Monday, May 8, 2023

Thankful for 10 Great Years

 I've been pretty good about letting folks know what seems to be getting read quarterly and annually on this blog. While I have the last 90-day summary included in this post, I also did an inception-to-date analysis to see what topics hit a home run for my typical audience, including business types and technical types. Before I dive into the charts as usual, I wanted to thank my loyal readers and say this blog experiment has turned out well. After I retired from full-time work with Gartner, I thought I still had more to give. While Garter was a great experience, the blog allowed me to explore topics that would not get past management and editor oversight. Grammarly and my dear wife, Sherry, guided me along the way. Sherry had a strong Digital career retiring from IBM in 2005, and was a great manager. 

The blog is now approaching 830K reads over 645 posts. It has been read from 30+ countries regularly. My one true hope is that I helped peeps in their everyday job and just maybe got them to think a little differently. I received many comments and participated in some really nice conversations with readers. Here are the most popular topics on the blog of all time. Customer Journeys, Automation (RPA), Real-Time Dashboards, AI, Digital Business Platforms (DBP), Process Modeling, and Trends. Besides the US and Russia, Europe dominated the readership over the last 10 years. 

                                MOST POPULAR BLOG POSTS OVER 10 YEARS


                                                          LAST 90 DAYS

Tuesday, April 25, 2023

Success With Real-time Scenario Management

Complexity and uncertainty are becoming hurdles for organizations everywhere. The rate of increase for faster decisions and appropriate actions is accelerating. Look at what has happened recently in the banking sector. Withdrawals accelerated in a short period and greatly exceeded reserves in several situations. While this is still playing out, other sectors must apply the lessons we have learned. Keeping a real-time pulse on business targets and emerging patterns/trends is a crucial takeaway, but reevaluating the business contexts (aka scenarios) is also the key to success. Real-time dashboards and more proactive scenario management are important pairs to manage. Even though applied separately, they deliver benefits; combining them will become a key to long-term success.

Real-time Dashboards are data visualization tool that provides up-to-date status on goal attainment and out-of-bounds behaviors. These dashboards allow for easy understanding and digestion of current situations. They enable users to identify trends, patterns, or anomalies. Organizations often use real-time dashboards to monitor and track their operations, the effect of their tactics, and the shifting business contexts. Frequently financial performance is monitored in real-time, allowing businesses to make informed decisions and take immediate action when necessary. However, these results and tolerances are often tuned for expected or normal business contexts/scenarios, making them vulnerable if external conditions shift away from optimization. It is where scenario management needs to be in tune with the real-time world.

Scenario Management is a strategic planning and decision-making process that involves creating and evaluating different hypothetical situations or scenarios to be prepared for all scenarios. These scenarios are likely based on factors such as market trends, economic conditions, geopolitical activity, technological advancements, and other external and internal factors affecting an organization's future performance. Scenario management aims to help organizations prepare for future events and develop contingency plans to mitigate risks or take advantage of opportunities. Organizations can make more informed decisions and actions in future challenging situations by exploring multiple scenarios. It typically involves a team of experts developing and evaluating strategies and their potential outcomes. Mature organizations update these scenarios regularly.

The Convergence of real-time dashboards and more frequent scenario management is becoming a trend and a desired competency in successful organizations. Not only can an organization's operations keep a fine edge on their optimizations, but they can also sense emerging risks and opportunities and act on them timelier than in previous eras. For example, a financial institution can use real-time dashboards to monitor their stock price and combine it with scenario management to simulate market conditions and their impact on their stock prices. As a result, it can help the institution make informed investment decisions and hedge risks. Similarly, a manufacturing company can use real-time dashboards to monitor their production lines and combine them with scenario management to simulate different supply chain disruptions and their impact on production output and downstream customers. As a result, it can help the company develop contingency plans and adjust production schedules to minimize disruptions. Combining real-time dashboards with scenario planning can provide organizations with a comprehensive tool for monitoring m planning and decision-making.

Best Practices for Convergence would include the following:

· Define Your Objectives: Start by Defining your goals and objectives using real-time dashboards within expected and unexpected scenarios. What are the key metrics, KPIS, and tolerances you want to track?

· Identify Key Data Sources: Real-time dashboards rely on accurate and up-to-date data, so it's essential to identify your data sources and ensure they are reliable and consistent. It may involve integrating data from multiple systems or platforms.

· Develop Scenarios: Work with your team to develop a range of scenarios based on various factors, such as market trends, economic conditions, and other external and internal factors that could impact your organization’s performance

· Test Your Scenarios: Use historical data to test your scenarios using various algorithm approaches to identify impacts on metrics and KPIs.

· Create Visualizations: Use visualization tools and algorithms to display KPIs and metrics. It should help evaluate the impact of different scenarios in real-time. Outliers should be practiced as well.

· Use Automation: Consider automating data updates and scenario testing processes to make adjustments as needed.

· Review and Adjust: Regularly review your real-time dashboards, scenarios, and potential outliers (black swans). It will help organizations stay on top of changing conditions. In addition, the frequency of adjustments should accelerate over time.

Net: Net:

The tried-and-true approach is "Make a Decision and Take Action; otherwise, You'll Fail By Default" I'd add, "You Better Consider Many Contexts Bolstered by the Latest Data, Learnings, and Predictions" before your act. Not just "fire, ready, aim," but "ready, aim, fire" The organizations that practice the convergence described above will survive, thrive, and capitalize in the shifting contexts.

Monday, April 10, 2023

Art for the 1st Quarter 2023

My paintbrushes took a break, so I concentrated on digital art this quarter. I hope you enjoy them. You can see the rest of my art by clicking here

                                                Coral Ribbons


                                                     Frog Surfing


Friday, March 31, 2023

A Ransomware Recovery Maturity Model is a Must

Ransomware is one of the biggest cyber security threats in 2023 and seriously threatens businesses of all sizes. Ransomware attacks work by infecting your network and locking down your data and computer systems until a ransom is paid to the hacker. A user or organization's critical data is encrypted, so they cannot access files, databases, or applications. A ransom is then demanded to provide access and keep data resources from downstream data sales. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyze an entire organization.

The overall amount of damages paid for ransomware attacks in 2021 was around $20 billion, with payouts in 2030 estimated to total approximately $231 billion. It is just the tip of the cost iceberg because all organizations will pay significant sums of money to defend in depth against Ransomware. Once struck, the time to recover using traditional methods ALWAYS requires way more time and effort than is ever considered. According to the IST Ransomware Task Force, the average downtime can be 21 days, with full recovery taking an average of 287 days from the initial ransomware incident response. The threats and costs are growing so fast that Ransomware has risen to the number three concern during this critical infrastructure attack era. Gartner says businesses are shoring up their defenses by spending another 11% more in 2023. Therefore a Ransomware Recovery Maturity Model is essential and becoming part of an overall security effort covering and recovering from threats and attacks.


Figure 1 Ransomware Recovery Maturity Model

The Dangers

As cybercrime escalates, the dangers and costs increase dramatically. It may not be apparent, but adversaries are stockpiling your vulnerabilities. Once made public, there can be a feeding frenzy. A growing number of threats from various sources and kinds of attacks should concern businesses. There is now a sophisticated and growing ecosystem of harmful sources, including:

· Corporate Gangs/Mafia

· Developers

· Access Brokers

· Competitive Forums

· Affiliates

· Crypto Brokers/Money Launders

· Dark Public Relations

Today Ransomware is plenty sophisticated, with not only lockdowns of data but the selling of exfiltrated credentials, data, and even direct access to data and systems. The bad actors are stealing from accounts, committing personal extortion, hacking for hire, and selling sensitive customer/lead data. They use various methods and techniques, including:

· Installing Adware

· Crypto mining

· Credential Theft

· Launching Attacks

· Sending Spam Emails

· Creating Proxy Sites

· Resource Renting

Ransomware of the future intends to maximize the haul, optimizing the revenue per event and victim by leveraging advanced automation and intelligent bots that can swarm to opportunities.

Why a Ransomware Recovery Maturity Model?

Ransomware is rising to the point of a ubiquitous threat, morphing to become more lethal by the day. A growing Ransomware Ecosystem makes the perpetrators seem like a regular organization. Bad actors release press releases to put a veneer on top of the gangs, bribers, opportunistic developers, and brokers. These bribers are out to take your money, so laying down strategies and tactics is undoubtedly worth the time and money. If they can't bribe your organization, they will sell your data for profit or even do both. They are trying to maximize their profit per victim. The above model Figure 1 lays out the progressive steps towards reactively or proactively dealing with Ransomware. The model can be used as a standard classification of ransomware protection efforts while evaluating ransomware software and service providers. The model becomes a gauge for protection levels.

It is essential to visualize the efforts that can be taken to head off the inevitable attacks or sneaky events. Ransomware is the fastest-growing vulnerability associated with cybersecurity and deserves its own set of detection techniques, proven faster reactive approaches, and proactive steps for evolving assurances. Organizations need to have a plan to deal with this growing menace. A ransomware maturity model overlaid over a well-accepted and established security model is presented here. While security gets significant attention and investment from top management in most organizations, Ransomware has not. The model phases below outline the necessary maturity steps in dealing with Ransomware.

What are the Standard Maturity Levels?


Aware is the level where management realizes that Ransomware is an issue that needs action. Security folks recognize that bad actors start small with low risk leading to acceleration and expansion. Bad actors see a compromised victim as a growing bag of money to tap and can't be trusted once the bribe is paid. Sometimes they steal data and credentials to sell later. Later they often crypto-mine and install adware. In case they use an advanced attack to steal money or leverage a campaign to phish trusted partners or customers. Education is the key to awareness even as new nasty twists emerge, but data is the essential source to attack.


There needs to be a commitment to detection and recovery that protects people, processes, and data. Active action puts up some resistance and foils some simple, early attacks. It is taking a defensive reaction of informing your people and notifying constituents to watch out for phishing attacks that open holes in the security perimeter is a vital action here. It means better-communicated policies to mitigate social engineering attacks that entice people to open emails and links, allowing a gateway for further evil actions. Multi-factor authentication is a typical response. It may mean you have to teach users to spot rogue URLs.


Operational is where there is a concerted effort to put good practices into place that make it hard for ransomware perpetrators to cash into revenue streams. It means focusing on understanding the risky areas of your organization's assets. There needs to be a repeating process for classifying data and processes for the organization's risk level. Risk analysis and prioritization are vital ongoing efforts. Organizations must assume they have already been infected and look for dormant attachments to patches and other code parasites. Key data sources must be clean before backups can be trusted. It means that data changes must be tracked and analyzed. Once cleaned, some mass data restoration procedures must be in place.


Managed is where the efforts turn to early detection, focus, and isolation. Now batch detection depends on real-time. Intrusions are found early, and affected data is isolated whenever possible to prevent infection spread. Isolation allows for a more focused recovery that optimizes speed to restoration. Even if isolation is not possible, automation of the recovery process should be established. Knowing that a clean backup is available close in synch with current operations allows for automation of mass recovery minimally or focused recovery ideally. It makes data defense and protection a cornerstone of response to Ransomware.


It is making this automation smarter and closer to self-healing, the next step in the maturity model. It is done without human intervention except for notification that it has occurred. It means that AI and analytics are used to detect cyberattacks that are in progress, respond to threats intelligently, and eventually enable bots that detect advanced malware. It now becomes "good-bots vs. bad-bots."

Net; Net:

A ransomware maturity model is necessary to determine the level of protection and understand what is being done to avoid paying the bad guys. The maturity model also is used as a guide for the protection from ransomware journey that gives directions and guideposts to show progress and feel like progress is understood in context. Ensure your ransomware technology and service providers subscribe to a maturity model to track progress for better protection. It is an escalating war that needs constant tuning. Organizations can't wait to be attacked, as a ransomware event's probability of getting hit by the day is getting higher. It's not just the crooks as we hear of wars and rumors of wars generating cyber attacks that may include payoffs. Getting ahead of these attacks is crucial by spending more time and effort upfront to defend, detect, and data-proof your organization. Hiring an experienced set of services or buying important software is wise.

Additional Resources:

CIS Controls

Blog Posts 

Sample Vendors

Friday, March 3, 2023

A Creatives Use of AI, Algorithms and Automation

It was not imagined that technology would significantly impact the arts and artists over a decade ago. However, technology is not only assisting the arts; it is starting to turn the arts on its head. The arts have traditionally used technology as an assistant for the creators, but there is a growing movement to have AI generate art as it learns from large bases of image and audio data. I plan on leveraging several of these emerging software capabilities this year, but I have successfully leveraged various technologies as a creator over the last decade. This post aims to give examples of several forms of tech that improved my art and music.


Traditional artists want an online sales presence to expand their impact and sales. I have used digital flatbed scanners to sell art in a limited copy series. The benefit to my customers is that I can lower the price of any one piece of art by spreading the creation costs over several copies. The benefit to me is that my art gets shared and appreciated in many households and business spaces. The resulting scans can be put online in online marketplaces with high-quality images of my art


Digital artists use technology to generate, alter and finish their art pieces. I have used algorithms to do all three to create and alter my most popular pieces that are considered fractals or digitally altered fractals. These pieces have helped me win or place in numerous art contests and placed in locations I could only dream of in the past. My pieces have appeared in the Muse De Lourve, Times Square, and Miami Scope. I used software to generate a starting point that I refined until it was properly colored, staged, and highlighted. In some cases, there were post-processing software tools that made these images even better. I expect to try some generative AI tools soon to see how to create pieces of beauty. 



All of my recent songs have been digitally engineered with software guided by the skills of a very experienced and successful engineer. Engineering helped shape many individual voice and instrument soundtracks into cohesive pieces of music. All of my music used software to capture sounds from real instruments and create sounds from midi keyboards. These sounds were often enhanced to add effects to make them impact the mood and feel of each song. These sounds were recorded on multiple tracks to be weaved into a song, along with multiple voice recordings that were comped into a cohesive soundtrack. While few of my soundtracks were generated by technology, technology added effects. None of my music would exist without the capable skills of musicians and co-producers supported by various technologies. Even my music promotion used technology to create compelling videos. Here are my top two most popular songs so far, 

Net: Net: 

Technology has been a clear collaborator in both my art and music, but the creators guided the overall outcomes. I suspect the balance of collaboration will lean more toward technology over time, but I don't see a day coming when the creators are phased out. I will be testing the bounds of technology uses in the arts and hope it will help the resulting works in a more positive way. 

Additional Reading:

AI & Art 

AI Art Generators

AI Music Generators

Designer AI

AI Case Studies

AI Automation

AI & Data

AI Myths

Monday, January 30, 2023

2023 Top 5 Technical Trends

Organizations will focus on assured success in 2023. Organizations will focus less on "moon shots" and more on accurately hitting targets on earth. While the allure of new digital solutions and the temptation of true transformation will still seem to call, organizations will stick with the attainable. It does not mean that organizations will not innovate; the innovation will be undertaken with wisdom while staying congruent with the Top 5 Business Trends in 2023. (Click here for more information). Part of that wisdom will also be keeping an eye for emergent business opportunities and technologies that could be of advantage or threats that derail focused efforts that are highly synched to the stakeholders and executive directions. Organizations will double down on successful technologies that enhance the bottom line while keeping a watchful eye for technical innovation that makes sense within risk tolerances.

Real-Time Observability

All aspects of business are speeding up and have to deal with emerging conditions, patterns, opportunities, and threats. It will put a premium on real-time observation, decisions, and actions. Some of these real-time decisions and activities will be made on the edge more autonomously within management and governance guard rails, sometimes called constraints. Managers will make more integrative decisions requiring more detailed data, often sifted and enhanced by AI, and need a lateral view that looks for the implications in multiple contexts. It will drive two significant activities over and above the resurgent analytic sectors. One is integrated emerging visibility that looks across and outside the organization. Often there will be integrated monitoring or a management cockpit that will visualize results, notify managers of significant detections, and allow them to try different alternatives leveraging prediction, simulation, and various analytical modeling to take appropriate and quick action. The simple decisions will get automated, and autopilot actions will be suggested or enacted even at the edge. The other is establishing, growing, and managing a data mesh. All of this depends entirely on having an intelligent data mesh that knows where the data is and the quality of said data regardless of data type (operational databases, behavioral data, voice, or video), no matter where it resides. This huge vacuum is being filled as we speak with emergent and new data management software that catalog and reach into various sources (cloud or not), notifying the manager of the data quality scores.

Intelligent Automation

All the focus on hyper-automation is starting to pay off. Organizations are getting substantial benefits from newer automation approaches. Consequently, there will be additional bets on combinations of technologies that deliver the best returns. These returns will contribute to the bottom line for current earnings and help fund any new tech efforts that management deems essential to compete. The silo technologies coming together to deliver great automation include process/workflow, RPA, Process/Data mining, Business Lead, Low Code, Monitoring, Simulation, Mapping, and Analytics. There are a variety of combinations that have compelling case studies, and many organizations have had significant successes. A portfolio of initiatives that deliver savings and opportunities to support business directives is a must for 2023. A platform of integrated technologies is a big help in providing the benefits of technical combinations. Click here to see example combinations and vendors that have proven successful as a Digital Business Platform (DBP)

AI Expanding and Adapting Its Role

Ai has proven its value in learning from data, which will continue to gather steam focused on and around desired business outcomes. When combined with analytic and statistical models, AI can move into more thinking situations on top of the already important detection and pattern recognition duties AI is known for today. The data sources for detection mining will expand beyond traditional data to include images, videos, voice, and communications. The kind of thinking situations AI can move into in the short term would consist of knowledge acquisition/leverage, modeling, projections, and autonomous actions in emergent situations. Conversational and explainable AI will make substantial headway in 2023, building on existing success. A new movement in AI will revolve around intelligent chatbots, smart automation bots, new forms of deep learning and pattern recognition, plus intelligent applications. AI will also assist the creatives in 2023 and beyond with writing, art and music. It will start as a collaborative approach and get more independent over time. As AI ethics mature, interactions with our employees and customer will become routine for AI.

Platform Consolidation

Organizations will be looking to consolidate costs and integrate isolated technology streams. It will drive a trend for integrated platforms that tend to be technology supermarkets that promotes more one-stop shopping for the technology leaders as business ramps up the demand for speed to results. Companies will look at their current platforms and look to consolidate their numbers if possible and drive additional uses of the strategic platforms. This trend will hit compute infrastructure, networks plus storage, and databases. The current surround and leverage multiple platforms trend will continue, but there will be increased pressure to eliminate some. It also means that automation and digital business platforms (DBP) will experience the same pressure. It will put a premium on general-purpose DBPS linked to pure specialty platforms.

More Secure Digital Commerce

We see increased activity from bad actors in security incursions and ransomware. It is getting more serious, and the threat of cybersecurity wars is looming. Organizations will take extra precautions to prepare for ransomware and security incursions. As cybercrime escalates, the dangers and costs increase dramatically. It may not be apparent, but adversaries are stockpiling your vulnerabilities. Once made public, there can be a feeding frenzy. A growing number of threats from various sources and attacks should concern businesses. There is now a sophisticated and growing ecosystem of harmful sources. As the world heads for stable digital commerce, there will be increased efforts to engage government and financial industry leaders to create secure models that guarantee free trade. All efforts will be aimed at rigorous testing of all safeguards.

Net; Net:

Increased productivity from intelligent automation and human assistance will enable organizations to expand their experiences for constituents while saving money. Get ready for higher levels of technical and human collaborations. Consolidation and automation savings will be allocated to investing in the platform's safety and leverage. Still, managers will keep their eyes open for technologies not to miss out on in 2023. It will require a more disciplined approach to staying linked to goals in a near real-time fashion while dealing with various and dynamic people and automation resources.

Nobody Knows Me

 Here is another popular song from my recent Amazing Journey Album, co-produced by Ethan Foxx and engineered by Jimmy "Cat" Caterine. This song is about someone in a very dark place that gets rescued by love. Love can reach into the darkest corners and change lives. It describes someone painfully alone, probably hanging out on social media and watching the world move on without them. Thankfully love lifts this person to a hopeful plane again after they realize they need to change.

Click here for the lyric video.

What Others Have Said About Nobody Knows Me 

Wonderful opening shooting into a tight Prog Rock style delivery with wicked Rush-like guitar work/drums throughout. 

David McCoy, Former DJ, and Retired Digital Consultant, Atlanta Georgia

“The blistering guitar solo really captures you and is quite memorable,” Bryon Robke, Biochemist, Loveland CO  

This had some excellent lead guitar, and other background instrumentation, combining to create a mysterious, ominous, foreboding sound. Bill Martin, Retired Color Master, and Artist

Click Here For an Album Sampler

Click Here For the Album on YouTube