Courtesy of Tupperware Brands' Lee Bailey below is a transcript of his speaking session on 'Enterprise Architecture: Leadership Perspectives' to Build a Thriving Enterprise that took place at Enterprise Architecture Live.
Enterprise Architecture: Leadership Perspectives
Next speaker. Leave Bailey, who joins us from top away brands who are probably one of the few truly ubiquitous organizations on the planet.
I doubt there's a household anywhere does not have a piece of chalk where, either in their, in their home or in their organization right now.
If you could switch on your camera where it is, that would be very much appreciated.
Lee has spent most of his career so far, leading Cybersecurity change and initiatives for a range of wellness organizations, obviously, including his current position at top.
Well put from ABC, Fine Wine and Spirits and Lockheed Martin.
This role includes introducing solutions while flying aye.
Companies to foundational advance cybersecurity, solutions while deploying and galvani Enterprise resources. Having spearheaded numerous complex program initiatives is none to remind people change systems, programs, and technical resources to advance the company, Vision and Mission.
His track record demonstrates continuously to delivering results for these organizations. so with no further ado with a great deal of pleasure, please let me hand you over to Lee. Lee, over to you.
Thank you very much.
I'm going to start sharing my presentation and turn off my webcam here so that you can focus on the presentation.
Alright. Awesome. Definitely great to see our habits of 15 people here on the call with us. Thank you very much heavily. We'll get some more people filtering in.
This topic is Enterprise Architecture and nothing new for you all. And when you think about that bio, definitely a lot of you all are doing all the same things. You're putting complicated systems into place, and you want to make sure, from an architecture perspective, it all fits together well, so that you're not having to re-invent the wheel later on.
And this particular presentation is we focus more on the business and security side of things. How do we go through and align our architecture with business models, making sure that we are, and then also making sure that the security and privacy pieces are tight. And that's our focus.
If we go through and move on through the slide deck, and please feel free to ask questions as we go through and put them into the chat window, and I will do my will, we'll get over to those as they come through.
I believe that we have our moderator, Who's got Brian is going to help us make sure we get to all those questions.
So the first question that I want to make sure folks know is, who is this guy?
Why is he said he YC up? You're talking?
And so, my background, people seem to It's interesting.
I had a chance to start my career in retail and I did some leadership while I was in the retail world moved into the Marine Corps here in the United States, and then moved into pastoral ministry. So I've seen multiple sides of leadership and multiple sides of processes.
And one of the things that I guess, if you look at this, and you think, What my values as a professional, it's about service retail, It's about discipline, Marine Corps, and it's about leadership and making connections, and that's the pastoral ministry piece. And that's been consistent. And so as you all are going through the architecture side and developing relationships and making sure that whatever architecture is being put in place, you have to build those relationships. And you have to have the discipline to make it all happen. And you have to have some customer service to make sure that you're keeping all of those needs met. Well, as you put everything together.
And as I've been exercising those values to Lockheed Martin. Lockheed Martin, if you're not familiar, Volleys, when I was there, was 130,000 people, global company, mostly defense. And so from that perspective, everything was super secret hush hush.
And we had an opportunity to put some amazing technologies in place and to fight some very interesting cyber battles along the way to really a great experience, great learning opportunity. That's when I came into IT and security. So to grow up through the ranks and Lockheed Martin was always outstanding and to get to know where the architects they have there, was also phenomenal.
I wasn't able to take all of that great experience over Lockheed Martin to then bring it into a retail environment with ABC, fine wine and spirits.
ABC Fine Wines Spirits is a locally, owned, here in Florida, owned and operated business. They focus on selling cigars wines, beer.
And that's that their world. They've got about 120 stores here in the State of Florida.
And so, as we, that was a major shift, Right.
And you go from Lockheed Martin, extremely risk averse to ABC fine wine and spirits who has a more aggressive risk posture. And so, going through and rightsizing all the processes and policies. It was, it was a challenge, but it was fun and help to move me into where I'm at today with corporate brands. Because again, in a retail type of environment, some additional considerations with with Tupperware being global, we've got privacy to work through. We have a manufacturing, we have distribution.
We have all of those pieces, all the e-comm, some of it's similar pieces with ABC.
And all of that has to be protected.
Protected and from a privacy perspective, primary privacy perspective and make sure it's being taken account account report.
And so definitely have a lot of real-world experience in this subject to look forward to sharing some lessons from a leadership perspective, and also from a security privacy perspective.
To add certifications, absolutely, won't bore you with them.
Do I coach other professionals? Yes, I do. I love being part of an organization called ..., which is a site for information management.
I have an opportunity to talk to people, help them grow their businesses, grow their practices, love it.
Do I get back to the community? Yes.
Sometimes, just by going and participating a stem events and helping students who are in the high school, the range of life, to figure out what, do they want to do, an IT when they grow up. And that's rewarding.
But also teaching at a local college and helping people who are coming up through the ranks to become either cyber, or becoming tech IT people to know what to do next, and to make sure the positioning themselves to be best place in the job market, it's a great way to give back. And so, if you're, if you have an opportunity to do it, I encourage you to. It's been super fulfilling.
And I all work, and no. Play, Maybe. I do.
I do, may work, as you know. Many of you know, you're putting a lot of hours to go through and to do the right thing for the company, And at the same time, you probably have some other things you do outside of the home that's not necessarily play. But at the same time, I do still spent a good amount of time with my family. I have a wife, I have to miniature Schnauzer spend. We like to travel. So we do as much as we possibly can, and anytime that, you work, and play overlap, It's a beautiful thing.
I love music, I've played the ...
before, I'm a big, more like 70 days rock, but I also go through and, and try to broaden out to the newer stuff, too.
Ed Sheeran, Star Wars, definitely a Star Wars fan, you might tell by the Darth Vader helmet that I've got a full college play outfit, then I'll go through and sometimes where to those to the stem events to help bridge the gap.
And then, definitely, Disney and I live in Orlando, Florida Area Kissimmee, so about 20 minutes away from ... or so.
That's one of those things we do on the weekend for fun, when we feel like it, it's a tremendous blessing.
So that's the guy, That's the guy who's standing in front of you talking.
And we're going to keep moving forward.
What, I don't know if this is in the way, so, can you help me out for a minute, Brian, can you tell me, is the, this in the way?
The, I'm just gonna proceed somewhere in the white blocks, can you see my, my webinar?
We can see your presentation screen.
And that's it, fantastic, I want to make sure. All right, cool. Thank you very much. That was a technical glitch there, I wasn't aware of.
All right, so, from a business in architecture perspective, that's the focus of, the first part of the presentation, is business and architecture.
And, as you all know, as you go through the architecture world, you know, good designers can create normalcy out of chaos.
And then they have to go there and clearly communicate those ideas through organizing and manipulating words and pictures because we frequently have to go through and sell our ideas to leaders to get them to go through and actually buy in and get the funding to do it.
So that's what you are, Air forces, what you're doing, is how you lead through the change of making architectural level changes.
But one of the things that I look back over, my my career so far, and I say, OK, when I think about the architectures that I've encountered along the way, what is it. What is the most common theme, just big picture. Some of those common themes, is that, when I look back at the architecture, the architecture reflects the values of the company. So, for example, take a Lockheed Martin. Lockheed Martin has layers of architecture, they have a set of architecture for their super secret area. They have a set of architecture for their more public areas.
And then they have a another set of architecture for anything else that might be, you know, focused or point for a particular project.
And that, that design in and of itself goes through and reflects what that company does, it's their business model and how they make money.
And so, it's really interesting to look at that and go, OK, so this is a multi tiered architecture environment. It reflects the complexity of what they do, It reflects the complexity of their business model and it makes a lot of sense.
Now, in contrast, I look at ABC fine wine and spirits. So, ABC Final Spirits had a fairly straightforward architecture in the grand scheme of things.
We go through and we have our ... environment. We've got our ERP systems, we've got our security tools, We've got our ..., and once you've figured out how to go through and to blend those altogether, connect them, all that data compared to having your three tiers you've got one tier, and so that that model that, that ABC had, was very much reflected their Their simplicity really the simplicity of their model. To keep their business moving forward.
To be honest, at the end of the day, that business wasn't so much about selling products, It was more about the real estate and how the family was going through. And using real estate to go through.
And further, and, wine and spirits was really more of just a matter of how do we go through and maintain that real estate? Real estate and have a have a profitable business alongside with it?
So, again, reflecting that business model. And then at Tupperware. It's yet another monster. And when, I mean, what I mean by another Monster is, we have very just starting off very decentralized, so you have pockets of ERP. You have pockets of HR systems, pockets of all these other systems and they're just kind of scattered all over the place.
But it reflects that the organization, it reflects their culture that they were. They grew up very decentralized. Each market went through as the business needed to develop systems, to support sales, because at the end of the day, their bread and butter sales. And so each of these architectures reflects the values of that company.
So, I ask you, if you think about the architecture of the company that you're part of, what does it say about your company or you decentralized or you centralized?
Do you have multi peers, and because you're super concerned about secret areas, and not so much in other areas. That's an interesting conversation, and just in and of itself, to know what you're working with.
Question, I challenge you to ask about your architecture is, does your architecture that you have documented?
Does it reflect where you've been, or does it reflect where you're going?
And the reason why I'm asking that question is, because even now a Tupperware and with the organizations I've been part of guests that we have a set of documents that say, here's where we've been from an architecture. Here's where we are today, And it reflects where we've been, but then we have another set of documents and say, Here's where we're going.
So, the idea is that, right now, we're trying to bridge from the past to the future.
And so, I challenge you to go through and have a set of documents that help you to go through and to bridge that gap, and to be able to sell those ideas to your leadership team, if you don't have them already. If you're mature, I'm sure you have it already.
I'm going to move on.
OK, so when we think a little bit more about the business and how the business, what, From an architecture perspective, What I What I have striven to do as I look worked at ABC. And as I've worked at Tupperware, and even at Lockheed was to go through to create something that matched where the business was in its life cycle.
So if you think about the company that you're in, there's this, there's this book called The First 90 Days. And the first 90 days that your goal is to start your job and a new opportunity. when you're starting your job. What are the things you need to do in the first 90 days to be successful?
And the model that you operate in in this first 90 days, is finding out, if your company is in startup mode, is your company in sustainment mode?
Is your company kind of failing? and therefore it needs to go into re-alignment mode.
Or has it really failed? I need to go into turnaround mode.
And then if you've gone down to the other end, as you've gone to shutdown divestiture mode and During each of these phases, there's a different set of architectures that can go along with it.
And so part of the way that we as architects can go through and to stay ahead of the curve or leader, stay ahead of the curve, is realize where we're at as a business, and then be able to position, what does our next generation architecture look like to support where we need to be?
If we find ourself in sustaining success, what does that look like, and how is that different from startup mentality?
I'll give you a case in point. When I was working at ABC fine, wine and spirits.
I was challenged to go join to take the systems that we had and to rethink all those systems. As if we were a startup.
How would we go through and change the platforms that we were using?
How would we change the integration and connections that we were using to be a startup? So that we can be fresh and nimble with everything that we did.
And so, maybe there's some value to this mentality or this mindset.
The diagram, as you're going through and thinking about your diagrams.
And how you go through and position your architecture within your company.
And as a leader, I liked being a few steps ahead. I like knowing, OK, right now I'm in the sustaining Success model. But really I'm I'm re aligning.
And so as I realigned where do I want to be next? Where do we want to take the company to next?
And another example here is how I suspect several of you have been in the position to where you come into a company and you're at one level of maturity. And it's not as mature as you want it to be.
So you can either spend your time backfilling all of that maturity to get up to where you need to be.
Or you can say, you know what? We're never going to back fill this in a reasonable amount of time and dollars, or whatever your currency is. And so what we're going to do instead is, instead of aiming to backfill, we're gonna aim to reposition.
We're going to aim to leapfrog from point A to point B And if we're if we're aiming to leapfrog, and it's a different set of conversations, and it's a different set of connections and approaches to how to reach reach, gosh, schedule your infrastructure, your architecture, to make it work.
So I like this model, because it helps me to focus on where's the business at right now and how do I adjust my architecture and even individual system designs to work.
Let us build out.
Coming from Lockheed. Lockheed had a very mature set of processes already in place.
Whereas over the past seven or so years, I've either worked with companies or I've been part of companies where they've been taking a slow steady, slow steady set of steps to get to what I'm going to call an architecture review board.
So, if we go to this, this is some pinnacle of maturity, that we call an architecture review board. Or even, you expand that even greater.
There's usually a set what I've seen as a set of steps, and maybe you agree with me, maybe you don't. And I'm curious if you do, I'm curious if you don't.
What I typically see is the company, first they go through, and they introduce some change management.
So, on their, on their existing infrastructure, they say, Hey, we need to know when infrastructure changes are happening. We want to make sure that they get approved and follow a certain set of processes.
And then, once they go through and they have that change management on the infrastructure, then they go, hey, wait, there's some benefits here. We're now seeing it work.
We've seen that our downtime has reduced. We're seeing that. We know what's happening our environment. And we're able to communicate with our business partners and our business partners, appreciate the transparency. They appreciate knowing when something's gotta change so that they see that IT is on top of things.
Then they go, OK, well, now that we're seeing this kind of results with infrastructure, let's move this on to software development.
Until we start adding some change management, software development, we do version control. We start doing all the right things from an idle perspective, for software development.
And then we see the same kind of results. Hey, we're not seeing as many code breakages along the way. We're not seeing any have as much downtime along the way. Or if we do see downtime, we knew that it was happening during a particular window, and we were able to fall back really fast. Or we were able to correct it really fast, because we knew what was happening during that time frame, And all the researchers were on deck.
Instead of what used to be, where we were just going through and putting changes out there, and, and hopefully, the right people were available whenever the change was made.
And then we go from that change management of development into some type of a community of excellence.
And so when we start getting that, the architect, the system, engineers, they start talking and saying, hey, let's go through and make things better. How do we architect a better? So, better solution.
And then, then, that gets formalized, or caught codified into some type of a board.
There's sound at the steps that I've seen along the way.
How about you all? I'd be curious to know if you've seen similar steps along the way.
one of the quotes that has resonated with me as I was researching for this presentation was, now, if you truly want to understand something, try to change it.
And I suspect that many of you have seen this along the way that you've gone through, and you decided to change an architecture, try to change the system. And as you do it, you go through, and you find out, Oh, oops, I didn't realize that. That was happening.
And it's an opportunity for us to know more about the business, to be better aligned.
And it's also an opportunity for us to be better at leadership, managing change, but, yeah, if you want to truly understand and try to kind of change it.
The other piece that, as technologists that we recognize is that, we can go through and come up with a lofty architecture design, and say, that we're going to solve world peace with that, with our particular design.
But there's a, there's quite often a disconnect between what the business is thinking with the technologists are thinking.
And I love this diagram, because it's one that's, many companies are working through today, or have been, for the past few years, thinking about AI.
So, typically, a business person is gonna think about it from your data. Then, there's this box called Artificial Intelligence. And then there's this other bucket called Value, and, hey, if we can just plug in AI, then all of our data magically becomes value.
And that's to them, that's what it is. And I've had to run to that situation with ABC.
Find what Spirits and here are a couple of brands, of going through and helping those teams break this down and what I like to call it as Geeky Engineer. At Heart, I'm a geek engineer. I'd like to go things and take things and pick them apart into their component pieces and then manage them, roll them all back up into a solution that works for everybody.
And so, that's what we wind up doing. And you can see the complexity that really happens underneath that, that value statement or that AI statement.
But working at ABC and at Tupperware it has been a journey to go through and say, OK, here's here's where we're trying to get to, we all recognize that, here's where we're trying to get to, and now let's go through and say, all right, well here's here the pieces that need to happen. These are the governance pieces that need that, But here are the systems that you put in place. Here's the, Here's what clean data looks like. What do we want to be our master data set? And we go through and ask all an Agile, all those questions to help the business and the technology teams aligned and come up with the right solution.
And sometimes, that's just a matter of coming back to one of my favorite security phrases. And that's never let a good event go to waste.
And one reason that's been valuable to me is because it, in the data space, I've been sitting in places where they, they have one team, the marketing team, bringing one report that talks about sales numbers.
The accounting team brings another report that talks about sales numbers, and then you bring all this together, and the source system teams brings yet. Another report that talks about those numbers. And those numbers are different.
Sometimes, and maybe one sales report includes tax, another one doesn't include time, and then another one is excluding a certain amount of sales because it's return sales.
And so, they've come up with some kind of metric. That means, that means something to them within their department, but it may not give the right set of data up to the executive leadership team.
And so, as we're designing our systems, whether it's AI or whatever architecture we're trying to put into place, it's about making sure that, you know, we make everything magic.
That's our, that's our goal as Michael, when it comes to putting these systems together, I don't need my CEO or my, are my CFO to understand the magic of how all this works together. But there are just a few key points that I want them to understand. I do want them to understand, hey, there's some, there's some data massaging that needs to occur. We need to go through, and then you know, sort and filter this data in a way that makes sense, What do you want out of the data. So that I make sure that I deliver the right report with the right value.
So that, typically then what happens is that, once we have the right report, we start stripping off all those other reports. We don't need anymore. So it becomes death by attrition, and standardization by attrition.
As opposed to trying to kill things off proactively, which, which I didn't have as much success with, I've found more success with putting solutions in place and then migrating people to them. And then they need the other solution.
And then from a technology perspective, we talked about that.
All right, so let's switch gears a little bit. I'm going to put my, I'm taking off my my infrastructure architect hat, and I'm putting on my CSO.
as I put on my CISO hat, and think about security and privacy.
And one thing that I've appreciated is the willingness of each team to go, whether it's an infrastructure team, our privacy team, our legal team, to come to the table, and to talk about risk, talk about risk out of that particular system and what it means.
And so, if I were to offer you a baseline set of data checks, to be able to say, Hey, we've done a basic risk assessment on this solution, or on this architecture.
These are the baseline set of starting points that I encourage you to take.
one contracts, to what type of data do you have, and how much of it do you have?
And then three, what's the solution design? I mean, just super high level of super big picture, make it so anybody who, who gets a three point slide can understand it. That's it.
What are, what are my contract obligations and contractual commitments from our partners?
What's the data that I have?
Do I have PCI data, PII, Data, GDPR, data, privacy data, what kind of data do I have? And then the design.
And that's where, that usually the rubber hits the road and we get into the nitty gritty details of Visio diagrams or pick your your Diagramming platform.
So, what does that look like?
So, so in reality, if I go through, and I have a partner who's coming to me and say, hey, please, I want to put in a new ..., OK.
Well, who do you want to work with, And how can I want to work with company ..., So we're gonna work with company.
All right. We go through, we have those initial conversations. We make sure there's an NDA in place A non disclosure agreement so that we can share information and not worry about it going anywhere.
And then, secondly, we put the master services agreement in place, or whatever services or software needs to be there. And whatever SLAs need to be in place.
And then, along with that, they're usually legal requirements around uptime or, or even indemnity, or liability for solutions.
And so, that language gets massaged out in the MSA, and then the GPA, the Data Protection Agreements. It's going to go through and cover more than privacy items.
And I'm not sure if everybody here on the call is more on the US side, if they're more on the international side. But this has been a requirement from a GDPR perspective, and we're using it pretty much globally, whether it's ...
down in Brazil CCP, A here in the US, are even if it's P slash L, over in China or ..., down in South Africa.
So we're using the same methodology of the DPA to say, OK, are all the privacy boxes checked?
So the legal team comes up with the right contract and what they do is they add to it then append to it. This does that are all the security requirements met board. That partner, we're not at this point, we're not going through embedding the security of the solution. We're only betting the security of the partner.
And so as we've got the security partner, this is where the analogy I like to use this is a backpack.
If you come to me with a sock to or pick your, you pick your certification. Then you get more of a fat path. Now, and that works in a smaller company or a company that doesn't have any resources tied to it.
But, if I'm going to Lockheed Martin, that security review is going to be much more stringent. There's going to be a questionnaire. I'm going to do more due diligence to go through and to dig into each one of those data points, and there's probably more data points. Is this a safe and stable company? How long have they been in business? So, all that's going to tie into this this, a DPA and security process to make sure that we're doing our due diligence on the company itself.
And then, once we get past that contract piece, we know that we're dealing with a Safe and Privacy Aware company that is going to take care of us. We've got our confidentiality, we've got our integrity, and we've got our availability. That's the idea of the company and the contracts. Now, once we get past the contract phase, then we're taking a deeper dive into the amount of data that's there.
Because, for those who are where, you know that, once you know how much data you have, and what type of data you have, then you know how secure, or how, how much privacy concerns you need to address whenever you get into your, your operations and your solution.
And so, we define how much, and how much data's there, if there's PCI data, well, guess what?
Now, we've got not only the company standards to deal with when it comes to security and privacy, but then we have the, the piece PCI, payment card industry standards. If we're in Europe, and we've got GDPR even for us and have GDPR information than we know, we have some additional weekend, we're gonna have to follow, as well.
And defining that data, just need some type of a questionnaire. It doesn't have to be 20 pages. But it shouldn't be enough to say, Hey, here's the owner of the system, here's what the system does: Here's the data. Subjects involved. Are the employees?
Are the vendors, are they, in our case, Salesforce? Or are they customers?
And so depending on looking at what what data points are there, then it starts to navigate which laws apply. And how concerned you need to be with each of the requirements around privacy or security.
And then once you get, you have all that great data behind, you can then design a good solution, a solid solution, and address your key concerns.
Then ultimately, this gets this solution gets tracked, and what I typically do is I am actually borrowed from PCI. PCI requires that you guys can you have a Dataflow diagram, and that you have a design diagram.
And so, if I have a Dataflow diagram, which is a big picture, here's where the data's going from point A to point B, I've got my data inventory list that says, here's what types of data I have going from point A to point B Well, now I know OK, big picture, here's why I need to focus To Then I can go through and flip over to the design document. And then with that design document, I can then say, OK.
Here are the protections around each of these data movements around these stationary data objects, so it gives me the ability to go to drill in and to do a good objective review and to provide a right size solution to whatever, whatever design gets floated out there.
So, big picture wasn't trying to dive into all the details of the security and privacy, but wanted to give you a quick overview of that. There's three key things I look for. I look at contracts. I look at data, and I look at the overall design of the solution.
And then as I start to wind down, as I go through everything that I do, it's about the spirit of partnership, and this is why I focus it back onto leadership, because, again, if you want to make enemies, try to change something Woodrow Wilson.
And so in order to avoid making enemies along the way, because I've tried that approach of just ramming things down people's throats and doesn't work so well, I've tried being the office of no, that doesn't work so well, either.
And what's worked, the best for me is to develop partnerships.
I've found that, from a security and privacy perspective, the legal payment is a fantastic partner. Is their education involved? Absolutely.
On the technology side of things, I find that the tech, the IT people, my best partners, they get it. They understand that. And my job is to make their lives as straightforward, as simple as possible.
And so develop those partnerships.
And it's where I've come from. I've come from a situation where I've had to grow things small to big.
And I haven't had the luxury of coming into an organization and just saying, we're gonna go through and spend millions, billions of dollars. And we're going to just do this, right, right? Upfront, I've always had to go in step by step increments.
So if you find yourself in that situation where you have to go step by step increments, then start, just start, and you may have to start small.
But start and go back to that statement. You are failing to plan is planning to fail. Don't don't don't do it, don't do anything.
Don't not do anything, go ahead and do something, and start small. And that's why I was pointing to a little bit earlier. Those stair steps that pyramid design of where do you start at the bottom, moving your way up?
Start to introduce these changes, so that people see that the change is good, the change that we're implementing, we do it correctly within ourselves. And that was another aha moment for me at ABC, Fine wine and spirits. It was when I had gotten to the point where I took off just being the security person and I then became responsible for infrastructure as well.
That was one of those knighting moments where they go through and say, Leigh, you've done such a good job of making these changes happen? We trust you to do something more. We trust you to be responsible for more.
And that's my basic philosophy, is to start small.
Make it so that people trust you more and more, And then over the course of a year or two, you, hopefully, you've built your relationship. You've built your connections. You've built your partnerships. And with that, and you can continue to drive, you can push that boundary to do more and more, and definitely it, just about discipline trading as a project.
If I go through and know who my stakeholders are, need to be, and I knew who I need to go make relationships with.
And start building those relationships, and then communicating, here's the vision of where we want to go.
I need your help, when you help me are, Here's what I need from you, and here's what I need to buy and you do it, and then get their buy in and make it happen.
And then just manage the change.
I didn't put any slides in here on the, on a change management cycle, and when I say change management cycle, I'm talking about how change impacts people, not necessarily on change request cycles, but on how change impacts people. I love the analogy. But looking at changes, grief people go through, they start off, and they say, Oh, no, this is horrible, so they wind up down in the valley and they go this change stinks, and then you have to kinda drag them out of, that, this change, things, up to, This is OK, and It's all going to be OK. In fact, It might even be better.
And so, you get them out of the valley, you get them back up onto the mountain top into life as good again, but that's, that's a process that people have to go through. And I wish that we didn't have to go through that process emotionally, but we do. And that's what we wind up having to fight along the way. And, I don't know, fight, bites. A strong word, we have to go through and manage, we have to go to Shepherd whatever. Pick your term, where to go to manage that change along the way.
And then, my, my last slide for content, has to do with managing change again.
So there's another book, Switch.
And what I love about this book is it talks about how to manage change of behavior change.
And so, that, the analogy here is that if you've got a writer, you've got an elephant and you've got a path.
And when you think about people, people have an intellect, OK, the intellect here, your brains, your, your engineering smarts.
That's your, that's the writer, the emotions, that's your elephant, and then the path is the way that we do things.
And so your, your best bang for your buck is if you can go through and make the path down, down the road, you want people to go down as smooth as possible.
And you do that by going through and tweaking the environment, building habits, you can look in the bottom left-hand corner, and making sure the herd is onboard with it so that, you know, your different, if you're different than, that kinda helps to shape your path. People don't like being different, they like being part of the group.
If you want to go through and change the emotional reaction to what's going on to motivate the elephant, find that feeling. What is the feeling you need to engage if I want to go through and patch every system in my environment?
Just knowing that it's smart thing to do isn't going to get the buy in that I need. I'm going to go through and create some kind of an emotion.
And part of that emotion is never let a good event go to waste.
So, if, if something happens in my environment that says, hey, here's a weakness, then I can say, hey, if this weakness gets exploited, here's what's happens to us.
And, it happened to our partner over here, then our happened to some other company like us. Then that's my emotion to go to and say, hey, we need to do this.
Here's the feeling, and then make the change as small as possible.
People don't like big changes. If we can go through and say, hey, really just making a tweak?
We're not going to go through and change the process forever. We're gonna make this a trial change. We're gonna do it for two weeks a month, and see how it goes. And then what happens is, because it becomes habit people just say, And this is fine, it doesn't hurt.
So we can keep doing it, And then grow your people. Make sure that people grow along the way, in order to understand the value of the change, so that then it becomes an intrinsic motivation, as opposed to something that you've got to convince them of.
And you know, the intellect is usually what we do the best job with.
We find where things work, And we point people on the direction: Hey, that works, let's do that.
And then give people all the direction that you possibly can, educate them.
So what we did, is we walk through, number one, leadership perspectives of doing enterprise architecture. What are how do we connect that to the overall business, the business model, and business mission? And then we started getting into some of the security risk, assessment, security, privacy, risk assessments. And then we closed out with some organizational change management.
That that's what we covered in a nutshell, so I'm going to pass the baton back to you all. What questions do you have?
or where do you disagree?
Thank you so much for your presentation. Fiercely insightful. If you'd like to stop sharing your presentation and turn it back on screen, that would be fantastic.
And we will go through them some questions of the time we've got our hands.
Um, I'm going to start with a very simple one, which was offered by Santa Cruz.
And just ask a couple of things around a couple of the acronyms, which are used on my soapbox let you answer them as part of that. Nobody wants to know, what do you mean by B and C, OK?
So, in my apologies, I had kidding into the, you know, if you work in Defense or any yet, any field, you wind up with acronyms, that you have to go back explaining. You just take for granted. So my apologies, I do my best to explain those and I missed that.
So A or B, is an architecture review board. An architecture review board.
And then the coe is the community of excellence.
And the community of XYZ is usually just a group of people who, they share a passion for something.
And they want to do it the best that they possibly can inside that organization.
And then the Architecture Review Board would be one step up from a formality perspective, where you're taking that community community of excellence, and you're changing it into a structured process that occurs every time.
Thank you for putting it through the now something that's been sort of running as a theme, but it's not been funny.
You don't teach an IT tickets, as you didn't, stop, really kind of builds around a couple of the questions.
We've got here and has to do with the kind of, um, your company, sort of values, versus the architecture that either exist sourced to the organization.
And you will see the differences between, to try different businesses, won't see. You wanted to reach our fence around where the architecture had developed to really reflects the company's value. Yep, and it's quite interesting. The way that you you want to do that process.
What we find is that people sometimes within organizations struggle to understand what the company's values anywhere you are in the chain.
And then saying that there's an architecture that's built around Companies IDs which everybody might be video Difficult does not make that position for the sort of EIU community within that organization.
Especially if I want to change it.
That's a great question. And, you know, I hadn't thought about that line of thinking.
And there are certain things I'd take for granted, right? I've had, you know, 15 plus years of experience doing this, and so I have that experience to draw from it.
So now when I look back, I can see those patterns.
Whereas if you don't have that same level of experience and maybe you missed a pattern to that, that's that's a possibility. So I'll first off, look at myself and say, where am I privileged And then how can I go through and make sure that I'm not using that as a barrier for something else that was my intention.
And then but but if I were, if I wanted to teach somebody else today.
So let's say for example, I do teach a class at at Valencia and that classes, teaching is basically watching them go through the paces of building out some type of new architecture, some type of new design.
And so as I'm trying to teach them what to look for, part of what I'd have them look for is first principle, words matter, but actions matter more.
Because what we spend our money on, It means a lot more than what we say So if we go through, and we're spending millions of dollars on a particular activity, then there's a high likelihood that that means a lot to us.
As opposed to something that we're spending $20 on. It probably means less to us.
So, so keep in mind that basic principle.
So when I go through and I think about what's happening, or what happened in my past, when I came on board, and there wasn't a lot of structure around IT, well, they didn't have as much value of IT, and what it could do for them.
And so it took some education, and it took some building trust to see that.
And so if I were to walk into an organization, and I were to see complete decentralization, a lot of duplicated tools, then I would, I would start to see that picture that, hey, maybe what's going on here is that they haven't seen the value of having a standard set of tooling to reduce the overall cost and the consistency of service. And and even the non just overall cost of IT, but the overall cost of each department. So for example, if we could go through and have a standard HR platform, would we really need to have 10 people in each country doing HR?
And that's worth at least looking at to promote the value, and so, that's one area I would look at. I'd be looking at, where's the money being spent?
I'd be looking at how decentralized are things I'd be looking at. How much tool overlap is there? Are they using five different tools for patch management? Are they using five different tools for an ERP enterprise resource planning toolset?
Know what's happening there, and then that helps me to understand how structured hasn't been. How much intention has it gotten.
And, and really, those are just opportunities, those are opportunities to come to the table and say, hey, we can go through and make this overall process better by standardizing.
You know, for example, most of the time in companies that have multiple ERP, they have a hard time rolling up their finances when it's time to go through and do your quarterly reports.
And for a public company that has to do that quarterly, our more frequently just to be able to track what they're doing. That's a labor intensive activity.
So, if you can go through as a technology leader and say, we can go through and reduce all these platforms down to one, Or from an architecture perspective, we're gonna go through and have an application layer, We're gonna have a data layer, and then we're gonna have a reporting layer.
And so now you give them a reporting layer that the executive leadership team can use and that reporting layer has connections into all the data applications and databases.
Well, now you can start going through and consolidating all those applications and databases as time allows. and the and the leadership team only sees that front end application. so they don't know what happens and they don't care all the nodes that their costs are going down because you are consolidating down to one platform. So those are some things to think about as you go through. I hope I answered your question if there was a dynamic of that, you wanted some more insight on I'd love to explore it tomorrow.
It tells me I'm sure the questions will be able to follow up afterwards. And we always encourage that ensues.
So counseling that follow up afterwards just sort of extending that one step further.
one of the key changes that we've all seen from ..., this is the outline demand on the business side of things to start with value propositions, but it makes sense to the business rather than doing something because it makes it better.
For it adds interest to an enterprise architects.
Um, one of the things that you then sort of alluded to, join your principles is sort of 90 day environment, which I'm sure we're all in managerial roles.
sort of late teens, we had to go through that impact 99 proposition at some stage in our careers.
Yeah, you kind of have intrinsic value propositions, entrench propositions.
There are slightly nuanced view shall we say, what an enterprise architecture is team should be and we know that it takes time to build trust and educating people in your sort of the experience.
Would you recommend in on, what would you recommend that, somebody taking on a new role as a leader within the Enterprise Architecture Spice, or even joining existing team, where they breed that they're being perceived as somebody kind of value?
What should they be looking to achieve in that 90 days?
The Ads reared value to their future job prospects within that organization?
There's always three opportunities. You've got your Start, Your Stop, and your continue.
And so what you can do is you can, you can make sure that you understand what each stakeholder wants, and if there's anything that your team needs to stop doing, you can help re shift their priorities so that they stop doing it.
And if you can help help them to stop doing the team, to stop doing things, or you can start doing things that are baked in processes, then, that's a, that's a win.
From a continue perspective, if you can find out what is it that the team is doing well or that your successor did well, make sure you keep doing that, so that you continue to show that value.
And then from a start perspective, that then you see what have you already start and then I'm gonna go back to what have you already started, what projects have you already started and why.
And that's not typically a two month turnaround, that's typically a maybe a week turnaround, you just have the right set of conversations with the right stakeholders.
Now you know what the consumer wants you know our consumers in most cases from an architect's perspective, you find out what the end consumers want, you find out what the System Engineer believes is going on.
And then, do you negotiate that you tie it all together into a ..., into a nice, concise story, and be able to articulate it, and then deliver it?
And sometimes you can't deliver the whole thing.
But if you can go through and be a project manager and say, hey, within 90 days, all that I can promise you, that in the first 30 days, we're going to give you a prototype. It's not going to work, But we're just going to be a screen. You're going to see what kind of screen you're going to get with this set and done.
And then within, you know, 60 days, we're gonna go through and give you a screen with these three functions working.
And then in 90 days, we're gonna give you a screen screen with these five functions working, and then those quick wins can be helpful for you to position you as somebody who delivers on results, and as someone who understands their pain, and it's helping them get there, the more that we can get to minimum viable products is helpful. And I'm sure I'm not telling you anything you already, you don't already know.
But just in the bigger picture of, What can we do to deliver those mean a lot as I go through and engage with different stakeholders?
Thank you very much for that. one final question, which is one from myself.
I'm a researcher by heart, so I'm trying to sort of see how these things sort of ground.
one of the things that I've noted over the last, especially over the last 18 months, is the kind of correlation between, or rather the coming together of the sea so wrong.
And the sort of leadership role is the role that is being identified and developed the within organizations such as where that is now becoming a conjoint role rather than just a separate C so wrong.
I'm not seeing that within Tupperware. I didn't see that within Lockheed.
What I did.
So, at ABC fine, wine and spirits, again, you're looking at, uh, and in multinational companies versus a state company, a state level company.
So, at that state level company, with, roughly, I think it was 7000 employees, something like that, maybe it wasn't that many. It was a smaller footprint, from an employee perspective.
What I, what I do explain to folks is that, you know, as you get into a bigger company, there's more dollars for more silos, gets bigger companies, you wind up with having the PSO being a separate role than an architect, and the architect being a separate role from a CTO. And a CTO being a separate role from a CIO. Now, they may all roll up to the CIO, but it's, there are different.
There are different hats because they have different focal areas, but in a smaller company like an ABC pie, wine and spirits.
I was all, I was almost all of that. I wasn't the CIO, but I was responsible for just about everything else. And so, I was wearing all those hats. Now, that, when we, when we find ourselves in a smaller company, it does give us that ability to wear all these hats, which is kinda cool.
If you like, the variety, and you can manage the change, it's a great spot to be in.
But it, but it is a, it is a challenge. It's challenging and it's up to where all those hats.
And so you figure out where your passion is, that you figure out what your capabilities are at and take it from there. But I, I think I answered your question. I think it depends on me.
Thank you so much for joining me and insightful presentation. And just to say to the audience, if you do want to follow-up afterwards, please kindly said this is something you can do the same as all the speakers. And Lee's presentation will be on demand with the others throughout the year. So please started just like to reach out to me. Thank you very much for joining us, and very much, appreciate it.
I hope you enjoy the rest of your time. Thank you, Brian, and really?
Not a problem. Thank you.
And ladies and gentlemen, next up, we have Chris Hodges, coming back to ..., which I'm very grateful.
And Chris, how are you doing? You muted and who's coming back to doing that, and Chris will be introducing Craig Milroy from Microsoft.
We will be doing a fantastic presentation around the role of data driven digital Transformation enterprise architecture of the Chief Data Officer, which one another great perspective to the Enterprise oxidants was bytes. So, we look forward to catching up with your top of the hour, And please don't hesitate to take a quick break, and join us at about 10 minutes.
Director, Information Security & Compliance,
Best described as a dynamic growth leader, Mr. Bailey is both a committed and visionary Cybersecurity, Risk, and Compliance Thought Leader with 15+ years’ experience in leading sustainably modernized cybersecurity solutions to protect and enhance organizational operations around the globe.
Having spearheaded cyber change for some of the nation’s most recognizable brands including Tupperware, ABC Fine Wine and Spirits, and Lockheed Martin, Mr. Bailey offers subject expertise at the Fortune 500 level. Governing strategic leadership to steer the direction of the organization forward, Mr. Bailey provides education concerning best-in-class security infrastructures used to solve evolving business challenges throughout the eco-system of the organization by testing, implementing, and delivering cyber systems in alignment with risk compliance regulations. Known by his peers as a genuine change agent, Mr. Bailey has a heart for transcending organizational excellence by driving both individual and collective success among internal and external stakeholders through bridging the gap between limiting opportunities and uncapped potential for long-term success. Throughout his career, Mr. Bailey has developed key mutually beneficial relationships with valued clients, colleagues, and the greater community to both service and make an impact through his work. Mr. Bailey’s leadership style is rooted in his unique ability to engage with stakeholders and team members by establishing a foundation of trust and empathy thereby gaining the building blocks for performance and loyalty. Charismatic and trustworthy, Mr. Bailey has a genuine ability to empower his associates to achieve their overall potential, which ultimately drives the mission of the organization forward.
Mr. Bailey is first a team player and second a team leader as he strategically aligns company values to change management. Mr. Bailey’s voice has been heard globally throughout colleges, publications, and numerous speaking engagements. When it comes to Cybersecurity, Mr. Bailey takes his craft seriously and has deservedly earned some of the highest honors in the field including the CISSP and the CISM certifications.
Search for anything
Watch On-Demand Recording - Access all sessions from progressive thought leaders free of charge from our industry leading virtual conferences.Watch On-Demand Recordings For Free
Courtesy of Nintex Pty's Paul Hsu, below is a transcript of his speaking session on 'Improve employee productivity during and post-COVID by ...
Read this article about HP, Best Achievement in Operational Excellence to deliver Digital Transformation, selected by the independent judging panel, ...
Read this article about BMO Financial Group, one of our finalists, in the category Best Achievement in Operational Excellence to deliver Digital ...
Read this article about Cisco, one of our finalists, in the category Best Achievement of Operational Excellence in Internet, Education, Media & ...