Tag Archives: big data

Overcoming team, enterprise, and self analysis paralysis – Battlefield Leadership series

The Only Thing Wrong with Nothing Happening is the Fact that Nothing is Happening

A leader must be effective in the following tasks:

  • Invigorating a unit with disparate needs.
  • Managing time. There is always something a leader can do. Always.
  • Self confidence. Leaders must trust their instincts and previous experiences.
  • Innovation. When confronted with a situation different than planned, a leader needs to devise a new plan of attack.

The battle at Utah Beach demonstrates this with Roosevelt’s commands upon landing in the first wave. Roosevelt succeeded by leading the troops and deciding on the next actions quickly according to factors of the time.

Port en Bessin

Business Reflections…

As a leader of self, family, and business one must adopt these principles. The ability to positively effect these three factions is paramount to success. To succeed in life, one must adopt the following capabilities:

  1. Recognition of scenarios.
  2. Energy to execute.
  3. No hesitation, no analysis; paralysis avoidance.
  4. Foresight, having vision on the second step and continuing forward.
  5. Escaping the echo chamber of the mind and protocol.


What is Battlefield Leadership and what is this series about … 

As part of my pursuit to learn and grow, I sought out the excellent management training team at Battlefield Leadership. I am professionally leveraging this across multi-million dollar projects I am overseeing (currently I am the lead executive building global compliance and security programs specifically in the online services / cloud leader space). Personally I am bringing these lessons to bear within my pursuits to cross the chasm. To often I see brilliant technical individuals fail to communicate to very smart business leaders and to the common person on the street. My new book – How Not to be hacked seeks to be a first step in bringing deep information security practices beyond the technologist.

Most exciting the Battlefield group for this training placed it in Normandy France. This allowed for senior executives to be trained in a setting where serious decisions were placed by both sides, and each provided a lesson. This series represents my notes (that I could take down) and takeaways. I share to continue the conversation with those great individuals I met, and with the larger community.

Kind regards,


Big Data is in early maturity stages, and could learn greatly from Infosec :re: Google Flu Trend failure

The concept of analysing large data sets, crossing data sets, and seeking the emergence of new insights and better clarity is a constant pursuit of Big Data. Given the volumn of data being produced by people and computing systems, stored, and ultimately now available for analysis – there are many possible applications that have not been designed.

The challenge with any new 'science', is that the concept to application process can not always be a straight line, or a line that ends where you were hoping. The implications for business using this technology, like the use of Information Security, requires an understanding of it's possibilities and weaknesses. False positives and exaggerations were a problem of past information security times, and now the problem seems almost understated.

An article from Harvard Business details how the Google Flu Trends project failed 100 out of 108 comparable periods. The article is worth a read, but I wanted to highlight two sections below as they relate to business leadership.

The quote picks up where the author is speaking about the problem of the model:

“The first sign of trouble emerged in 2009, shortly after GFT launched, when it completely missed the swine flu pandemic… it’s been wrong since August 2011. The Science article further points out that a simplistic forecasting model—a model as basic as one that predicts the temperature by looking at recent-past temperatures—would have forecasted flu better than GFT.

So in this analysis the model and the Big Data source was inaccurate. There are many cases where such events occur, and if you have ever followed the financial markets and their predictions – you see if more often wrong than right. In fact, it is a psychological (flaw) habit where we as humans do not zero in on those times that were predicted wrong, but those that were right. This is a risky proposition in anything, but it is important for us in business to focus on the causes of such weakness and not be distracted by false positives or convenient answers.

The article follows up the above conclusion with this statement relating to the result:

“In fact, GFT’s poor track record is hardly a secret to big data and GFT followers like me, and it points to a little bit of a big problem in the big data business that many of us have been discussing: Data validity is being consistently overstated. As the Harvard researchers warn: “The core challenge is that most big data that have received popular attention are not the output of instruments designed to produce valid and reliable data amenable for scientific analysis.”

The quality of the data is challenged here for being at fault, and I would challenge that ..

The analogy is from information security where false positives and such trends were awful in the beginning and have become much better overtime. The key inputs of data and the analysis within information security is from sources that are commonly uncontrolled and certainly not the most reliable for scientific analysis. We live in a (data) dirty world, where systems are behaving as unique to the person interfacing them.

We must continue to develop tolerances in our analysis within big data and the systems we are using to seek benefit from them. This clearly must balance criticism to ensure that the source and results are true, and not an anomaly.

Of course, the counter argument .. could be: if the recommendation is to learn from information security as it has had to live in a dirty data world, should information security instead be focusing on creating “instruments designed to produce valid and reliable data amenable for scientific analysis”? Has this already occurred? At every system component?

A grand adventure,



What the Cyber Executive Order means to your business, a critique

As expected for many months, the Executive Order entitled ‘Improving Critical Infrastructure Cybersecurity” has been signed and released.  There are numerous write-ups providing analysis and perspectives.  My favorites so far are from DWT , , and an article from American Banker.

What is important is businesses and leaders should take this in balance to their own business.  The first is – if you are not considered infrastructure plainly, you should analyze if and how you support those industries, because if so you will need to meet and participate in the realm of requirements that will roll forward from this EO.  The second is – if everybody is having serious problems on maintaining their business’ confidentiality, integrity of operations, and availability of services against foes, competitors, and nation states (as highlighted hundreds of times over the last few years) – how can Executives / Senior leadership / Board of Directors / and owners not consider this a risk that requires mature and top performer attention.

As I reviewed the EO with several clients this week (and I was both impressed with their interest and startled in some cases when the conversations shifted to ‘I don’t have to do this .. do I?’), I thought I would share several top points raised… I’ll update the list below over the next few weeks as the discussions continue:

  • “Sec2Critical Infrastructure. As used in this order, the term critical infrastructure means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.”
    • Virtual is an interesting point that I raise below in the riddle ..
  • “4.12(c) of this order to ensure the timely production of unclassified reports of cyber threats to the U.S. homeland that identify a specific targeted entity.”

    • The use of the phrase ‘timely’ instead of actionable was a highlighted environment.  The difference is that actionable means that information shared would be more real-time, while timely may not meet this test.
  • [updated 2/18/13] “10.(c) Within 2 years after publication of the final Framework, consistent with.. and Executive Order.. (Identifying and Reducing Regulatory Burdens).., agencies..shall..report to OMB on any critical infrastructure subject to ineffective, conflicting, or excessively burdensome cybersecurity requirements.”
    • This is an important section that will hopefully drive cross-standard acceptance, and at least conform to the principle of establishing a unified corporate compliance framework, as I articulated in my book back in 2008.

A few riddles to debate and seek to understand:

  • Is Amazon’s AWS considered Critical Infrastructure?  What about Microsoft Azure?  Expand that generally – what elements of PAAS, SAAS, IAAS are critical infrastructure.  
  • If they ARE the infrastructure (you know, that whole ‘Cloud’ thing is a pretty huge market and sometimes not always well understood what has shifted to a Cloud architecture), or what of the dependencies to the point that the Critical Infrastructure itself relies on these services (logging, alerting, big data analytics, etc…)


Still seeking,

James DeLuccia