Today every business is an internet business.  The performance of any business is directly related to the capability and performance of IT.  Therefore, we must all take cyber security seriously.   Let’s start with a botnet by breaking down the word itself.  The first syllable, “bot” is short for robot. The second syllable “net” is from the word network.  A botnet is formed when a hacker writes a computer program that will breach security on a single computer.  It does not stop there.  This computer program called a virus has the capability to take over that computer that it just hacked into. It does not stop there either because this is not good enough for the cybercriminal.  With a botnet, the virus will move from one computer to another, take control of each and then connect all of the disparate computers into a powerful system or network of control.  This is known as a botnet. Cyber criminals are control freaks.  They will sometimes create a virus that controls thousands or

In today’s business climate it is imperative that the IT Service Provider not only understand what the business strategy is, but be able to initiate and deliver services that not only support it, but help to shape it.  This can be successfully accomplished by ensuring that the service portfolio remain aligned to the business needs.  Over time these requirements and demand for services change and mature.  The Business / Provider Relationship is integral in keeping the demand and supply of these services and capabilities appropriately and continuously aligned.  One of the tools engaged for this task is the “Business-Provider Maturity Model”. The Business-Provider Maturity Model is a way to help surface and understand the growth in maturity of business demand for Provider services and capabilities, and a Provider organization’s maturity of supply capabilities needed to both satisfy and shape that demand. Many maturity assessments are very IT centric assessing the ability of the Servi

ITIL Practitioner focuses on nine guiding service management principles that distill the core message to facilitate improvement and success at all levels. The principles not only guide providers who want to adopt a good approach for successful products and services but can also be applied to ensure our day to day success. Yes, that’s right! These principles could be applied to buying a car, ordering food and more. Example: I want to purchase a car . 🚗 Guiding Principles ITSM Academy's ITIL Practitioner course is based on these 9 Guiding Principles 1) Focus on VALUE - I need a car but I don’t want to exceed my budget for this. Value for me means awesome performance and that this car looks amazing. It must be a good fit and be cost effective. Good luck, right? Value is determined by price but also by performance and perception. 2) Design for Experience – Here I would be looking for something that is durable, has lots of techno gadgets built into the dash and if it is luxurious w

The Business Relationship Maturity Model (BRMM) is a way to help surface and understand the maturity of the relationship between a Provider (internal IT organization) and their Business Partner. This is not about the maturity of the BRM role or process.  This is about the maturity of the Provider/Business Partner relationship and therefore must take into account the perspectives of each party. The BRMM is made up of 5 levels, each with a descriptive tag, and represents a relationship maturity continuum. Level 5 is the highest and described as strategic partnering, Level 4 is trusted advisor, Level 3 is service provider, Level 2 is order taker and Level 1 being the lowest or ad hoc. Level 1 Ad Hoc: From the Business Perspective (BP) it’s, can’t even get my providers attention, results cost too much, delivers too little and takes too long.   From the Provider’s Perspective (PP) it’s: I’m too busy to think about anything other than I’m too busy.   Characteristics of relationshi

Rugged DevOps is a method that includes security practices as early in the continuous delivery pipeline as possible to increase cybersecurity, speed and quality of releases beyond what current DevOps practices can yield alone. (1) “Rugged “describes software development organizations which have a culture of rapidly evolving their ability to create available, survivable, defensible, secure and resilient software. (2) As business increasingly relies on agile software development, the absence of matching fast-moving security methodologies in the delivery pipeline will essentially increase the risk of a security breach or a cyberattack. Security staff must be imbedded into cross functional teams to ensure a more sustainable and less risky continuous deployment value chain (continuous integration, continuous delivery and continuous testing). The bad guys have already acquired these skills and the use of automation to engage in a continuous attack on our defenses. Security was named

A short while ago I was asked this question from one of our reader: “ I want to set a KPI around how much of the time we meet the SLA. Like 'meeting the SLA x% of the time'. Can someone advise what would be that 'x'? What is the common practice?  Is there an industry standard around this?”   I’m going to have to go with the consultant answer and say it depends.   First, are we talking about a single service to a single customer? Are we talking about multiple services to multiple customers or somewhere in between those two extremes? Your SLAs should include details of the anticipated performance that your customer expects.  First thing you need to do is discuss with your customer what are the levels of utility and warranty they are expecting? Then document and agree these targets are reachable given the resources that are at your disposal and any constraints that may be discovered. The requirements for functionality (utility) should be defined by your BRM pr

Site Reliability Engineering (SRE) is a discipline that incorporates aspects of software engineering and applies that to operations with the goal of creating ultra-scalable and highly reliable software systems.  Google’s mastermind behind SRE, Ben Treynor, describes site reliability as “what happens when a software engineer is tasked with what used to be called operations.” Historically, Dev teams want to release new features in a continuous manner (Change). Ops teams want to make sure that those features don’t break their stuff (Reliability). Of course the business wants both, so these groups have been incentivized very differently leading to what Lee Thompson ( (formerly of E*TRADE) coined the “wall of confusion”.  This inherent conflict creates a downward spiral that creates slower feature time to market, longer deployment cycles, increasing numbers of outages, and an ever increasing amount of technical debt. The discipline of SRE can begin to reduce this dilemma by

What isn’t? With the internet of things there are so many options available to consumers that were not available even one month or one week ago.   With technology and job role functions evolving so fast, the best way to stay current is to become educated.  Here are just a few bits of interesting information. New for Every Day Consumers: In a  recent update Google’s Virtual Globe has introduced a feature called "Voyager." No longer will you be limited to only exploring places you've heard about, nor will you have to resort to randomly clicking on areas of the planet in hopes of finding a gem. Instead, "Voyager" presents you with dozens of curated journeys around the globe. Each voyage is centered around a theme. “Museums Around the World” will take you to a Street View of museums in every corner of the globe. If natural formations are more your speed, " Earth View " will show you "the most striking and enigmatic landscapes available in Goog

Historically, many companies have had a single strategy for selecting, deploying and managing applications. They have had a defined structure for classifying applications by value or functionality, but failed to recognize that applications are fundamentally different based on how and when they are engaged by individuals and the organization as a whole and the pace at which these tools need to be changed and updated.   Many organizations are finding themselves with an enterprise application strategy that fails to satisfy the needs of the business community, which has often led to underutilized applications throughout their portfolio. Gartner’s Pace Layered Application Strategy is a methodology for categorizing applications based on how they are used and how fast they change.   This strategy helps IT organizations rationalize the use of DevOps practices that ensure a faster response and a better ROI, without sacrificing integration, integrity or governance requirements.   The

I learned about ‘The Diffusion of Innovation Theory’ in a DevOps Foundation training course.  I wanted to get my DevOps certification but more than that to learn about what makes a DevOps initiative successful.   When I mentioned the Diffusion of Innovation Theory to a coworker he said “It sounds like Sheldon talking to Raj on “The Big Bang Theory” TV series.  Although the name sounds Big Bangish the usage of this theory could be the real difference for success in any transformational change including DevOps. To start let’s begin with the definition of DevOps. DevOps is a professional and cultural movement that that stresses communication, collaboration, integration and automation in order to improve the flow of work between software developers and IT operations professionals. Improved workflows will result in an improved ability to design, develop, deploy and operate software and services faster. That’s where this “Big Bang” or Diffusion of Innovation Theory comes in.   De

Integrating Development and Operation teams as well as other functions that have previously been silo’d is key to any development project for all service providers today.   We hear a lot about this in DevOps training and certification classes.   What about security?  You may have heard the term DevSecOps.  This idea and term was coined to ensure that architects and developers include into our requirements and code those things necessary for security. Design architects will also want to ensure that security is integrated throughout the value stream of development, deployment and operations and it is done in such a way so that the complexity is as transparent as possible to the functional teams involved.   How can we do this without impeding our flow of work?    How can we still be able to meet compliance for legislative, legal or regulatory requirements relating to security? This is where Automation comes in.  Collaboration and measurement are key values but automation is also

I remember reading a quote “Every business today is a technology company” or something close to that. As we move from business-IT alignment to business-IT integration and now convergence, it is becoming more and more critical to understand and manage both the business and IT capabilities so that integration of the business strategy, IT strategy and the IT portfolio are seamless.  In today’s business climate it is imperative that the IT organization not only understand what the business strategy is, but be able to initiate and deliver services that not only support it, but help to shape it.  The Business Relationship role, process and capability is integral in making that happen. One of the tools that can be engaged to help facilitate this convergence is the “Business Capability Roadmap.   It is made up of three key components: Roadmap Business Capabilities: Identifies how business capabilities need to change to achieve defined strategies. Roadmap Enabling Capabilities:

In years past you had to have some years behind you so that you could talk about the good old days.  Conversations would start with statements like “Remember when…?”   Today when a conversation starts with those words it could be a young person talking about how they did things last year or last month vs. how they go about their day to day activities today.     Things are changing so fast!  How does this affect educating and training learners and what needs to be tracked and recorded?  Certainly, not the same as it was a decade ago.  A recent solicitation stated “ Use of ed tech is skyrocketing, students on campus tote several devices each, but service needs range from high tech (wifi, connected classroom) to mundane (rat in the cafeteria, dorm toilet won't flush). All those needs have to be logged, serviced, tracked, reported on - hence the high demands on the platform used”.  Opportunity for bigger, better and more technology abounds! The tools that we u

To say that digital technology has changed the world is an understatement. Digital transformations are revolutionizing entire industries and reshaping every aspect of business. To stay competitive, businesses must accelerate the delivery of digital products and services. To meet business demand, IT organizations must accelerate the delivery of secure, high-quality and reliable software features and functionality ( DevOps ). The thing about any transformation, whether it’s the digital transformation affecting the world, or the DevOps transformation affecting IT organizations and their business partners, is that it’s never only about the technology. A successful transformation requires shifts in peoples’ behaviors, mindsets, vocabulary, roles and reporting relationships. It requires changes to processes and to day-to-day operating procedures. Perhaps most importantly, the ability to undertake and achieve any transformation is determined by whether, or not, the company’s leaders

I was recently asked the following: “I want to take the “Release, Control and Validation” (RCV) class.  As a Release Manager, I know it will help but I need to justify this for my manager.  What is the value of taking this class?” Every organization can be effective with release and deployments.  What is needed today is for us not only to get the job done but to do it efficiently.  Efficiency infers that we deliver value, but that we design and deliver services, BETTER, MORE, FASTER THAN EVER BEFORE and at the same time we are being COST effective. The role of Release Manager, although it is central to the release and deployment process, is much broader in scope than many organizations or managers realize.  This role in Best Practice is separate from Change Manager and from the actual Validation and Testing Manager or even the Change Evaluation role.   Frequently these roles will be assigned to one or more persons.  It does not mean that you have to open several new req's

The Business Relationship Manager is a role that serves as a strategic interface between the IT Service Provider and one or more Business Partners (or Business Units within a single organization) to promote, and influence Business Demand for IT services and products. They also work to ensure that the potential business value from those products and services is realized, optimized and properly documented.  The Business Relationship Manager can accomplish this through the engagement of four core disciplines which are defined as part of the house of Business Relationship Management (BRM).  This house is built upon a foundation of BRM competencies which support the Business Relationship Manager role and ensure it has the skills and aptitudes to be effective and deliver value to both the Provider and its Business Partner. The Four Core BRM Disciplines: Demand Shaping: This discipline stimulates and shapes business demand for the provider’s services, capabilities and products. It ensu