You don’t know it all (and neither do I)!

As I approach the big four-oh and nearly twenty years in IT, I’m starting to get a taste of what wisdom brings to your perspective and hot damn, it is awesome.

In my business (see: IT consulting) you are forever proving yourself to your clients. You are sometimes seen as some know-it-all faux engineer strolling in to turn over rocks and look for jobs to eliminate. And sometimes, you turn over a rock and bam – there is someone underneath that rock looking to poke you in your dollar sign eyes with a stick.

Why? Because they hate you.

Not really, but in any form of advisory you are going to deal with that difficult person in that organization. In fact, it’s very likely they will have proximity to the thing you have been hired to build, fix or evaluate.

But this isn’t about the hardships of your IT consultant (oh, boo-hoo!)… this is about guarding technology culture and organizations against an infection that will limit the potential of what is typically a large group of very, very smart people.

A healthy host can innovate, a sick one is too busy fighting the infection.

So what do you look for?


> look for a perpetually grumpy ‘network administrator’ of 15+ years

> listen for someone using snark as standard verbal currency

> wait for them to tell everyone they are the smartest person in the room / team / company (they will)

Why they are really important!

Like it or not, they probably hold sway in that IT organization, possibly up to and including your CIO or other key leaders (but sometimes it’s Stockholm syndrome all over the datacenter… hardly anybody in a suit understands the witchcraft going on in there).

If you think you are that person in your organization…

You know that ‘slap a coworker day’ meme that says if you don’t know who that person is, stay home? Did you have to think really hard about who that person was and came up empty? There you go… you’re the troll.

Fear not though, friends. There is still time to pivot.

The best way forward is radical candor, backed up with collaboration and a principle that is probably new to you:

You don’t have to share all your rules

What’s the point?

I think it’s really hard for smart people to let go of the guiding principles and frameworks that make them good at what they do. But ultimately, you either figure out how to plan for the group win or you go away.

IT used to be a loose-knitted cabal of highly skilled individual contributors. That worked when you had a thing that you controlled. But you don’t control anything in today’s world of I-want-it-now-and-I-want-it-my-way end users.

The only way IT survives in the business is by forming a special operators group that integrates disciplines, links silos and focuses very limited (and increasingly so!) resources on a specific set of problems that matter to the business.

So, what does the status quo look like?

If you are following my blog, you know I focus on systems management. If you’re new to my world, check this out for a primer.


When it comes to managing infrastructure, deploying content and enabling productivity – there is a right way, and then there’s everyone else. I’m not making the argument that this is a simple binary equation (e.g. either you are optimized or you are not). What I’m going to lay out in this piece are the signatures of an incomplete or immature strategy. It’s not meant to insult anyone, rather I have found in my hundreds of exposures to enterprise IT organizations that there are some key indicators upon which we can rely. Maybe as starting points, or in some cases, switches we can ‘flip’ to radically increase productivity.

Let’s take a look:

Indicator #1: Upgrade Hamster Wheel

So, something doesn’t work and the team thinks we need to upgrade to get it? Or maybe the vendor said “that feature is in our next release.” None of this is new to IT, but what you might be missing is how your internal maturity can affect this decision tree. That is, if you have a decision tree (zing!). 

More often than not, you are upgrading because you think you need a new feature or capability. Let’s back up the software truck a minute though, and consider how we got here.

IT Director says “Godfather (probably the CIO) wants Windows 10 on his desktop. When will it be ready?”

IT Admin says “Well, if I drop everything I can have an image ready by next month. But…”

IT Director says “Great! I’ll go tell him now (so I can look like I get things done)!”

IT Admin /logs off mentally

How many times have you seen this interaction in your IT organization? How many times has it happened to you?

There are sooooooooo many shiny things out there. Even this guy (points thumbs backwards) is known as Shadow IT ™ around the ITS offices. What can YOU do differently?

It’s pretty simple, but it’s not something the IT Admin or IT Pro can do (without some risk to themselves). Better decision making, and higher maturity, begins with the CIO. And that CIO should be embedding a process-driven decision tree framework in their directors and managers. I’m not going to give away all the secrets here, but let’s look at how that conversation goes in a higher-maturity shop:

IT Director says “Godfather (probably the CIO) wants Windows 10 on his desktop. When will it be ready?”

IT Admin says “Excellent, I’m also excited about Windows 10 and what it can do for our business. I have been thinking a lot about how we can streamline our patch compliance ops with Windows Updates for Business and that will be a key part of our Windows deployment strategy. Who can we leverage internally to build the business case? I’m happy to lead this effort and why don’t we aim for a presentation to the CIO in 30 days?”

IT Director says “Uh, yeah. That sounds good. I’ll set up the meeting (so I look competent at least) for you to present your findings.”

IT Admin /sips coffee, enjoys living in a world where decisions are not made outside of business processes and feels internal joy

You’re right though – it’s not that simple.

However, I will argue there are a few things that must be in place to ensure a better outcome. You may not think these are relevant to systems management, but they are.

Behold, thy truths:

  1. There are defined release and support cycles for operating systems
  2. There is a rapid-response protocol for new device form factors and use cases
  3. There is a cross-functional IT architecture team that drives all decision making for new releases
  4. Your business unit has an approved financial model in which you can evaluate the business benefits of any change or new release

Indicator #2: You always need consulting

I have been a consultant, and now I help manage an IT consultancy. Might seem crazy that I suggest this is a problem… let me explain why!

My view has always been that you shouldn’t bring a consultant in because you don’t know how to do something. You bring in outside expertise to get the benefits of their field experience and help accelerate your project. It’s about wisdom, not skill. We are all smart people… and frankly why would you pay someone else to push the Next button?

Anyways, where we see this problem become business-impacting is when your operations or project offices default to consulting for any change or incident. This is a leading indicator that your team is either under-staffed (meaning they don’t have time, and need outside augmentation) or unsure of how to proceed (there is a process problem).

The real point here is you should have a set process that includes a step to consider outside consulting. The process should not start with nor rely upon outside resources.

Indicator #3: FTE’s go up, but productivity does not

If you are an IT manager or director, you probably have a handful of key people that get things done for you. When a new solution is brought in, or IT expands operations, it is natural to take on additional staff to manage the new workloads.

There are a couple different ways to measure your productivity here: inside the IT team, and within the end user community. Let’s dive in:

IT Pros

Teams should have a defined set of responsibilities, and those should be matched against the available time and broken down by service or product owners. You cannot improve what you don’t measure, and if you’re not measuring you are stuck.

End Users

The ultimate metric for most systems management teams is the relative happiness of their end users. These are the folks that need apps & data to be productive. If you’re not giving them what they want, they way they expect and without compromises – you are probably losing traction with the community that can provide the most leverage for budget allocation – or worst case, your right to exist in the larger organization.

Give people what they want, or they will find someone else who will.

Indicator #4: Process questions are answered with vendor terminology

Finally, this one is a red light and air raid siren for most CIO’s. If you ask your team how something will get done, and the answer is specific to one vendor or product – you’re starting from the wrong place.

Systems and processes need to be born from hard wrenching the chanlleges to your business, not the tools or suppliers that help you deliver the necessary outcomes.

When you break it down to the most basic level, you need to define your why, which will lead you to developing the how. This all needs to happen before you start talking to vendors about how their offerings can help you deliver that.

The status quo isn’t working

Warning: Bold claims within!

OK, let me give you some background first.

If you read my post about what you don’t know about systems management might kill you, you know I’ve been very focused on systems management for quite some time. Having seen several generations of tools and processes, I wanted to share some best practices.

Whether you are evaluating, deploying, optimizing or scanning your logs in a desperate attempt at remediation you are probably seeing at least one of these conditions:

Architecture health is < 100%

If the platform is not healthy, your site infrastructure won’t be either. If your sites are not healthy, you can’t manage end points. If you can’t manage end points, you can’t do anything.

You have more > 1 deployment process

When I see more than a single hardware-independent deployment or provisioning process, I think of the good ol’ XP and Vista days. When I think about Windows Vista, I get angry. You don’t want to make me angry – and you don’t want to update more than one disk image or task sequence.

Are you leveraging offline servicing to keep your disk images up-to-date?

Patch compliance is < 98%

You simply cannot afford anything less. Sure, the number is arbitrary. But the process know-how to get to a high performance metric and back it up with analytics will help drive your protection and threat mitigation strategy to a high maturity. That’s what you want, by the way 🙂

It takes more than 5 minutes to produce actionable asset intelligence

Do you get drop-by’s from Really Important People who want to know “how many copies of Adobe Acrobat Pro are installed, which version and are they being used?” Do you panic at the invisible complexity no one else sees and doesn’t think about. If you can’t produce results on demand, there’s something out of best practice.

If you’d like more information about how we approach systems management at ITS, you can grab a copy of our newest insights whitepaper at the company website. If you’d like to learn more about the new ConfigMgr-as-a-Service offering from my team please let us know here.

What you don’t know about systems management may kill you

I have seen a lot of endpoint trends come and go over my fifteen-plus years in enterprise technology. From the very first ‘mobile’ devices from Palm and HP (iPaq… the first iDevice!) to VDI and now the wave of constantly iterating MDM and mobile security platforms…

I ask myself, what’s a thoughtful CIO to do here?

In the interest of clarity, I should say that I have really only worked with two technologies throughout my IT career: Symantec’s Altiris technology and Microsoft System Center (the artist formerly known as Systems Management Server). There have been a few other brief flirtations (JAMF Casper, LANDesk, etc) but for the purposes of this article assume the commentary is relevant to what I know best.

Now, back to the question I posed. If you are leading a technology organization, or even running a growing business…do you know:

  • All of the form factors in the hands of your end users?
  • The number of solutions deployed to manage those devices?
  • Your patch compliance across the entire ecosystem?
  • What to do in case of emergency?

My experience tells me that you probably don’t know the answer to any of those questions, let alone all of them. The good news is there’s probably someone that can identify the gaps and assess your risk (hint: it’s me, or another grizzled veteran of the Windows Vista wars).

But before you invest any time in the answers… let me give you a few hard truths:

  1. It’s impossible to manage risk without asset intelligence
  2. There are too many complex tools doing too many things
  3. You cannot secure devices you can’t manage
  4. Operational maturity is measured by how your team reacts to an advanced/persistent threat

With respect to asset intelligence, this is not an argument that your ITAM program is broken (but if you think it is, go look at this). The simple fact is you must know who is using whatwhere they are and if they are using those tools for approved purposes. This is the difference between merely having information and having intelligence.

I am also willing to bet that you have separate MDM, MAM and endpoint management tools. This used to be a necessity, but with the rise of the hybrid architecture (watch out for the Azure Shark!) we can stitch the right tool with the right team to accomplish your systems management mission.

Do you have a single systems management platform?

Finally, when the fudge hits the ceiling fan you’ll find out whether you have asset intelligence that is actionable, enabling you to touch those devices and support your remediation mission. If you are a CISO/CSO reading this and want to have some fun – go ask your desktop guys for a live dashboard showing the manufacturer, model and operating system of every device with access to company IP. Keep in mind that is only a surface-level reading of your exposure.

Did they run away, or just pass out?

Windows 10 is going to change your business, and there’s nothing you can do to stop it

In your organization, you have quite a few people who were born digitalWhat Microsoft has figured out, that you may not have (yet)… is that these folks have an expectation that they can work anywhere they want.

The fact that you need to embrace a mobile-first workforce is not new, and even I am cringing at using some played-out buzzwords. So what do you need to know – that you don’t already?

Windows 10 is going to fundamentally change the way you do business, and there’s little you can do to resist that change.

Let’s break it down, based on what we know today:

  • Cortana in Windows 10 means you can talk to your “work” device like you talk to your iPhone with Siri (or your Android with Google Now, or your WinPhone with… Cortana!)
  • Windows Hello means your digital natives are going to expect that their computer greets them, much in the way their phone gives them data on a lock screen – and they’re not going to tolerate complex login processes or gasp! – having to VPN in first. (Seriously, do you want to hire and retain the best?)
  • OneNote, combined with Office 365 and a Surface Pro or iPad Pro is the magical triangle of productivity. Sure, you can use Office apps on many devices but that will involve some compromises. I can see at least 3 Surface Pro 3’s in this Starbucks where I am writing right now.

Now, maybe you are a stodgy last-generation CIO and you don’t believe all of this hooey about digital natives and how they are gonna tell you how to do your job…

My point is that you better figure this out if you want to keep your job and move your organization from a cost center to something that generates real and measurable business value.

Here’s what you need to do today. Right now, in fact.

  1. Set a top-down adoption strategy to move your organization from Windows 7 (or Windows XP?!) to Windows 10, built on a consistent and repeatable process for in-place migration.
  2. Determine how you will build a comprehensive thought on systems management, that no longer makes distinction between a “mobile” device and an endpoint. Manage them all, in one place.
  3. Stop worrying about how to protect it or manage it. Find a way to make people productive.

Questions? Hit me up on Twitter!