warrior

[/fusion_text][fusion_separator style_type=”single solid” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sep_color=”var(–awb-color5)” bottom_margin=”4%” border_size=”5″ width=”90px” alignment=”center” /][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

THE CHALLENGE

-Establishing a sound software foundation and growing into a strong software platform

-The coaching platform was unable to pivot into an enterprise-shaped program.

-There was a disconnect between the developers and the business, with loosely defined processes.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” padding_top=”5%” padding_bottom=”5%” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_color=”var(–awb-color4)” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ type=”flex”][fusion_builder_row][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” hover_type=”none” border_color=”#4f4f4f” border_style=”solid” border_position=”right” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ padding_right=”0%” padding_left=”0%” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” animation_direction=”left” animation_speed=”0.3″ filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ last=”false” border_sizes_right=”0″ first=”true” min_height=”” link=””][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

THE SITUATION

The primary reason we engaged with TechCXO was a shift in mindset that not all development and talent needed to be in-house, which allowed Wake Up Warrior to leverage fractional CTO executives. Wake Up Warrior was then able to leverage senior talent to create a strong go-forward plan, assist in hiring a team and build an architecture review board. We were dabbling in software but focused on coaching. Engaging with TechCXO allowed us to grow into the right structure in a part-time capacity while having the full bench of TechCXO knowledge at our fingertips when situations arose. We are now well on our way to being a full enterprise offering as a software platform.

[/fusion_text][/fusion_builder_column][fusion_builder_column type=”1_2″ type=”1_2″ layout=”1_2″ center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” hover_type=”none” border_color=”var(–awb-color4)” border_style=”solid” border_position=”left” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ padding_right=”7%” padding_left=”7%” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” animation_direction=”left” animation_speed=”0.3″ filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ last=”true” border_sizes_left=”1″ first=”false” min_height=”” link=””][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

TECHCXO INTERVENTION

-Established the groundwork to drive forward a primary operation around software as a true platform.

-Established a plan to cover the gaps in our processes and lay out a long-term roadmap to becoming a software company.

-Built out an architecture review board and process to ensure accountability.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” padding_top=”5%” padding_bottom=”5%” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ type=”flex”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” hover_type=”none” border_style=”solid” border_position=”all” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” animation_direction=”left” animation_speed=”0.3″ filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ last=”true” border_sizes_top=”0″ border_sizes_bottom=”0″ border_sizes_left=”0″ border_sizes_right=”0″ first=”true” min_height=”” link=””][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

THE OUTCOME

There was a shift in the user base feedback lowering tickets, inspiring more ideas, and requesting consolidation of applications to one enterprise platform. Wake Up Warrior now has a stronger relationship between the IT teams and the business side. Product deployments are consistent and reliable, and we have a defined roadmap for a very bright future.

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” hundred_percent_height_center_content=”yes” equal_height_columns=”no” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” padding_top=”5%” padding_bottom=”5%” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_color=”var(–awb-custom_color_1)” background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ type=”flex”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ center_content=”no” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” hover_type=”none” border_style=”solid” border_position=”all” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” animation_direction=”left” animation_speed=”0.3″ filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ last=”true” border_sizes_top=”0″ border_sizes_bottom=”0″ border_sizes_left=”0″ border_sizes_right=”0″ first=”true” min_height=”” link=””][fusion_text rule_style=”default” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” animation_direction=”left” animation_speed=”0.3″]

“Warrior Con 4 software went well. We deployed the stack and chat app and had everyone integrated with 800 participating. All deployments went perfect, you have done amazing work! I appreciate the work that you put in to get the app to deploy on time. We have a lot of big stuff to do in 2023. I honor you and appreciate you deeply for all the work you’re doing.”

-Garrett J. White; CEO, Wake Up Warrior

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container][fusion_builder_container type=”flex” hundred_percent=”no” hundred_percent_height=”no” hundred_percent_height_scroll=”no” align_content=”stretch” flex_align_items=”flex-start” flex_justify_content=”flex-start” hundred_percent_height_center_content=”yes” equal_height_columns=”no” container_tag=”div” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” status=”published” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ background_position=”center center” background_repeat=”no-repeat” fade=”no” background_parallax=”none” enable_mobile=”no” parallax_speed=”0.3″ background_blend_mode=”none” video_aspect_ratio=”16:9″ video_loop=”yes” video_mute=”yes” pattern_bg=”none” pattern_bg_style=”default” pattern_bg_opacity=”100″ pattern_bg_blend_mode=”normal” mask_bg=”none” mask_bg_style=”default” mask_bg_opacity=”100″ mask_bg_transform=”left” mask_bg_blend_mode=”normal” absolute=”off” absolute_devices=”small,medium,large” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” sticky_transition_offset=”0″ scroll_offset=”0″ animation_direction=”left” animation_speed=”0.3″ filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ padding_top=”46px”][fusion_builder_row][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” column_tag=”div” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ margin_bottom=”0px” hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ z_index_subgroup=”regular” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ lazy_load=”avada” background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ transform_type=”regular” transform_scale_x=”1″ transform_scale_y=”1″ transform_translate_x=”0″ transform_translate_y=”0″ transform_rotate=”0″ transform_skew_x=”0″ transform_skew_y=”0″ transform_scale_x_hover=”1″ transform_scale_y_hover=”1″ transform_translate_x_hover=”0″ transform_translate_y_hover=”0″ transform_rotate_hover=”0″ transform_skew_x_hover=”0″ transform_skew_y_hover=”0″ animation_direction=”left” animation_speed=”0.3″ spacing_right_small=”5%” spacing_left_small=”3%” last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_title title_type=”text” rotation_effect=”bounceIn” display_time=”1200″ highlight_effect=”circle” loop_animation=”off” highlight_width=”9″ highlight_top_margin=”0″ title_link=”off” link_target=”_self” content_align=”left” size=”3″ text_shadow=”no” text_shadow_blur=”0″ gradient_font=”no” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ style_type=”none” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky”]

For more information, contact TechCXO Partner Bryan Dennstedt.

[/fusion_title][/fusion_builder_column][fusion_builder_column type=”1_1″ type=”1_1″ layout=”1_1″ align_self=”auto” content_layout=”column” align_content=”flex-start” valign_content=”flex-start” content_wrap=”wrap” center_content=”no” column_tag=”div” target=”_self” hide_on_mobile=”small-visibility,medium-visibility,large-visibility” sticky_display=”normal,sticky” order_medium=”0″ order_small=”0″ padding_top=”0px” padding_bottom=”0px” hover_type=”none” border_style=”solid” box_shadow=”no” box_shadow_blur=”0″ box_shadow_spread=”0″ z_index_subgroup=”regular” background_type=”single” gradient_start_position=”0″ gradient_end_position=”100″ gradient_type=”linear” radial_direction=”center center” linear_angle=”180″ lazy_load=”avada” background_position=”left top” background_repeat=”no-repeat” background_blend_mode=”none” sticky=”off” sticky_devices=”small-visibility,medium-visibility,large-visibility” filter_type=”regular” filter_hue=”0″ filter_saturation=”100″ filter_brightness=”100″ filter_contrast=”100″ filter_invert=”0″ filter_sepia=”0″ filter_opacity=”100″ filter_blur=”0″ filter_hue_hover=”0″ filter_saturation_hover=”100″ filter_brightness_hover=”100″ filter_contrast_hover=”100″ filter_invert_hover=”0″ filter_sepia_hover=”0″ filter_opacity_hover=”100″ filter_blur_hover=”0″ transform_type=”regular” transform_scale_x=”1″ transform_scale_y=”1″ transform_translate_x=”0″ transform_translate_y=”0″ transform_rotate=”0″ transform_skew_x=”0″ transform_skew_y=”0″ transform_scale_x_hover=”1″ transform_scale_y_hover=”1″ transform_translate_x_hover=”0″ transform_translate_y_hover=”0″ transform_rotate_hover=”0″ transform_skew_x_hover=”0″ transform_skew_y_hover=”0″ animation_direction=”left” animation_speed=”0.3″ last=”true” border_position=”all” first=”true” min_height=”” link=””][fusion_person name=”Bryan Dennstedt” title=”Partner – Product & Technology” linktarget=”_self” hover_type=”none” show_custom=”no” animation_direction=”left” animation_speed=”0.3″ hide_on_mobile=”small-visibility,medium-visibility,large-visibility” picture=”https://www.techcxo.com/wp-content/uploads/2022/01/Bryan-Dennstedt-TechCXO-Headshot-200×200.png” picture_id=”12285|fusion-200″ pic_bordersize=”7″ pic_style=”none” pic_bordercolor=”var(–awb-color1)” pic_borderradius=”20″ content_alignment=”center”]INTERIM CTO / FRACTIONAL CIO[/fusion_person][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]

CISO-As-a-Service

by Leave a Comment

CISO as a Service

A Fractional CISO as a Service, sometimes called vCISO (virtual Chief Information Security Officer), is an alternative security program leadership strategy that leverages a flexible resourcing model to achieve your program goals. TechCXO has been providing this independent and well-planned Fractional CISO service for years, we are experts in this area.

Most organizations find it challenging to justify the investment of a Fractional CISO but their business requires a high level of security to maintain operations. Use a fractional, Fractional CISO-As-A-Service model that is affordable and integrated into your operations.

Five Areas to Benefit from CISO-as-a-Service

Information Security in modern business has been elevated to the C-suite due to a number of high profile breaches in corporate America and the government. TechCXO has created a CISO-As-a-Service solution for companies of all sizes to meet needs and provide benefits in the following five areas:

Regulatory

Payment Card Industry (PCI), HIPAA, GLBA (banking), CFPB (finance and insurance), SEC and FINRA (Financial services / registered investment advisors).

Supply Chain Framework & Compliance

Contractual requests: to our clients coming from their clients and business partners; NIST (National Institute Standards and Technology) 800-XX series.

Information Security Audits

Internal and External.

New Market and New Business Opportunities

Driven by clients and consumers. As a marketing differentiator for those firms selling an information security posture as competitive advantage.

Risk Management

Driven by CEOs, CFOs, Executive Teams, Investors and/or Board of Directors.

TechCXO’s CISO Team

Your business is unique. We’ll work with you to accommodate your specific needs, from short-term projects to ongoing support, either remotely or in-person.

After completing the form, a TechCXO advisor will reach out to learn more about your project or team needs and match you to the perfect product and technology talent.

CISO-as-a-Service Guide

Most organizations find it difficult to justify the investment in a Chief Information Security Officer (CISO), but their business requires a high level of security to maintain operations. TechCXO provides a fractional, CISO-As-A-Service model that is affordable and integrated into your operations. Includes 5 Key Security Areas CISO-As-A-Service covers.

Top Tech Consultants 2022

by

todd-merrillTechCXO’s Todd Merrill has been recognized as one of the Top 25 Tech Leaders in Consulting for 2022. Todd is an experienced software executive who typically assists his clients as a fractional or interim CTO and CiSO.

He has served in a series of companies as a C-Level executive focused on leveraging the Cloud to bring SaaS offerings to market.  As an entrepreneur, turn-around expert, technology and product leader and mentor, Todd has held full corporate P&L and product development responsibilities and directed diverse international teams of Engineering Managers, Mobile Architects, Developers, Dev Ops, QA, and Customer Success professionals.

He was honored alongside other tech leaders from organizations like McKinsey, PwC, and Wipro. According to The Consulting Report, which compiled the list, the “… executives selected for this year’s awards represent some of the most experienced, trusted, and knowledgeable leaders when it comes to technology design, strategy, and implementation. We evaluated each nominee based on a series of factors, carefully weighing their demonstrated expertise, professional milestones, tenure in the industry, and capabilities in technological innovation.”

Todd serves as the Interim Chief Technology Officer at the autonomous drafting solutions company AirWorks. Todd also served as an Innovation Mentor at Chick-fil-A’s Georgia Tech Rev Center. There, he led teams delivering machine learning, computer vision, NLP, and modern web apps based on AWS and GCP. Previously, as CTO at HireIQ, he established Agile software development and moved from a Co-Lo private cloud to AWS for a global, high-availability SaaS offering. He also founded and was CEO of Global Crypto Systems, where he was an early adopter of AWS and secured patents on steganographic distribution of PKI credentials. Merrill holds fundamental patents on the first cable modem and has had software deployed on a satellite launched from the Space Shuttle. Earlier in his career, Merrill held critical engineering and security architecture positions with organizations including Air Defense, Scientific Atlanta, BellSouth, and Ciena. He received his Bachelor of Science in Computer Engineering as well as both of his Master of Engineering Degrees from the University of Florida.

Recently, TechCXO’s Kevin Carlson was similarly honored as a Top 50 Information Security Professional.

Top 50 Information Security Professional

by Leave a Comment

TechCXO’s Kevin Carlson has been recognized as one of the Top 50 Information Security professionals in the world. Kevin is a TechCXO partner and supports clients as a fractional CISO and CTO.

He was honored alongside other CiSO and Global Security Officers from organizations like City of Tucson, Equifax, Harley-Davidson, The Hershey Company, Kraft Heinz, Oracle and the US Secret Service. The 2021 OnCon Icon Awards recognize the top information security professionals and information security vendors in the entire world. Finalists were voted on by peers to determine the winners.[/fusion_text]

How to Get the Best Offshore Results

by

In his 2005 Book, The World Is Flat, Thomas Friedman sums it up pretty well. “There is just a job, and in more cases than ever before it will go to the best, smartest, most productive, or cheapest worker—wherever he or she resides.”

My first experience with offshore teams was well before that. Albeit not the best experience, it got better as we figured out how to work together. As distant economies bring the best and brightest online, the world is flatter. To succeed you need to make it a smaller world, too.

[This article was adapted from Kevin Carlson‘s original blog post.]

To best manage these challenges, follow three basic principles to deliver top results.

1. Lead With a “Single Team” View

Nothing kills productivity faster than “us and them”. Unfortunately, a lot of companies experience this. . And it exists in companies with only local resources! With offshore teams, that chasm occurs even easier.

When everyone is working together toward a common goal, you have a team. A team functions best when there is unity and everyone is accountable to the same standards.

In my work, I see this most often between business stakeholders and technology teams. It’s a lot worse when there is another “us and them” on the technology team. Fragmented teams always struggle. Teams with many fragments rarely produce what they set out to build. In the rare case such a team delivers something of value, its perceived value varies to a high degree.

To build a cohesive team across many time zones, always treat every team member as if they are in the same room. One’s physical location should not influence importance, impact, or influence.

A technique that I use to keep this in perspective? Imagine that team members on the phone are working from home that day. Sounds simple, yes, but it works.

As a leader, you set the tone. You set the example. Others will follow and those that don’t, regardless of location, may not be best for the team. Sometimes, you’ll have to make tough choices. When you do, make them early and move on.

2. Define a Single Process for team interaction

Technical projects can be difficult enough when coordinating tasks and information. Business stakeholders, product owners, user experience, developers, QA, DevOps. Everyone needs to know where things stand and what’s coming next.

Whatever method you use to manage the process, make sure it’s easy to use. The more areas in which it’s easy to go around the process, the worse things will get.

I’m a big fan of using tools to create a workflow that — at a glance — shows an accurate picture of things. But be careful, as many out-of-the-box workflows are useless. They are simplistic and a general free-for-all with no permissions or data requirements. In other words, they fool you into believing you have something useful when you don’t.

Don’t Be Shy About Workflow Stages

Take the time to define the process with as many stages as it takes. Permission transitions to specific project roles. Require data when moving items from one stage to the other. And above all, let everyone see where everything is!

On larger teams, create specialized role-based dashboards, too. For example, create a view for the QA team to see what’s in development, what’s ready for QA, what’s in QA, and so on. The combination of these dashboards allows for team-wide accountability and role specific focus.

If you find a workflow isn’t effective in a particular area, change it. Every situation is different and requires monitoring to be effective. I promise, you won’t get it right the first time. I never have.

Keep it Transparent

Avoid the temptation to deny access to dashboards. It sends a message that some information is only for some. It erodes trust, visibility, and feeds the “us and them” mentality.

Of course, there are areas where information is very sensitive and requires care. Security and compliance related issues are examples that may dictate limited access.

3. It’s All About Communication

Communication is the glue that holds a team together. Doubt it? Spend time in a company where leadership sequesters themselves. These organizations become weaker and more brittle by the day.

To make sure the glue is strong, communication must be consistent and frequent. And most important, don’t forget that great communication begins with great listening skills.

You’ll have team members that don’t understand an approach or a goal. They may flat out disagree. Any they may be right. Listen and you will be a more effective communicator because you understand the team.

Don’t Slack on Frequency

Leaders will sometimes slack off on communication frequency. It’s an easy mistake to make. Always remember that a lull in communication provides fertile ground for doubt.

If you’re in a leadership role, turn this around to understand it. Image a dedicated team member that stops contributing ideas. They’re less vocal during stand-ups. It would be natural to think something might be wrong.

That’s exactly how the team feels when leaders stop communicating.

Maximize time overlap

When working with teams across many time zones, it’s important to provide overlap. Even with a 12 hour divide, adjust working schedules to make sure there is ample discussion time.

Teams that don’t get a chance to talk are rarely the most efficient. People will act on assumption instead of understanding. In my experience, this increases churn and rework.

Use video conferencing

There’s nothing like being face-to-face, even if it’s on a screen from thousands of miles away. Body language is necessary to pick up on nuances. Phone calls hide body language. Email hides voice inflection. The less cues one team member is able to give another, the less able they are communicate well.

There are a lot of free services that enable this. If you have a larger team, paid services can provide the best experience. And, if you think you can’t afford it, wait until you see what miscommunication costs.

I recently worked with a company that had screens and cameras in team rooms. Quite often, a remote team member would connect and be “on screen” most of the day. It was like they were actually there.

A Flat, Small World

Things have changed since I entered the technology world. Global competition has made us sharper and global collaboration makes us all better. It is indeed, a flat world.

Using proven practices around team identity, process, and communication increase effectiveness. They serve to make our world smaller, which serves us all better in the end.

Are you leveraging fractional C-level leadership? Maybe you should

by

Does Fractional Leadership work?

Fractional leadership is the practice of leveraging external experienced C-level executives to fill leadership gaps in your business in a part time capacity. The fractional executive works on a contract basis and usually with more than one company at a time. The concept is gaining popularity as an effective way to grow and scale your business without the commitment and risk associated with bringing on a full time C-level person. The nagging question for many CEOs, however, is how can this seemingly counterintuitive approach really work? “I need leaders who are 100% committed to my business and wake up everyday thinking about how to make us succeed – right?” This article will outline how this fast-growing approach can and does work – and not just as a “plan B” to fill a short-term need until I find a full-time leader, but as a strategic approach to scaling your business, preserving your equity, and driving superior performance.

So, let’s take a look at what makes the model work.

Ruthless Focus

Think about how much of your time is actually spent on things that only you can do? Similarly, think about how that applies to your leadership team – how much of their time is actually spent on tasks or strategic activities that only they are capable of doing? In my experience as a full-time C-level leader, I can’t count how many times I would think back at the end of the day and wonder what I actually accomplished that really moved the company goals forward. All the meetings I would get pulled into, all the customer issues that I “had” to deal with, all the little interruptions for for “urgent but not important” things – when you add it all up, there really isn’t much time left for the real “C-level” stuff you need to be focused on. Paradoxically, this is the key to how the fractional model works. As a fractional leader, there is simply no time for little stuff. If you are working with a company for just a couple of hours per day, you are forced to ruthlessly prioritize only the very most important items on your list. If your day-to-day task list doesn’t align precisely with the most important strategic initiatives for the company, you will fail – there is simply no time for anything else. Similarly, in order to accomplish 8 hours of tasks in a fraction of that time, you are forced to relentlessly delegate and leverage the typically under-utilized talents of the team under your direction (which isn’t that what we are supposed to be doing as leaders anyway?).

So…. when you actually compare progress on the “big rocks”, on the things that really matter, between the fractional and full-time leader, the fractional model doesn’t seem so improbable.  Not coincidentally, these principles of focus and delegation are the same principles behind the concept of the “4-hour work week” and how great leaders can still be very successful in far less time than what is traditionally expected.

Expertise

Hand in hand with that deep experience, and more specifically, the experience working with a large number of similar stage companies, comes the ability to get up to speed very quickly. The time to become effective for a fractional leader is dramatically shorter which means that less of your money is going towards ramp up and that results can be achieved much faster.

Objectivity and Ego

The fractional leader comes into an engagement with one goal in mind – success. The consulting world is unforgiving and any engagement that is anything less than success will have a negative impact on future business. The fractional leader is not looking for titles, promotions, or stature within your company. They are objective and unencumbered by the typical dynamics that surround traditional leadership teams. The result is an ability to do what needs to be done and to say what needs to be said. All too often, the problems holding back a team are rooted in personalities and behaviors of the people involved – there is great benefit in having a leader in the mix who can identify and address the real problem – even if that problem is you.

So, When Does a Fractional Leader Make Sense

As effective as a fractional leader can be, it is not always the right solution and to be honest, is not typically the right long-term solution. The scenarios where this approach is especially effective include:

  • Too early for full-time – your company is starting to get traction and you need the expertise of a C-level leader but you don’t have the money or the need for a full-time person.
  • Coaching / Mentoring – your current full-time leader is not delivering. They need the help of an experienced leader to come alongside and help get them to where they need to be.
  • Unexpected departure – someone just left (or was terminated) and you need someone on the ground tomorrow to keep the team together and moving forward.
  • Assessment – You are not sure what you need. The gut feel is that the leader in place is not working but you need someone with the relevant experience and skills to come in and give you an objective assessment.
  • Critical inflection point – whether the company is experiencing significant growth or looking to raise money (or any number of other critical transition points), you know that it is going to take some different skills to help get you to that “next level”.

The value proposition of a fractional leader in scenarios such as these is unparalleled. The take-away here is that you don’t have to solve these challenges on your own and there is another option besides finding and hiring the perfect full-time leader. Know that there is a network of very experienced fractional “operating partners” who can come alongside for a period of time to help expertly solve the challenges in any aspect of your business. Help you get things going in the right direction and get the right team and processes in place to sustain that. And then help you find the right full-time leader to carry it forward.

greg-smithGreg Smith is TechCXO’s Managing Partner for the Product & Technology Practice. See his full bio here. Or, learn more about interim CTOs and CiSO-as-a-Service.

CEO vs CTO: Fixing a Broken Marriage

by

CEO vs CTO – Fixing a Broken Marriage

Many times IT dysfunction in a company comes down to the inability of the CEO and the CTO (or CIO) to effectively communicate.  When you talk to the CEO, the problem is that, “The CTO just doesn’t get it.  Every time we ask for something the answer is ‘no’ or that we need more resources to do that.  There just doesn’t seem to be a sense of urgency, or even an understanding around what are obviously the most important goals of the business!  I think we need to go in a different direction.”

And from the CTO’s perspective, the typical assessment is that, “The CEO just doesn’t get it.  She has no idea how much is on our plate and what actually goes into building the platform – and if she would just stop changing direction every week, we might actually get something done!”

The reality is that there is truth in both perspectives and until both parties accept that, you will never get the productivity that you want and need from your technology team.  So… for the CEO, once you admit that the CTO might not be clueless, here are some practical things you can do to repair this relationship and, in turn, maximize the output of your delivery organization.

  1. Accept the Difference – The CTO most likely doesn’t think the way that you do, hang in the same circles you do, dress like you, talk like you, etc, etc, etc…..  It is not surprising that you might have some challenges communicating effectively!  If you can accept that and not try to force a round peg into a square hole, that alone will go a long way towards improving the relationship.  But to take it one step further, spend some time together outside the direct context of business.  Get to know the person.  Have lunch together, go out for a beer after work, maybe you both like to play golf, do something!  It might not help but then again, it might make all the difference.
  2. Get Alignment – make sure that business goals and objectives for the coming month/quarter/year are well understood by the entire technology team and that the plans for that team are in alignment with them.  Even better, include the CTO in coming up with the strategy and goals for the business – you will secure much better buy-in and you will likely get some great insights to help shape that plan.
  3. Trust – Unless you want to learn all things technical, you must be able to trust your tech leader.  If you think that team is not working hard enough or not getting enough done or you think estimates are too high and you try to micro-manage your way to justifying that belief, it will backfire – guaranteed.  If you don’t trust the CTO, get someone in who can validate or assuage your concerns.  If the concerns are valid, replace the CTO ASAP and move on.
  4. Stay the Course – Yes, you must be “nimble” and the company may need to pivot from time to time and you must also be responsive to your customers, however, none of this is an excuse for being all over the place.  Developing software (and other complex IT systems) is a lot like building a house – there is way more that goes into it than just the parts you see and when you change direction (let’s move this room over there), that will likely result in expensive “foundational” changes.  Continual changes like this result in greatly diminished productivity, morale problems, a shaky platform that will not scale, and, ironically, to you thinking that the CTO cannot deliver. 

 At TechCXO, our fractional CTOs/CIOs have significant experience helping to bridge this gap and make the CEO/CTO relationship functional.  From advising the CEO to mentoring the CTO to even taking an active leadership role over the Technology team when things are beyond repair, we can help you get to where you need to be from a product development and technology standpoint.

Greg Smith is TechCXO’s Managing Partner – Product & Technology.  See his full bio and contact information here.

Acquisition Integration: Systems and Technology

by Leave a Comment

Part Three: Systems and Technology

Companies seek to accelerate revenue growth or enter new markets through mergers and acquisitions. They spend a lot of energy and resources identifying the right targets based on synergy and combined financial models.

But oftentimes, the real value of the acquisition is not realized. M&A typically fails during integration. All that effort and capital spent on acquiring the target is wasted.

There are multiple factors from a technology perspective that can cause problems for acquisitions. In this segment, we will look deeper into those challenges and talk about how best to approach this important aspect of acquisition integration.

What are the things to be integrated?

To kick off the conversation, it is helpful to identify the various systems and tools that need to be integrated as part of an acquisition. It is easy to minimize this aspect of integration because the people who put these deals together (and who are likely reading this article) don’t live in this world. However, there is a lot to consider here and if not managed and executed properly, the anticipated timeline and synergies of the acquisition can be missed.

The items below represent the core systems and tools relevant to any acquisition scenario:

  • ERP / Accounting / Expense reporting
  • CRM
  • Phone Systems
  • Internet & Networking
  • Email / Spam Filtering
  • Single Sign-on (SSO)
  • Network Drives / File Sharing
  • Backup Systems
  • Chat / IM Tools
  • Web & Video Conferencing
  • Mobility (cell phones and hot spots)
  • Internal Servers / Hosting
  • Website
  • DevOps Tools (remote desktop support and system monitoring)
  • HR Systems (time tracking, performance management, PTO)
  • Marketing Automation Systems
  • Project Management Tools
  • Helpdesk Tools

If the companies involved deliver a technology product, the integration effort must also take into account those products, the teams that develop them, and all the tools and processes that are part of that development effort. And while the items listed above represent a formidable integration challenge, bringing together multiple products and product development teams is an even greater integration challenge.

Integrating Core Systems

There is no set “right” way to do this, however, I do think that there are some guiding principles that can help you focus first on the things most critical to the overall success of the acquisition.

  1. Shared Identity – once the deal is done, focus first on the tasks that will allow the combined organization to appear as one – both internally and externally. Internally, make it easy for the new teams to communicate with each other and access shared resources. This ties back to chat/IM tools, SSO, access to shared drives, and a unified phone system – things that makes it easy for everyone to communicate and feel like they are on the same team. Externally, the new entity should appear integrated absolutely as soon as possible. Shared email and phone systems are a couple of quick wins in this category, but the website is the big thing here. Depending on the nature of the businesses being merged, this could represent a large redevelopment effort, however, a staged approach is a good way to tackle this. Start off with a quick project to either brand the acquired site or to redirect the acquired site to the main site. You can then follow along with the full project to redevelop the main site to reflect the new, combined entity.
  2. Organizational Efficiency – this category of tasks represents most of the work but also is where a tremendous amount of the anticipated synergies will be realized. It includes systems such as ERP, CRM, HR systems, etc.., each of which is a significant project unto itself. To determined the best approach, it is important to start with an in-depth and independent assessment of the current systems in place in each entity to determine requirements, capabilities, and effort to convert. And don’t always assume that the acquiring company’s systems should be the ones that win out. Either way there is a significant conversion effort at hand, so maybe there is an opportunity to replace an internal system that you have been struggling with – either with the corresponding system already in place with the acquired company or maybe even one that is new to both.
  3. Technical Efficiency – many tech teams will jump to the items in their world as the place to start after the acquisition. While there is certainly inefficiency in different hosting facilities, different helpdesk tools, and different remote desktop support tools, that inefficiency is mostly limited to the IT team and does not impact the rest of the organization. This is why this category of tasks should be last. To do this work last may require carrying additional IT personnel longer than planned, but it is worth it in order to get the combined business operating efficiently as the new entity as quickly as possible.

Integrating Products and Product Development Teams

If the acquisition is bringing together companies with either competing or complementary technology products, there were synergies anticipated in bringing the deal together. To realize those synergies will require many difficult decisions and development efforts to make the products in question work together.

However, unlike the “core” tools and systems outlined above, there is tremendous passion and pride of authorship around internally developed systems. And to make matters worse, since you have to figure out organizational issues as well (including potential elimination of positions), it is very difficult for employees to separate themselves from the emotion to provide objective input. This is why is it critically important to get outside help to do an independent assessment of these systems and the teams supporting them to help determine the plan forward.

There are multiple important questions to be answered such as:

  • Which product(s) should be sunset?
  • Who will lead the combined team?
  • What does the new IT/Product Development organization look like?
  • What toolset (Agile PM, defect tracking, build & release, etc…) will the combined team use?
  • Which customers will be migrated to other systems?
  • What is the right technology stack moving forward for the combined entity?
  • Should the systems be integrated at all?
  • Etc, etc etc…

Furthermore, it is important that these decisions not be driven just from a technical perspective. Technology people focus on technology solutions which may not be the right thing for the business. As an example of this, I was recently working with a company that acquired another company that provided the missing piece of an overall solution they needed to compete effectively in the market.

Shortly after the acquisition, the technology team determined that the effort to integrate the two platforms wasn’t that much less than the effort to build the acquired functionality into their existing platform. And since having a single system with a shared UI, DB, technology stack, and development team was “better” for the company, that was the path that was chosen. Needless to say, the redevelopment of the acquired platform was far more complicated than anticipated and the team also underestimated the effort required to support both systems during the effort. So, after 18 months, not only do they not have the new functionality they made the acquisition for, their existing product and customers have suffered because their focus has been on this redevelopment effort. None of the anticipated benefits of the acquisition have been realized. If, however, the approach had been to loosely integrate the two applications (SSO, Billing, UI refresh, etc…), those benefits could have been realized within a few short months while still keeping existing customers happy. While perhaps not the best “technical” decision, it would have certainly been the best decision for the business.

Fortunately, the acquisition integration risk can be greatly reduced by bringing on the right leadership. TechCXO has partners with extensive experience in the area of systems and technology integration that are ready to help you make your merger successful.

What is the right cloud spend?

by

I was recently asked by a client – What is the right spend on cloud for my organization?  The client was asking about both cloud software (SaaS – Software as a Service) and cloud infrastructure (IaaS – Infrastructure as a Service).  In their technology profile, they had the opportunity to use several cloud applications that ideally fit their organization but they also had some proprietary systems that were a key competitive advantage.  In this particular instance, they had a significant investment in servers and infrastructure in two on-premise locations.

Beside cost, we discussed several other considerations.  From these considerations, we developed a method to evaluate their “public” cloud vs. their private cloud / on-premise spend.

Cost:  Cost is a critical component of the cloud decision-making process and any comparison needs to be apple to apple.  We included people, infrastructure, disaster recovery systems, information security spend and several other components to evaluate cost.

Functionality:  For the software component, there were a number of cloud software systems that fit their needs well and they selected several platforms and migrated their processing to them.  However, they kept some of their custom written systems since they felt those provided a competitive edge.

Integration:  For integration, they selected a cloud-based system to integrate data between their cloud software platforms and to/from with their on-premise, proprietary systems.  This was very cost effective, as they built most of their integrations in a single tool.

Flexibility: One of the reasons they choose to keep some of their proprietary software was their need for flexibility in their core business.  While some cloud software vendors have good flexibility and market add-ons that can add functionality, there are often key business areas that require highly customized software and systems.  

Availability: Cloud infrastructure and applications are designed to be highly available.  On-premise can take much more internal effort to be highly available and to ensure there is a disaster recovery capability.

Scalability: A huge advantage for cloud software and infrastructure is scalability as many customers depend on it and the providers have made it easier to scale (up and down).  On premise / private cloud needs to be designed properly for scalability and can be less adaptable for scaling.

Deployment: Cloud software and infrastructure is easily deployed (sometimes too easily and there can be pockets of subscriptions that are not being used).  On premise systems can suffer from slow deployment.

Security:  Many think that public cloud security is a big challenge, but many of the cloud companies have invested heavily in protecting their client’s data.  Good due diligence about information security is still a key factor in the cloud decision.  On premise software can be expensive to properly secure and monitor. 

The client ended up with a “hybrid” model, which is where many companies operate – some cloud capabilities and some on-premise/private cloud.

Conclusion:  The “right cloud spend” should be evaluated from an overall cost and a strategic perspective, taking into account a number of key decision criteria.

dan-brown-techcxo

Dan Brown
Partner, Fractional CIO / CTO; Interim CIO / CTO
dan.brown@techcxo.com
(770) 365-1901

Dan Brown is a senior technology executive with a wide range of technology, operational and senior leadership capabilities. As a strong leader, he has a proven track record of aligning technology organizations with corporate strategy, building / rejuvenating technology teams and leading organizations through growth and rapid change.

Business Continuity Plans

by

Here’s a rhetorical question… When is the best time to prepare for a hurricane or tropical storm? (BEFORE it strikes).  If you weren’t dealing with the busy hurricane season directly, you probably had at least a passing thought about your business continuity plans.  The good news is — like holiday shopping — there’s time: hurricane season doesn’t officially end until November 30.  So, for those marginally impacted or fortunate enough to escape unscathed, now is good time to reflect on your preparedness.

To avoid any confusion on the subject, the definition of Business Continuity Plans (BCPs) are those preparations focused on maintaining continuous operations even in the event of a emergency. They typically involve communication plans, alternative work sites, system failover/redundancy, and any number of “contingencies”. Compromises like operating in a reduced capacity can be an option based on the agreed risk acceptance of the company. Disaster Recovery Plans (DRPs) are invoked at the point that BCPs fail and the business is interrupted beyond what is acceptable in the BCP.

While the process my vary based on the size and risk profile of your business, you can develop a sound BCP by including these four main phases:

Project Scope and Planning (Who will be involved in the organization’s planning and execution?)
Business Impact Assessment (What are the priorities of the business? What are the risks and impacts?)
Continuity Planning (What strategies, provisions, processes and assets will be invoked?)
Approval and Implementation (Approval, training, testing, implementation and maintenance of the plan)

These documents are fairly straightforward to create. If you’d like templates for any or all of these documents, email me directly at: olin.wise@techcxo.com and I’ll be happy to send them along.

Olin Wise TechCXO

Olin Wise TechCXO Product & Technology Partner

Olin Wise is a Product & Technology partner in TechCXO’s Atlanta office.  See his full bio here.

RNC Data Breach and Your Business

by

This article was slated for a later release, but given the news about nearly 200 million American’s PII was made publicly available by a firm working for the RNC, we have decided to release this early.

[More information can be found here: http://gizmodo.com/gop-data-firm-accidentally-leaks-personal-details-of-ne-1796211612]

At the time of writing this article, 1,941 total breaches that have affected more than 500 people in a single incident have been reported to the Department of Health and Human Services since its inception in 2009. Yet there are thousands of organizations that are HIPAA compliant. How does this happen? Here is a little unknown secret. Compliance is not the same as Risk Management. Moving beyond HIPAA is where we find ourselves today: in need of a solution that requires active vigilance to protect your most valuable asset — your data.

Here’s some of the raw data with you that will help frame the rest of our research and solutions:

As you can see, most breaches occur through theft and unauthorized access to protected systems that contain electronic protected health information (ePHI), or electronic heath records (EHR). Your own employees are the largest culprits of this happening, sometimes with non-malicious intent. It is simply because they don’t know any better, or proper risk measurement and employee training has not taken place. A more sobering chart is below.

More than 130,000,000 people have been affected by hacking and/or an IT incident. The total number of Hacking incidents is only 40% of the total number of breaches by Theft, however Hacking represents a 500% increase in the total number of effected individuals. Please keep in mind, this is not the total number of incidents that have occurred. I can assure you incidents happen every day that go unreported. And to put into perspective just how vulnerable these companies are, only 10 organizations accounted for nearly 93% of that 130 million affected consumers.

Organizations are having to adopt a more proactive approach towards data security and risk management. HIPAA was created in 1996 in order to combat the improper use of healthcare patient data. It is a set of compliance rules that many organizations are required to adopt if they are going to maintain patient data, in any form. Yet in these sophisticated times where attack vectors and hacking methods are much more mature and advanced, compliance is not enough. This has given rise to organizations such as the Health Information Trust Alliance, or HiTRUST, which will be the topic of our next post.

As always, if you think you are at risk, or anticipate that you might be out of compliance and face penalties because of it, here at TechCXO we have partners in our Product and Technology practice that specialize in assisting customers get and maintain their certifications. We have worked directly with the HiTRUST counsel on numerous engagements and would welcome a conversation with you in order to ensure that you are meeting your compliance requirements and put forth a plan of action that will ensure every possible protection option has been explored.

What does this mean for you today? It is time to take action…right now. If you don’t know the state of your security and are reading this article right now, you should know. Here are threeo steps to take immediately:

  1. Contact your security services provider, either internal or external, and have them run a full audit and scan of your systems, both internal or cloud based systems for potential holes in your perimeter security. 
  2. Schedule time with your teams to look at potential areas where PII, ePHI, or any other protected information may exist and have them immediately evaluate those potential ingress and egress access points for proper security implementations. 
  3. If you don’t have a security services provider, contact us here at TechCXO and we can assist you in locating one or engage you directly in order to quickly give you peace of mind.