Lootok

Menu

What's new?

Snowflake Syndrome: when should we be unique vs. boiler plate?

One of the challenges we have in risk management, crisis management, and security management is striking a balance between customized and standard solutions. Customized solutions and approaches tend to be more expensive now (implementation) and later (maintenance). However, customized solutions resolve specific requirements. Standard solutions tend to be cheaper, but we don’t get exactly what we want. Our challenge is balancing requirements and spend to get the most out of our budgets.

When is good good enough?

Jeremy Stynes, Lootok’s CCO / CTO, has coined a term he calls Snowflake Syndrome. Snowflake syndrome is when someone believes that they are so unique they demand special attention and design - but reality is ... they’re not special. They believe their project/initiative/program is one-of-a-kind, a snowflake. The challenge of the Snowflake Syndrome is rooted in people’s mental models. People can suffer from the syndrome when they confuse their personal uniqueness, or desire to be unique, with the organizational program they are responsible for. It can also come from working in organizational environments that lack standardization and procedures; therefore snowflake solutions are everywhere. It is easy to believe you are a snowflake when everything and everyone around you is a snowflake. Snowflake thinking can lead to overly complex (unique) design and processes. Anytime we see inconsistent design or costly overruns the snowflake syndrome is close by.

Snowflake
Snowflake syndrome

Read Post

Lootok’s 8Rs™ of Resiliency: easy and effective model to communicate, employ, and remember

When working with the masses [end-users; not experts in risk management, business continuity, crisis management], I find it beneficial to present clear, concise, and concrete packaged solutions. People need guidance and structure to help them think through problems and build effective plans. This is one of the reasons Lootok created the 8Rs™ of Resiliency. The goal the 8Rs is to reduce uncertainty, simplify complexity, structure thinking and dialogue, build common ground, and establish preparatory activities. The 8Rs facilitates planning with a plan as the end deliverable (i.e., plans are the byproduct of planning). The 8Rs are designed to provide people with a set of options they can employ to continue operations under various threats and timelines. The 8Rs™ of Resiliency comprises of the following:

  1. Relocate - physical moving assets (e.g., people, technology, equipment) to another location
  2. Reassign – transferring processes (i.e., work) to another location
  3. Repair / Replace – capabilities in place to fix the problem at time of event
  4. Reinforce – fortify, strengthen, assets to tolerate greater impacts and occurrences
  5. Replicate – simultaneous production (i.e., processes, technology, work) at two locations [duplication]; active-active
  6. Redundancy - extra capacity and inventory
  7. Risk Transfer – shift risk to other entities through insurance, contracts, and risk pooling
  8. Relinquish – do nothing [e.g., too cost prohibitive]; risk acceptance strategy
Lootok's 8Rs™
Lootok’s 8Rs™

Read Post

Should global organizations have a global security operations center (GSOC)?

“How did you go bankrupt?”
“Two ways. Gradually, then suddenly.”

- Ernest Hemingway, The Sun Also Rises

I was working with a head of risk management—the chief risk officer—at a global organization that does not have a GSOC. One night over dinner, I asked him why his organization didn’t have one, and suggested he spearhead the initiative. His response? “I’m not convinced we need one. The organization has always operated without a GSOC, so why start now?” He also said, “The reality is, we’re already doing it here and there. The system works fine. Let people do their thing.” Something that seemed so obvious to me and so unnecessary to him left me on the defensive and him on offense.

The reality is, if you’re a global organization, you need a GSOC—or some version of it. If you don’t have one, you will need to communicate the severity of the situation and get one. Allow me to illustrate the need for such capabilities so you can justify the business case to your leadership and board…

GSOC

Read Post

Lootok is looking for a gifted Senior Technical Project Manager

Lootok workspace
A glimpse into the Lootok workspace

About

Lootok is a branding, consulting, and technology firm. We help companies develop and grow their risk management programs, so that they can respond to incidents with grace and without business disruption. From hurricanes to workplace violence to product recalls, Lootok is there to help.

We are seeking a senior technology project manager to join our small, but mighty, design and development team in SOHO (New York City). In this role, you will manage the full lifecycle of our SharePoint projects, from specification gathering to launch and maintenance.  We are not creating run-of-the-mill SharePoint sites, rather unique, usable, and impactful online experiences. 

You will report directly to the Chief Technology and Creative Officer. Composure and professionalism will be essential, since you will work with Fortune 100 clients and manage teams of internal and external resources.  We are looking for a detail-oriented, smart, and communicative teammate who understands the value of a phenomenal user experience and who knows the processes, planning, and resources needed to deliver such an experience. 

Lootok is a fun, growing company that believes in promoting a positive working environment and healthy employee lifestyles. We hire talented, down-to-earth people who thrive on doing great work. Divas and Divos need not apply.

Required skills

  • Bachelor’s degree in Computer Science, Information Technology, or a related field
  • 10+ years of technology experience including requirements management, analysis and design
  • 7+ years of project management experience (full project life cycle management) related to business software or system integration projects (packaged and custom developed)
  • Project delivery success on collaborative efforts working with outside vendors and other business partners
  • Demonstrated ability to look at wireframes or designs and breakdown tasks, create timelines, and manage a team of internal and external resources to efficiently develop software solutions on budget
  • Effective communication, presentation, and interpersonal skills, including the ability to articulate risks and issues and accurately analyze problems, explain solutions and present technical material to end users in a non-technical manner
  • Exceptional attention to detail
  • Microsoft SharePoint and Office tools proficiency with the ability to manipulate data for reporting
  • Experience managing remote resources
  • Various database, web design, and backend development programming skills such as: JavaScript, CSS, SQL, .NET preferred
  • Project Management Professional (PMP) certification a plus

Read Post

Lessons learned from Mayo Clinic - risk management is the organization’s immune system

Since starting Lootok, once a year I go to Rochester, Minnesota, my home State, to take my annual executive physical at the Mayo Clinic. It gives me a good reason to get back to Minnesota to visit family and friends, while maximizing my medical checkups. In just two days, more than fifteen doctors evaluate me. Risk management shares many similarities with the medical field, and it’s where you find the best analogies and metaphors. I wanted to share few of the insights I have gleaned over my time at Mayo.

Risk management is analogous to the immune system. It is not a thing or part. It is a system that co-exists within other systems that must properly function with a larger system called the organization | organism. You cannot just fix the immune system, buy it, or expect miraculous resiliency overnight. The immune system must be earned, strengthened and maintained every day. You need healthy habits, positive attitude and healthy living and work environments, proper planning and long-term vision and dedication, so forth. Risk management works the same way. Risk management also has the same challenges as our immune system: we don’t think much about it until something goes wrong.

Immune system
Immune system

Read Post

Does a centralized crisis management structure make sense?

My colleague Christopher Rivera attended an inter-agency exercise where he had a few heated discussions on the topic. He argued in favor of a decentralize model with centralize support (Lootok’s philosophy), whereas a number of his colleagues at the table argued for dedicated central crisis management team that did everything. His colleagues at the table believe in Power to Center, where Lootok believes in Power to the Edge.

The desire to centralize is our natural predilection to try to simplify things and codify procedures to create predictability and reduce errors. The problem with Power to Center, an autocratic centralized model, is that it requires control, prediction, time, and universal knowledge of everything. Unfortunately, control is not possible in complex adaptive environments where there are many independent actors. Control requires prediction as well adequate levers of manipulation. Both requirements are in little supply in the crisis environment. Time is always working against us in today’s global 24/7 environments. In global organizations, knowledge of the local environment and threat effects are necessary to be able to optimally manage and respond to a spectrum of threats. The centralize desire to take the human element out of everything, which is the most important factor in the equation, is almost irresistible.

In complex environments, orderly processes and centralized decision making are ineffective. We also can’t codify a set of procedures for a nonlinear complex event because we have to take the context into account. Independence and improvisation are essential. Decentralize structure (local, country, regional) works best when the threat is within the leadership command and control accountability and responsibility.

Centralized structure
Does a centralized crisis management structure make sense?

Read Post

Disaster Recovery for America interview on the Federal News Radio

I appeared on Federal News Radio and shared my thoughts on new approaches to risk management and how to develop an effective approach to business. You can stream the recording for free here: Interview with Sean Murphy

Look forward to hearing your thoughts and comments!

Sean Murphy on Federal News Radio
Sean on Federal News Radio

Read Post