Friday, August 28, 2015

Where are we now? How do we move forward?

One of two cornerstones of the National Academy of Arts and Science.
This weekend marks the tenth anniversary of Hurricane Katrina, an event so significant that the practice of emergency management by the federal government was changed forever.  Today marks the 54th anniversary of the March on Washington where Martin Luther King, Jr. gave his famous "I have a dream" speech.  It is the 60th anniversary of the vicious murder of a Chicago boy, Emmett Till, when he visited relatives in the South and whistled at a white woman.  Two days ago, a TV reporter and cameraman were shot dead in the head on a morning news program by a killer who then posted video of the murders to social media.  In a 23 page suicide note, the only thing that the murderer left out of his message was the similarity to ISIS acts of terror that also take place in living color and then get posted to social media sites.

While the federal government has completely reshaped its responses to disasters, we can't really pat ourselves on the back where equality and justice that Reverend King was looking for is concerned.  The situation has never been worse in this country where distrust and anger are concerned, and the gap continues to increase between those who have and those who do not.

The situation appears intolerable also where gun control and mental health proposals go unfunded and unapproved.  The National Rifle Association (NRA) continues to have a lock hold on our elected officials where even the simplest forms of information sharing are concerned -- registering guns and sales of guns in such a way that federal and state police databases are interlocked to detect those with criminal or mental health histories.  Why is this passing bare bones legislation that could trap for lowest hanging fruit so difficult?  What do we need to do to be heard?

The interior cornerstone at the National Academy of Arts and Science.
The worst of it in all this is that each episode seems to set off more disturbed people in what are called copycat events.  Just as those who ride trains every day are probably now more aware of their environments after the events of last weekend on the Amsterdam-Paris train, I suspect that every news person will feel their own heightened anxiety for at least the next several months.

Given the flammable nature of public discourse on so many issues these days, especially with presidential politics starting make things worse, I would suggest that we need to find new ways to move the discussion on gun violence forward, to see if it is possible to affect real change on this issue and on the issues involving equality and justice as well.

Wednesday, July 29, 2015

Earthquakes and the Pacific Northwest

We live in one of the most beautiful places in the world.  Most of us don't like to think about earthquake risk on any consistent basis.  Some of us have ensured that our homes are tied down to their foundations; and that we have an emergency supply kit as well as a family plan for how to find one another if our smartphones won't work.  And that we have emergency supplies in our vehicles and our offices as well.
Emergency kit in our home includes basics as well as a spreadsheet of vital information.

Emergency supplies in my trunk.

A little more than a week ago, the New Yorker published an article by Kathryn Schultz that has caused a great deal of panic and anxiety.  She published a second article this week, attempting to refine the ghastly overly dramatic tone of the first piece; and this time to offer some pretty straightforward recommendations on preparedness at

Other perspectives on how prepared we are here in the Pacific Northwest can be found at; or on the website of the Seattle Office of Emergency Preparedness at

I will say that any articles written about preparedness move the bar a bit higher in terms of neighborhood and civic preparedness.  For myself, I'm changing out some emergency supplies now that I no longer eat much else than greens, beans, other vegetables and fruits.  Once this heat spell is past, I plan to be growing more than Walla Walla onions and green peppers.

How prepared is your family to live without services or support for up to a week?

Do what's reasonable, and then relax -- go out and enjoy this, the most beautiful place in the world!

Wednesday, July 1, 2015

Personal risks and rewards

When I teach operational risk courses, I try to stress that life (and business) is full of risks; and that taking risks with confidence moves you forward, whether you are a family or a business firm.  I had a chance last weekend see that premise manifest itself exactly.

Some of you know that I was born in a small town in Northern Iowa, our family of four part of a larger interwoven group of four Irish Catholic families residing among Scandinavian Protestants.  My great-great grandparents had emigrated from Rathkeale a week after being married in 1861.  My grandfather ("TJ" Hayes) was born in Illinois, but moved to Iowa, where he farmed, bought and sold horses, and raised seven children with his wife, Anna Quinn.  Each of these large moves, from Ireland to Illinois, and from Illinois to Iowa, brought forward momentum and better lives.  Though TJ's grandchildren and great-grandchildren have scattered to many parts of the world, 80 of them returned to celebrate their history and close connection at my cousin Jim Hayes' amazing home in Iowa City this past weekend.  This is the eighth such five year reunion that Jim has hosted, which makes it 40 years old.  He spoke movingly of the four families whose lives intertwined from those first days in North Central Iowa:  the Hayes family, of which I am a member; the Morrissey family, connected through Jim's father's marriage to Alice Morrissey; the Newman family, connected through my Aunt Teresa's marriage to George Newman; and the Barrett family, connected through Nita Morrissey's marriage to James Barrett. 

This photo is blurred but will give you an idea of the volume still present of those four families on this earth.

There are roughly 80 of us in the photograph.

Here's one of the first cousins at the reunion.

Again, a blurred photo, but you get the idea.  These are relatives I have known my whole life.  Each of them has extended the momentum started so many years ago back in Ireland.

Finally, for historical context, I wanted to show a circa 1930 photo of TJ and Anna and their children, some of whom had already married by this time. 

 My mother, Margaret Cecelia Hayes Sowers, is sitting fourth from the right in the first row.  Her father TJ is sitting front row sixth from the right.  My Uncle Jim Hayes, father of host James P. (also Jim) Hayes is first row on the left. Grandma Hayes is middle row, second from the right.

I come from generations of risk takers, each finding its own personal rewards in lives well lived.  It probably explains to some extent how I ended up at this point in my life as a risk detective and as a university lecturer on ethics, policy, law and risk.

Wednesday, June 24, 2015

Influencing the next generation of risk managers

We've had a busy spring, with cyber hacks continuing to hit not only the private sector  but the government as well.  The most visible breaches took place at two health insurers -- Anthem in February and Premera Blue Cross in March -- and the federal government, where what looked like one breach in the Office of Personnel Management that was detected this spring has turned into at least two large breaches, the other being of security background check information that has evidently been going on for some years.

I spoke last week at SecureWorld Portland, covering some of this information, but mainly to show how to present requests for cyber project funding to executives and to boards.  That engagement came just after the end of the University of Washington academic year.

This summer, we've got a couple of large projects on the ASA side to take care of.  The first is an upgrade of the ASA website, to better reflect the proportion of time I'll be spending over the next years on research and publishing, with a lesser emphasis on consulting.  We've also got a third volume of the Reflections on Risk series to publish.  And I'm trying to put together my speaking calendar for the next year, especially those portions that involve travel.

I become a full time lecturer at the University of Washington's Information School in August.  I'll be developing syllabi for two new (for me) courses I'm teaching this fall.  The first is the mid-career graduate course called "Foundations of Information Management."  The other is my first foray into teaching undergraduates, in a course called "Enterprise Risk Management."   I am really looking forward to both, since it will give me a chance to review and tweak my two graduate risk courses at the same time.

Part of my work at the university involves committee service, and I look forward to work on enhancing the Master of Science in Information Management (MSIM) program offerings. Here's a photo of me with several of my mid-career students in academic regalia at the iSchool Convocation 2015 program in Meany Hall.

  Left to right:  Andrew Magnusson, Matthew Christian, and Kenny Lee.

I am proud of all my students.  They are the next generation of risk leaders.

Thursday, May 21, 2015

ASA is six years old

ASA Graphic Designer Jesse Brown
Me and my closest advisor, Lauren Du Graf, wrote all the content for the site, found and furnished the ASA office, and double checked all our perceptions on what this website should be between May and July.

First and Union website developers: Sherry Stripling, Rick New, Molly Martin
My friend Fred Pursell told me that it takes six years to establish a consultancy, and it appears he was right.  After a month long train ride around the country to spend time with friends and decide what I wanted to do next, I filed for articles of incorporation for ASA in May of 2009.  The percentages of my time allocated to various parts of the firm have varied these past six years, but never the two sides of the company.  There is the advisory side of the firm, where we consult with clients that are part of the nation's critical infrastructure; and there is the research side of the firm, including the ASA Institute for Risk and Innovation, that includes publications, public speaking and advocacy and, in some cases, lobbying on behalf of legislation or public policy.

I've really never looked back.  And while I am cutting back on the advisory side of the firm in order to teach full time at the University of Washington starting in August, my interest in how firms behave, in how they practice risk management, and in information-sharing between public and private sectors is still unabashed.

 Carpe Diem!  I can't wait to see what the next six years will bring.

Thursday, April 30, 2015

Bright spots

I read recently that sugar reduces the amount of cortisol your body produces under stress.  It makes perfect sense when you think about it, and before they even ran clinical trials -- but based on the last several weeks, I would say that the world gives us more reason than ever to produce the cortisol.

Whether it is the catastrophic earthquake in Tibet and the loss of both human life, property and cultural heritage...or the devastation in Baltimore, a byproduct of an anger that has been festering for years...or simply personal challenges we all face in our work every day, we need to reduce the cortisol. And there are no easy solutions.

I have found generally that doing what I love evens most other risks (including cortisol) out. I love sharing what I know with others, so being a guest luncheon speaker for the Washington Association of Continuity Planners (ACP) gave me back energy when I spoke on leadership and professionalism.

Earlier this week, I led a panel discussion on "Access, Privacy and Information Risk" for the iSchool's iAffiliates Day, held this year most appropriately at the downtown branch of the Seattle Public Library.  My panelists were high bandwidth and compelling -- Jim Loter, who is the director of IT for the library; Bryce Newell, working on his PhD in the iSchool, who discussed his work with body cameras, public disclosure and Washington State Law; and Aaron Weller, director of privacy and security in the Pacific Northwest for PriceWaterhouseCoopers.  You know that it has gone well by the count of hands in the air to ask questions.

Now I'm getting ready for another kind of thrill -- today's guest speaker in my advanced risk seminar is Mike Howard, Chief of Security at Microsoft.  He's had at least two other professional careers before he arrived at Microsoft, and they play continuously into the work he does globally now.  He is a well-known and respected speaker inside and outside security circles on topics of leadership and policy.

"In the zone."  "Doing what you love."  Both good recipes for cortisol reduction.  Find those bright spots.

Thursday, April 16, 2015

Keeping It New

One of the challenges I face in teaching carries some risk.  That's the challenge of keeping the content refreshed, and bringing the same level of excitement each time I teach the course.  I first taught each of my operational risk courses as "special topics," and have been teaching them as permanent electives for a couple of years now.  Each of the courses lends itself to updates in the reading material, especially based on recent or current events.

But for the students the challenge is in learning how to have a conversation about certain types of risk, how to make an individual assessment and then provide recommendations for a course of action.  We use a couple of different kinds of skills in class:  discussion among peers, facilitated discussions, presentation by example (myself, themselves, and our guest speakers); and writing for an executive audience.

Along the way, we've had to deal with what it means to be present and contributing in class as a seminar member.  I ask that students listen respectfully, with their laptops turned off, to the presentations.  There are so many challenges for their attention, or for my own, that many of us who teach have reverted to showing them studies of how much more effective it is to take notes by hand rather than on the computer -- assuming that what you were doing was taking notes rather than (for example) checking Facebook or Twitter.

There is so much pressure on students to do well that I think it's also important to stop and smell the roses along the way when you can.  Today we're discussing a variety of articles,  including several that purport to explain behavior, of both rogues and executives.  What happens to the calm, rational process of decision making when you are under pressure?  Do you take bigger risks or do you take the most cautious approach?  I think you'd be surprised at what some of the studies say.