Skip to content

Digital Identity Reflections


It’s been quite an identity ride over the past three years (2016 – 2018), as I’ve led the leader in Customer Identity and Access Management (CIAM). I couldn’t help but reflect a little over the holidays…

2016 in Identity – CIAM shifts from marketing to security.

Hindsight is great. So if you’re an identity executive and you’re now saying that customer identity is more about security than marketing….well, welcome to the group. However, we had the foresight to predict that and create a 5-year strategy that invested into that thesis, starting in 2016.


2017 in Identity – CIAM becomes politically charged.

No one could have predicted the level at which customer data was being used inappropriately. Hindsight now confirms that customer privacy is not only important, but if not properly protected can be leveraged to perform the worst actions. 13 Russians have been indicted by special counsel Robert S. Mueller III on an elaborate conspiracy to incite political discord in the United States presidential campaign. Why do we attach CIAM to this? Well, this is 100% about protecting against harmful digital hackers disguising themselves as upstanding citizens. If you recall, Clinton campaign chairman John Podesta received a phishing email masked as an alert from Google that another user had tried to access his account. It contained a link to a page where Podesta could change his password. He shared the email with a staffer from the campaign’s help desk. The staffer replies with a typo – instead of typing “This is an illegitimate email,” the staffer types “This is a legitimate email.” Podesta follows the instructions and types a new password, allowing hackers to access his emails.


2018 in Identity – CIAM covers the entire journey of personal information & trust becomes the focus.

The Zero Trust Architecture model was created in 2010 by John Kindervag, who at the time was a principal analyst at Forrester Research Inc. Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access. The first step to enable a Zero Trust model IS strong identity and access management (building strong authentication, authorization, and encryption throughout) , and I think we can all agree that Zero Trust for consumer data became the focus for 2018 (practically everyone jumped in – including Google, Microsoft and others) and will drive a suite of new innovation in 2019.


  • Trumpism Is ‘Identity Politics’ - politics based in appeals to the loathing of, or membership in, a particular group.
  • Government of Canada announced it will launch a pilot for the new Known Traveller Digital Identity prototype, in collaboration with the World Economic Forum
  • Mastercard and Microsoft announced a strategic collaboration to improve how people manage and use their digital identity.
  • PSD2 applies as of January, 2018 - European Banking Authority (EBA) recently released new guidelines on open banking systems, which named data security a top priority as banks will begin to share their customers’ financial information with other authorized providers.
  • General Data Protection Regulation (GDPR) is enforced as of May 25, 2018. Digital identity data becomes the center of every digital transformation project.
  • Marriott breach exposes over 500MM digital identities; Under Armour expanded to 150MM; Adidas; and even Identity theft protection firm LifeLock experience breaches.
  • Facebook Cambridge identity data misuse advances to a Facebook identity data breach. The world begins to treat all personal data as a first class citizen (anonymous, known, social, health, financial….it doesn’t matter). Who can a consumer trust anymore?
  • US digital identity breaches reach 1,370,710,977 in total.
  • Relx, the UK-listed information and analytics group, purchases ThreatMetrix, an online identify verification business, for £580m

Again, it’s been an exciting time in the land of digital identity. Digital identity, in general, and Customer Identity and Access Management (CIAM), specifically,  has become the center of all digital transformation projects. “Identity-first” brands have begun to treat each customer’s unique digital identity as the key to their personally connected world and, thus, the most valuable thing they own.

Posted in Identity.

Tagged with , , , , , , , , , , , , , , , , , , , .

It is how the team responds to it’s time(s) of crisis

I began my engineering career at NCR in 1988. Shortly thereafter, NCR entered into a joint development project with Teradata (called P90). I was selected as one of five principal engineers to develop Teradata’s Banyan crossbar circuit-switched high-speed network (referred to as the BYNET), that made the Teradata system linearly scalable up to 4096 physical compute nodes. It was then that I met Jack Shemer, co-founder and CEO of Teradata, and the man who literally changed my life.

And I actually have to thank David Hartke, co-founder of Teradata, in 1999, because it wasn’t until  I first approached David…that I would start the most wild ride of my life with Jack.

“David, a few of us are working on this concept we’re referring to as ‘inter-circuit encapsulated packaging’. We think it might enable a new power delivery architecture for microprocessors. We’re proposing to combine the microprocessor die and its chip-carrier substrate with the microprocessor’s power conditioning circuitry in such a way that could transform the industry.”

David looked into our concepts and quickly came back to us. It was very exciting times….we really thought we had something game-changing.

“Jim, if this works, you’re right…you could be onto something. But you understand that if you can truly deliver a novel chip package for the microprocessor industry, your biggest problem will be business…you’re go-to-market. I suggest that you talk to Jack. He would have a better appreciation of how you might be able to build a business out of this.”

And that was it. My life had changed. Of course Jack would take a look at something that David recommended he investigate. And with David’s support, it didn’t take long for Jack to get excited. He has always been an entrepreneur at heart….which I later had an opportunity to learn about in detail.

He would tell me about his days studying mathematics and physics at Occidental, his electrical engineering at Arizona State, and his PhD from Southern Methodist. But I would never forget the stories he told me about his business experiences at GE, Scientific Data Systems, Xerox, Citicorp, and, of course, Teradata, all carefully offered to make critical points during our journey together…a journey that began after David had encouraged me to reach out to Jack.

“Jim, I’ve discussed your proposed technology with David, and I agree that it’s quite compelling.”

After much due diligence and further business planning, Jack agreed to come out of retirement for one last venture…but only with certain conditions:

  1. That he be able to invest in the company
  2. That he become the Chairman
  3. And that he be able to mentor me as a CEO

We founded INCEP Technologies in 1999, with the vision of disrupting the computer industry. We would develop a new microprocessor package with companies like Intel and AMD. We combined the microprocessor die and its chip-carrier substrates with the CPU’s power conditioning circuitry (voltage regulator) in such a way that we could help sustain Moore’s Law in silicon density for decades. Intel, AMD, IBM, and others would have a chip packaging architecture that would support generations of their CPUs….and we would make history being a critical change agent.


Not only did we get a design win with Intel for the McKinley (Intel’s second generation of the Intel’s Itanium CPU), but we also developed a desktop CPU prototype with Intel’s arch rival, AMD (that’s a whole other story).

INCEP AMD Prototype

I will never forget the day that we received news from Mike Fister, Intel’s Vice President and General Manager of the Enterprise Platform division responsible for the Itanium. In early 2004, Intel made a change that would essentially rob us of our dream.

Intel announced its plan to add 64-bit capabilities to its Xeon server processors, following the approach that AMD had embarked years earlier. AMD had gambled on creating a new line of chips that included special 64-bit extensions on their exiting 32-bit CPU architecture, making it possible to run traditional 32-bit Intel-compatible programs as well as newer 64-bit software.

So rather than keeping their 32-bit and 64-bit CPU lines separate, Intel followed suit….essentially building 64-bit capabilities into their popular 32-bit CPU lines.  The Itanium product was essentially dead.

Having bet our company on the Itanium, we would be forced to sell and never realize our dreams.

“If anyone thinks the journey is going to be easy, you are mistaken.  Success requires on hell of a lot of hard work and dedication.”

This was one of many musings that Jack would share with us. Matter of fact, he compiled a list he referred to as “one-liners” which was a collection of material he had compiled over the years – reflections of well known sages, including himself; all supporting his own personal philosophies in five general areas: entrepreneurs, management, sales/marketing, hiring, and culture (the last a slight paraphrase by me, and my personal favorite). I still have that list today.

“Every venture will experience at least one point in time when it is on the brink of failure. It is how the team responds to it’s time(s) of crisis that will determine whether you succeed or not.”

Jack, I want you to know that I have never forgotten this! I use this phrase all the time. You had told us that you paraphrased this from quotes of “Tommy” Davis and Peter Drucker.

I reflect every day about how lucky I am…for everything you passed on to me. My list of lessons from you is long, and they will never be forgotten. I only wish I can achieve a fraction of the success you have created, and even more importantly, I hope that I can pass on everything you taught me to other aspiring leaders.

You are my inspiration and you essentially made my ability to become a CEO possible. I am truly in your debt and forever grateful.

Posted in Leadership.

Tagged with , , , , , , , .

How brands should prepare for the convergence of identities and the Internet of Things


Q&A with Merritt Maxim of Forrester

Anyone who knows me, knows that I’m extremely passionate about opportunities involving Internet of Things (IoT) – or should I call it Identity of Things – and what it will bring to end-consumers and businesses alike! The industry of connected devices is growing at a breakneck speed and consumers are getting more and more excited as they learn about the ever-expanding possibilities.

But are brands preparing themselves properly for IoT? Do they know the complexities involved?

I recently invited Merritt Maxim, Senior Analyst at Forrester Research, to join me for a webinar to discuss the importance of protecting customer identity data in the era of IoT. We covered such topics as:

  • Understanding the landscape of identity threat vulnerabilities and the impact of breaches on brand experience and customer loyalty
  • Managing the relationship between users and devices
  • Exploring case studies and best practices for protecting customer identity data

Merritt and I then had an opportunity to reflect a little more after our webinar…

Jim: What are the main security implications as Internet of Things is taking off?

Merritt: IoT-enabled connected devices create a range of security and privacy risks. First, IoT devices can increase risk to your company and brand because these devices expand your company’s potential attack surface. The increased attack surface can place your company’s core systems and data at risk, as was clearly demonstrated during the Mirai botnet in the fall of 2016. IoT security requires an end-to-end approach. IoT security must incorporate an end-to-end architecture from the IoT device to the cloud back end. While many security teams focus on securing the IoT device with technologies such as encryption, trusted execution environments, and other chip-level measures, security teams can’t implement these device-centric approaches in isolation. In many cases, IoT devices may operate autonomously, or semi-autonomously, and will not have a human identity involved to validate and authenticate actions. This means that the security teams need to place an equivalent level of emphasis and priority on securing network communications and the back-end data stores connected to IoT devices.

Jim: What are the right questions to ask when considering an IoT vendor or partner?

Merritt: When evaluating any IoT vendor or partner, a crucial consideration is the breadth and depth of the vendor’s IoT ecosystem. The reality today is that it is unlikely that any single technology vendor can address all enterprise requirements for an IoT solution. This places a premium on vendors that maintain or participate in a broader ecosystem of IoT products and services. Rich IoT ecosystems possess more partners and talent familiar working with the systems, which helps ease integration challenges and accelerate deployment times in a risk-appropriate manner. Security certifications are also emerging in importance, and while there is no single definitive IoT standard, certifications are still a useful measure on a given supplier’s commitment to data security.

Jim: With the merging of identities and connected devices, how are brands going to safeguard customer data and trust?

Merritt: Encryption is an absolute must. In IoT scenarios, encryption (whether on the data, the network, or both) is an essential IoT security best practice. And although encryption is necessary to meet the usual requirements around personal privacy and confidentiality, many IoT scenarios now involve automation of industrial, business, and personal processes. This may create business value, but it also introduces scenarios where breaching of these IoT systems can lead to destruction of property and equipment and even personal safety issues. The higher potential risks associated with IoT scenarios mandate encryption of data in motion and at rest and that the security team maintain appropriate key management processes and procedures to ensure integrity of the encryption keys.

In addition to securing the data in motion and at rest (on the device and in the cloud back end), brands must also provide adequate policies around usage and sharing of data that consumers can easily opt in or opt out of, thus providing customers the confidence that their data is being used and shared in an appropriate manner. When done correctly, such measures can reinforce customers’ perceptions toward individual brands.

Jim: How should IT departments prepare to support customer identities across connected devices?

Merritt: Organizations need to focus on the basics first. The first step would involve conducting a base assessment to identify which systems, devices, and users connect with or store valuable data, and prioritize those assets over all others. This ensures that any security alerts are prioritized based on risk.

Once the assessment is complete, a next step would involve investigating technologies such as strong device authentication controls to the identity of an IoT device and verifying its state. This could include usage of digital certificates/PKI to identify devices as authentic. The next layer would involve assessing how to enable end users to set policies on which actions, data collections, and software updates can be performed on a device and how such policies can be enforced across devices or across individuals (such as in a connected home environment, where there may only be one device but multiple family members with different levels of authorization.)

Another growing area of interest is assessing how analytics can be used to identify device and user behavior that may indicate security vulnerabilities and compromises, so that the security team can proactively respond to such possible breaches.

Jim: What are Forrester’s predictions about IoT trends this year?

Merritt: In 2017, we expect that hackers will continue to use IoT devices to promulgate distributed denial of service (DDoS) attacks and attack devices themselves. The biggest targets will likely be the hottest areas of IoT adoption, including:

  1. Fleet management in transportation
  2. Security and surveillance applications in government
  3. Inventory and warehouse management applications in retail
  4. Industrial asset management in primary manufacturing

The fact that many IoT solutions lack simple update and patching mechanisms exacerbates the security problem, making remediation of security vulnerabilities more challenging.

The continued rise of IoT threats will require security teams to collaborate more closely with developers to ensure the ability to release and deploy remediation quickly and prevent organizations, brands, and devices from becoming the 2017 poster child for IoT security incidents.

To hear more from our recent webinar on IoT, please watch the replay here. And if ever you’d like to have a meaty conversation on where the IoT industry is going, I’m always up for a chat!

Posted in Data, Identity, IoT.

Tagged with , , , , , , , , , , , , , , .

My Home Was Hacked!

Kaskade Home Hacked

I can’t tell my wife about any of the details of our new home security cameras from NEST. I fear that she’ll learn about the level of security associated with all my digital home product choices, and literally shut me down before I perfect all my possible security measures.

Take a look at this live preschool webcam here. If you catch it at the right time, you’ll see the room full of kids playing. It doesn’t take much to use the latitude / longitude within a given radius to search a select number of day care and preschool locations. I  narrowed this webcam down to less than 5 possibilities. I suppose the good side of this is that anyone can check to make sure the staff is working hard, taking care of our kids! The bad thing is that anyone has access to this day care in downtown Houston, TX. If you’re curious, take a look at the other 4400 unsecure webcams in the US by city on this site. If you’re real bored, you can use this IoT search engine,,  to find any unsecured device around the globe.

One can also direct their attack at a specific person. Webcam infections, like many other malware infections, can occur if you download a program that contains a Trojan. Trojans, unlike viruses, do not spread through replication. Instead, they’re hidden within programs that you install on purpose. When a webcam hack occurs, Trojan malware finds a way to activate cameras and control them without the owner’s knowledge. If you’re on a MAC, like I am, stare into the webcam on your monitor and ask yourself, “am I being watched?”. Just ask Miss Teen USA Cassidy Wolf about her compromised Apple laptop webcam.

There’s an old saying that we’re only as safe as the weakest link in the chain. That saying has real meaning with the Internet of Things, where one weak link (IPTV, smart coffee maker, etc.) can bring down a chain of connected devices…and/or your entire home network. Here’s a list of default usernames and passwords of a number of targeted devices, in case you’re ready to test your own home security.

Remember how easily Lakhani, security researcher at Fortinet, took control of a video camera? He said that gadget makers are partly to blame because they want to make their products as simple to set up as possible. That often means using default passwords like “admin” and encouraging users to log in to their devices through unsafe web accounts.

Here’s a list of the username and passwords of the most widely used webcams:

  • ACTi: admin/123456 or Admin/123456
  • Axis (traditional): root/pass,
  • Axis (new): requires password creation during first login
  • Cisco: No default password, requires creation during first login
  • Grandstream: admin/admin
  • IQinVision: root/system
  • Mobotix: admin/meinsm
  • Panasonic: admin/12345
  • Samsung Electronics: root/root or admin/4321
  • Samsung Techwin (old): admin/1111111
  • Samsung Techwin (new): admin/4321
  • Sony: admin/admin
  • TRENDnet: admin/admin
  • Toshiba: root/ikwd
  • Vivotek: root/<blank>
  • WebcamXP: admin/ <blank>

I include this list because, yes, I too was successful in hacking my neighbor’s webcam this weekend using one from this list. OMG!! In case you’re worried, here are a few precautions to keep your geeky neighbors off your home network.

Using your IoT device to hack into your home network

Fortinet researcher, Axelle Apvrille, found a Fitbit in her vicinity, and she used its Bluetooth connection to upload a small piece of unauthorized  software into the device. When the Fitbit was synched via Bluetooth up to a smart phone and/or laptop, the Fitbit sent software to the connecting device as it uploaded its data. Once this back door was created into their system, Axelle could can gain full access to the user’s machine. She demonstrated this simple method of using a consumer IoT device to gain access to your home system at a European computer security conference last year. It was the first time malware has been viably delivered to fitness trackers.

Using your IoT device as part of a Botnet

If you were anywhere near the internet in the US on Friday, October 21, you probably noticed a bunch of your favorite websites were down for much of the day. It’s all because thousands of IoT devices — DVRs and web-connected cameras — were hacked.

Once the hackers had control over these devices, they manipulated them into sending an overwhelming number of requests to a company that serves up the websites for Netflix, Google, Spotify and Twitter. When the traffic became too much to handle, the sites crashed. It was an old-school attack — often called a distributed denial of service attack, or DDoS — powered by the new web of devices called the internet of things.

To take over the cameras, hackers inserted Mirai, malicious software that lets bad guys use at least 100,000 devices as soldiers in its IoT army. The technical name for this IoT army is a botnet, and hackers have been making them out of computers for a very long time. Except this time they used internet of things – an even more powerful tool to carry out attacks. They used the botnet to send tons and tons of junk requests to Dyn, a company that manages web traffic for all the websites that were affected.

Integrity of Things?

The European Commission is now drafting new cybersecurity requirements to beef up security around so-called Internet of Things (IoT) devices such as Web-connected security cameras, routers and digital video recorders (DVRs). News of the expected proposal comes as security firms are warning that a great many IoT devices are equipped with little or no security protections.

The Wall Street Journal didn’t help my digital home efforts with my wife when they highlighted all my devices as security threats.

Arggg. We need a way to ensure the integrity of our IoT devices before I finish my home remodeling, and definitely before my home is hacked!

Posted in IoT, Security.

Tagged with , , , , .

Integrity of Things

The Beginning of Your Digital Identity

This somewhat dates me (as I just recently celebrated my half-century birthday)…I remember my Radio Shack TRS-80 color display computer with a dial-up modem connection to the CompuServe Information Service (CIS) in the early 1980′s. I received my TRS-80 under the Christmas tree when I was a teenager.

Screen Shot 2016-05-02 at 8.46.34 PM

Back then the “Internet” was all about file transfers, bulletin boards, and email. This is also, arguably, the beginning of social networking when users could communicate with a central system where they could download games and post messages to each other.

AOL created its member-created communities (complete with searchable “Member Profiles,” in which users would list pertinent details about themselves). If you don’t agree that CompuServe created the first social network (aka community), then maybe you’ll agree that AOL led the social network era with its community-based website.

By the mid-1990s it was in full motion. Yahoo! had just launched, Amazon had just begun selling books, and the race to get a PC in every household was on (Windows Version 3.0 became the default for every new PC).

Then a transformational social media site launched, called Six Degrees in 1997. It was named after the ‘six degrees of separation’ theory. Six Degrees allowed users to create a profile and then friend other users. Six Degrees also allowed those who didn’t register as users to confirm friendships and connected quite a few people this way.

By the year 2000, around 100 million people had access to the internet, and it became quite common for people to be engaged socially online. Of course, then it was still looked at as an odd hobby at best (e.g. for geeks like me).

In 2002, social networking hit its stride with the launch of Friendster. Friendster used a degree of separation concept similar to that of the now-defunct, but refined it into a routine dubbed the “Circle of Friends” (yeap Google, you weren’t the first to try!), and promoted the idea that a rich online community can exist only between people who truly have common bonds. And it ensured there were plenty of ways to discover those bonds.

From there it’s history! Most people recall that “social” took off from there with networks like MySpace (2003), Linkedin (2003), Facebook (2004), and Twitter (2006).

From 2002 to 2016, we’ve seen 100M people in total across all social networks become over 2 billion users with 1.7 billion monthly active users on Facebook alone. The number of digital identities on the Internet has grown to almost half of the global population. As an end-consumer, you now have access to over 2 million digital applications just on your phone, and over 1 billion websites on the web….and social has powered much of this digital growth.

Social Networks Empower Digital Identities

Back in 2002, few knew that Larry Drebes was studying the huge potential of social networking while he was at Yahoo!. He had became a part of the Yahoo! team earlier when they acquired his company, Four11, which created the product RocketMail. Four11′s RocketMail became the basis of Yahoo! mail today.

Larry had envisioned a need where companies would need to manage the growing number of user digital identities. This led to his work as part of the founding team of OpenID, a protocol that allows users to be authenticated by co-operating websites (known as Relying Parties or RPs) using a third party identity authentication service. The thinking was that people on the Internet could register and login into their digital applications without having to have a separate identity and password for each. The OpenID protocol work led to Larry starting Janrain, and Larry realizing his vision. Janrain became the first to provide what is referred to as Social Login today, and that was only the beginning.

Identity Access and Management Explodes

Managing customer identities on both web and mobile applications is known by you and me through our daily experiences with traditional registration and login, social login, Single Sign-On (SSO), profile management (e.g. filling out your public information like your nick name, your city, schools attended, hobbies, etc) and preference management (e.g. what information that you want to opt into). It may seem simple, but the seamless consumer experience takes a lot of work under the covers by companies who are constantly enhancing your digital experiences.

Behind the scenes, your banks, retail stores, wireless carriers, hospitals, digital home product providers, and utility companies are all working with a group of Identity Access and Management (IAM) providers to offer a host of digital identity services that effectively automate identity services such as:

  • User Provisioning
  • Access Management
  • Multi-Factor Authentication
  • Single Sign-on
  • Directory Services
  • Password Management
  • Governance & Compliance Management

Janrain may have been the first to create the category back in 2002, but now it’s one of many companies who have seen the potential in making consumer digital experiences simple and safe. Other companies in this space include:

All these companies have two fundamental things in common: 1) Identity and Access Management, of course,  and 2) the End-User or Customer. These companies are better known for providing identity services to external end-customers as opposed to internal employees of global enterprise companies (employee identity and access management is used for legacy workforce applications and/or workforce to SaaS use-cases).

Vendors known for internal or more traditional employee-centric IAM include:

There is also a big difference between older solutions originally engineered for on-premise deployment (initially designed for physical servers in company data centers) versus native cloud engineered solutions. For example, companies like IBM, Oracle, Microsoft, and CA all initially addressed IAM through traditional software solutions whereas new entrants like Okta and OneLogin were born out of the public cloud generation.

Similarly, Janrain launched its native cloud services on Amazon in late 2005 right after the public cloud giant launched, whereas others in the customer identity and access management market established themselves as traditional software products.

Your Worst Nightmare – Digital Identity Theft

Javelin’s report, ”2015 Identity Fraud: Protecting Vulnerable Populations“, found that fraudsters stole $16 billion from 12.7 million consumers in the U.S. ALONE in 2014. With a new identity fraud victim every two seconds, there continues to be a significant risk to consumers who embrace going digital.

Data breaches were a big headline in 2014 (per the Javelin report), and they had a significant impact on identity fraud – see eBay (145M customers), Target (110M customers), Anthem (80M customers), TalkTalk (4M customers), and Dropbox and Box. The study found that two-thirds of identity fraud victims in 2014 had previously received a data breach notification in the same year, with many indicating their wariness about shopping at merchants, including big box retailers.

The Yahoo! breach of over 500 million consumer identities announced this last month established 2016 as the “year of customer identity breaches” – it was the largest in history.  Most consumers might not think there’s much in their Yahoo account that would be of use to hackers, which typically might only include their email and Yahoo password. However, those two bits of information offer multiple uses for ingenious hackers bent on extracting the maximum value from information, say experts.

According to a Gartner survey, 50% of users reuse their passwords across multiple platforms. So armed with an email address and Yahoo password, hackers might be able to gain access to multiple accounts. The technique is called “credential stuffing” and it’s become epidemic over the last year and a half, said Avivah Litan, a vice president and analyst at Gartner Research. “The bad guys get lists of user IDs and password and then test them, they run through them at all the sites they want to attack to see where they work,” she says.

Other credential theft results due to “holes” found in company’s identity implementations. Back in 2014, Target’s massive data breach in the U.S. that was tracked back to December 2013 involved personal information being stolen including credit/debit card details of close to 110 million individuals. According to Cowen Group’s (a financial services firm) note to investors, criminals were able to hack into Target due to a lack of security, which was later determined to be a direct result of under-investment. Target quickly embarked on technological changes that cost more than $100 million in addition to $61 million incurred in breach related expenses in Q4 fiscal 2013 alone! Since proactive investments into things like customer identity security is a CEO decision, Gregg Steinhafel was in the firing line. Shortly after the breach, the company stated that Steinhafel and board members had mutually decided that it was time for Target to continue under new leadership.

One particularly notorious identity theft story involves one Simon Bunce, an Englishman who subsequently lost his six-figure job and became alienated to friends and family. This all happened because his credit card was used to purchase and download child pornography. Bunce, an avid online shopper, claims to only have dealt with large retailers and secure sites. Nevertheless, he was swept up as part of a massive UK anti-predator police offensive called Operation Ore. He was arrested on charges of possessing, downloading, and intending to distribute indecent images of children. His home and work computers were confiscated, along with a range of storage devices and media. As you may already have gathered, though, Bunce was innocent of these crimes. Investigators later determined that his credit card details had been entered into a computer in Jakarta, Indonesia, and that he had actually been using the card at a South London restaurant at almost exactly the same moment. His credit card details had been taken from one of the many popular online shopping sites he frequented, as a result of a data breach. Although the situation was eventually resolved, Bunce said the damage had been done. “Being arrested and accused of what is probably one of the worst crimes known to man, losing my job, having my reputation run through the mud, it was a living nightmare,” said Brunce.

External Bad Actors using Your Credentials

You may have heard something differently, but the threat actors haven’t shifted much over the last five years. Based on the Verizon 2015 Data Breach Report, internal employees and partners (typically covered by enterprise identity access management vendors) is not where the real risk lies. It’s data breaches occurring from outside or external parties.

Screen Shot 2016-05-15 at 10.43.34 PM

We find that most of the attacks make use of stolen credentials, “which is a story we’ve been telling since 1A.D”.

Screen Shot 2016-05-15 at 10.59.44 PM

With attacks making use of stolen credentials, over 95% of these incidents involve harvesting credentials from customer devices, then logging into web applications with them.

Is it Identity or Integrity of Things?

I don’t know about you, but my digital identity is one of the most important things I own. As I’m renovating my home, I’m thinking of of the all the new digital applications I can leverage….from indoor and outdoor security cameras, digital door locks, IP-connected thermostat, digital water heater, IP-connected lights, and digital entertainment center. It’s one thing to have someone hack my credentials and force me to reset my social network password, but could they also take control of my digital home?

I want my digital world to have the utmost highest level of security, ensuring that the integrity of everything associated with me and my family. So, should I worry about my identity as it applies to the digital things in my life, or the integrity of the things associated with my identity? I do know that my digital identity will  be even more important as I expand my digital world from web and mobile applications to consumer IoT devices.

When I drive home in my new Tesla S with built-in infotainment, I’m thinking about relaxing at home. I prefer my easy-listening station on Spotify around volume 5, with my home lights dimmed, and the temperature around 70 degrees Fahrenheit. That’s “Jim’s setting”. This is compared to my wife Annie’s preference for Indie Pop that would be up to eleven (if she could), with the lights bright, and the temperature around 60 degrees (I know what you’re thinking..but don’t say it!). That’s “Annie’s setting”.

We’re a “connected family”. I have two sons, Trevor and Devon, who both are heading into their teens and lets just say they don’t know what the word “analog” means.

Am I afraid of a rouge device adding itself to my network? Do I worry that someone can see my family lounging to Indi Pop through my indoor cameras? It’s definitely a growing issue, and a space that makes thousands of employees, or millions of consumers look like a small problem….trillions of internet connected things all exposed to bad actors?

I want that experience from my Tesla to digital home  to be seamless…but also safe. How about you?

Posted in Data, Identity, IoT, Security.

Tagged with , , , , , .

Chapter 17 Starts


WOW. What a ride!

I write this as I complete Chapter 16; namely, my time at CSC comes to a close.

Infochimps, a CSC Company

I think back to the day I called Mike Lawrie, CEO of CSC, back in June 2013. I was the CEO of Infochimps, a Big Data Cloud company.

Me: “Mike, I’m looking to expand my board as we prepare to close our Series B financing.”

Mike: “Jim, I can’t take any board positions myself. I’m busy with CSC. What is it you guys do?”

As I explained my fledgeling startup business, it became clear to me that Mike and his senior team were investing into Big Data, the space I was disrupting.

Mike: “Jim, you need to talk to Dan Hushon, our CTO. It sounds like what you’re doing in building out a network of datacenters with Big Data analytic services is exactly what we need to do with our 50 CSC datacenters.”

Me: “Sorry Mike, you’re too big. Talk  to me in two years.”

Having done this several times, I knew that big companies don’t always partner well with small companies. Fast forward to my discussion with Dan Hushon. He and I aligned around the use of SUPERNAPS (datacenters that are certified Tier IV in both design and facility categories) to deploy data analytics services to Global 3000 customers who had already begun their journey in datacenter modernization, consolidation and datacenter outsourcing. The idea of co-locating our analytics services with the data already housed in CSC’s datacenters made sense. But, I was still not sold on working with CSC.

Dan: “You guys are doing exactly what we need to do. How can we work together?”

Me: “Forget it. I told Mike the same thing. Talk to us in two years. We’re closing a round of financing. Let us ramp a bit and we’ll reengage later.”

Dan: “We should just buy you.”

After that comment, the CSC chapter began. I had realized quickly that we had positioned ourselves perfectly in the market and that it aligned 100% with CSC. We were acquired by CSC August 5th, 2013, with our focus on disrupting the CSC client base with a new Big Data Platform as a Service offering.

I had created a carefully architected 6-month integration plan that started with partnering with CSC for one quarter, followed carefully with the integration into their Big Data & Analytics business unit in the second quarter.

Big Data & Analytics

After a successful integration of Infochimps, I was ready to leave. I had finished my job establishing Infochimps as the engine for the BD&A business unit growth (we exceeded 50% YoY), adding the Big Data Platform as a Service to its offering mix. The various business functions of Infochimps were carefully assimilated into their corresponding BU business functions – marketing, sales, consulting, delivery, offering/product management, etc. Then it came time for my next conversation with Mike at a CSC sales conference in May 2014.

Mike: “I understand you’re ready to leave.”

Me: “Yeah. I’ve completed my integration. It’s time.”

Mike: “I have another idea. How about you run the Big Data & Analytics BU for me?”

Me: “Why me Mike? My profile is more aligned to being the CEO of an emerging company. I’ve finished my job here.”

Mike: “Our biggest challenge at CSC, moving forward, will be it’s culture. I need leadership that understands how to energize the workforce with vision and execution that helps us shift from ‘optimizing’ to ‘growth’.”

Me: “Shifting from the ‘old CSC culture’ to the ‘new CSC culture’….from ‘optimizing’ to ‘growth’….hmmm. Ok, I’m in.”

I then spent the next 18 months leading the fastest growing segment of CSC. I was a part of Mike’s executive management system for the entire time, and this turned out to be one of the most amazing experiences an executive could have.

People, in general, have inflection points in their careers, being influenced by an individual/mentor, a significant event in the business, something life-changing. Well, I’d put this experience in that category.

I’m still amazed with Lawrie’s management system which facilitated one of the most amazing turn-around one could witness first hand. Taking over a company that had many silos globally with virtually no visibility into their businesses, 15 layers with over 370 VPs, no money on the balance sheet, bad credit….a company that was, essentially, near bankruptcy. I can imagine the conversations with the Board when Mike first came in. If I had been a fly on the wall, I could imagine hearing:

“I give us a 25% probability of turning this around.”

The stock went from $27 at the time of his announcement to an all-time high of $70 just before the split of CSC and CSRA. Mike managed to reduce management to just 8 layers, reduced some 370 VPs down to 70, 50 of which who were new,  replaced the entire senior team, put $2B on the balance sheet, and then delivered 9.5% EBITA with renewed credit ratings. Every business function inside the company was reinvented. CSC’s market cap went from around $4B just before he took over  to over $9.8B by the time of the split. He and his new senior team created almost $6B in shareholder value, which is not achieved by many.

Witnessing the CSC transformation as part of his senior team is also not experienced by many – this was not only an opportunity, it was a privilege that I didn’t take lightly.

Digital Applications

As my contributions to the BD&A business within the Emerging Business Group (EBG) came to a close in August 2015, I was, once again, planning my departure….my second attempt to leave.

At this time, Mike and members of the senior team where planning to combine two parts of the business, that later became the Digital Applications business. I was approached by two of Mike’s EVPs – Jim Smith, EVP of Global Business Services, and Dave Zolet, EVP of the Americas Region. As I saw it, I could either leave to lead a mid-size company as its CEO, or accept a new challenge at CSC and work for a couple dynamic EVPs. Long story short, both Jim and Dave convinced me to help them.

Jim Smith: “I want to work with you Jim. Help us with the largest square in the business.”

David Zolet: “The Americas is the largest region in the world, and the new Digital Applications business will be the most important line of business.”

In September 2015, we were tasked with combining what previously was the Enterprise Software Consulting business with CSC’s Applications Delivery business – a combined $2B business globally and $1B in the Americas.

Bumping into Mike in the hallways at the corporate offices in Falls Church, Virginia, Mike catches me talking to the head of Digital Application HR talking about….yeap, my favorite topic: Cultural change.

I had just finished with my offsite with my senior team in the newly formed Digital Applications organization (over 35 direct reports). I’m giving the head of HR my typical cordial hello….in this case a hug, talking about organizational changes which I was pondering for Q4 (the new business unit was being created through Q3 and I needed 3 months to get the “house in order”).

Mike approaches and he mimics the HR VP and me by putting his arms out. So why not, I turn and give Mike a hug as well, suddenly feeling awkward. If you have worked with Mike, you’ll appreciate it when I say, this was probably a first (at least publicly). In any case, Mike and I have a brief  exchange:

Mike: “We’re counting on you. You have a huge challenge on your hands.”

Me: “I know. I won’t let you down.”

Well, Mike wasn’t kidding. I had 7,000 challenges on my hands. That was the size of the team, and we needed to come together under a new suite of application services that aligned with our customer’s need to manage their portfolios holistically.  The main application platforms, of course, included legacy on IBM, SAP, Oracle, and Microsoft; as well as emerging next-gen enterprise SaaS applications using Workday, Salesforce, and ServiceNow. “All we needed to do” was “simply” rationalize every one of our customers’ application portfolios to determine what to replace, rebuild, refactor, rehost, revise, or retire.

Application portfolios varied in where they fell in their  life cycle and what platform they were deployed on, and it was definitely a challenge on how to rise above the technology and focus on the application rationalization. However, that wasn’t the real challenge in the business. The real challenge was that my business was predominantly time & material (“staff aug”) across over a 100 of the fortune 500 in the Americas. We were essentially in the business which I described as “Talent Solutions”.

This meant that our largest near-term opportunity was to improve our ability to recruit, onboard, and place talent into our existing accounts. But not just place “talent” but place the “best talent”. I figured that if I could grow the staff aug business by 5%, we could have the same business impact as growing the consulting business by 20%. As many in the business know, growing a headcount business by 5% differs quite a bit when compared to creating a differentiating C-suite consulting services and growing by 20%. And, in the end, the reality is that we needed to do both.

Fast forward to the end of Q3, we managed to get line of sight to as much as 12% growth in the core business (not counting customer terminations or, in general, one-timers). Everyone understands that customer happiness = protected base (e.g. no terminations, no completions without follow-on work, no price-downs, etc.). So, besides the typical operational hygiene improvements, we focused on the real jewel…the breakthrough opportunity.

If we inspired our workforce to embrace a culture of creativity, innovation, “glass-half full” thinking, we could, in term, inspire our customers. Our customers would begin thinking that the culture of CSC was becoming more aligned with their success. This meant moving from a position as a “vendor” to a position as a “strategic partner”. In some cases, this meant that we would have to “fire the customer” and get out of a “race to the bottom” offshore $/hr battle with Indian pure plays. This wouldn’t be easy, because it meant leaving revenue on the table (but it meant leaving low, if not unprofitable revenue on the table).

By the end of 3Q16, the Digital Applications team came together and took this from concept to reality….and customers began to notice, accounts began to see us differently. In fact, we began to see ourselves differently. If you’re curious, listen in on CSC’s report for the third quarter 2016, Tuesday February 9, or IDC’s point of view in “CSC 3Q FY16: Quarterly revenue down 10.2%, operating income margin down 60 basis points — Meet the new CSC…same as the old CSC?

Why Chapter 17?

So why leave CSC now? The momentum sounds positive, and the experiences great. Well, I come back to the culture. Remember when Mike said, “Our biggest challenge at CSC, moving forward, will be it’s culture.”? As I reflect on this for any company, CSC or otherwise, I can’t stop thinking about the difference between management and leadership…or managers and leaders. I digress only a little.

The main difference is that leaders have people follow them while managers have people who work for them. The manager’s job is to plan, organize and coordinate. The leader’s job is to inspire and motivate. In his 1989 book “On Becoming a Leader,” Warren Bennis composed a list of the differences:

  • The manager administers; the leader innovates.
  • The manager is a copy; the leader is an original.
  • The manager maintains; the leader develops.
  • The manager focuses on systems and structure; the leader focuses on people.
  • The manager relies on control; the leader inspires trust.
  • The manager has a short-range view; the leader has a long-range perspective.
  • The manager asks how and when; the leader asks what and why.
  • The manager has his or her eye always on the bottom line; the leader’s eye is on the horizon.
  • The manager imitates; the leader originates.
  • The manager accepts the status quo; the leader challenges it.
  • The manager is the classic good soldier; the leader is his or her own person.
  • The manager does things right; the leader does the right thing.

In short, I aspire to lead. Thus, it’s finally time. I’m off to Chapter 17, which will have much more leadership than management in it. The ride was great, but it’s time to get back to disruption and it’s time to thrive with leadership.

Make sense?

For those interested. Here is a recap of my “chapters”:

Posted in Leadership.

Tagged with , , , , , , , , , , , , , , , .

2015 Big Data Startups


The following were a few  Big Data companies that I was keeping an eye on starting back in January of 2015  (yeah, this is NOT a statistically significant sample)….some for “old times sake” because I new the founding team and was curious how things were progressing, some because I trust their venture capital partners, and some because they inspire me with an application of the technology that is meaningful (I’m tired of hearing about yet another “Big Data Platform”).


Founder(s): Christopher Nguyen, Mike Bui, Tony Do
Headquarters: Sunnyvale, CA
Type of business: Data Intelligence for All
Adatao is Big Data 2.0, enabling the convergence of business intelligence, data science and machine learning directly on top of big data. Adatao is leading the Big Data 2.0 charge by making it easy for business users, data scientists and engineers to collaborate on data analytics. Their vision is to deliver Data Intelligence for All.


Founder(s): Todd Papaioannou, Jonathan Gray, Nitin Motgi
Headquarters: Palo Alto, CA
Type of business: Big Data Application Development
Cask (originally called Continuuity) makes it easy for any Java developer to build, deploy, scale and manage Apache Hadoop and HBase applications in the cloud or on-premise. Continuuity Reactor, its flagship product, is the industry’s first scale-out application server and development suite for Hadoop. Continuuity Reactor empowers developers to focus their efforts on the development of the application by abstracting the complexity of Hadoop components and exposing the power of Big Data in a simple and intuitive way.
Founder(s): Prat Moghe
Headquarters: Waltham, MA
Type of business: Enterprise Big Data as a Service
Big data is too hard and too slow. Enterprises need big data on demand. Cazena was founded by former Netezza leaders with a mission to radically simplify and speed up access to big data, allowing much faster business outcomes at a fraction of the cost. Cazena is backed by Andreessen Horowitz and North Bridge Venture Partners.

ClearStory Data

Founder(s): Sharmila Mulligan, Vaibhav Nivargi
Headquarters: Menlo Park, CA
Type of business: Big Data Analytics
ClearStory Data’s solution is a new data-intelligent analysis solution that eases and speeds disparate data analysis enabling fast blending and convergence of data from internal and external data sources for holistic insights. It enables more disparate sources to be accessed, converged and analyzed without requiring deep IT skills, data experts or data manipulation. End-users visualize, interact, and collaborate on insights in real-time to speed data-driven decisions. ClearStory’s customers are G2000 companies that need fast-cycle, multi-source analysis to answer new business questions that span more sources of data.
Founder(s): Ion Stoica, Matei Zaharia
Headquarters: Berkeley, CA
Type of business: SaaS Data Platform
Databricks is building next-generation software for analyzing and extracting value from data. Databricks is led by a team of professors that has created the in-memory Apache Spark and Shark platforms for analyzing big data. Databricks is currently in stealth mode.


Founder(s): Wes McKinney, Chang Shellhammer
Headquarters: San Francisco, CA
Type of business: Visual Data Analytics
DataPad is building an agile, collaborative tool that helps you prepare, explore, analyze and share your data. By building on years of perceptual research studies, DataPad is engineering a visualization system that is best suited for human eyes to see and for the brain to understand. With DataPad, finding insights in your data is a breeze: our smart defaults and intelligent tools help you choose the right visualization for the job, every time. DataPad went from being in stealth mode to becoming a part of Cloudera.


Founder(s): Roman Stanek
Headquarters: San Francisco, CA
Type of business: Business Data Monetization
GoodData, the leader in end-to-end cloud analytics, enables more than 35,000 companies to store, combine, analyze and visualize data to quickly answer business-critical questions. GoodData’s mission is to help companies become all data enterprises: organizations that gain a competitive advantage by leveraging all data through advanced analytics. The GoodData Open Analytics Platform helps companies manage and analyze that data in one seamless, interactive environment and create breakthrough applications to empower their customers and users.


Founder(s): John Stockton, Ari Tuchman
Headquarters: Menlo Park, CA
Type of business: Big Data Customer Intent
Quantifind is a marketing insights platform that leverages predictive analytics models to extract insights from large sets of consumer conversations. Quantifind finds consumer language patterns that are meaningful in driving sales or other key performance indicators (KPI) for brands. The technology evaluates thousands of consumer language patterns and calculates which ones are most likely connected to movement in a given brand’s KPIs. The technology then determines which patterns can be used in a predictive model and performs cross-validation techniques to rule out spurious correlations. Quantifind’s Signum platform can help major consumer brands guide brand strategy decisions. Today, Quantifind’s clients use Signum across their organization spanning marketing, product, ops and company-wide strategy.


Founder(s): Suhail Doshi
Headquarters: San Francisco, CA
Type of business: Mobile & Web Analytics
Mixpanel’s mission is to help the world learn from its data. They’ve built the most advanced analytics platform for mobile and web, growing the number of actions they analyze to over six billion every single month. Mixpanel’s platform empowers individuals and businesses to explore their data instead of reading canned reports. Every day, some of the leading companies in gaming, e-commerce, social networking, and media are surprised by what they learn from Mixpanel and ultimately are in a better position to make strategic decisions.


Founder(s): Ben Werther
Headquarters: San Mateo, CA
Type of business: Big Data Analytics for All
Platfora is the #1 Big Data Analytics platform built natively on Hadoop and Spark. Platfora puts big data directly into the hands of business people through self-service analytics that help them uncover new opportunities that were once impossible or impractical across transaction, customer interaction and machine data. An interactive and visual full-stack platform delivered as subscription software in the cloud or on-premises, Platfora Big Data Analytics is creating data-driven competitive advantages in the areas of security, marketing, finance, operations and the Internet of Things for leading organizations such as Citi, Sears, AutoTrader, Disney,, Opower, Riot Games, Vivint and TUI Travel.


Founder(s): Mark Kaganovich, David Caplan
Headquarters: New York, NY
Type of business: Big Data for Bioformatics
SolveBio delivers the critical reference data used by hospitals and companies to run genomic applications. These applications use SolveBio’s data to predict the effects of slight DNA variants on a person’s health. SolveBio has designed a secure platform for the robust delivery of complex reference datasets. We make the data easy to access so that our customers can focus on building clinical grade molecular diagnostics applications, faster.


Founder(s): Jessica Richman, Zachary Apte
Headquarters: San Francisco, CA
Type of business: Big Data for the Microbiome

uBiome provides personal metagenomics (bioinformatics analysis) for the microbiome – the trillions of bacteria that compose much of your body. Unlike human DNA-based genomics, bacteria can be used as biosensors to monitor and change your health. uBiome is building a platform so that the public, clinicians, research foundations can ask and answer questions about the microbiome and helping us to build the world’s largest dataset of microbiome and metadata in the world which can then be used for diagnostics, therapeutics, and product development. uBiome is the first direct-to-consumer microbiome sequencing company, giving citizen scientists access to cutting edge sequencing technology, with thousands of users who have already purchased kits. They also help companies and institutions connect with research participants by working with the public to sequence their microbiomes.

Posted in Data.

Tagged with , , , , , , , , , , .

Toys and Big Data


“Dad, if my character dies in the game, would I die in the real world?”

What a beautifully naive question that my son, Trevor, asked me during a son-dad conversation about how games might change over the years.

Earlier last year, Mattel’s CEO, Bryan Stockton, was fired. After three years, it was clear that Mattel was continuing to be challenged with sales weakness, and lower gross margins, which drove down shareholder value.

As parents, we ALL know that it’s a very competitive toy aisle, and our kids are much different than we were at their age.

Mattel’s toys haven’t been “good enough” at a time when peers like Hasbro and Lego continue to report higher and higher sales. It’s not just Mattel. Nintendo, the one-time market leader video games brand best known for legendary characters like Super Mario, has been struggling to keep up with the times as mobile gaming explodes and “next-gen” consoles become cutting-edge.

So what’s happening to the toy market?

A New Toy Generation

I grew up as a child of the RPG generation (Role-Playing-Games), starting with my own “Ken and Barbie” equivalent with my Hasbro Stretch Armstrong. I then graduated to the Lego era (starting with my Grandma’s Legos from Berlin), to my favorite era of HotWheels, and then Mattel Tyco Toys slotcars (by the 1980s, Tyco dominated the electric slot car racing market as well as the radio control category. Mattel acquired them in 1997).

I had a wonderful childhood of imagination where I played the roles of many super heroes on many adventures. As parents, we forget how wonderful our “inner stories” and games were.

“Dad, I’m busy right now. I’m in the middle of a story.”

My son would stare out the car window telling himself a story….imagining himself in the middle of some wonderful scene…something he thought up as part of his own imaginary world. I love watching him and his brother, Devon, role playing battles, creative worlds, that they both dream up daily.

So why isn’t Ken and Barbie, MegaBloks (Mattel’s version of Legos), and their many other brands like BOOMco not fueling this new generation of creatives, like it did mine?

How Are Kids Engaging Today?

I’ve never graduated from being a kid. Some of my friends say that I’m just a kid in an adult body. I recall telling my high school friends that I couldn’t wait to have children, just so that I could play with their toys.

Clearly the answer to the Mattel dilemma varies a bit based on age. However, there is a common theme, starting even with the youngest children – It has to do with the fact that most of our world is becoming digital.

For decades, children’s “digital experience” was essentially limited to watching television or listening to music. Few parents complained about a child becoming addicted to listening to music, or being addicted to television. However, it has now been a growing concern among parents, and has now extended beyond TV.

Today, parents not only need to be vigilant about how much television their children watch, but the many other forms of media coming from the internet, smart phones, iPods, iPads, Wii games, and the like.

Kids today spend over 50 hours of “screen time” every week. In our family, “screens” include the TV, any computer device, and any phone. Kids will go to many extremes to get on a “screen”.

“Trevor…Devon, where are you?”

My wife will call my boy’s names to find out where they are in the house…only to find them tucked under the crawl space under their beds hiding behind their respective screens.

The media content they consume has a profound impact on their social, emotional, cognitive, and physical development.  Learning how to use media and technology wisely is an essential skill for life and learning in the 21st century. But parents, teachers, and policymakers struggle to keep up with the rapidly changing digital world in which our children live and learn.  Now more than ever, they need a trusted guide to help them navigate a world where change is the only constant.

RPGs Evolve to MMORPGs in the Digital Domain

Role playing with action figures has evolved into a suite of digital and virtual environments that provide massively multiplayer online role-playing game experiences. Why wouldn’t my kids want to move from playing with their lego figures to playing minecraft with a host of their friends? In fact, games like Wynncraft and Phyria are bringing digital games for kids to a whole new level. But this all scares me.

Do I want my kids to connect with their friends through a screen….or, rather, be outdoors with their favorite toys? In both cases, their creative natures are fueled. I’ve seen some very creative minecraft worlds constructed by both boys. But I’m torn. I think I’d prefer to see that same “world” constructed in legos in the backyard, hidden under a wood box with rocks on it. Wouldn’t you?

How do we combine offline and online experiences, providing a healthy balance?

 Toys + Gaming = IGTs (Interactive Gaming Toys)

According to the NPD Group, three out of four parents (77%) stated purchasing an IGT, a new generation of toys, was worth the investment compared to other types of toys or games that could have been purchased. Almost two-thirds of parents stated that they are extremely or very likely to purchase a new IGT game (65%) or a new character (67%) in the next six months. So what is an IGT?  Also known as “Toys to Life“, it’s an approach where our children’s toys become more real:

  • LEGO Dimensions: Lego Dimensions is an upcoming Lego action-adventure video game developed by Traveller’s Tales and published by Warner Bros. Interactive Entertainment, for the PlayStation 4, PlayStation 3, Wii U, Xbox One, and Xbox 360. LEGO has grown the dollar share of females in recent years. So, with LEGO Dimensions there is potential to shift the IGT consumer to be slightly more female.
  • Star Wars with Disney Star Wars 3.0: Disney Infinity 3.0 is an upcoming action-adventure sandbox video game published by Disney Interactive Studios and LucasArts for the Microsoft Windows, PlayStation 3, PlayStation 4, Wii U, Xbox 360 and Xbox One, and the third installment in the toys-to-life Disney Infinity series. Star Wars has cross-generational appeal, playing into the fact that IGTs target parents as well as children.
  • Amiibo: Much like Star Wars, Nintendo’s cast of characters has a cross-generational appeal to gamers. Many gamers grew up on Mario and Zelda, which has the potential to draw in a new, potentially older consumer into the IGT space.
  • Skylanders: Activision created this gaming segment, and each year they have innovated on the initial Skylanders concept. Ideas like Swap Force and Trap Team added new gameplay elements to the experience in recent years. Though details are scarce on a new Skylanders, I am looking forward to seeing what Activision has up their sleeves (likely to be revealed at E3 this year) and how it could also expand the market.

These are a combination of toys and digital games, combining the physical and digital worlds. It’s an interesting direction…one fueled by the interest of the next-generation child.

Toys & Big Data

CEOs of fortune 1000 companies all over the world invite my team into the board room to discuss how information (data) can help them truly become digital. Why? Because they know that data is at the center of their business. Data is at the core of a future suite of digital applications delivering new customer experiences.

This is all about “re-imagining” your business, by starting with the customer’s digital experience. In this case, it’s our children.

If you were Christopher Sinclair at Mattel, what would you be dreaming up for your children’s world of toys? Lets imagine a combined physical and virtual world that provides a completely new digital experience for our children. This is what Mattel’s senior team has begun.

In February this year, Mattel announced that it will offer “experience reel” cards that will offer exclusive content that will be available as a Google Cardboard application, specific for Mattel customers. This means that you can wear Mattel toy glasses and combine your physical and virtual worlds. You can enter into Barbie and Ken’s virtual world.

Imagine your children taking your home and painting it with colors they like, adding virtual furniture they prefer, hanging their own art on the walls, interacting with their favorite characters in various rooms.

Mattel also announced its partnership with San Francisco startup ToyTalk, which through a cloud-based app can enable your toys to have conversations. This supports the idea of conversational play. The doll uses speech recognition to record your kid’s conversations and store them in the cloud. The doll records any human speech it detects in an effort to intelligently respond. So, any human conversation within its hearing can be stored in the cloud and analyzed. On Christmas Day, Barbie could ask a child what they received from Santa. Or Ken could ask, “What do you want to be when you grow up?”

Digitally-enabled toys? Digitally-enabled play experiences? Combined physical and virtual worlds? MMORPGs? IGTs?

I’ve been involved with data and analytics infrastructure since I can remember….the early 1980′s. I’ve been trained on the nuances of how to collect, store, analyze, and operationalize data for a variety of use-cases for my entire career.

What I see, is an infinite number of opportunities to leverage data for a host of new educational, personalized, engaging toy applications. When you know what your child is thinking, interested in, worried about, toys can become a gateway for not only a personalized experience (e.g. when a toy responds back to your child, addressing them by their name), but the toy can listen to their worries and alert us parents about opportunities to assist in addressing our children’s fears, their curiosities, their thirst for knowledge.

Toy makers can use the same information to better classify children, constantly improving on their toy designs, their games, their educational curriculum.

“Dad, can we turn our house into legos?”

Imagine….a digital world where anything is possible:

  • Your family is in a rush to leave the house. Your toddler starts screaming because he can’t find his favorite stuffed animal. You pull out your iPhone and receive a signal that the animal is in the bathroom upstairs. You retrieve it in two minutes versus an hour long, blind search.
  • Imagine all Barbie dolls have iBeacons. If there is another doll in the area (with another girl), you could find her to see if she wanted to play. iBeacons could take ‘hide n go seek’ or tag to the next level.
  • Turn the real world into a secret virtual game. With all players outfitted with a Mattel toy iBeacon on them, you can play an impromptu game of freeze tag, meet the new flash mob game, etc.
  • You’re at Comi-con (a conference for comic fans), and your child would love to “run into” their favorite character. Pull up the event’s application and see a signal where that character is. When you’re nearby, tell you kid to close her eyes and make a wish to see if we can make the character appear. Within moments, the character comes around that corner and a wonderful memory was just made.
  • A child walks down street with connected baseball glove. As he or she walks by houses on his way to the park, other kids’ connected baseball gloves start to buzz. They look out the window, see a neighbor kid heading to the park, and go outside to play a pickup game. Technology brings back the “good old days” when kids actually played games in parks with other neighborhood kids.

These are just a few fun ideas from Jen Quinlan, who brainstormed a few ways that iBeacon technology could be applied with real-time analytics, contributing to a new digital world with new interactive digital applications.

Posted in Data, IoT.

Tagged with , , , , , , , , , , , , , , , , , .

Gerstner Secrets of Leadership

Lou_Gerstner_IBM_CEO_1995Lou Gerstner became president of American Express in 1985 at the age of 43. He dismissed the speculation that his success was the product of being a workaholic. Gerstner said, “I hear that, and I can’t accept that. A workaholic can’t take vacations, and I take four weeks a year.”

As I write this, I’m in Wyoming with the family enjoying Yellowstone and Jackson Hole thinking, “Can I somehow achieve the level of impact of Lou Gerstner with the right work-life balance?” What keeps people from having to cancel vacations, modifying schedules to take budget calls, or work while the family sleeps?

From 1998-2001, Mike Lawrie, CEO of CSC (where I work today), was General Manager for IBM’s business in Europe, the Middle East and Africa. Overlapping Mike’s tenure, Lou was chairman of the board and chief executive officer of IBM from April 1993 until 2002 when he retired as CEO in March and chairman in December. You can only guess that many of the tricks that Lou used to turn around IBM, were taught to many of his executives who were paying attention, like Mike. I share some of my perspective from what I’ve, in turn, learned….some of what I believe to be “Gerstner Secrets of Leadership”.

In general (again, if you are paying attention), I’m convinced that you can learn from several generations of the most advanced leaders.  I have enjoyed watching and participating in what I am now convinced is one of the most basic and yet most important components of leadership – a proper “management system“. Not sure why they don’t call it a “leadership system”….but here are some of my observations which I believe can be applied to any size enterprise.

The Wrong Management System

I first have to describe what I believe is a “typical” management system, run by “typical” leaders (or in many cases dysfunctional management systems by people who don’t lead, but simply manage).

There are many organizations which have been built based on the principal that a few people are “in the know”, while the rest of the organization is somewhat in the dark, waiting to be told what to do. In this situation, many do their job without having any appreciation or understanding of how their actions fit into the bigger picture.

The organization has no understanding of what the vision is, their exact role, and most importantly their ability to participate in being a part of the change. Those who know me, know that I prefer to lead with cultural change first, and my mantra of involving my staff in that change in an open and transparent way.

Many organizations are filled with people who manage by keeping information to themselves….thinking that either “knowledge is power” (so this is an intentional activity) or that “it’s none of your business” (somewhat less intentional). Why share what you are thinking or what you are doing with others when it’s not their job to know or, heaven forbid, have an opportunity to challenge your thinking?

Have you ever heard, “this is my responsibility, not yours….there are many other things you are not involved in – because your role is “xyz”. Let me handle this – ok.” or “There is no need to share this, that is part of the P&L that I run.”? I have heard these exact words from peers in the past. It’s a great example of the type of the behavior which is empowered within an organization that is run “hierarchically” versus one that is run “collaboratively”. I believe that this type of behaviour should and can be corrected with the right leadership…..starting with the right management system.

In many environments, a leader either intentionally or unintentionally is acting as the gateway for information. Leaders, by default, have more access to what is happening within the organization.

In a dysfunctional environment, dysfunctional leaders are a sponge for any/all information of how the business is being run…but it stops there. Information only flows in a single direction. These leaders are typically very hard to schedule time with, they are always traveling, visiting with other leaders within the business. Sound familiar?

When something important in the business happens, a member of the team will communicate it up to the leader. The leader may or may not pass on that information to others. In many cases, if they do, it’s to an “inner circle” of people in a small “clique”….those who have an immediate need for that information. Others find out through “the grapevine” later, if they are lucky. If there is no real forum for communication, a broadcast of and discussion about this information is challenging. Sound familiar?

Take a large IBM-type of organization where there are several lines of business (LOB), regions with geographic leadership, and industries with domain-specific leaders. This is a very typical matrix model for large and mature companies. So lets study a dysfunctional model a little more.


In this model, an LOB leader will take it upon themselves to engage with other LOB leaders, regional leaders, and industry leaders…depending on the need, and/or who has more political power and knowledge. These LOB leaders can speak very intelligently to their business, of course, and “manage up” very well. They educate themselves well on the aspects of the business, which they should. But it usually stops there.

In a dysfunctional organization, the rest of the organization is clueless, and is always trying to “read the minds” of their leadership, playing constant catchup. Some succeed in this type of organization by becoming part of the “inner circle” or being aggressive in their attempts to align. Efficiency is low and execution marginal. Direct reports get frustrated, many leave, and those who remain are heard saying, “I haven’t had a chance to meet about the quarterly objectives. I don’t know where he/she is…I think they are traveling to Italy, Switzerland, and then Turkey.” Sound familiar?

Don’t get me wrong. Getting out of the office and engaging the organization is good. Meeting with others in the organization and/or customers is absolutely necessary. In fact, if you’re not spending at least a third if not half of your time in front of customers, partners, industry, you’re much too “internally focused”. We use the phrases “outside in” and “inside out”.

As a leader; however, before you leave home, you have to make sure you take care of business at home first, providing your staff with the proper framework to promote communication, transparency….and in a way that creates the most high-performing team, and builds trust. A high-performing team trusts each other the same way a Navy SEAL team might trust each other when going into battle. When your team has the fundamentals in place, THEN go on your roadshows. But not until you have the right management system in place FIRST. This is where most leadership falls on its face…no matter how big or small the organization is.

Have you ever been in the position where you have new boss (a CEO in a small company, or a VP/EVP in a larger company) who spends their first nine months on the job doing an organizational assessment, devising a strategy, and then beginning the execution of their strategy….all with no formal one-to-one meetings, only a few senior team meetings where each direct report had 10 minutes to share status, a couple all-hands meetings, and maybe an annual offsite planning meeting with only two-thirds of the team? If you are reading this and saying to yourself, “So, what’s wrong with that? Seems typical to me.” You are in a great position to learn from Lou Gerstner, Mike Lawrie, Jack Shemer and the like.

The Right Management System

In my humble opinion, the Gerstner-type of organization has a management system which doesn’t allow this type of behavior to persist. So what would a high-performing, “next-gen” management system look like?


Here’s an analogy. Imagine an organization where the leader is a conductor of an orchestra. Imagine the orchestra where each musician is playing an instrument, but couldn’t hear each other…or intermittently heard each other….and they all couldn’t see the conductor from where they were sitting. The conductor might move into a line of sight to give them a quick bit of direction and then disappear. How might that sound?

Members of a high-performing team must be able to hear each other, and get regular direction from their leaders. Strong leaders enable communication and transparency and provide a system that forces collaboration between members of the team and collaboration with others outside their line of business.

In such an environment, knowledge transfer is key…NOT knowledge hoarding. Discussion and challenging each other openly and frequently is required, not forced communication through email or ad-hoc phone calls. A strong communication pattern allows the team to hold each other accountable to each other’s success, not a focus on themselves and “my P&L”.

When information enters into this system, especially important and timely information, that information travels extremely fast. Ask any member of the team and they are ALL in “the know”, not just one or some minor set of individuals. This team is high-performing and can address critical, time-sensitive issues fast. The level of trust is high, because there are no secrets. And equally as important, the team feels like they are a part of the change, impact, and a team itself. This builds a healthy culture.

When leaders don’t have a strong management system, the staff becomes dysfunctional at best.

Typical Excuses From Poor Leadership

You might have heard, “Why do we need 1to1s for our team? We have well-experienced executives and they can reach out to me when they need to discuss something important. Everyone has my cell phone and knows I’m available day, night, weekday, or weekend.”

Or maybe you’ve heard, “We can’t afford to have the senior team come together so often. Time is money. You should know what you have to focus on, and if you don’t, come and talk to me.”

“We can’t afford to have the global team together each quarter for business review and planning. We’ll do this once a year for budgeting, and can find time together during other events over the year.”

So what is the right time commitment and meeting cadence? What type of management system is appropriate? Personally, everyone who has worked directly with me over the past 15 years, has heard me say, I only need 5% of your time as a team on average. I have a very specific management system for CEO’s of startups (a role I’ve had many times, for many years).

Senior leaders of larger organizations; however, are expected to spend 20% and maybe up to 30% of their time internally focused. It becomes even more important that people have access to you, and to each other as a senior team.

From my experience, in a large IBM-like organization, I will spend 20-25% of my time in meetings which I can book a year in advance. Yes, A YEAR IN ADVANCE. That doesn’t mean that you set times in your calendar which never change (although a strong CEO will never reschedule), but you at least know what kinds of meetings and their cadence which you generally want to keep consistent (so others can plan their customer visits, vacations, etc. accordingly, and not have to cancel, rearrange, or augment).

Successful leadership starts with understanding this, and establishing the right meeting mix and cadence that drives communication and transparency.

An Example Management System

When I took over a business unit of a modest size on a Thursday, we were working as a team on our management system the following Tuesday. Why? Because I knew, without the proper structure in place, I would immediately become part of the problem….especially in a fast-moving, fast-changing organization. I knew that establishing the right amount of connective tissue among the team was the biggest gift that I could give them.

Lets study the example of an EVP that runs a Line of Business (LOB) of several thousand people with several component businesses, many geographic regions (a global company), with offerings which address multiple industries. As an EVP, you report to the CEO and are part of a larger “CEO office” with other EVPs. So how would one balance their time across their own LOB, other LOBs, regional leadership, industry leadership, and the CEO?

Screen Shot 2015-02-20 at 7.43.11 AM

I believe you need to target 25% of your time on creating a meeting structure that involves the “internal team”, leaving another 75% for customers, partners, industry, your own creative/strategic time and, of course, overhead (things like eating, traveling, preparing for meetings, email). So, with several thousand people under your leadership, your LOB team of 16 executives (Operations, CTO, Strategy, Sales, Marketing, HR, Regional GMs x5, Practice GMs x4, Offerings), here’s how my management system looks after tweaking things a bit:

  • Management Meeting Time: 24%
  • Customer Visit Time: 33%
  • Industry / Partner: 15%
  • Strategic/Self Dev: 10%
  • Other (Travel, OH): 18%

In this example, you have four categories of “management system” time:

  • Your own LOB Senior Leadership Team
  • Regions
  • Industries
  • CEO Senior Leadership Team

Here’s a deeper view into a proposed management system for those interested.

LOB Component of Your Management System

Your internal LOB meeting structure might look like (this is own your senior team):

  • EVP & Senior Team 1to1s: 30 minute, monthly calls with your direct reports.
  • Practice & Regional LOB 1to1s: 30 minute, biweekly calls between your practice and regional GMs (you force this to happen)
  • LOB Team Mtg – Issue Resolution: 60 minute, weekly issue resolution meeting with entire senior team
  • Daily Ad-Hoc Issue Resolution: 15 minute, daily standup dial-in calls (3x, not including Mondays or your team meeting days)
  • All-Hands: Monthly all-LOB-hands 60 minute update call
  • Quarterly Business Review / Strategy: 1Q – 3Q, 3-day offsite
  • Annual Strategy / Budgeting: 4Q, 3-day offsite

Believe it or not, this is 10% of your time! Imagine how your staff would feel, if you created this level of connection/communication and at the expense of only 10% of your total time budget! Most people agree with this, EXCEPT, the daily standups (more on that later).

Regional Component of Your Management System

Lets use the example of a US-based company where the “regions” are outside of the “Americas”, and include Central & Eastern Europe, South & West Europe, UK & Ireland, ANZ, AMEA, and India (7 regions all together). Here is a proposed meeting structure:

  • LOB & Regional EVP/VP Leadership 1to1s: Interlocks with regional peers spending 30 min per month per region (not incl f2f)
  • LOB Regional Staff & Regional Leadership 1to1s: Your own regional GMs and their local regional leadership (EVP/VP) meet 30min biweekly (you encourage this to happen)
  • Regional Staff 1to1s: Your own regional GMs and their immediate staff 30min biweekly (you encourage this)
  • Regional Team Mtg – Issue Resolution: Regional GMs operate an issue-centric meeting like yours, 1 hr weekly (you encourage this)
  • Quarterly Business Review / Strategy: Regions have their own QBRs (with in-region leadership)
  • Annual Strategy / Budgeting: Regional-specific involving your staff
  • All-Hands: Regional-specific involving your staff

In this case, you (the EVP) will not participate in all of the above. However, you’ll make sure these meetings are established. For example, if you have 1to1s with your regional GMs, but they do not have 1to1s with their local leadership, then you’re failing. It’s YOUR job to make sure the overall management system is in place.

For the EVP, this takes up 1.5% of your overall budget, not including actual face-to-face (f2f) visits to the region. However, when you take trips abroad for weeks at a time, I include this management meeting time as part of the 1to1s, customer visits, strategy, etc. You may plan to spend one week in a any given region, two regions per quarter as part of your “roadshow” calendar. However, those always involve a much broader agenda, and should not compromise the above for both you AND your team.

Industry Component of Your Management System

Engagement with industries might involve:

  • LOB & Industry EVP/VP Leadership Meetings: You will want 1to1s minimally each quarter with each of your industry leaders for an hour (review your quarterly business plan highlights with them…and I don’t just mean TCV, Revenue, and OI)
  • LOB & Industry Senior Teams: This is a 1/2-day as a part of the LOB QBR where you engage an industry leadership team and work them into business planning.
  • Quarterly Business Review / Strategy: These are the QBRs that the Industries hold themselves (you may join)
  • Annual Strategy / Budgeting: These are held by Industry leaders (who may ask you to join)

So, your Industry organizations will have their own QBRs and Annual budget planning meetings. What you want, is to steal a part of their time for your team to engage with the industries in a coordinated way. If you have 6 industries, how do you make sure that your organization touches ALL of them in a thoughtful way (ideally, you don’t want uncoordinated / random engagement with others)? I, personally, like to make sure that my team touches 2 industries per quarter as part of my QBR. Therefore, I invite last least one Industry group (or up to two) to my QBRs. That means that a 3-day QBR agenda would have 2 days of LOB/Practice+Regional content, and 1 day of Industry content. Novel huh? Forced cadence for the organization as whole. Most “leaders” don’t get this. They just leave it up to their senior team to engage the organization randomly (why not, they are well paid executives…who should be able to figure this out, right?).

For the EVP, this equates to a little over 2% of your time budget.

CEO-Office Component of Your Management System

For the EVP, plan on another 9%+ of your time budget meeting with the CEO. Meetings might involve:

  • Operational Review: Going over the LOB P&L metrics
  • Decision Committee: Proposing and agreeing on core changes needed across the organization
  • Investment Review: Where you make your R&D investments
  • Key Client Review: Agreeing on the proposed contracts for large deals
  • Sales/Delivery Excellence: How to improve winning and delivering
  • Deal Committee: M&A opportunities
  • Alliance Review: Partnership traction/strategy
  • HR Steering: Cultural/talent change
  • Financial Review: Managing costs
  • CEO & EVP/VP 1to1s: Real-issue discussions

You many not be involved in all of these meetings, but in a healthy organization, the cadence is strong. In a high-performing organization, the cadence is not only strong, but the dialog is hard..meaning that the CEO teases out the real issues from the team, and doesn’t just spend time talking, or asking their staff to provide status.

Your 1to1s can be the most important

As one example, lets dive into the mechanics of 1to1 meetings. First of all, this includes EVERYONE. I don’t place any less or more value on the role around the table. That means that HR and Marketing are at the table. In a dysfunctional organization, many of the “shared” functions are left out of the “strategic” meetings.

Therefore, in my example this includes Operations, CTO/RD&D, Strategy, Sales, Marketing, HR, Regional execs, Practice leads, and Offerings. In my example, this consists of 16 people and, to some, might seem unmanageable. This is a huge time commitment for just 30min every two weeks. You might hear yourself asking, “Why can’t I do this in an ad-hoc basis”?

This meeting creates the connection between you and your team in a way that is hard to value at first. I argue, that this can NOT be replaced with ad-hoc meetings over lunch, in the bathroom, in the hallway. No, this is a meeting where you talk about the topics that are important to your members, individually…and it can range quite a bit, meeting to meeting.  Topics may include:

  • Performance Rating / Comp (are you feeling valued?)
  • Objectives for the Quarter (obstacles to accomplishing?)
  • Career Goals (how to develop / invest in yourself?)
  • Peer issues (problems with others in the org?)
  • Company blocker / issues (things in general I can help change?)
  • How can I improve?
  • Tactical Items (hot topics?)

I keep copious notes on my 1to1s that I refer back to each time I have a meeting. It’s like having our own personal “psych session”. Sometimes for me, sometimes for the team, sometimes for both of us. I also make any/all conversation fall into the “cone of silence” where it never goes beyond us, unless told otherwise. These occur biweekly to once per month, depending on the size of the organization.

“Real Issue” Team Meetings

Another “pet peeve”….how to orchestrate your own team meetings. Do you simply go over quarterly status week to week? Do you ask each of your team members to spend 10 minutes, and simply provide them the “microphone” in a “stand-up” kind of way? I think this meeting time is one of the most challenging…because to get your team to “open up” with what is bothering them….what are the key obstacles in their way, is the difference between “management” and “leadership”. Read the five dysfunctions of a team, and get back to me.

Here is how I like to run my weekly senior team meetings (I call them “roundtables”).


  1. Good news check-in / Larger announcements or news
  2. Anything holding us back on our quarterly objectives?
  3. Discussion around “Real Issues”
  4. Documenting critical action items

If time permits:

  • Top priorities for next week
  • Customer and employee hassles not already covered
  • Discussion around overall quarterly status
  • Key events coming up

But the key here….is focusing the majority of the time on “Real Issues”. I, to date, have NOT seen executives focus on this…so I have to explain this a little to make a case for this meeting style.

Definition of a “Real-Issue”:

  • A topic that would make your stomach linings churn, if brought up as a team
  • Something that you are uncomfortable talking about (especially as a team)
  • Event(s) which are affecting your staff and/or organization negatively

Why do executive meeting needs to address “real-issues”?

  • Teams (companies) fail based on process (team dynamics) not content (what is actually being talked about)
  • Every team “hits a wall”. Great teams work through the “real issues”.
  • Every “real issue” that has the potential of “blowing the team apart” is exactly what makes it stronger.
  • Reality always wins. It’s our job to get in touch with it.
  • There are no secrets in teams, just dysfunctional dynamics thinking so.

Getting your team to share the “real issues” takes time, because it requires them to trust you and each other. This is a topic in of itself.

What do you think? What tricks have you learned and applied to establishing your management system?

A great reference from one of my past executive team members: Roger Neirenbereg at TEDx on “The Music Paradigm”. This is AN ABSOLUTE MUST WATCH.


Posted in Leadership.

Tagged with , , , , , , , , , , , .