I had the privilege of sitting down with Mica Endsley —author of Designing for Situation Awareness: An Approach to User-Centered Design. Mica is the president of SA Technologies. Previously she was the Chief Scientist for U.S. Air Force.

Mica shares with us lessons learned from her book—Designing for Situation Awareness. I asked her nine (9) questions to solicit her thoughts on situation awareness, technology, and mental models.

Read Post

Read Post

Read Post

Read Post

One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.

When is good good enough?

Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.

Read Post

I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy

Look forward to hearing your thoughts and comments!

Read Post

Chris de Wolf (Mars) and I got back together in April at the RIMS’16 conference for an overwhelmingly well-received session where we talked about transforming the risk function from a program to a business.

“Shaking up the Status Quo - Innovations in Risk Management” gave us the opportunity to tell the story of how we reinvented risk management - business continuity. Long story short: We were looking for a better way.

Read Post

What’s the biggest challenge in risk management? If you ask risk analysis expert Yossi Sheffi, it’s the lack of an industry metric. For example, when you choose a supplier, how can you quantify how risky your choice is? When it comes to metrics, Sheffi says, risk still remains an area where gut feelings and opinions play a major role. And the biggest challenge for risk managers? Defuse the responsibility for managing risk throughout the whole company.

Read Post

Risk analysis expert Yossi Sheffi discusses two fundamental resiliency strategies that organizations can use to recover from an incident: redundancy and flexibility. Using the examples of Intel and Southwest Airlines, Sheffi talks about the role of redundancies, flexibility and interchangeability, and communication and culture to provide risk managers with realistic and practical approaches to consider.

Read Post

Risk analysis expert Yossi Sheffi explores the capabilities and limits of the traditional risk matrix, and adds another axis called “detectability.” Detectability has to do with time dimensions, or how much time we have to prepare and react to a threat. There are some events, such as a cyberattack or theft of intellectual property, that have no warning; you realize their occurrence only after they hit you. While the standard use of the risk matrix is influenced largely by the past, adding detectability means greater opportunity to tackle impending threats.

Read Post

What happens when we’re in a crisis we haven’t seen before, and our experience is insufficient? Such a situation requires us to gain “insight,” or develop new patterns that change the way we understand things and consequently, change the actions we consider. Research psychologist Gary Klein investigated the different ways that people form insights, and the factors that prevent us from having them.

Read Post

There are certain challenges that face a crisis management team in the “Golden Hour,” the moment when team members convene to make critical decisions. Research psychologist Gary Klein discusses the need for team members to size up not only the situation, but also each other’s capabilities, roles, and responsibilities at time of event. That’s why it’s key for a crisis management team to regularly practice and train together.

Read Post

How do most organizations handle uncertainty? They gather more information. Research psychologist Gary Klein explains why this isn’t always the best course of action. After all, it’s easy to gather information and sit on it; it’s harder to know how to make sense of events, and make a coherent story based on the data we have.

Read Post

How can leaders make good decisions under the extreme time constraints of a crisis? To find out, research psychologist Gary Klein studied fire fighters to understand their approach to making crucial, complex decisions so quickly. The recognition-primed decision (RPD) process, as he explains, reveals how these professionals assess the situation: they compare familiar patterns and cues to past experiences to know which actions to take.

Read Post

The risk matrix is a standard tool commonly used in risk assessments. It’s straightforward to use, and easy to explain. The only trouble is, the risk matrix doesn’t actually forecast or measure risk.

When used as a quantitative tool, the risk matrix is misunderstood. Our challenge as practitioners is to recognize the limitations of the risk matrix, so we can use it in a way that increases understanding of the threats around us. In this eBook, we explore how.

Download The risk matrix measures risk, the third myth in Lootok’s series on the five myths of business continuity management (BCM)!

See Myth #1: The plan is the promised land.
See Myth #2: You need a business impact analysis (BIA).
See Myth #4: It gets cheaper and easier.
See Myth #5: Best-in-class BCM software exists.

Read Post

I had the pleasure to interview Gary Klein the author of “Seeing What Others Don’t,” “Streetlights and Shadows,” “Working Minds,” and “Sources of Power.” His research and experience is invaluable to anyone in the field of risk management. In this interview, Gary talks about the difference between a well-ordered domain (i.e., normal business environment) and complex domain (i.e., crisis environment). Understanding the characteristics and attributes of each environment is critical to understanding what tools, processes, and capabilities needed to be successful in each environment.

Read Post

Dr. Yossi Sheffi, author of “Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage,” discusses two of his favorite crisis management case studies with Sean Murphy.

Read Post

Sean Murphy discusses the limitations of plans with renowned author and research psychologist Gary Klein.

Read Post

Lootok has three methodologies that drive our operations: Activity-Based Collaboration™, The Lootok Demand Model™ , and Get Ready, Stay Alert, Take Action™.

Read Post

Hurricane Sandy is the largest hurricane to ever form in the Atlantic Basin. Along its path, 253 people were killed in seven countries and total damage resulted in over $65.5 billion. How does superstorm Sandy compare to major disasters from last year?

Read Post

$18 billion dollars. That’s the number estimated in damages caused by Hurricane Sandy just in the state of New York alone. With the unexpected turns that transpired amidst the super storm, all businesses were reminded of the importance of business resiliency.

Given the vast amount of information presented to-date, it is still very important that the financial sector revisit the surprises from Sandy to ensure that critical financial services are better protected. A team of experienced BCM advisors gathered the recommendations in the accompanying table from industry thought leaders in leading global financial services companies to learn from their perspectives.

Read Post

Dr. Yossi Sheffi explains the “detectability axis,” which considers threats you can only detect only after the fact. This concept challenges our conventional methods of measuring risk using probability and impact.

Read Post

This video for the Homeland Security Business Continuity Planning Suite communicates core business continuity concepts and highlights the benefits of planning. In just a few minutes, the video manages to cover a variety of disasters including a loss of power, hurricane, fire, and a human threat. It’s perfect to use for kicking off a planning workshop or meeting, or circulating to department leads or plan writers to increase their awareness.

Read Post

More and more, successful organizations are realizing that a meaningful “customer experience” involves the co-creation of a product.  What does co-creation look like in business continuity?

Read Post

When it comes to risk perception, we are notoriously prone to misconceptions. Whether fearing planes over bikes or elevators over stairs, we have a tendency to misjudge just how dangerous certain situations are.

Read Post