Month: July 2023

Anthropology, Cognitive Psychology for IT Innovation

Do I need to understand psychology and anthropology to become an effective IT innovation office?  The answer is “YES” according to Gartner’s article titled “Meeting the Information Needs of the Chief
Innovation Officer in 2023 ”

I can think of these two areas that can be benefited from understanding psychology.

• User Experience (UX) Design: The principles of cognitive and behavioral psychology can be applied to design user interfaces that are intuitive and user-friendly. For instance, by understanding cognitive biases and decision-making processes, designers can create systems that help users make better decisions, avoid errors, and navigate more efficiently.
• Motivation and Engagement: Behavioral psychology can provide insights into what motivates people to engage with certain technologies. These principles can be used to develop systems and applications that increase user engagement, such as gamification elements in a productivity app.

Also, I believe anthropology provides a rich understanding of cultural dynamics, which is critical when designing technology for global use, such as:

• Understanding User Needs: By studying various cultures, companies can understand the different needs, preferences, and behaviors of users worldwide. This understanding can lead to the creation of more relevant and effective products and services.
• Cultural Sensitivity in Design: Anthropological research can ensure that technological innovations are culturally sensitive. For example, color choices in an application can have different connotations in different cultures. Thus, anthropological insights can help in making design decisions that are globally acceptable.

OK,  now we jump-start our innovation journey with useful tools. Then who is with us for the adventure? This article helps us to identify six different innovative people types:

Navigator(Strategist)  Navigators discern which technologies are crucial for the company, focusing on understanding current and future business processes and architectural plans.

Scholar(Pinoeer): Scholars tend to push the limits of new technology capabilities, often introducing fundamentally new solutions.

Responder(Validator): Responders ensure a technology’s maturity for deployment and support its first-time use within the company.

Counselor(Influencer): Counselors promote technology innovation through education and inspiration, primarily recommending technologies to top business and IT executives.

Conductor(Coordinator): Conductors coordinate and utilize the efforts of other groups within the company. They serve as centralized coordinators in decentralized organizations.

Pollinator(Mentor): Pollinators, or catalyst teams, stimulate distributed innovation within the organization, focusing more on coaching and mentoring nascent ideas.

If you ask me about the group I identify with, I would say, I embody 95% of the Scholar traits and 5% of the Navigator’s characteristics, residing in a world of endless possibilities next to Peter Pan’s Neverland.

Please visit me soon. I will order you a cup of “Rainbow Pixie Dust Parfait” 🙂

IT Strategic Planning: Chore or Creativity

IT strategic planning can be either an exciting intellectual adventure for a solution architect or it can transform into a routine, annual chore that merely involves patching up the gaps.

These three articles offer valuable perspectives to those making strategic decisions in the realm of IT strategic planning.

EA for IT decision-making: Enterprise architecture can be leveraged to strategically align business capabilities with technology investments. A key part of this is mapping key business capabilities to underlying technology applications and infrastructure services, enabling the business to emphasize agility in relevant areas and cost reduction in less dynamic/non-core areas. It’s a cooperative effort between domain-specific solution architects and broadly focused enterprise architects to yield optimal business outcomes for technology investments.

ITIL for decision making: Without a clear IT operating model with well-defined processes, roles, and accountability, the strategic guidance from enterprise architecture might not be consistently applied, leading to underperforming technology investments. This is where ITIL (Information Technology Infrastructure Library) and ITSM (IT Service Management) come into play. These methodologies can help to ensure that all IT activities are aligned, consistent, and predictable.

Data Analytic for Decision Making:

1. Increase Transparency: The “black box” nature of many analytics processes can contribute to mistrust. By making these processes more transparent and understandable, the CIO can help to build trust. This could involve explaining how models work, what data is used, and how decisions are made.
2. Build Ecosystems: By providing a 360-degree view of data and insights, the CIO can help stakeholders to understand and trust the analytics process. This might involve developing dashboards, reports, or other tools that make data and insights easily accessible and understandable.
3. Stimulate Innovation: Encouraging new ideas and maintaining a competitive stance can help to keep the organization at the forefront of D&A practice. This might involve setting up an analytics R&D function, encouraging innovation, and staying updated on latest trends and technologies.

Among the various strategies, my investment would be focused on data and analytics tools. These tools are not only vital for analyzing existing customers but also instrumental in discovering new customer bases and developing innovative products and services. By fostering a culture that encourages new ideas and emphasizes continuous development in data and analytics practices, we can ensure that our organization remains at the forefront of the industry, maintaining a competitive edge.

I like Gartner’s Toolkits. They have everything that I need and are well organized.

Gartner’s  EA toolkit typically refers to a set of tools, methodologies, or software used to create, communicate, and manage the production of these artifacts. The toolkit aids in modeling, designing, and visualizing the architecture. It could include software tools for diagramming, modeling, architecture repository management, decision tracking, and more. I was glad that I used some of the tools in that toolkit and they were very useful.

A roadmap is my preferred tool as a solution architect, even though it’s not mentioned in the toolkit. Importantly, it should have an appealing and compelling visual presentation.

Missing Pieces  Found

I knew something was missing and had to go back to double-check to make sure I was doing the right things. The first time when reading Gartner’s articles about Business Outcome Driven EA(BODEA), it really made sense to me, then started to ask what then drives the business and how it should be defined. These two articles are a prequel to BODEA. All the things that drive business should be captured and documented in the form of ‘business context’ so that business leaders are informed and agree upon strategic decisions.

This business context becomes a vital part of the architectural process as it serves as a reference point(the missing piece) for all strategic and tactical decisions. By creating a comprehensive business context(BC), business and IT leaders can gain a unified understanding of the business’ direction and be aligned with the path forward.

This process ensures that the EA’s efforts are directly contributing to the achievement of business objectives, thereby demonstrating the business value of the EA. It promotes improved collaboration, communication, and alignment between the business and IT, making the EA a strategic partner in driving business outcomes.

Two practical & personal reasons why BODEA should be based on BC

1. Promotes Skill Development: A business context-driven approach encourages enterprise architects to develop business engagement skills. Allowing EA team members to interface directly with the business context work promotes a deeper understanding of business drivers and facilitates better collaboration.
2. Prevents Incomplete Missions: Distinguishing between business context and enterprise business architecture (EBA) prevents misalignment between business and IT. Without this distinction, there’s a risk that business context work might be mistaken for a complete business architecture, leaving crucial “architecting the business” work unsupported and unaddressed.

Being unable to demonstrate business aptitude is the last thing I want as a solution architect.

Last year, I was looking for a new job. Since I have been CISSP & HCISPP certified with ISC2.org, the security architect position was to my attention. I found most of the JD shared similar requirements. For instance,

In Florida, Solution Engineer JD shares the same requirements.

According to this article, to hire the best security architect, I will have to

1. Define the Role Flexibly: Be adaptable in defining the roles and responsibilities of the security architect position. This can help me attract a wider range of candidates.
2. Prioritize Requirements: Distinguish between must-have, nice-to-have, and wish-to-have skills, competencies, knowledge, and experience.
   • Must-Have: It includes baseline competencies and knowledge needed to fulfill the security architect’s primary responsibilities.
   • Nice-to-Have: These are desirable but not necessary qualifications. They often involve additional years of experience or certain certifications.
   • Wish-to-Have: These are special qualifications that may justify a higher compensation package. It might include specific industry expertise, knowledge of certain regulations, or hands-on experience with specific security tools.
3. Rethink Requirements: Avoid overly ambitious requirements that might be hard or impossible to meet.

In a conversation with a CISO of a healthcare service provider, he highlighted the difficulty in finding individuals with the courage to testify before FBI officials. The most challenging aspect isn’t always the threat itself, but ensuring the security and confidence of the people we protect, particularly when they start to feel insecure.

In my opinion, all threats are uncertain.  There is no telling when or where they will arrive.  According to this article, they are :

1. Nascent: These threats are usually associated with emerging technologies that are not yet in widespread use in production environments.
2. Hyped: Hyped threats suddenly gain a lot of attention, often based on anecdotal evidence. They might be real, but the individual attack examples can distract security leaders from the underlying and longer-term work.
3. Emerging: As business practices and technologies evolve, security teams trail behind lacking strong preventative controls and detection and response capabilities for these new technology threats.
4. Latent: These threats are under the radar for most organizations, under the assumption that attackers will exploit easier approaches. They are categorized further into:

Particularly, I was interested in “Latent Threats(LT)”. They are hard to predict since they are non-technical and have their own stories. Two of the  most common  LTs are:

1. Nontechnology threats: These are threats that arise from assets, events, and behaviors that the organization has no direct control over. The article mentions the shift in work practice as a change that might impact how these threats affect enterprises.
2. Employee Activism: This might initially seem irrelevant, but the internal dynamics of employee and customer activism can seed improved or malicious employee activity.

I will have to continuously update threat intelligence and internal controls to mitigate both uncertain and latent threats, with a proactive, adaptable approach ensuring resilience amidst evolving threat landscapes.

In other words, my adaptability is the key to opening the door to look inside the room of uncertainty.