Wednesday, July 1, 2015

Personal risks and rewards

When I teach operational risk courses, I try to stress that life (and business) is full of risks; and that taking risks with confidence moves you forward, whether you are a family or a business firm.  I had a chance last weekend see that premise manifest itself exactly.

Some of you know that I was born in a small town in Northern Iowa, our family of four part of a larger interwoven group of four Irish Catholic families residing among Scandinavian Protestants.  My great-great grandparents had emigrated from Rathkeale a week after being married in 1861.  My grandfather ("TJ" Hayes) was born in Illinois, but moved to Iowa, where he farmed, bought and sold horses, and raised seven children with his wife, Anna Quinn.  Each of these large moves, from Ireland to Illinois, and from Illinois to Iowa, brought forward momentum and better lives.  Though TJ's grandchildren and great-grandchildren have scattered to many parts of the world, 80 of them returned to celebrate their history and close connection at my cousin Jim Hayes' amazing home in Iowa City this past weekend.  This is the eighth such five year reunion that Jim has hosted, which makes it 40 years old.  He spoke movingly of the four families whose lives intertwined from those first days in North Central Iowa:  the Hayes family, of which I am a member; the Morrissey family, connected through Jim's father's marriage to Alice Morrissey; the Newman family, connected through my Aunt Teresa's marriage to George Newman; and the Barrett family, connected through Nita Morrissey's marriage to James Barrett. 

This photo is blurred but will give you an idea of the volume still present of those four families on this earth.

There are roughly 80 of us in the photograph.

Here's one of the first cousins at the reunion.

Again, a blurred photo, but you get the idea.  These are relatives I have known my whole life.  Each of them has extended the momentum started so many years ago back in Ireland.

Finally, for historical context, I wanted to show a circa 1930 photo of TJ and Anna and their children, some of whom had already married by this time. 

 My mother, Margaret Cecelia Hayes Sowers, is sitting fourth from the right in the first row.  Her father TJ is sitting front row sixth from the right.  My Uncle Jim Hayes, father of host James P. (also Jim) Hayes is first row on the left. Grandma Hayes is middle row, second from the right.

I come from generations of risk takers, each finding its own personal rewards in lives well lived.  It probably explains to some extent how I ended up at this point in my life as a risk detective and as a university lecturer on ethics, policy, law and risk.

Wednesday, June 24, 2015

Influencing the next generation of risk managers

We've had a busy spring, with cyber hacks continuing to hit not only the private sector  but the government as well.  The most visible breaches took place at two health insurers -- Anthem in February and Premera Blue Cross in March -- and the federal government, where what looked like one breach in the Office of Personnel Management that was detected this spring has turned into at least two large breaches, the other being of security background check information that has evidently been going on for some years.

I spoke last week at SecureWorld Portland, covering some of this information, but mainly to show how to present requests for cyber project funding to executives and to boards.  That engagement came just after the end of the University of Washington academic year.

This summer, we've got a couple of large projects on the ASA side to take care of.  The first is an upgrade of the ASA website, to better reflect the proportion of time I'll be spending over the next years on research and publishing, with a lesser emphasis on consulting.  We've also got a third volume of the Reflections on Risk series to publish.  And I'm trying to put together my speaking calendar for the next year, especially those portions that involve travel.

I become a full time lecturer at the University of Washington's Information School in August.  I'll be developing syllabi for two new (for me) courses I'm teaching this fall.  The first is the mid-career graduate course called "Foundations of Information Management."  The other is my first foray into teaching undergraduates, in a course called "Enterprise Risk Management."   I am really looking forward to both, since it will give me a chance to review and tweak my two graduate risk courses at the same time.

Part of my work at the university involves committee service, and I look forward to work on enhancing the Master of Science in Information Management (MSIM) program offerings. Here's a photo of me with several of my mid-career students in academic regalia at the iSchool Convocation 2015 program in Meany Hall.

  Left to right:  Andrew Magnusson, Matthew Christian, and Kenny Lee.

I am proud of all my students.  They are the next generation of risk leaders.

Thursday, May 21, 2015

ASA is six years old

ASA Graphic Designer Jesse Brown
Me and my closest advisor, Lauren Du Graf, wrote all the content for the site, found and furnished the ASA office, and double checked all our perceptions on what this website should be between May and July.

First and Union website developers: Sherry Stripling, Rick New, Molly Martin
My friend Fred Pursell told me that it takes six years to establish a consultancy, and it appears he was right.  After a month long train ride around the country to spend time with friends and decide what I wanted to do next, I filed for articles of incorporation for ASA in May of 2009.  The percentages of my time allocated to various parts of the firm have varied these past six years, but never the two sides of the company.  There is the advisory side of the firm, where we consult with clients that are part of the nation's critical infrastructure; and there is the research side of the firm, including the ASA Institute for Risk and Innovation, that includes publications, public speaking and advocacy and, in some cases, lobbying on behalf of legislation or public policy.

I've really never looked back.  And while I am cutting back on the advisory side of the firm in order to teach full time at the University of Washington starting in August, my interest in how firms behave, in how they practice risk management, and in information-sharing between public and private sectors is still unabashed.

 Carpe Diem!  I can't wait to see what the next six years will bring.

Thursday, April 30, 2015

Bright spots

I read recently that sugar reduces the amount of cortisol your body produces under stress.  It makes perfect sense when you think about it, and before they even ran clinical trials -- but based on the last several weeks, I would say that the world gives us more reason than ever to produce the cortisol.

Whether it is the catastrophic earthquake in Tibet and the loss of both human life, property and cultural heritage...or the devastation in Baltimore, a byproduct of an anger that has been festering for years...or simply personal challenges we all face in our work every day, we need to reduce the cortisol. And there are no easy solutions.

I have found generally that doing what I love evens most other risks (including cortisol) out. I love sharing what I know with others, so being a guest luncheon speaker for the Washington Association of Continuity Planners (ACP) gave me back energy when I spoke on leadership and professionalism.

Earlier this week, I led a panel discussion on "Access, Privacy and Information Risk" for the iSchool's iAffiliates Day, held this year most appropriately at the downtown branch of the Seattle Public Library.  My panelists were high bandwidth and compelling -- Jim Loter, who is the director of IT for the library; Bryce Newell, working on his PhD in the iSchool, who discussed his work with body cameras, public disclosure and Washington State Law; and Aaron Weller, director of privacy and security in the Pacific Northwest for PriceWaterhouseCoopers.  You know that it has gone well by the count of hands in the air to ask questions.

Now I'm getting ready for another kind of thrill -- today's guest speaker in my advanced risk seminar is Mike Howard, Chief of Security at Microsoft.  He's had at least two other professional careers before he arrived at Microsoft, and they play continuously into the work he does globally now.  He is a well-known and respected speaker inside and outside security circles on topics of leadership and policy.

"In the zone."  "Doing what you love."  Both good recipes for cortisol reduction.  Find those bright spots.

Thursday, April 16, 2015

Keeping It New

One of the challenges I face in teaching carries some risk.  That's the challenge of keeping the content refreshed, and bringing the same level of excitement each time I teach the course.  I first taught each of my operational risk courses as "special topics," and have been teaching them as permanent electives for a couple of years now.  Each of the courses lends itself to updates in the reading material, especially based on recent or current events.

But for the students the challenge is in learning how to have a conversation about certain types of risk, how to make an individual assessment and then provide recommendations for a course of action.  We use a couple of different kinds of skills in class:  discussion among peers, facilitated discussions, presentation by example (myself, themselves, and our guest speakers); and writing for an executive audience.

Along the way, we've had to deal with what it means to be present and contributing in class as a seminar member.  I ask that students listen respectfully, with their laptops turned off, to the presentations.  There are so many challenges for their attention, or for my own, that many of us who teach have reverted to showing them studies of how much more effective it is to take notes by hand rather than on the computer -- assuming that what you were doing was taking notes rather than (for example) checking Facebook or Twitter.

There is so much pressure on students to do well that I think it's also important to stop and smell the roses along the way when you can.  Today we're discussing a variety of articles,  including several that purport to explain behavior, of both rogues and executives.  What happens to the calm, rational process of decision making when you are under pressure?  Do you take bigger risks or do you take the most cautious approach?  I think you'd be surprised at what some of the studies say.

Monday, April 6, 2015

Is it possible to manage our privacy?

 I apologize for the long interval between my last post and this one.

Those who've read Advice From A Risk Detective already have a good sense of what I advise in terms of your online privacy.  But here's a short piece I wrote for a Seattle magazine, The Connector,  that hits the high points.

Thursday, February 5, 2015

We are the architects of our city -- creating the City of Seattle's Disaster Recovery Plan

Last week, students in my risk seminar heard from UW seismologist Bill Steele, in particular about the Cascadia subduction zone we live in, including what advance planning and management of risks associated with a major earthquake can be done in advance.

This week, students will hear from Erika Lund, who oversees the City of Seattle's Disaster Recovery Plan, which is an entirely different framework from which to view a disaster.  Among the questions asked of  the Executive Advisory Group, to which Mayor Ed Murray appointed me, were:  how will the Seattle community handle short and long term recovery efforts?  How can we return our economy, education system, social service network, and other vital aspects of our community to full function?  How can we use a disaster as an opportunity to rebuild our community better than it was before? Who is responsible for making such decisions and with whose input? How and when will they be made?

Erika will describe the planning process today and talk as well about the identification of the core values that are a part of the plan.

Someone asked me yesterday if I don't find the world a very depressing place.  I answered that I do not, in part because of inspired work like this, and the people who give their time to do it.