1.

Welcome to Digital Transformation and Cybersecurity for

Business Leaders
https://www.youtube.com/watch?v=5puK1vAVaA4
Lead Your Team Into and In the Unknown
You're here because you understand that digital transformation is something that you must do. But
do you know how to make digital transformation happen? You might be surprised to learn that the
first step in digital transformation is shifting your mindset to understand, see, and believe in the
power and the necessity of transforming. Many digital transformation efforts fail because the
people who are engaged in them don't truly believe in what they're doing and when they don't truly
believe in what they're doing,
they're unable to lead their teams into and in the unknown. Hi, I'm Pascal Finette.
I'm the Co-founder of be radical. At be radical, we help leaders and their organizations see the
future, develop a different view of the future and then implement a path to their preferred future
and the future is definitely digital. Digital transformation doesn't mean that everybody needs to be
a programmer, but it does mean that everybody is fluent in using digital tools. I would guess that
pretty much everyone in your organization is already digitally fluent in many ways. Everyone has a
smartphone, is using apps like email, social media and Google Maps. The challenge for
organizations like yours is bridging the gap between what your people are already doing outside of
work and bringing it into your culture, your processes, and your products. It requires being aware of
the tools and technologies that are available and finding smart ways to use these new
technologies to better serve your customers. Your role as a leader is to paint a compelling picture,
a vision of a better future where I, as a follower can see what and how my contribution does drive
us to that better future. In practical terms, you need to get the right people and processes in place
to determine where you need to go and how to get there. As you move along in your
transformation journey, you need to make sure that your organization stays on course through this
journey into the unknown. Even as you encounter obstacles and gain new understandings that
alter your path, you will need to lead into and in the unknown. In my experience, when
transformations fail, it is often due to fear of this new and unknown reality. This is a very human
reaction,
it's very natural for us to be fearful. Our amygdala, the oldest part of our brain is screaming at us,
fight or flight but it is imperative for us to master our fear because we're living in a world of high
uncertainty. I guarantee you that the world will only get more uncertain and lead you to more
unknowns. Quite frankly, the only fear you should have is the fear of not doing anything because
not transforming guarantees that you and your organization will be left behind. Transformation
reminds me of my other life as a rock climber. When I climb a rock or a mountain and look at the
summit of the mountain from afar it looks insurmountable. I see steep, vertical cliffs, and
overhangs and I think, oh my gosh, there's absolutely no way I can get to the top of that mountain.
But of course this away because it really is just a series of steps. You climb the length of a rope,
you stop and you reassemble. You take what you learned about the rock in this particular climb
and then you set up and climb the next length of a rope. You repeat this over and over again until
you reach the top of the mountain. That's what digital transformation is like. You see your North-
star, your summit from afar, and it might feel absolutely insurmountable. Implementing that AI
system impossible. What do I know about AI? But once you get going, you realize it's just a series
of well calculated steps and feedback loops where you learn about what you're doing and
incorporate this into your very next move. Like in rock-climbing, where you feel the texture of the
rock, you learn how to move up the mountain and where to anchor your rope. Eventually you find
yourself on top of that summit. Let me tell you as a rock climber, that truly is the best feeling ever.
So let's get started. The first step in digital transformation is shifting your mindset to understand,
see, and belief in the power of the necessity of transforming,
you need to truly believe in what you're doing to lead your team into and in the unknown.

The Future is Digital. Are You Ready to Lead Your Team There?
Digital transformation is about leveraging opportunities. Successful organizations need to:

• Understand the new tools and technologies that are available

• Find smart ways to use these new tools technologies to better serve their customers
Your role as a leader is to paint a compelling picture that drives your organization to that better
future. You need to lead your team into and in the unknown by:

• Getting the right people and processes in place

• Keeping your organization focused on your goals as you encounter obstacles
• Altering your path as you gain understanding
A successful transformation journey is just a series of well-calculated steps and feedback loops.

Let's get started!

The first step in digital transformation is shifting your mindset
to understand, see, and believe in the power and the necessity
of transforming.
Pascal Finette, Co-founder, be radical. Group LLC
Successful Learners Set Goals
Knowing where you want to end up helps you head in the right direction. Think about why you are
taking this program and where you want to be when you have completed it.
Setting Your Goals
What would you like to get out of this program? List two or three goals.

Your reflection
My 1st goal is have more information to increase my knowledge about digital
transformation and setup it in my work 2nd goal to bring new knowledge to team and let
theme develop theme self
Things to think about
Great work! Now that you know where you want to go, let's get started on the journey.
 2. Transformation Basics
https://www.youtube.com/watch?v=dUqnvWPpi1U

Are you ready to lead into and in the unknown?

As you engage in digital transformation, you will be leading your team into and in the unknown.
You'll be asking your team members to think and do things differently. To understand and believe
in the power and the necessity of transforming. As a business leader, you will need to be at the
forefront of this mindset shift. This might not be easy, and here's why. People don't like
uncertainty. As humans, we hate it.
We actively seek to minimize uncertainty, and this becomes ever more a problem as we live in a
world where uncertainty has been increasing over the past few decades and this is likely to
continue. The bigger problem is that when we minimize uncertainty, we miss opportunities. We
focus on what we know and avoid or ignore what we don't know. That limits our vision of what
could be. When you have a digital mindset, uncertainty becomes a door into an exciting future.
You're able to entertain and explore possibilities and uncover new and better ways of thinking and
doing. You're able to lead into and in the unknown. Let me tell you a story. A computer hacker
bought a digital home pregnancy test. These are single-use devices that cost about three dollars a
piece. The hacker was curious about what was inside of it and took it apart. What they found in this
device is a chip that costs less than one dollar. They analyzed this chip and discovered that this
dollar chip has the same compute power as the original IBM PC. Think about it. We live in a world
where a device that is cheap enough to be disposable is as powerful as the device that Bill Gates
built his whole empire on. We live in a world where computing power is essentially free. Here's
another story. Li Jiaqi is a salesman in China who is known as the Lipstick Brother, because he's
basically a guy who's selling lipsticks. During a live streaming event, he attracted more than 250
million views and sold two billion dollars worth of cosmetics in one single day.That's billion with a
capital B. We live in a world where we can both find and connect with not just a dozen, but
thousands and even millions of customers who might be interested in our product. What does this
mean for how your business operates and creates value? Are you ready for the unknowns in the
digital world? Can you lead your team into and in the unknown? As we go through this lesson,
you'll get a head start on shifting to a digital mindset, so you and your team can start transforming
your business.
How Do You Make Transformation Happen? Shift Your Mindset!
Digital transformation efforts fail when the people who are engaged in them don't truly believe in
what they are doing. You need to shift your mindset to believe in the power and the necessity of
transforming.

Discomfort with Uncertainty Leads to Missed Opportunities

Uncertainty has been increasing over the past few decades and this is likely to continue. This is
uncomfortable for us as humans, so we actively try to minimize it. We focus on what we know and
avoid or ignore what we don't know, which limits our vision of what could be.

Uncertainty is Increasing

A Digital Mindset Unlocks a Door into an Exciting Future

With a digital mindset, you can explore possibilities and uncover new and better ways of thinking
and doing.

What is possible now?

• An inexpensive home pregnancy test contains the same computing power as the original
IBM PC
• Live streaming and digital media enable connections with millions (and even hundreds of
millions) of potential customers
What does this mean for your business?
What to Expect in This Lesson
The goal of this lesson is to help you understand why shifting your digital mindset is
fundamentally critical for transforming your business. We will discuss:

• Mindset readiness vs operational readiness

• Your motivation for transformation
• Making the shift
What Does it Mean to Have a Digital Mindset?
https://www.youtube.com/watch?v=eB0nU_VRXfU
We discussed this earlier, but it bears repeating. Like it or not, every business is digital now. Even if
you run a hyper-local business like a funeral home, your marketing, your back office, or both are
digital. In this world where everything is digital, your mindset needs to be digital too. Let's be
careful about what we mean when we say you need a digital mindset. It's easy to jump
immediately to the technology and start digitizing your current processes by moving to the Cloud,
starting to collect reams of data or adding Artificial Intelligence to some of your work processes
but that is missing the point. Focusing on specific technology is important for operational
readiness, but it is very different from mindset readiness. Technology is not the solution. It's a tool
to help you build the solution. A digital mindset is about seeing the world differently. It is a
paradigm shift that is focused on understanding and solving for the customer's needs. What does
the customer truly crave, want, and need? It's only after you've identified the customer's needs and
imagine some solutions for that need, that you consider the tools and technologies that will help
you build that solution. Then you do it again because it's an iterative process. With a digital
mindset, you're constantly asking yourself how you find an even better way to meet that customer
need and how technology can be used to support that solution. You're constantly re-imagining
what needs to be done and how to do it. Airbnb is a great example of this. They didn't start out
with a proposed solution such as, how can we build a big box which has little rooms and put bets
in the rooms. Instead, they asked themselves, what does the customer actually want? What do
they crave? They learned that customers crave much more than a comfortable bed in a cold
anonymous hotel. They want an authentic experience. They also identified another need. In some
areas, housing costs are expensive and renters and homeowners sometimes have extra space,
and that they would be willing to share that space with out-of-town hours to offset their rent or
mortgage payments. The magic really happens when Airbnb brought these two groups together
with two air mattresses and a nicely located apartment in San Francisco, Airbnb was born. Airbnb
didn't stop there. They continued to iterate on better ways to meet customer needs. Through that
iteration, Airbnb has moved from the initial $80 for night on an air mattress model, to a model
where people actually buy apartments just to become hotel guests. Some customers pay
hundreds and sometimes thousands of dollars to stay in these upscale apartments. Of course,
they still cater to the customer who wants a cheap bed and a personal connection to their host.
Think about the sequence. Airbnb has an amazing digital infrastructure, including their mobile app
and their matching algorithm. But they didn't build the company around the technology, they built
the technology to meet their customers needs. Another interesting point about Airbnb is that the
whole company was built as a platform business model. Unlike a traditional hospitality
organization like the Hilton Group, Airbnb doesn't own any of its assets. That allows them to
operate at a very different cost structure, but also a very different margins structure. It's funny, the
bigger hotel chains like Hilton are now working to meet the need for authentic spaces and
connections too. Their newer hotel concepts are all built around community. They all have a
communal kitchen and social hours with three snacks and beer so you can hang out with people at
the end of the day. This is happening because the hospitality industry finally woke up to the fact
that a subset of people do not want to just stay in a box and be left alone. With the digital mindset,
you're constantly asking yourself how you find an even better way to meet that consumer need and
how technology can be used to support that solution. You're constantly re-imagining what needs
to be done and how to do it. When you embark on your journey or re-imagining, you must make
sure you bring the whole team along.

Every Business is Digital!

Like it or not, every business is digital now - even if you run a hyper-local business. In this world
where everything is digital, your mindset needs to be digital, too.

What Do We Mean by "Digital Mindset"?

• Operational Readiness is not Mindset Readiness It's easy to jump immediately to the
technology and start digitizing your current processes by moving to the cloud, starting to
collect reams of data, or adding artificial intelligence to some of your work processes. But
that is missing the point.
• Technology is not the solution Technology is a tool to help you build the solution.
Focusing on specific technology is important for operational readiness, but it is very
different from mindset readiness.
• Mindset Readiness is a paradigm shift A digital mindset is about seeing the world
differently. Your focus is on understanding and solving for the customer's needs -- what
does the customer truly crave, want, and need? It's only after you have identified the
customer's needs and imagined some solutions for that need that you consider the tools
and technologies that will help you build that solution.
• It's an iterative process With a digital mindset, you are constantly asking yourself how to
find an even better way to meet your customer's need and how technology can be used to
support that solution. You are constantly re-imagining what needs to be done and how to
do it.

Example: Airbnb
• What does the customer want? Airbnb started by asking themselves, "What does the
customer actually want?" They learned that customers crave more than a comfortable bed
in a cold anonymous hotel; they want an authentic experience.
• Finding new ways to meet customer needs Airbnb identified that renters and
homeowners have extra space that they would be willing to share with out-of-towners to
offset their rent or mortgage payments.
• Connecting atoms to bits Airbnb brought these two groups together. And with two air
mattresses and a nicely located apartment in San Francisco, Airbnb was born.
 • Iterating for a better solution Airbnb continued to iterate on better ways to meet
customer needs and has morphed from their initial $80 for a night on an air mattress
model, into a model where people actually buy apartments just to become hoteliers on the
Airbnb platform.
• Customer-Focused Sequence Airbnb didn't build the company around the technology --
they built the technology to meet their consumers' needs. That is the essence of operating
with a digital mindset.
QUIZ QUESTION

Deploying Artificial Intelligence to provide recommendations for customers is an

example of which type of readiness?
• Operational readiness
• Mindset readiness
• It depends

Exactly! The critical question is how you got to the decision to deploy AI. Was the
decision based on input from customers who expressed a desire for better
recommendations? Or was someone in the organization interested in trying out some shiny
new technology without reference to a customer need.
Do You Really Want a Pet Tiger???
https://www.youtube.com/watch?v=xlgclCoaXAs
There's a story which I learned from a friend of mine, Maurice Conte. Maurice likens innovation
efforts to owning a pet tiger. The idea behind the pet tiger is that it's a really cool thing to have a
pet tiger. You're the star in your neighborhood and everybody wants to come and see the pet tiger
and pet your pet tiger. But the moment you actually have a pet tiger, you realize that's a massive
amount of work. They eat 40 kilograms of meat every day and if you're not careful, every once in a
while, they will eat your children. Innovation is a lot like owning a pet tiger, because a lot of people
want innovation. It's cool than everyone knows it's the right thing to do. But are you really willing to
deal with the consequences of innovation? Successful transformation requires motivation to
overcome the sometimes difficult consequences of innovation. What will motivate you alongside
your transformation journey? Equally as important, what will you do when you are actually
successful? As it often means, things will be different. Your people will have different jobs, current
products or services might not be viable anymore. Are you truly committed to this level of change?

Transformation is Hard Work!

Just like having a pet tiger, digital transformation is hard work. You must be willing to do the work
and bear the consequences of innovation. As you get started on your journey, think about your
motivation. What will help you get through this challenging journey?
Motivation for shifting to a Digital Mindset
What is the biggest motivator for you to consider changing your or your team's mindset to
transform your organization?
Digital Transformation Requires New Ways of Thinking
https://www.youtube.com/watch?v=5wl3oOTEKME
Digital transformation requires new ways of thinking about how to create value.The industrial
economy was about shifting atoms, basically making physical products and moving them
around.The goal was to turn out as many widgets as you possibly can and the focus was on
efficiency, effectiveness, and optimization. We're now in a world where information can be even
more valuable than physical products. The information economy is about making bits, creating,
finding, and sharing information and data.
The new digital economy takes us to the next level, and it's about connecting atoms and bits. In
this world, you have organizations like Airbnb, which is a hospitality company that doesn't own any
hotel rooms. Uber, which is a transportation company that doesn't own any vehicles and eBay,
which is a retailer that doesn't own any inventory.
There are some interesting implications here.To connect atoms and bits, you need to truly
understand customer needs to figure out which connections will be valuable.
Take Amazon, for example. Amazon may not make much profit on their shipping and retail assets,
but they are making money on the information that is generated by their customers. Every time you
shop on Amazon, you leave a massive data trail, and Amazon knows more and more about you.
That data is extremely valuable because it gets you to buy more and more stuff on their platform,
which then allows them to understand you and your needs and wants much better. Which in turn
allows them to surface products and services to you which have a high likelihood of you actually
needing them at this moment in time. Simple example, when you buy the diapers for your newborn
on Amazon, the company very quickly understands that you have a toddler at home. With that
knowledge, they can now surface goods and services,
which are highly relevant to you for years to come. If you bought diapers in 2020,
Amazon has a pretty good idea that your child will be doing their driving tests 16 years later. What
are these new ways of thinking that companies like Amazon and eBay and
Airbnb and so many others have used to transition into the digital economy. There's no magic
here. You've probably heard of all of them. Airbnb and Uber are very much the result of platform
thinking. In simple terms. Platforms are the street markets of yesteryear. You provide the place
and tools for others to conduct their business and charge a fee for the privilege. You don't own any
of the traded assets. You often don't get too involved in the transaction itself. All you do is create
the environment which makes the exchange possible in the first place. Platform thinking is great
and everybody wants to be a platform. But if every company becomes a platform, there's nothing
to put on the platform. Someone needs to provide and build the assets which are on the platform.
Think about this as you explore your customer needs. Your customer may not need a new
platform, but they may need an innovative item that fills a gap on an existing platform. Another
new way of thinking is agile. Agile acknowledges complexity and ones inability to clearly and
comprehensively communicate all requirements upfront. Essentially, agile acknowledges that we
don't know anything when we start,
and that it's about iteratively learning along the way and doing so in the most efficient and
effective way. The iterative learning inherent in agile is one reason why software driven
challengers can fail, even the most competent incumbents. Agile methods allow the challengers to
iterate faster and develop a stronger understanding of the true customer need than the incumbent.
In the words of Jeff Bezos, doing new things at a high-speed, that's the best defense against the
future. That's agile in a nutshell, just beware that there's a tendency to view agile as being all about
the very specific methodologies used in the software development world. But agile is really about
a much broader understanding of how the world works. Agile is about flexibility, innovation,
collaboration, and a tight focus on creating value for the customer using rapid iteration cycles.
Using a framework such as Scrum is just one very specific way to get there. You will also hear a lot
about using big data. We live in a world where we generate vast amounts of data. Where actually
everything we do as individuals, organizations is or can be tracked in some way. As part of our
digital transformation journey, we need to learn how to capture and analyze that data to give us a
deeper understanding of our customer needs and our success in addressing those needs.
But be careful. Using big data is not about collecting every tiny bit of data, it's about figuring out
which bits of data are meaningful and using those very small fragments to gain insight. With big
data, less is often more. When I was at eBay in the early 2000s,
we analyzed all our sales data and correlated it with weather data. We ended up being able to
rather precisely predict what our turnover on the platform will be, depending on how nice the
weather was. People aren't much online when the sun is shining and the temperatures are
pleasant. Digital transformation requires new ways of thinking about
how to create value, including platform thinking, agile and big data, and the ability to create these
value drivers using the new digital tools in our toolboxes. How can you use this digital mindset to
create value for your customers?

Using Your Digital Mindset to Create Value for Your Customers

Digital transformation requires new ways of thinking about how to create value using the new
digital tools in our toolboxes. How can you use your digital mindset to create value for your
customers?

The Way We Create Value Has Changed

• The industrial economy was about shifting atoms -- making physical products and
moving them around. The focus was on efficiency, effectiveness, and optimization.
• The information economy is about making bits -- creating, finding, and sharing
information and data. We're now in a world where information can be even more valuable
than physical products.
• The digital economy is about connecting atoms and bits. To connect atoms and bits, you
need to truly understand customer needs to figure out which connections will be valuable.
Platform Thinking
Platforms are the street markets of yesteryear: you provide the place and tools for others to
conduct their business.

• Not everyone can be a platform. If every company becomes a platform, there's nothing to
put on the platform!
• Your customer may need an innovative item that fills a gap on an existing platform.

Agile
Agile acknowledges complexity and one’s inability to clearly and comprehensively communicate
all requirements when embarking on a journey

• We don't know everything when we start; we learn through iteration

• Agile is more than just Scrum and other specific methodologies
• Agile requires flexibility, innovation, collaboration, and a tight focus on creating value for
the customer throughout the organization

“Doing things at high speed, that’s the best defense

against the future.”
Jeff Bezos

Big Data
Virtually everything we do is, or can be, tracked.

• Capturing and analyzing that data can give us a deeper understanding of our customer
needs and our success in addressing those needs.
• Don't track everything! Insight often comes from very small fragments of data.
Your Digital Mindset: Are You Ready to Lead into and in the
Unknown?
https://www.youtube.com/watch?v=8TET5XktWnE
Let's revisit the question I asked at the start of this lesson.Are you ready to lead into and in the
unknown? My goal in this lesson was to give you a headstart on your transformation journey by
convincing you that mindset readiness, not operational readiness, is your critical first step in our
world where every business is digital,
organizations that focus on tools and technology more than customer needs will be left behind. A
successful organization will embrace uncertainty as a door into an exciting future. Your
transformation requires a relentless focus on what your customers truly crave, want and need. You
need to be open to entertaining and exploring possibilities.
When you have a digital mindset, you'll be able to uncover new and better ways of thinking and
doing.

Key Points
When you have a digital mindset, you'll be able to uncover new and better ways of thinking
and doing.

• Your first step is mindset readiness -- not operational readiness.

• A focus on customer needs must drive your transformation-- not tools and technology.
• You must embrace uncertainty as a door into an exciting future.
When you have a digital mindset, you'll be able to uncover new and better ways of thinking
and doing.
Assessing Your Operational Readiness
Which technologies does your organization currently use?

Your reflection
Productivity tools.
Networking devices and printers.
Mail and phone systems.
Financial accounting systems.
Inventory control systems.
Customer relationship management systems.
Diversified marketing options ERP AND CRM
Things to think about
Every organization's starting point is different. Where you start as is not as important as where
you end up.
How digitally literate is your team?

Your reflection
actually this is like open question have many ways to answer. for our team all of theme
they are IT so they are very good in technology this is what i can say now
Things to think about
Digital transformation requires commitment from everyone involved. You'll need to develop
digital literacy throughout the organization.

Assessing Your Mindset Readiness

How often do you explicitly think about and discuss customers' needs?

Your reflection
i like this question because my work always think about customer's need. we are building
the customer needs
Things to think about
A digital mindset is built on a deep focus on identifying and satisfying customer needs.
How comfortable are you working with incomplete information?

Your reflection
Oh, frankly, the team and I suffer a lot from this dilemma because a lot of work comes to
us and is lacking information, which costs us and the team a lot of effort and time.
Things to think about
A digital mindset acknowledges that you often start on a journey with incomplete information and
you are only able to fully understand what you need by trying things and learning from the
outcome of your experiments.
⭐️ Great Work! ⭐️
In the next section we'll dig deeper into what transformation means for you and your
organization.
Every Digital Transformation is Different
https://www.youtube.com/watch?v=tTNPm4cwSZ0
Imagine, you could build your organization from scratch with no constraints. We'll give you all the
money and resources you need. What would your ideal organization look like and how does it
differ from what you have today? That's the critical question for digital transformation. In the real-
world, you will have constraints that you need to work around. But your goal is to use the digital
transformation process, to get it as close to what's ideal as possible. In this lesson, we'll talk about
what that ideal might look like.
Before we get started, let's set our expectations. First, very transformation will be different. Your
vision of what your ideal digital organization will look like depends on your market, your
customers, and your capabilities. You need to think about what transformation means in that
context. Second, let's not kid ourselves. Transformation will not happen overnight or magically. As
we said earlier, digital transformation is a journey and it will be hard work. Third, remember that
your competitors may be on their own transformation journey. That means that transformation is
not optional. It also means that you must do transformation well, or risk being left behind. If you
don't transform, you're done. Forth let's talk about what we mean by transformation. We can start
by differentiating between innovation and disruption. People often use these terms
interchangeably, but these are different things. Innovation is doing the same thing but doing it
better. For example, the latest version of the iPhone probably has a better camera and the longer
battery life, but it is essentially the same product. Now let's talk about disruption. Often people
have this idea that disruption happens when someone identifies a new customer need. But that
typically isn't the case. More often, disruption fulfills a known customer needs, but in a completely
new way. Think about the example of the transition from horses and buggies to cars. People say,
my gosh, costs were super disruptive and yes, they were disruptive if you are a horse and buggy
person. But the underlying consumer need to go from A to B remains the same. Cars allow you to
get there in a new way that is faster, lower maintenance, less smelly, etc. This is what we mean by
transformation. You've such a deep understanding of your customer need that your conception of
solutions transcends anything that currently exists. With that in mind, the rest of this lesson will
help you identify the areas where that transcendence can come from.

Key Learnings
• Not every transformation is the same
• Transformation doesn't happen overnight or magically
• Your competitors are transforming too -- you need to transform to avoid falling behind
• Transformation vs. disruption:
• Transformation is when an incumbent innovates
• Disruption occurs when innovation comes from a new player in the market
• Transformation must be driven by the goals and capabilities of your organization

Transformative Thinking
Imagine rebuilding your organization from scratch. What would it look like? How does it differ
from what you have today?

Your reflection
In the beginning, we must know that this matter is not easy to achieve in an overnight, and
it is necessary to study the infrastructure of the organization and know the necessary
needs in which the digital transformation must be faster than others. Secondly, it is
necessary to provide the resources that help to speed up the achievement of digital
transformation. Third, it is necessary to know the competitors and what their strengths
are in order to be better than them in these points. And weaknesses to avoid and not fall
into, so as not to affect the work of the digital transformation to be implemented
Things to think about
Those are the critical questions for digital transformation. Think about this question as you
proceed through this lesson. We'll revisit it again at the end.

What to Expect in This Lesson

The goal of this lesson is to help you define what transformation means for your organization.
You will:

• Review the five types of digital transformation.

• Understand how the key pillars of a successful transformation process can apply to your
organization
What Do You Need to Consider as You Embark On Your Journey?
https://www.youtube.com/watch?v=VXFhrf2m-QY
you've started on your digital transformation journey and i hope by now you're starting to see the
world a little differently you understand the difference between innovation and disruption and
perhaps you're also beginning to imagine a different future for your organization before you start
digging deeper into some of the specific opportunities for
digital transformation take a few minutes to anticipate what that might mean for your organization
which parts will be easy which parts will be challenging explore these questions now

Getting Ready for the Journey

Before you start digging deeper into some of the specific opportunities for digital transformation,
take a few minutes to anticipate what digital transformation might mean for you and your
organization.
Your Transformation Journey
Which parts will be easy for you and your organization? Which parts will be challenging?

Your reflection
I will start with the difficulties as the employees in the organization accept the changes
that will occur due to the digital transformation. Training reluctant employees and
explaining the benefits of change and that it is an important requirement to be applied at
all costs in order to keep pace with development and keep pace with competitors. Involve
stakeholders in the change. Or the easy part about this is the decision-makers’ support for
this important change that will benefit the organization in the future

Things to think about

Every transformation will be different. Enjoy your journey!
Exploring the Types of Digital Transformation
https://www.youtube.com/watch?v=ZBRiSWPACRE
Let's take a closer look at what digital transformation might look like for your organization. There
are basically five opportunities for transformation. The first opportunity is transforming the
customer experience. This requires you to know your customer really well and have a deep
understanding of their wants and needs. That understanding can help you imagine and create even
better and completely new customer solutions. The second opportunity is transforming your
processes. This means being truly agile, testing assumptions, constantly learning, and iterating
based on what you are learning. The third opportunity is transforming your business model. This
involves understanding what is available in your digital world in imagining new ways of meeting
customer needs. What can you do now that wasn't possible before?
The fourth opportunity is transforming your value chain. This requires asking yourself tough
questions about where you have a competitive advantage in your value chain and what you can
and should let go off because others can do it better, cheaper, faster, and then actually letting it go
or doubling down on your advantage. The fifth opportunity is transforming your culture. This is
probably the most powerful opportunity because culture influences everything the organization
does. If you get it right, everyone in your organization will be aligned and focused on the same
mission. It is also the most challenging opportunity because culture is very organization-specific.
You can't simply adopt another organization's culture or their best practices and expect to
succeed. Which of these opportunities should your organization pursue? In most cases, all of the
above. But you won't pursue all five with the same intensity. You'll need to choose the combination
that aligns best with your organization's vision and capabilities. Think of these five opportunities
as the ingredients you can play with. For example, an organization that already has a strong
culture and a solid understanding of its customer may need to spend more time focusing on its
business model and process. Or an organization that has already developed a business model that
uses cutting edge technology, might find deeper opportunities in examining their value chain and
focusing their culture around a deeper understanding of their customer needs. For every
organization, it will be different. Up next, we'll take a deeper dive into each of these opportunities.
As you go through each section, think about what these opportunities could look like for your
organization.

Key Learnings
There are five basic types of opportunities for digital transformation:

• Customer Experience
• Process
• Business Model
• Value Chain
• Culture
These are the ingredients you can play with. You'll need to choose the combination that aligns
best with your organization's vision and capabilities.
QUIZ QUESTION

True or False: It make sense to focus our transformation only on the opportunities
where we have organizational strength.
• True

• False

Correct! In most cases, a successful transformation will touch all of the five
opportunities in one way or another. In fact, you may find the greatest benefits through
transforming in areas where you are currently weak.
How Much Time Do You Spend Understanding Your Customer Needs?
https://www.youtube.com/watch?v=4C-CT6KNedo
How much time did you spend with the customer last week? Not time spend wining and dining
them to get their business, but time spent actually understanding their needs. If you're like most
business leaders, the answer is very little, and thus not enough. That is a problem for digital
transformation because a deep understanding of your customers wants and needs must suffuse
everything you do. How do you get to that deep understanding of your customers? The obvious
answer is that you need to spend more time with them. Intuit, the financial and tax preparation
software company is an organization that does this really well. They have a follow me home
program where people of all levels of the organization spend at least one day each year shadowing
a customer. The Intuit employees are trained to observe the customer using their product in a real-
world setting rather than in a simulated environment. After the observation is complete, the
employees ask a lot of why questions to deepen their understanding of the customer's observed
actions. That gets us to the second point, spending time with your customer is not enough. You
need to approach your customers with curiosity and an open-mind. Your goal is to understand why
your customers use your product. Not the superficial need, but the deep underlying need. What is
the problem your product solves? It is not always obvious. For example, Harvard Business School
professor Clayton Christensen tells a story of a fast food company. They wanted to improve its
milkshakes sales. They analyzed sales data and the demographics of milkshake buyers, and they
even surveyed their target demographic to determine the ideal characteristics of a milkshake. They
made changes to their product to optimize for the preferred characteristics. But those changes
didn't move the needle on milkshake sales. That's because they didn't truly understand why people
were buying the milkshakes. They didn't understand what Christensen calls the job to be done. In a
deeper dive, researchers noted that 40 percent of milkshakes were ordered to go by commuters in
the morning. When they interviewed the computers, they discovered the jobs that these
milkshakes were hired to do. The commuters wanted something that could consume with one free
hand while they were driving. They wanted something that they could consume without messing
up their workflow, and most importantly, they wanted something that would take a longer time to
consume slowly during their long commutes. Essentially, the commuters were buying milkshakes
to entertain them on their drive. That had implications for thickness, flavors, etc. That were not just
surfaced until researchers actually talked to the customers. You've made a commitment to
spending time with your customer. You've approached your customers with curiosity and an open-
mind. Now we add the most challenging part, staying in the question. It's human nature to jump
quickly from an identified need to a solution. Especially if it is a solution that we know how to
implement. But transforming the customer experience requires us to resist the urge to focus on
what is possible and instead focus on what could be. Staying in the question allows us to examine
the consumer needs and wants decoupled from our product. For example, if my company makes
its drills, I need to stand the question long enough to understand the underlying need that costs my
customer to buy a drill. If I don't stand the question long enough, I might only be identifying the
superficial need. My customer needs to drill holes in the wall instead of the underlying need, my
customer is drilling a hole in the wall so they can hang a picture or even deeper. My customer is
hanging a picture to make their room more attractive. That's a very different insight. If you can
stand the question long enough to identify those deeper needs, we're more likely to find better
ways to solve that underlying need. That's where we find the opportunities that go beyond
innovation to transformation. Realistically, not all of those opportunities for transformation will
make sense for your organization. You need to look at the overlap between the best solution and
your capabilities. In some cases, there might be an overlap that allows you to transform your
customer experience by changing the existing product. In other cases, the opportunities might be
completely decoupled. In those cases, you may need to examine your business model and value
chain. But the ultimate goal here is to get a deep understanding of your customers, wants and
needs. Until you do that, you won't be able to identify your opportunities for transforming their
experience.

Getting a Deeper Understanding Your Customer Needs

• Requires a deeper dive into customer experience
• Understand customer needs unfettered by what you currently make
• Stay in the question rather than jumping to a solution
• Find the overlap between what customers need and what you can make

Transforming the Customer Experience

QUESTION 1 OF 2

Who is responsible for understanding our customer? (Choose all that apply)
• Leadership
• Sales Team
• Finance
• IT Team
• Facilities Management
• Marketing
Great job! You realize that understanding the customer is the responsibility
of everyone on the team.

Transformative Thinking TO DO List

What can you do tomorrow to learn more about your customers' experience?
Your reflection
Talk To Customers.
Hold An Event.
Collect Customer Reviews.
Look At Social Media.

Things to think about

Great job setting a TODO for tomorrow. Now think about what you can do next week, next
month and next quarter.
How Agile Are You Really???
https://www.youtube.com/watch?v=2pCVp87DyZI
Transforming the process is not complicated, it is just hard. It's not complicated because the
solution is simply to become agile. It's hard because truly being agile is very difficult.As we
discussed earlier, having an agile mindset is all about flexibility, innovation, collaboration, and
rapid iteration that is tightly focused on creating value for the customer. With that in mind, ask
yourself how agile you really are. Most people, when I asked them that question, say, "We're super
agile." When I drill down and ask them what they mean, they say, "We use Scrum in our software
development process."
That's a good start, but it's not nearly enough. To transform the process, your organization must
be agile in everything it does. The benefit of an agile process is that the process of rapid iteration
allows you to quickly explore many solutions with a tight feedback loop. Some will work, some
won't. With each iteration you'll learn more and move closer until you eventually circle in on the
right solution even for a complex customer need. Being truly agile can be uncomfortable for an
organization
because it requires the organization to trust the process. You identify a customer need.
But you typically start with weak or incomplete information about how to solve for that need. You
can't plan too far ahead because you don't know what your product will look like a few iterations
down the road. Your existing processes and infrastructure might not align with current and future
needs. You must be able to let go off those resources or work around them. All of this can cause
friction, especially in an established organization. Take the example of SodaStream, the home
carbonation system. The system uses refillable CO_2 canisters which you must physically
exchange at your local retailer. This was a known pain point for SodaStream customers. When
PepsiCo acquired SodaStream in 2018, the team wanted to alleviate this pain point.They
determined that the best way to do that was to add a direct to consumer model where customers
could exchange the used canisters through the mail. How could the team get this done? PepsiCo
has a well-developed infrastructure for supporting retail sales and distributors. But that isn't
helpful in this case. The team needed to be agile just to get to the, let's go direct to consumer
decision. They needed to be agile in creating the website to implement the new customer
experience. PepsiCo also has a well-developed infrastructure for supporting their website. Instead
of going through the process to connect with that team, get the new website and checkout
process on their roadmap, etc. The team explored existing technologies and use their credit card
to set up a Shopify store. Instead of taking months to iterate on this new custom experience, it
took them just a few hours and a mere $295 per month for the Shopify subscription. Are teams in
your organization able to move that quickly? If not, you need to focus on transforming your
process. Again, it's not complicated. It's just hard.

"It's not complicated, it's hard."

• Process transformation is all about being agile
• The agile mindset is about flexibility, innovation, collaboration, and rapid iteration
• Focus is on creating value for the customer
 • Agility is required throughout the organization

Transforming the Process

Transformative Thinking TO DO List
What can you do tomorrow to to make your process more agile?
Your reflection
STEP 1: BUILD A LEADERSHIP COALITION
STEP 2: DEFINE AN END STATE VISION
STEP 3: BUILD A TRANSFORMATION ROADMAP
STEP 4: MAINTAIN A ROLLING 90-DAY PLAN
STEP 5: CONDUCT 30-DAY CHECKPOINTS
STEP 6: ADAPT & LEARN
STEP 7: CONNECT ACTIVITY TO OUTCOMES
STEP 8: CONNECT OUTCOMES TO BUSINESS OBJECTIVES
STEP 9: MANAGE COMMUNICATION
STEP 10: CREATE SAFETY FOR EVERYONE INVOLVED
Things to think about
Great job setting a TODO for tomorrow. Now think about what you can do next week, next
month and next quarter.
What Is Possible Now That the World Is Digital?
https://www.youtube.com/watch?v=9kBKgv9I4KY
Transforming the business model requires you to ask yourself what is possible now that the world
is digital? The old business model was rather limited. A manufacturer sells a product to a
distributor, the distributor then sells a product to a retailer, and the retailer sells it to the customer
and that was the end of the story. The digital revolution has appended that model and replaced it
with many new models. For example, the Internet has enabled direct to consumer models when
the manufacturer sells directly to the consumer. Warby Parker eyeglasses and Casper Mattresses
are just two of the many disrupters in this space. The on-demand model is a new application of the
idea of leasing with cloud computing. Amazon Web Services, Microsoft Azure, and Google Cloud
computing are essentially renting service basis and related services to their customers. This
business model allows customers to gain flexibility and focus on what they do best rather than
operating data centers, managing infrastructure and assets.
Efficient systems for micro-payments enable all types of transactions that weren't cost-effective in
the past. This allows for the freemium models you often find in video games and peer-to-peer
payment systems like Venmo and PayPal. New models often take advantage of multiple
technologies and changes in consumer behavior. Think about the iTunes Store using micro-
payments and new personal media devices like the iPod,
consumers were able to purchase individual songs and easily create playlists based on their
personal preferences. Services like Pandora and Spotify use machine learning and AI to enhance
the process of exploring new music by recommending songs based on the user's history and
stated preferences. Subscription and ad supported models have led to the massive unbundling of
media, not just in television programming and traditional news media that used to be delivered on
paper, but are now available through a proprietary apps, podcasts, social media posts, and so on.
These are just some of the possibilities. In thinking about transforming your business model, the
two questions you need to ask yourself are first, what technologies can be leveraged now? Think
about what is possible today in a world of Cloud computing, data analytics, artificial intelligence,
and constant connectivity that can solve our customers problems today.
Second, what could be possible in the future can reflect, shift or even completely reinvent our
business model as new technologies become available. If we don't do it,
might someone else do it and thus threaten us?

What Has Changed?

• The old business model was based on a single path from the manufacturer through the distributor and
the retailer to the customer
• The digital revolution includes many new models that take advantage of new possibilities
• Direct to consumer
• On-demand
• Micropayments
• Unbundling
• And more...
 Transforming the Business Model
Transformative Thinking TO DO List
Which technology is likely to bring new possibilities to your core business? What can you
do tomorrow to learn more about that technology?

Your reflection
DIGITAL EMPLOYEES
INTERNET OF THINGS
ARTIFICIAL INTELLIGENCE
VIRTUAL & AUGMENTED REALITY
BLOCKCHAIN
3D PRINTING
DRONES
ROBOTICS & AUTOMATION

Things to think about

Nice! You have identified one or more technologies to explore. Remember that this is just a
starting point. Transformation requires that you keep asking "What is possible today that
wasn't possible yesterday?"
What Do You Need to Own?
https://www.youtube.com/watch?v=F3fNOX0JfbE
To transform your value chain, you need to think about three questions. Which part of your value
chain do you need to own, and which should we let go off? Even, are there any parts of your value
chain that we can make externally available and launch as a whole new product or service which
we then can sell to others? To do this, you'll need to map out your existing CapEx and OpEx and
taken critical and unbiased look at each of
the activities involved in creating value for your customer. For each activity, ask yourself, do we
have a competitive advantage in doing this, or is there a solution available in the market which
does this better, cheaper, faster? If you do have a competitive advantage, that's great. Double
down on transforming the customer journey and process for that part of your value chain. For any
parts of your value chain where you don't have a competitive advantage, you need to discover who
does and hire them to do the job for you. Take your datacenter. Is your organization truly world-
class a developing, managing, and updating state of the art infrastructure into digital world with a
definition of state of the art changes daily and security is paramount?
It is unlikely that you have the internal expertise to build and maintain a world-class system.This is
a case where you'll often get better solutions for your customers at a lower cost, by outsourcing
your IT infrastructure to the experts. You'll also gain flexibility that will allow your organization to
pivot rapidly in response to the new opportunities you discover through your agile processes.
Another good example is your e-commerce store. Are you truly better at building and operating
your e-commerce store than specialized vendors such as Shopify? If you make physical products,
another place to look at is your pick, pack, and ship operations. When product delivery is done
right, it can be a great source of satisfaction for your customers. That was the initial premise
behind Amazon Prime, where members received free two-day shipping on most of Amazon's
products and inexpensive one day shipping for rush orders. When Amazon launched Prime in
2005, quick and inexpensive shipping was groundbreaking. Now, it's table stakes. Does your
organization have the expertise to meet customer expectations for ever shorter delivery times. If
not, pick pack and ship should be something that you let go off and have someone else provide
world-class services for you.There are some parts of your value chain that you will need to hold
onto for strategic or regulatory reasons. For example, storing sensitive data in the Cloud can be
seen as a risk.
In some cases, it may make sense to keep that information in an on-premise system rather than in
the Cloud.Or you may have a strategic priority that informs part of your value chain. For example,
BASF, the German chemical company is building an offshore wind farm to produce hydrogen to
power the chemical plants.Their goal is not to produce hydrogen cheaper than their competitors,
but to ensure that they have the hydrogen they need to meet their goal to be carbon neutral by
2050. In the parts of your value chain where you do have a competitive advantage, you need to
look for opportunities to leverage that strength to create a new product you can sell to others.
That's how Amazon Web Services got started. In the early 2000s, Amazon realized that the IT
infrastructure services they developed to support their retail business were core strength. They
also realized that these services would be a valuable product to sell
to other organizations and Amazon's Cloud Service business was born. Alternatively, you might
identify a new customer need that is outside of or adjacent to your value chain and upgrade your
value chain to meet it.This is essentially what unicorn startups like Uber do.They start with the idea
and build a new value chain to address that need.
Existing organizations can do this too.One example is Duke Energy, which notice that their
commercial customers neededhelp achieving their sustainability goals.To meet this need, they
created a sustainable solutions division that offers design, project management, financing,
construction, and maintenance of renewable energy services.
The operation is wholly separated from Duke Energy's regulated utility operations and meets a
need that is adjacent to their customers traditional power needs. Their agile process and their
deep understanding of their customer needs are giving them a head start in addressing the
expanding opportunity to meet environmental, social, and corporate governance requirements.
What opportunities exist for transforming your value chain? What should you keep? What should
you let go off? Where can you leverage your existing strength to create new opportunities?

Key Questions to Ask

• Which parts of our value chain do we need to own?
• Which should we let go of?
• Are there any parts of our value chain that we can make externally available and launch as a whole
new product or service which we can sell to others?

Evaluate existing CAPEX (Capital Expenses) and OPEX (Operating Expenses)

• Do we have a competitive advantage?
• If we have no advantage, let it go
• If we have an advantage, can we sell it to others?

Transforming the Value Chain

Transformative Thinking TO DO List
What is the first step you want to take in evaluating your CAPEX and OPEX to determine if you
have a strategic advantage?
Your reflection
improve the agile process and check if the product that i want to made is available in the
market or should i built it from scratch. if available in the market and it's met my goal
absolutely i will cut the cost and buy it because if i have to build it . it will cost me much

Things to think about

Nice! Take the time to do a thorough analysis of your value chain. There may be significant
opportunities to leverage what you have and get rid of what you don't need.
What Are Your Organization's Values?
https://www.youtube.com/watch?v=rqqkav9LiVE
Remember how I said that transforming the process is not complicated, it's just hard. Well,
transforming the culture is both complicated and hard. It's complicated because every
organization's culture is different. It's hard because culture effuses everything you do. There's a
tendency to think that culture transformation is easy. We can just copy a popular or successful
culture and paste it onto our own organization. We can be just like Google, let's buy colorful office
furniture and ping-pong tables. Or we can be just like Netflix, let's give our employees free food
and unlimited paid time off. But culture doesn't work by copy and paste. The free food and ping-
pong tables may make for great stories. But these are only the artifacts of a culture. True culture
consists of what the organization's values are and how they act on those values every day. Culture
is steeped in everything your organization does from how people interact to what your lobby looks
like. Culture is very specific to each organization. To transform your culture, you need to figure out
what will work for your organization, keeping in mind that works for you is likely to be very different
from your competitors and peers. For example, Google has a culture that values transparency and
openness. When I was at Google, I could go into any building and talk to just about any employee.
Google values open communication because it believes that people do better work when they have
more context. Apple, on the other hand, is much more focused on secrecy and control. Employees
tend to have much less exposure to employees and other groups. This aligns with Apple's core
value about using proprietary rather than open-source technology and keeping their products
under wraps until they are ready for launch. With cultures being so different, you might be
wondering if there are any common threats among successful cultures. Yes, there are. Successful
cultures all include three things; curiosity: empathy, and the ability to learn. A culture that values
curiosity is critical because asking what if? How might we?
Questions, help us think more deeply about our customers, the customers needs, and we can best
fulfill those. Curiosity is also helpful for adapting to change because it
encourages the team to think in terms of possibilities, which results in more creative solutions and
rational decision-making. Frustrated by their inability to easily hail a cab,
the Uber founders became curious about the world of urban transportation and ask themselves,
what if ordering a taxi is as easy as taking a photo on our phones?
Followed by, what if we enable anyone to become a taxi driver? When we're talking about a culture
that values empathy, we're really talking about two different types of empathy; empathy for our
customers and empathy for our team members. Empathy for our customers gives us a deeper
understanding of their needs and feelings. It makes us more tuned to both their pain points, and
their enthusiasm for our solution. Truly, you can't get to the deep customer understanding that
underlies all of our transformation efforts if you don't have empathy for your customers. Empathy
for team members means that everyone in the organization feels understood, and valued. They are
not a cock in the machine but a vital part of a greater effort. This pays great dividends because a
culture that values empathy is associated with lower stress, stronger collaboration, more
employee engagement, and higher morale. Herb Kelleher, co-founder of Southwest Airlines,
summarize this beautifully in his statement that
the business of business is people: yesterday, today, and forever. Southwest Airlines is equally
well loved by the employees and customers in an industry that is infamous for its low customers
and employee satisfaction scores. The third critical element in a successful culture is the ability to
learn. Successful cultures not only tolerate failure,
but embrace it as part of the agile process. We all know that learning comes from failing, the
growth mindset continuous improvement on that. But as humans, we often let our bias towards
success overrule our logical understanding of the importance of failure. Successful contrasts
actively encourage experimentation, and celebrate the lessons learned when the experiments fail.
Amazon celebrates his attribute with their it is always Day 1 mentality. Encouraging everyone in
the company to constantly being a mindset of experimentation and learning.

Culture Infuses Everything You Do

• Culture is not the artifacts -- those are just expressions of culture
• An effective culture includes
• Curiosity
• Empathy for customer
• Empathy for team members
• Tolerance for failure
• Ability to learn from failure

“The business of business is people -

yesterday, today, and forever.”
Herb Kelleher, co-founder of Southwest Airlines

Transforming the Culture

Transformative Thinking TO DO List
What can you do tomorrow to learn more about your customers' experience?
Anticipating Your Journey
https://www.youtube.com/watch?v=yGuCAL2DRNw
We've looked at the five opportunities for transformation, customer experience, process, business
model, value chain, and culture. A successful transformation will touch on most or all of these
opportunities. As we discussed earlier, the specific combination of opportunities will be different
for each organization. For example, let's look at Klockner & Co, a German steel company. Steel is a
very competitive business and by the early 2010s, Klockner was facing significant challenges from
lower cost producers who had entered their markets. It was time for transformation. Klockner's
journey started with the customer experience. They were able to identify the customer's pain
points related to working with different vendors and realized that they could improve by changing
their business model to create a digital marketplace for procuring steel products, including their
competitors products on a single platform. This transformation of their value chain was a
challenge to 100 plus year old steel company.They underwent a process transformation to make
them more agile and a culture transformation to instill a digital mindset and reorient the
organization to the new digital reality.This transformation took several years and was ultimately
successful. As of 2021, about half of Klockner's revenue is generated through their digital
challenges. Now, it's time to think about your organization. What is the right mix of opportunities
for your organization to address?

Which Opportunities Should Your Organization Pursue?

We've looked at the five opportunities for transformation:

• Customer Experience
• Process
• Business Model
• Value Chain
• Culture
A successful transformation will touch on most or all of these opportunities but the specific
combination of opportunities will be different for each organization.

Transformation Planning
Thinking about the business you're currently in or the business you want to be in, which
transformation opportunities should you pursue?

• Customer Experience
• Process
• Business Model
• Value Chain
• Culture
How to Make Transformation Happen
https://www.youtube.com/watch?v=Xp0wp3naAZM
by now you understand why your organization needs to transform and you have identified
directionally and at a higher level where you need to go you've started thinking about the five
opportunities for transformation and how you might want to lead into them you might even be
itching to get started and deploy a particular technology great
now it's time to get down to breast tax and figure out how you're going to make this
transformation happen successful transformations don't happen automatically they require
thoughtful planning and deliberate execution across four key pillars the first pillar is technology
you need to make sure that you are taking advantage of what is possible in our digital world and
using the right tools to meet your customers needs
you can think of technology as the ingredients a restaurant uses to prepare a fine meal
the second pillar is process simply put you need to be agile so that you can iterate and move
quickly in our restaurant analogy the process is like cooking tools the whisks knives and pots and
pans that the restaurant needs to prepare the ingredients the third pillar is strategy the strategy
gives the team the direction they need to proceed along the transformation journey in our
restaurant the strategy is a recipe that the cooking staff uses to transform the raw ingredients into
the finished meal the last pillar is people and culture your team must include the right people and
the right mix of skills to get the job done and your culture needs to support and encourage the
collaboration
and innovation that is required for a successful transformation this is just like the kitchen staff in a
restaurant where chefs sous chefs line cooks and dishwashers each play a different role when the
vipe in the kitchen is good the meal is delivered to the diner on time and the flavors on the plate
melt beautifully as in any good restaurant successful transformation requires attention to all four
of these pillars

Where We Are in the Journey

At this point in your transformation journey, you:

• Understand the need to change

• Have a high-level understanding of where you need to be
• Are beginning to identify some opportunities
Now it's time to start thinking tactically!

Don’t Jump in Too Soon!

Transformation requires thoughtful planning. The factors leading to successful transformation
include:

• Technology and capabilities

• Process
• Strategy
• People and culture
Make sure your plan includes all of the above.
Technology and Process: Your Ingredients and Tools
https://www.youtube.com/watch?v=sFTeCMaF8cQ
Let's start with the ingredients and cooking tools for our successful transformation, technology
and process.The good news is that these two pillars, essentially soft. Technology is soft because
in almost all cases, technology has become a commodity. In the last 30 years, we've made
massive strides in terms of technology development.
Making the tools and systems we use more powerful, easier to deploy and manage and cheaper.
In our digital world, technology is often just a simple and reliable tool and the answer to the buy
versus build decision is almost always buy. Think about the personal computer. The underlying
technology hasn't changed much in almost two decades. Not only do we all use one of three
operating systems, but we all tend to use slightly different flavors of the same types of application
software tool, basically, office productivity software and web browsers. How much are these
changed? They've all become commodities. Who would bother to build a new word processing or
spreadsheet application nowadays? The commoditization is extending further up the stack. Take
the example of an ecommerce store. Shopify and their competitors have essentially turned that
into a commodity too, by gaining a deep understanding of customer needs and optimizing for
those needs.There's no need to go to the expense of creating a bespoke ecommerce store
checkout and payment process as Shopify and others have solved this problem for you. Artificial
intelligence is another example.
AI used to be very expensive and difficult to implement, because you needed to build it from
scratch, but new tools and systems have dramatically reduced the cost of deploying AI and
simplify the process to make it cost-effective in use cases across multiple industries. Need an AI
which classifies photos, detecting what is in a picture?
Simply use any one of many tools from companies like Google, Microsoft or Amazon, or install one
of the many widely available open source solutions.The one exception is when you need to be at
the cutting edge of technology to meet your customer's needs.
A good example of this is Boston Dynamics in the robotics industry. Robotics, like most other
technologies, has become very much commoditized. Most use cases can be met with off the shelf
products and services.Boston Dynamics has intentionally chosen to go after the use cases that
require robots that are more like humans with it once mobility, dexterity, and intelligence.These
robots are able to perform human like tasks in
environments that are too dangerous for real humans to operate it.But companies like Boston
Dynamics are the exceptions.In most cases, you will have access to the same cheap, powerful,
and reliable technology as your competitors.In this landscape, the technology question shifts from
how do we build it to what do we buy and deploy, and what can be built on top of these readily
available components, and that gets us to the process question that is essentially solved too.It's
all about being agile.The flexibility, innovation, collaboration, and rapid iteration you gain from an
agile process is critical when technology has been commoditized. Agility enables you to make the
smart buy versus build decision in the first place. Just like PepsiCo soda stream team did when
they chose to create a Shopify checkout for their direct-to-consumer business, rather than using an
existing PepsiCo team to build a custom website. Agility allows you to differentiate quickly on the
tiny minor little things that can keep you ahead of the competition. This is important because the
thinner the differentiator becomes, the quicker it will change. Great. We know how to solve the
technology and process question, but as a reminder, just because we know what to do doesn't
mean that these things will happen automatically. As I said earlier, being agile across the
organization isn't complicated, but it is hard to do.You need to have the right mindset and a culture
that will support the collaboration and iteration that agility requires.Transforming your technology
is also not complicated, but it can be hard, especially if you don't have the right expertise to guide
your decision-making and implement the changes.Will discuss more about both of these issues
when we talk about the people and culture pillar.

Technology and Process are Essentially Solved!

Technology Is Solved by Commoditization

The commoditization of technology means that other people have already solved most of
your technology problems:

• Flexible technology and data platforms designed around business priorities

• Created by experts who are focused on customer needs, e.g. Shopify
• Buy vs build -- the answer is almost always buy
• Exception: making a deliberate choice to differentiate through staying at the cutting
edge

Process Is Solved by Becoming Agile

• Differentiation at the top of the stack is an especially good use case for agile
• Agile allows the buy instead of build decision to happen
• Quick iteration is required to stay ahead of the competition
• "It's not complicated, it's hard."
Strategy: The "Recipe" for Your Digital Transformation
https://www.youtube.com/watch?v=7fb2bw_y934
Now we come to strategy, the recipe for our successful transformation. This is the plan for how
your organization will get from where it is now to where it needs to be. A successful strategy takes
a holistic view of the business to address the natural tension between achieving short-term results
and working on transformational changes, which by definition is long or longer-term thinking. Your
strategy must lay out how the existing business will continue to generate the cashflow and market
position needed to keep the organization viable while also laying out the roadmap for the future. It
must allocate both financial and human resources to give both parts of the plan the attention they
require. A successful strategy is aligned to your organizations North Star, basically the aspirational
vision of your organization's future state. This alignment is critical to ensure that everyone from
the CEO on down understands how they're all contributes to the organization's success. The
alignment also reduces tension between the parts of the organization which are working on
maintaining the core business and those that are intimately involved in a cutting-edge initiative by
showing how these pieces fit together and focusing both efforts on a common goal. To see a
great example of this,
let's turn back the clock to the early 2000s. Apple managed to keep growing its core business,
selling Macintosh computers while launching the iTunes-App, the iPod and eventually the iTunes
Store. These are four very different products, each revolutionary in its own way. How did they do
it? Through a unified strategy based on a common vision of where the industry was going and the
part that Apple should play in its future.
Apple understood early on that everything was becoming digital, including music and
entertainment. Steve Jobs stated at MacWorld 2001, Apple's vision was to become the 'digital hub'
of our new emerging digital lifestyle. The Macintosh computer was intended as a central hub for
multimedia in the digital world and iTunes, iPods and iPhones all became new ways to deliver on
that vision. Netflix is another example of executing on an unwavering North Star. Netflix started
with a deep understanding of the consumers desires to be entertained. The vision was, and is to
be the best global entertainment distribution service.The original strategy was to send DVDs to
your house so you don't have to make a trip to the video rental store. They also started using
analytic tools to recommend movies that their customers might like. As broadband Internet
access became more common, Netflix did a strategic pivot and started streaming movies.
Eventually, Netflix made another pivot and began creating its own high-quality video content.
Mailing DVDs, streaming video, and creating content may seem like three completely different
strategies, but for Netflix, they all fit into the common vision of delighting their customers, but
delivering entertainment content. As you think about where you want your organization's
transformation to take you, don't forget to think about how you're going to get there. Your path will
be smoother if you take a holistic approach from the start, and our intentional about how you will
balance current and future needs.
Clear Goals and Alignment to Your North Star
A successful strategy takes a holistic approach to your business to take you from where you are to
where you want to be.

• Maintain current business

• Create a pathway to the future
• Allocate appropriate resources for both
“Mac can become the ‘digital hub’ of our emerging digital lifestyle, adding
tremendous value to our other digital devices.”
Steve Jobs MacWorld 2001
People and Culture: The Team That Makes Digital Transformation
Happen
https://www.youtube.com/watch?v=qg5hhO-Py_M
Now we're going to talk about the most challenging pillar of successful transformation, people and
culture.It is impossible to have a successful transformation journey if you don't get people and
culture right. The first part about getting people and culture right is making sure that the team has
all of the skills to do the job.In the restaurant that means having the right mix off line cooks,
socius, pastry chefs, dishwashers, etc. In an organization on a transformation journey that means
ensuring that there are enough people with the relevant skills to get the organization where it
wants to go. It requires identifying the right talent to embed in the right roles. This starts with skill
assessment.
The best organizations are deliberate about asking what are the skills we need to get where we
want to go? In some cases, the question starts even further back with an honest assessment. Do
we know enough about where we are going to understand what our people need to learn. If we
don't, that is job number 1. The needs assessment is not something that can be farmed out to the
HR team. It's the management team's job to align organizational goals and determine the
competencies required to achieve future state outcomes. Once the relevant skills are identified,
you need to ask, can we do this internally with the people we currently have? If the answer is no,
the next question is,
can we upskill or reskill our team? In some cases, the answer to can we upskill or reskill will be,
no.This happens when the skill is not easily taught or when we just don't have
enough people to maintain our core business and re-skill for our transformation.For example,
when Netflix decided that it needed to become a content production house,
it is likely that they identified a new set of skills that will be needed.Some of those, especially the
creative skills like filmmaking, aren't easily taught.They also need a lot of new bodies to handle
project management and other aspects of the new workstream.
But in many cases, the answer to can we upskill and reskill will be, yes. Unlike with technology,
whereas often less expensive and more effective to buy new technology than to build it with
people.It's usually less expensive and more effective to build
the skills of your existing team rather than buying skills by hiring new talent.This is especially
important when you have done the hard work to get your team culturally aligned.Then the question
is, how do we upskill and reskill? This is where some organizations lose focus.They have this
belief that if we just bring talent transformation to our top management or even our middle
management, it will trickle down or be absorbed by osmosis. But of course, that never really
happens.Talent transformation requires deliberate planning to create a clear roadmap for
delivering the job ready digital talent.Training must be both scalable and effective. It must
empower leaders and enable practitioners and build digital fluency throughout the
organization.The focus must always be on acquiring and maintaining the relevant skillset to meet
current and future needs.
Assess Your Skill Gap
• What skills do we need? Do we even know enough to understand our skill gaps?
• Can we do this with the people we currently have?
• Can we upskill or reskill?

How do we upskill or reskill?

• Requires a deliberate strategy that is rooted in the organization's business goals
• Must be scalable and effective
• Empower leaders, enable practitioners and build digital fluency throughout the
organization
• Focused on acquiring and maintaining the relevant skillset to meet current and future
business needs
Culture Must Enable and Support Transformation
https://www.youtube.com/watch?v=O6dZIAuWTjE
The second part of getting people and culture right is having a culture that supports and enabled
to your transformation. As we discussed earlier, a successful cultural values,
curiosity, empathy for employees and customers, and the ability to learn. When culture has done
well, every member of the team understands the skills the organization needs and is motivated to
keep their skills relevant and up-to-date. You can't outsource this.
It's the job of every layer of management to be deliberate and clear about what the organization
wants and needs and to embed that into every decision and action. You can't fake it either, for
example, you can't get away with saying you value transparency and then locked down the
company intranet. Humans are good at sensing when things are off or misaligned. Another drop-
off management is getting rid of anything that is counterproductive. Sometimes that includes
people, not every culture fits every person and you need to embrace that. Zappos is an
organization that takes us to an extreme.
They actually offer their workers a cash bonus to quit. According to the late Zappos CEO Tony
Hsieh, we want to make sure that employees aren't here just for
paychexs and truly believe this is the right place for them. Netflix has a less extreme version of
this, where they intentionally weed out the merely adequate employees and send them off with a
generous severance package to ensure that all employees are extraordinary.The Zappos and
Netflix models are a bit extreme and might not be appropriate for your organization.But the
underlying attention is spot on.If your people or your culture do not support your transformation,
you need to change them.

A Successful Culture Values Curiosity, Empathy, and the Ability to Learn.

• Motivating and developing internal talent to stay relevant
• Can't outsource it and can't fake it
• Not every culture fits every person

We want to make sure that employees aren't here

just for paychecks and truly believe this is the right
place for them.
Tony Hsieh, Zappos CEO
Your Starting Point
Assess Your Company's Digital Transformation Maturity (checklist/assessment questionnaire
based on the key pillars)

Technology
QUESTION 1 OF 14

Our organization has invested in innovative technology

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 2 OF 14

Our IT operations are integrated with our business units and are focused on
enabling our teams to do a better job of meeting customer needs
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 3 OF 14

Our organization collects and uses data effectively

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure
Process
QUESTION 4 OF 14

We can make decisions quickly

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 5 OF 14

We are comfortable working with incomplete information and relying on iteration

to expand our understanding
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 6 OF 14

Our organization tolerates failure and learns from experimentation

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure
Strategy
QUESTION 7 OF 14

Everyone in our organization understands and can articulate our organization's

mission statement.
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 8 OF 14

We are prepared to allocate the resources we need to maintain our current

business while creating a path to the future
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 9 OF 14

Our organization understands how to write meaningful and measurable goals

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure
People and Culture
QUESTION 10 OF 14

Our culture is focused on a deep understanding of our customers' needs and

desires
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 11 OF 14

Our leadership understands the skills we need to succeed and has identified any
skill gaps
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 12 OF 14

Our talent development builds digital literacy throughout the organization

• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure

QUESTION 13 OF 14

We support the development and maintenance of relevant, practitioner-level skills

to meet our current and future needs
• Strongly agree
• Somewhat agree
• Somewhat disagree
• Strongly disagree
• Not sure
QUESTION 14 OF 14

Based on your assessment of your organization's transformation opportunities and

capabilities, which opportunities should you prioritize? (Choose two)
• Customer
• Process
• Business Model
• Domain
• Culture
Reimagining Your Organization
https://www.youtube.com/watch?v=j6ZoK41em6M
Let's go back, to imagining your ideal organization. Now that you have explored the types of
opportunities, for transformation, and you understand why some transformations fail. How has
your vision, of your transformation changed? Which opportunities, for transformation will you
focus on first? How will you set your organization, up for success, in terms of technology, process,
strategy, people, and culture? What do you, and your organization need to learn, and unlearn, to be
successful in the future? Take some time to think about these questions, before you move on.
It might sound daunting. The future might be opaque.The challenges might even feel
insurmountable. But, do remind yourself, every journey starts with a single step,
and this journey will lead you into the future.The beauty of the future is,
that it is unwritten.We get to create our future, every single day.

What We Learned in This Lesson

Five Opportunities for Digital Transformation

• Customer experience
• Process
• Business model
• Value chain
• Culture

Pillars of Successful Transformation

• Technology and Process are essentially solved.
• Strategy requires a holistic approach to maintain your current business through the
transition.
• It is impossible to have a successful transformation journey if you don't get People and
Culture right.
Revisiting What Transformation Means for Your Organization
A Second Look: Rebuilding Your Organization from Scratch
What would it look like? How does it differ from what you have today?
1st I have to look to the long-term vision of our business. What’s the purpose of our
business, and what do we hope to accomplish in the future? Our organizational structure is
a blueprint for how we will realize the vision – day-by-day.

2nd We will look to What have we promised our customers? Who’s our customer, and what
are we fundamentally promising them? How do customers interact with our business, and
what do they expect in those interactions? Our customer is the ultimate decision maker.
Everything needs to be filtered through that lens. How we decide to organize our business
must support the delivery of our customer promise.

3rd Based on your marketplace presence (customer promise), what type of culture do we
need to deliver on that promise better than our competition? In other words, how do we
need to be organized internally to be externally successful? Consider how our company
functions to achieve its goals.

To do so, we will ask ourself these questions: What type of company culture best serves our
customers? How can our employees and teams best work together to achieve those goals?
How are decisions made now, and is there a better way? What level of authority is needed
to make decisions?
How has your vision of your transformation changed?
Setting Your Transformation Milestones
https://www.youtube.com/watch?v=iLJAh9-3uPU
You've established your digital mindset and you've started thinking about what transformation
specifically means for your organization. Now we're getting to the fun part, setting your goals or
milestones. By the end of this lesson, you will have drafted a problem statement and you will be
ready to dig in deeper to figure out how to solve it.
Before we start, I want to remind you again that transformation is not an endpoint, it is a journey
and one which really doesn't end as there's always more one can and should do.
When we talk about goals in the context of transformation, we're really talking about milestones or
waypoints along that journey. Don't expect the journey to be linear. Everything you do should be
aligned to your North Star. But as the underlying technologies are changing and evolving at a rapid
pace, you can't focus too much on specifics. You must be prepared to be nimble and agile and
pivot when necessary on your transformation journey. It's like sailing. You want to get from point A
to point B.
But depending on the currents and wind direction, you might have to tack to point C. If the winds or
currents shift, you might need to tack to point D, E, and F. This is exactly what happened with
Slack. The now ubiquitous communication software. Originally conceived as a chat feature inside
of a game, it soon became evident that its usefulness expanded way beyond a game and well into
the workspace. Since the early days of Slack, the company stayed nimble and kept transforming
from the technology stack to the positioning in their market, to their business model and features.
To set meaningful goals, you need to figure out what you want to solve and how to solve for it. In
the next few sections, we'll take a deeper dive into finding your North Star and developing
customer empathy. This will set us up to identify our customer needs and the opportunities to
solve them better. To determine which opportunities to pursue,
we'll need to make a thoughtful assessment of our process, people and culture. Let's get started.

Goal Setting is Critical

• Transformation is not an endpoint, it is a journey. Your goals will be waypoints along
that journey.
• Don't expect the journey to be linear. The underlying technologies are changing and
evolving at a rapid pace so you must be prepared to be nimble and agile and pivot when
necessary on your transformation journey.
• Figure out what you want to solve and to solve for it. Meaningful goal setting requires
taking a critical and open-minded view of your organization's strengths, opportunities, and
challenges
 Your Transformation Journey Will Not Be Linear

What to Expect in This Lesson

The goal of this lesson is to help you start using your digital mindset to translate your
opportunities into tangible goals.

You will:

• Find and focus on your North Star

• Identify your current opportunities using a deep focus on your customer needs
• Build one or more problem statements to describe a current opportunity and a potential
solution for your customers
• Select the appropriate metrics to measure your success
• Learn about the importance of navigating through failure
Aligning to The Ideal
https://www.youtube.com/watch?v=JkRx_dne75w
We talked about the importance of being nimble and agile and pivoting when conditions shift. But
when we pivot, we need to make sure we're still moving forward and in the right direction. If you
aren't careful, you slip into a place where trying and failing becomes the end point, and that won't
get you where you want to be. There is a saying,
if you pivot enough times, you'll get back to where you started from. That's why finding and holding
onto your North Star is so important. Your North Star is usually formulated as a mission
statement. It's purpose is to translate your business opportunity into a goal that is aspirational,
concise, and easy for everyone in your organization to understand. A good North Star answers
these three questions. What do we do? Who are we doing it for? Why do we do it? The first
question, what do we do is the most complex of the three questions. It requires you to dig deep
into the customer journey to find the fundamental customer need your serving. On the surface, you
might assume that
Tesla's mission statement is to make great electric cars. But actually their mission is to accelerate
the world's transition to sustainable energy. Other great examples include Slack, who's North Star
is to make work simpler, more pleasant and more productive.
Whole Foods, which wants to nourish people and the planet. Walmart, which starts with save
people's money and Disney who aims to entertain, inform, and inspire people around the globe.
None of these what we do statements is a description of specific products or services. They
described an intrinsic customer need that the organization aims to fulfill. Also note how
aspirational and inspirational these statements are.
The best mission statements get people both inside and outside of your organization fired up. The
second question, who are we doing it for? Requires a thoughtful examinations of your
stakeholders. It should include not only your current customers,
but any future customers you aspire to serve, and any non-customers who might be impacted by
what you do. Know Tesla's use of the World, Disney's use of people around the globe, and
Walmart's and Whole Foods use of the generic word people. Your who might also include
employees. For example, Amazon includes being the earth best employer in their mission
statement. The third question, why do we do it? Its color and context to the first two questions.
Google's mission is not just to organize the world's information, it's to make it universally,
accessible and useful. Walmart wants to save people money so they can live better lives, and
LinkedIn wants to connect the world's professionals to make them more productive and
successful. The why part of your North Star can be a great source of motivation for your
organization's employees. Your North Star should be concise so that everyone in the organization
can, if not recite it verbatim, at least paraphrase it accurately. It should be shared widely and
should inform every decision the organization makes. One of the best ways to evangelize the
North Star is through storytelling. Sharing examples of how your mission statement connects to
real-world customers and scenarios, makes it real to your employees and other stakeholders and
makes it stickier in their brains. That stickiness will foster greater alignment.
Key Points
Your North Star:

• Is usually formulated as a mission statement and translates

business opportunities into goals
• Should focus on the consumer journey
• Must be aspirational and easy to understand -- use storytelling to make it stick.
A good North Star answers these questions:

• What do we do?
• Who are we doing it for?
• Why do we do it?
Identifying Your Current Opportunity to Serve the Customer
https://www.youtube.com/watch?v=PX8J-85ZAMc
You've got your North star. Great. Now you're ready to start thinking concretely about the next
milestone on your transformation journey. There are two parts to this. Identifying what the
customer needs and figuring out which of these opportunities aligns with your organization's
capabilities. The first part should be familiar to you by now. A deep understanding of what your
customer wants, needs, and craves is fundamental to every part of your digital transformation. As
we discussed earlier, to get that deep understanding, you need to spend time with your customers
and stay in the question long enough to uncover the actual customer need detached from your
existing solution or any other existing solution. One way to do this is to use the five whys
technique. This technique was developed by Tsukiji Toyoda of Toyota industries, who once said,
I'm not talented more than anybody else, I just put lots of efforts and researches. He pioneered this
technique in the Toyota factory where any worker was allowed to stop the line when they saw a
problem. When the line was stopped, a serious of why questions were asked with each answer
forming the next question. For example, why was the lines stopped? I didn't have the right part.
Why didn't you have the right part? Toshi didn't deliver it. Why didn't Toshi deliver it, and so on.
Each question peeling back a layer until you get to the root cause of the problem. This technique
and other methods that get you to first principles will allow you to see beyond what is to what
might be. The next part requires a thoughtful assessment of your capabilities in terms of your
process, business model, value chain, and culture. It is easy to slip into a make-believe world
where we clearly see the customer needs and are able to envision what a possible solution might
look like. Unless the solution doesn't match up with your capabilities. You might see the strong
need for flying autonomous robot taxis, but if your company is the manufacturer of car paints,
you're just too far away from being able to deliver such a solution. To avoid this, you want to align
your capabilities in all dimensions with the customer need and possible solutions. It doesn't mean
you shouldn't stretch yourself, but be realistic to what is within reach and what is completely out of
scope. Once you have identified the opportunity you want to target, it is time to start experimenting
as part of your agile process. To do that, you'll need to break the opportunity into manageable
chunks, basically hypotheses and action items that you can rapidly prototype. Think about the
scientific method here. What is a small enough prototype which allows you to quickly and cheaply
validate or invalidate a specific question you might have about your new product or service? You
will likely find that there are multiple problems to solve. Now how do you choose? You might be
tempted to try to solve the easy ones first. Astro Teller, co-founder of Google X, Google's
Innovation Lab noticed that happening in his own organization. People work first on the problems
they knew how to solve. Their idea was, I solve them first so I can get them out of my way and then
I can do the hard things. This annoyed Astro for a simple reason. We already know how to do the
easy stuff and might waste valuable time, money, and resources on doing so while still not
knowing if we can do the hard things.
He told the team, the following story. You're given a really difficult task like teaching
a monkey how to recite Shakespeare while standing on a pedestal? How should you allocate your
time and money between training the monkey and building the pedestal?
The answer, of course you should spend all your time training the monkey. Because training the
monkey is really hard and by avoiding the hard stuff and building the pedestal first, it looks like
you're making progress, but in reality, you aren't. If you can't get the monkey to recite Shakespeare,
the pedestal, no matter how lovely it is, has no value whatsoever. The sooner you can figure out
that you can't train the monkey,
the sooner you can pivot to something else that might just work.

Key Points
There are two parts to identifying challenges:

• What does our customer desire?

• Which opportunities should we target?

Identifying Customer Needs

• Focus on what our customer needs, wants, and craves
• Must stay in the question to uncover the true need, detached from any existing
solutions
• Use the Five Whys technique -- ask why until you get to the root of the need

Identifying the Opportunities to Target

• Requires a thoughtful and thorough assessment of your capabilities
• Determine where customer needs and company capabilities overlap
• Focus on the most challenging problem first
Problem Statements Are Your Testable Hypotheses
https://www.youtube.com/watch?v=hAv7kzPlPLI
So far if you know star, you have identified the opportunity you want to work on and you've picked
the problem you want to solve. The problem statement is the basis for your testable hypothesis. In
other words, it becomes the starting point for your prototype. It should answer the following
questions: Whose problem are we trying to solve? What is their problem? When does it happen?
There are many ways to write a problem statement, but I prefer this framework. Today some group
of customers have to experience something problematic when they are in a specific situation.
Here's what the problem statement for Amazon Go, a check-out free grocery store might look like.
Today Tech-savvy urban shoppers have to waste time standing in line when they only need a few
items from the store. Another example from the early days of Netflix. Today, people who enjoy
watching DVD movies have to drive to a video store, find the movie they want, and wait in line
when they want to watch a movie at home. It's important to remember that your problem
statements are likely to change over time. A more recent Netflix problem statement could be,
today people who enjoy watching movies have to wait for the DVDs to show up in the mailbox
when they want to watch a movie at home.
Let's break this down. When you're thinking about the who, you'll want to identify the specific
customer who are facing this problem. For example, Tech savvy urban shoppers in the Amazon Go
example, or people who enjoy watching DVD movies in the Netflix example. The important part
here is to be specific. Remember, this is going to be the basis for your prototype, and your
prototype is being used by a specific audience.
The what part of the problem statement identifies the challenge that the customer is facing. It
should be written from the perspective of the user and describe their pain points. For example,
wasting time in line in the Amazon Go example, or driving to the video store, finding a movie and
waiting in line in the Netflix example. Again, be specific and describe the problem direct relation to
the activity the customers engaged in.
The where, when part of the product statement explains the scenario for the problem.
You'll want to be fairly specific here too, as in when they only need a few items from
the store or when they want to watch a movie at home. Next, you'll want to describe what the
solution might look like, but be careful not to go there too soon. Albert Einstein allegedly said, if I
had an hour to solve a problem, I'd spend 55 minutes thinking about
the problem and five minutes thinking about the solution, and he's absolutely right, even if you
might not ever sets us. By spending more time developing your understanding of the problem,
you're more likely to come up with a solution that meets a real customer need. In your solution, you
want to tell a story that describes a happier ending for your customer. You'll want to describe that
journey and highlight what is different. For Amazon Go, the solution is a completely touch free and
line free checkout process. Just walk out technology automatically detects when products are
taken from or return to the shelves and keeps track of them in your virtual car. When you're done
shopping, you can just leave the store. Later we'll send you a receipt and charge your Amazon
account. For Netflix, the solution used to be DVDs by mail, normal driving to the video store and
waiting in line, choose the DVDs you want from the list on our website and we'll deliver them to
your mailbox in about two days. Netflix, more recent solution is streaming movies. No more
waiting for DVDs to show up in their mail. Choose a movie in the Netflix app on your smart TV and
start watching it immediately. Now, what problem statement can you write for your organization?
Writing Problem Statements
The first part of the problem statement should answer the following questions:

• Whose problem are we trying to solve?

• What is their problem?
• When does it happen?
The second part of the problem statement describes what a successful solution would look
like.

Example: Amazon Go

TODAY tech-savy urban shoppers

HAVE TO waste time standing in line
WHEN they only need a few items from the store

SOLUTION: Just Walk Out Technology automatically detects when products are taken
from or returned to the shelves and keeps track of them in a virtual cart. When you’re
done shopping, you can just leave the store. Later, we’ll send you a receipt and charge
your Amazon account.
Practice Writing Problem Statements

Now it's your turn!

Step 1: Think about your customer and identify a need:

• Whose problem are we trying to solve?
• What is their problem?
• When does it happen?
Step 2: Imagine what a successful solution would look like.
Use the format demonstrated on the previous page:

TODAY who
HAVE TO what
WHEN where/when

SOLUTION:

Draft Your Problem Statement in your Roadmap Workbook

In this exercise, take your responses to the previous question above and recraft them as
objectives that you could communicate with your team as reasons why the cloud computing
transformation journey will apply to everyone on the team.
“What Gets Measured Gets Done”
https://www.youtube.com/watch?v=a8JsxUTzzOI
The key to tracking the success of your transformation is to figuring out what to measure and then
measuring it well. There's an old adage, what gets measured, gets done, and it's true. Humans tend
to adapt their behavior to optimize to whatever they're measured on. That makes it critical to make
sure that the metrics you choose to measure your success are true measures or at least proxies
for what you actually want to achieve. Keep in mind that different stages of the process require
different approaches and your goals, metrics and your organizational structure should reflect that.
When you are in the early stage, you have a sense of what the customer needs
and you have an idea of how you could fulfill that need. But you don't actually know quite yet if
your idea will work and if it will truly solve the customer's problem. At this point in the process, you
want to maximize your learning. You want to try out as many diverse approaches as possible. You
might want to measure the number of prototypes you generated, or the number of customers
studies you ran, and the insights you gain from those. In a later stage, you have more confidence
that you know what the customer needs and you know how to solve their problems. In that stage,
your goal is to figure out how to solve it more efficiently. At this point, it's really about productivity,
so your metrics should track your efficiency, effectiveness, and optimization.

The Learning Company, Pearson, is a great model for measuring the right things. They use
productivity oriented metrics for their mature products, including profitability and return on
investment. But for their new products, they specifically track the number of experiments they ran,
the number of learnings there captured from these experiments.
These metrics ensure that the teams that work on both types of products optimizing for intended
outcomes. Once you determine the type of metric, you need to set specific targets. For example,
our net promoter score should be eight or 50 percent of our customers can complete the task in
under two minutes, or the average customer interaction time is reduced by three minutes, then you
need to figure out how to set your targets and track your metrics. I found that it is helpful to be,
and this will be no surprise to you, as specific as possible. When will you achieve rich metric and
how will you know that you did so or not? A good reminder is the acronym
SMART.
S Be specific,
M Make sure you pick something which is actually measurable,
A Choose targets which are attainable,
R Ensure they are relevant,
T they need to be time-based,

Key Points
• Humans adapt to optimize what they are measured on
• Determine what you want to measure and then measure it well You get what you
measure
• Humans adapt to optimize what they are measured on

Use Different Metrics at Each Stage of Development

• Exploring stage: measure the experiments to ensure that you are exploring all relevant
options
• Development stage: Measure efficiency, effectiveness, and optimization

Metrics Should be SMART

• Specific
• Measurable
• Attainable
• Relevant
• Time-based
How Do You Know If You Are on the Right Track?
Take another look at the problem statement you created in the previous exercise.

Now brainstorm for a few minutes:

• What can you measure to determine if your solution is meeting your customer needs?
• What can you measure to assess whether your processes are supporting your successful iteration?
Setting Metrics for Your Team
Which metrics do you think will be most effective?
Not Everyone Succeeds: Why Do Digital Goals Fail?
https://www.youtube.com/watch?v=JnXT_H_TUnE
There are four primary reasons why transformations fail. The first is premature optimization. This
happens when you don't stay in the question long enough and you stop experimenting before you
get it right. The classic example of this as Google Glass.
Google Glass was developed by Google X to be essentially a wearable computer that is worn like
eyeglasses. Sergey Brin side as the future of computing interfaces, believed it to be ready for the
mass market and wanted to get it into the hands of consumers.
So even though it was still a work in progress, they launched the product. You may remember it as
a big deal. Google did a fashion show with Diane Von Furstenberg and hired skydivers wearing
Google Glass to land on the auditorium during a Google Developer Conference. This generated
enormous publicity and everyone wanted a pair of Google Glass. Unfortunately, those early
customers quickly found out that the product was still in the prototype stage and fail to live up to
the hype. The product was buggy, had a short battery life, and it raised all kinds of privacy
concerns because glass could record people without their knowledge or consent. The product was
fairly quickly discontinued and maybe considered an example of premature optimization. A
second common reason for transformation failure is an over-emphasis on technology. This
happens when organizations gets so excited about the technology that they tried to find new uses
for the technology, rather than using the technology to find better ways to meet consumer needs.
Remember, technology is just a tool. A great example of overemphasizing technologies Juicero.
Juicero was launched as an Internet connected Juice Press. You bought your $400 device and
purchased a separate subscription for pouches of dice, fruit and vegetable. The Juicero press
would then use just the right amount of pressure to extract the juice from the pouch. The problem
was that you really didn't need a $400 press for this, users discovered that you could actually just
squeeze the juice out of the pouch by hand. The high-tech solution wasn't solving a real customer
problem or really any problem at all. Once it was discovered Juicero was pulled from the market,
the company shut down and offered its customers a refund.
The third common reason for transformation failure is a wavering or nebulous North Star. This can
happen if the North Star is too broad, something like make the world a better place. Or when the
North Star is vague and not fully defined. For example, seamlessly produce competitive paradigms
to meet the needs of an ever changing marketplace. I got that one from a random mission
statement generator, but you get the point. Neither of these statements provides information or
context for what the organization wants to be. They're neither aspirational, not easy to understand.
So employees are likely to be unmotivated and confused. In these situations, management often
reacts by explaining it in 10 different ways. Because they think if I give it to you in a different way,
you will eventually understand it. But in reality, the 10 different stories have 10 different meanings
which just adds to the confusion. No one is aligned because there's nothing to align to. The fourth
reason why transformation fail is when there's an auto-immune system response in the
organization. Often you find that there's a natural immune system response when someone in the
organization tries to do something new,
that's not how we do things here. In most cases, that immune system response is a good thing
because it defends the organization's culture and processes from random mutations and outside
forces. But if it goes too far, it can become more like an auto-immune disease where the body
starts attacking internal organs that can be deadly for
your transformation efforts as the edge never gets a chance to develop and the core keeps
plodding along until it hits the inevitable decline.

Key Reasons for Failure

• Premature optimization because you did not stay in the question long enough
• Overemphasizing technology
• Wavering or nebulous North Star
• Immune system response from an unsupportive culture
Navigating Through Failure
https://www.youtube.com/watch?v=GevPvYbGVG4
when we want to talk about transformation failure we can't avoid talking about blockbuster video
at its peak in 2004 blockbuster had 9000 stores and dominated the video rental industry six years
later the company filed for bankruptcy and four years after that they were essentially out of
business blockbuster is a great example of what
not to do and how to fail across all of the opportunities for transformation let's start with
transforming the customer journey in its prime blockbuster made most of its profit from the fees it
charged when customers returned the video after it was due this was a huge pain point for
customers which netflix took advantage of with their no late field policy blockbuster did eventually
stop charging late fees but it was well after netflix
had established a strong foothold in the movie rental market blockbuster also missed
opportunities to transform its business model blockbuster was slow to adopt new
technological innovations that would have allowed them to create a subscription model like netflix
and they opted not to invest in new technologies like web streaming which ultimately transformed
the entertainment delivery business the miss on web streaming was also a failure to transform
their value chain blockbuster missed this twice first in
2000 when they had the chance to purchase netflix for a mere 50 million dollars
they passed on the deal which would have had turned netflix into blockbuster's
online video rental platform they missed a second chance in 2001 when blockbuster
dissolved a partnership with the infamous enron to build a video on demand platform
the deal fell apart for multiple reasons including blockbuster's inability to secure streaming rights
from studios blockbuster decided to remain technology agnostic and stay focused on their brick
and mortar stores six years later netflix launched its content streaming service leaving blockbuster
in the dust ultimately the biggest failure for blockbuster were the failures to transform their
process and culture blockbuster was unable to adopt an agile process and had an antiquated
culture arrive with an autoimmune response to change in 2008 ceo jim key said i've been frankly
confused by this fascination that everybody has with netflix netflix doesn't really have or do
anything that we can't do ourselves already that says it all but failure isn't necessarily a bad thing
in fact failure is a natural and healthy part of any transformation process the key is learning from
failure and pivoting based on your learnings and of course failing in small iterative experiments
and not on the grand scale of the whole company there's a great quote attributed to abdul kalam
former president of india if you fail never give up because fail means first attempt in learning he's
absolutely right about this as we've discussed successful transformation requires agility and
agility starts with incomplete
information and uses an interactive process to get it right a nice juicy failure in an organization
that has the right culture and mindset can unlock the insights needed for
transformational success with that in mind let's revisit the google glass story as we discussed
earlier google glass did not perform well in the consumer market the technology was glitchy there
were privacy concerns and it wasn't filling a customer's need google glass was quickly pulled from
the market but google wasn't done with glass they took the learnings from their failed consumer
product and pivoted to create a new version of glass for business use cases to help employees
work faster smarter and safer the updated product is lighter and has better battery life more
robust controls and a lower price they also work with external partners to develop industry-specific
software
applications for the product will glass become the iphone of variable technology the jury is still out
on that one but even if glass ultimately fails its story is instructive an early failure can be just one
step on the road to success

Classic Failure Story: Blockbuster

• Customer Journey - failed to recognize the pain of late fees, which gave Netflix a huge
point of differentiation
• Business Model - didn't adopt innovations fast enough
• Value Chain - couldn't pivot to delivery via streaming
• Process and Culture - not agile and couldn't get there due to autoimmune response in
their culture

Failure Isn’t Always Bad

• Successful failure occurs when you learn from what went wrong
• Google Glass pivoted and found a more salient customer problem to solve
"If you fail, never give up because F.A.I.L. means First
Attempt In Learning"
Abdul Kalam
Reflecting on Failure
Think about a recent experience when something didn't go as well as you had hoped. What did
you learn from that experience?
Transformation Is an Ongoing Journey
https://www.youtube.com/watch?v=Z0syIbCSYmw
By now, it should be clear that digital transformation is not an overnight change that can be
measured immediately. Digital transformation is an ongoing journey where the only constants are
change and your North Star. Our goal in this lesson was to take a deeper dive into what your digital
transformation journey might look like by identifying new opportunities to serve your customers.
You also should have considered how these opportunities mash with your current capabilities. Did
you identify any new capabilities that you want to develop, or some old capabilities which won't
serve you well anymore?
In our problem statement exercise, you chose an opportunity and created a hypothesis for solving
it. This is likely to be the first of many problem statements that you write on your journey. It is one
of the most fundamental tools in your toolbox, allowing you to understand a problem and thus
opportunity from a first-principle spaces. We also talked about failure and how failure can be
natural and healthy part of your transformation process, but only if you learn from it. Remember,
fail is an acronym for first attempt in learning. Don't fail, learn. The wheels in your brain are
spinning, it's time to get started on the next step of your transformation journey.

Key Points
• Digital transformation is not an overnight change
• "Change is the only constant."
It's time to get started on the next step of your transformation journey!

What We Learned in This Lesson

• Setting milestones will help you keep your transformation on track
• Your path will not be linear but must always be aligned to your North Star
• Your problem statement should focus on meeting a specific need for your customer
• Setting the right metrics will focus your team
• Failure is a healthy part of the process as long as you learn from what went wrong
Getting Ready for Transformation
https://www.youtube.com/watch?v=nKFlv32FuLU
We finished part 1 of this program, and you should be ready to lead your team into and in the
unknown. You now recognize why it is critical to have a digital mindset. You understand what
transformation might look like in your organization. You're aware of the key pillars of successful
transformation. You have defined an opportunity that you want to solve for, and you have
developed metrics to measure your success. You might be ready to jump in and get started. Wait,
there is more to learn. As we discussed, successful transformation requires understanding what is
possible in our digital world and how those possibilities can help us meet our customers needs
better. That requires a deeper understanding of the transformative technologies that are available
to you today. You don't need practitioner level skills, but you do need to be able to ask the
practitioners the right questions. That's the goal of part 2 of this course. Think about which
transformative technologies fit best with your business goals and interests. You'll be able to take a
deep dive into one or more of these topics and practice making executive level decisions through a
case study. This will set you up nicely for developing your digital roadmap and talent plan. I'll see
you back here later, where we'll check with executives who have gone through a transformation
journey and get some practical advice on how to build your organizational capabilities, and
accelerate your transformation journey.

What We Learned in Part 1 of This Program

The goal of this course is to prepare you to lead into and in the unknown.
• You understand why it is important to have a digital mindset.
• You have defined what "transformation" means for your organization
• You have defined an opportunity that you want to solve for
• You recognize the key pillars of successful transformation
• You understand that failure can be a healthy part of your transformation

What's Next
In Part 2 you will learn about one or more of the transformative technologies that align with
your organization's strengths and opportunities.
In Part 3 you will develop your digital roadmap and talent transformation plan.
In Part 4 you will hear from executives who have gone through a transformation journey and
get some practical advice on how to build your organizational capabilities.
3. Careers: Managing Job Landing Expectations

Managing your Expectations for Job search

https://www.youtube.com/watch?v=Xc-8CY9826U

It is easy for some of us to aim for a certain job, know all that is there about the employer,
adjust our resumes accordingly, and prepare really well for the interview, but if we get a “No”,
we would lose heart and get swallowed by frustration. The key skills for job hunting would be
matching those of a Painted Wolf, perseverance in pursuing one job after another until you
find the right match, and stamina for doing this with the same enthusiasm and energy every
time and at each encounter.

So, yes we know Job searching is difficult! And, this video will help you mind your expectations
and put you on the right path to start your job hunting quest!

if i asked you what's the most successful hunting animal out there what would come to your mind
i'm sure it says something around the lines of the lion the tiger maybe the cheetah well that's what
i thought too however when i dug deeper into the matter i was astonished to find that all those
three had a success rate ranging from five to 58 percent only shocking right it seems that the
most successful hunter out there doesn't come from the cat kingdom it's actually a dog it's called
the african wild dog or the
painted wolf i'm sure some of you now just post this video i want to check out this wonderful
hunter out there well i'm sorry to disappoint you it's not the coolest looking hunter however it has
the necessary skills to get the job done and those are perseverance and stamina those same skills
really deliver in the job hunting arena it's easy for some of us to aim for a certain job know all there
is about the employer adjust our resume accordingly and go for the interview but if we get a no we
lose heart and we are filled with frustration the key skills for job hunting would be perseverance in
pursuing one drop after the other until you find the right match and the stamina for doing this with
the same enthusiasm and energy at each encounter my name is mina amir i'm a training
consultant and a career coach with over eight years of experience in
the field of hr and even development and i'm so happy to be here with you through
udacity in this powerful program this program will not only empower you with the right attitude for
job hunting but you will also be equipped with practical tools that will help you through the journey
and give you the influence and confidence you need to seize the best opportunities that suit you
out there and if you've been working for some time don't worry the change might seem daunting
and hard at first but that's the case with any major change it fills us with doubt that we might not
find what we're looking for sometimes i might think that no one would be interested in me but i just
need to remind myself that my capabilities large but i just need to remind myself of my capabilities
knowledge and experience hiring managers will definitely find those value also perceiving the
change we're going through as an opportunity to explore new fields rather than a threat that will
rock our boat will impact our journey greatly it will empower us with a more positive attitude and a
better state of mind that we need both for pursuing our job confidently so for a quick overview for
the journey of job hunting these are the steps first way to self-reflect so sit with yourself highlight
your skills your talents your passion your vision your values and all that we're going to discuss
those in details also you need to know your personality what you're good at what you're not good
at what your likes and dislikes and all there is to know about yourself on your self reflecting
journey second of all build your digital profile and your resume as well we're going to talk about
those in details third network and apply so go to all networking events that you can put your hands
on connect with people in every circumstance tell them about your skills what you're good at and
what you love doing and about your experience credentials and achievements fourth prepare for
your interview so you need
to research really well about your employer even if you can know more about your recruiter or your
hiring manager that would be great and go with an optimistic mindset prepared and confident
finally secure and negotiate after you get an offer negotiate the offer if you have other
expectations and highlight why you're negotiating this offer and what you can bring to the table
join us our next video to know more about the job hunting journey and to be more equipped and
prepared for it best of luck
Knowing more about yourself and the marketplace to find the right job!
https://www.youtube.com/watch?v=g9IfJGwz4CA

Many factors come into play when making the choice of the right job for you, and what makes you able to
decide is knowing your interests and needs in addition to what’s gonna happen on your journey of job
search! There are a lot of variables and aspects that need covering before choosing a job or making a move.
And, we are here to help you know more about yourself and match your skills with your job searching
techniques!

Not only do you need to know more about yourself to find the right job for you, but you also need to explore
the market, know more about market trends and needs then plan for your day-to-day lifestyle that would
enable you to find and apply for the jobs that fit you!

Watch this video to help you kick-start planning for your job hunting journey!

imagine i told you that we're heading for an adventure of a lifetime this summer and we need you
with us what would you say probably first you'll ask about the destination the people traveling uh
the activities we're gonna do over there where we're staying then make up your mind and maybe
back accordingly but what if the activities we're going
to be doing there are not that interesting or the people are not that close to you would you still be
interested many factors come into play in making that choice and what made you able to decide is
knowing your interests and needs in addition to what's going to happen on the trip the same
applies to our career choices there are a lot of variables and aspects that need covering before
choosing a job or making a move and those can be divided into two main areas knowing self and
knowing the marketplace then finding the right match now we will cover the first part of know
itself and we will use a practical and comprehensive tool called the career flower the flower is
divided into seven areas that we need to cover and prioritize in order to make a confident choice
about our career move and these are first our values goals or purpose um what are the things that
value most to us in life what is your life mission what are the fields you want to impact the most
where do you think you can add value the most make a list of these things
number two knowledge what are the areas that you find yourself interested in and
enjoy learning about the most think of the fields of interest where you have never felt bored
learning more about number three skills these are the set of technical skills
like coding and transferable skills like analyzing or negotiating that you do and enjoy doing as well
remembering your previous jobs and activities can help you with forming
this list this aspect also includes your personality traits which could be discovered through
assessments like mbti or disk where you can find online number four the people environment and
here you think about the kind of people who like to be around at work working remotely has
affected how often we interact with colleagues but we still do we might feel energized by working
around creative and flexible people or
this could be draining for some of us and they prefer highly organized and structured teams think
about the culture and team dynamics that motivate you to be at your
lesson number five salary and responsibility what's the selling range that suits your
needs what benefits could balance a slightly lower salary than your highest expectations also think
about the level of responsibility you'll be having a higher salary will most probably be associated
with a bigger role think about how practical this could be for you at this point number six the work
conditions if you are to apply for an office or a hybrid job think about the physical space of the
office and its location think about your previous jobs and imagine the office space that would keep
you energized thinking about your best jobs could actually help you making this decision number
seven the geography finally the whereabouts of your work if physical reallocation is on the table
where would you want to live close to the city maybe well this aspect might be less important now
after covert 19 and the powerful dominance of remote work but it still might be on the table so
why not think about it after contemplating all these aspects please fill them in the flower diagram
on one page and one page only because this will act as your guiding page in your next career
books like i said you can always think about
your past experiences to draw from and conclude answers for those aspects don't come up with
those answers in a hurry take some good quality time reflecting on them because they will be your
guiding compass in your next career move see you in the next video
Job Hunting challenges and resilience!
https://www.youtube.com/watch?v=IgCRHr8wWlI

Do you think that planning for your job hunting journey would save you the challenges?

Probably not! For sure you have heard the saying before“The best things in life don’t come easy”, and this
applies to job hunting too!

So, we are here to support you and provide you with tips and tricks that will keep you resilient and persistent
on your job hunting journey until you land a suitable job!

Watch this video to know more about how you can sustain a resilient mindset amidst your job hunting
journey

you've most probably heard the saying the best things in life don't come easy and this applies to
job hunting too like we said in the beginning the best hunter is not the most swift one but the most
persistent so in order to secure hunt we must be patient and willing to run the whole marathon
here are some tips to help you carry on number one silent the inner critic we've always been told to
stay away from nice people but one of the negative people are in my head yes that's the other
credit that haunts us all the time at the worst possible time if you don't plan the job after a couple
of interviews don't lose hope they're not rejecting you they just have different needs for now keep
looking and you will find the right job number two networking is key recruiters usually prefer
people they know or have dealt with before so you want to keep all channels up we will cover later
how to prepare cutting edge elevator pitch that will stick this will help you leave the best
impression number three post on social media regularly you know the proverb out of sight out of
mind so do all you can to remain seen and remembered hosting valuable field related insights and
material will not only keep you present in the mind of recruiters but will also create a powerful
personal brand linking you with professionalism and experience in the field finally quoting churchill
never give in never give in never ever keep applying regularly don't lose hope if you don't hear from
one or two or more recruiters a friend of mine got rejected eight consecutive times until she finally
made it to the job of her dreams and now she's high up in rank set a weekly target of job
applications and stick to it no matter what happens just keep moving until something happens and
it will here are some tips to be more resilient put things into perspective it's not the end of the
world to get rejected as long as you keep going set coping strategies so if you get a rejection email
just plan a good outing with your close friends or maybe hang out with some fun people or have
coffee with a book whatever makes you happy don't take it personally like we said they're not
rejecting you they might have different plans for now find the mentor that could help you during
the process they can give you feedback and coaching on your resume and what to do in your next
interview
keep networking keep networking and keep networking take care of your mental health
don't focus all your energy on getting a job there are other aspects in life that you could enjoy like
your family your friends your hobbies your health and so on ask for feedback so you can get the
feedback from your recruiter what made them reject you they might give you valuable insights on
what to improve on your resume or in your next interview
finally recognize that it's hard and it's okay as long as you keep going i'm gonna reach somewhere
believe me it will pay off at the end the road might be filled with challenges blocks frustrations and
unpredictability but with self-discipline consistency patience and hard work you will definitely
succeed so think about your next action what's the first step you'll make towards your next
rewarding job will you adjust your resume or digital profile will you apply for a new job right after
this video will you work on revamping your elevator pitch the important thing is that you take a
step right away and believe me it will pay off see you in the next video
Resources

Don’t forget to attend your Career Coaching sessions to have all your career-related questions
answered!

You will find an email in your inbox entitled “First Career Coaching session reminder” that includes
all the info about your career coaching sessions so just be there on time and make the best out of
them!

Below are the resources that will help you on your job hunting journey,

• Meyers Briggs (MBTI) Test

• JOHARI Window Test
• Intelligence Styles Test
• Learning Styles Test
• SMART Goal setting
• Indeed Career Guide
• IKIGAI
4. Transformative Technologies
Which Technologies to Explore?
https://www.youtube.com/watch?v=wL7vC1gV3l8
successful digital transformation requires taking advantage of the transformative technologies
that are available now and anticipating where those technologies might lead us in the future as a
business leader how do you do that in most cases you won't have the practitioner level skills
needed to implement these technologies and in some
cases you may not fully understand how they work but that's okay as a business leader
you just need to know enough about those technologies to ask intelligent questions of the people
who deeply understand these technologies your goal is to leverage their
technological expertise with your business expertise and use these technologies to do a better job
of meeting your customers needs you also must ensure that you have the right people and
systems in place to use the technologies effectively in this section of the course you will take a
deeper dive into one or more emerging technologies to strengthen your knowledge and identify
possibilities to advance your organization towards its digital transformation goals which
technology should you choose that depends on your business goals which opportunities for
transformation seem most aligned with your organization's strengths and challenges and which
technology seems most likely to offer innovative solutions for your needs that's a good place to
start
are there any technologies you're personally curious about i would encourage you to explore those
too there may be a non-obvious opportunity that you can uncover take your time as you explore
this lesson your knowledge will be critical as you develop your digital roadmap and talent
transformation plan

Understanding Transformative Technologies is Critical

Successful digital transformation requires you to:

• Take advantage of the transformative technologies that are available now.

• Anticipate where those technologies might lead us in the future.
As a business leader you need to:

• Leverage the technical practitioners' technological expertise with your business

expertise to use these technologies.
• Ensure that you have the right people and systems in place to use the technologies
effectively.
In this section of the course, you will take a deeper dive into one or more emerging
technologies:

• Cloud Computing
• Artificial Intelligence and Machine Learning
 • Data Science and Analytics
• Cybersecurity

Which technologies should you choose?

Start with the technology that:

• Aligns with your organization's strengths and challenges

• Offers innovative solutions for your customer needs
• You are personally curious about
Take your time as you explore this lesson. Your understanding of these technologies will be
critical as you develop your digital roadmap and talent transformation plan.
Welcome to Cloud Computing

Transforming Your Business with Cloud Computing

me tohttps://www.youtube.com/watch?v=Wzgeny7uwgY Cloud Computing
Welcome to Cloud computing for digital transformation. Cloud computing is a broad topic with
multiple parts, often overlapping and working in sync. In the scope of digital transformation, Cloud
computing may bring together lots of different internal teams, for example, there could be team's
working with external consultants for needs assessments, and training, teams comprised of both
technical and non-technical staff,
and teams concerned with governance and risk, to make sure the enterprise stays within
regulatory and policy guardrails. Lots of different teams might be working in parallel, and there's
really no point at which a team can say, our part's done, we're washing our hands and we're
walking away.This is because all the work involved in transitioning to the Cloud must be monitored
and iterated upon for continuous improvements. Cloud computing provides critical tools for digital
transformation,
and the process of moving to the Cloud is similar to building a railroad track for a train full of
passengers moving from its current position to a new destination or from on-prem to the
Cloud.

Meet Your Instructor

Leslie Bell is a Senior Program Manager in Cloud Learning Services at Google. Her career in tech
spans 20 years across a number of industries. She has a passion for documentation, operational
analysis and improvement, and cultural transformation. She lives in Chicago where she is a home
chef, writer, and yoga instructor.

Exercise Questions
Throughout this lesson, you will be posed with several reflection questions to help connect
the concepts covered with your own business goals, needs, and context.

For these questions just jot down a few ideas or keywords that come to mind. There will be
more time to explore these questions in greater depth later in this program.
Cloud Computing: Lesson Overview

Cloud Computing: Lesson Overview

https://www.youtube.com/watch?v=CkL5aZqULHw
I'm really excited to share some of the key features for success that I've learned over my 20 years
of experience working with companies to digitally transform. I'll cover a lot of material in this
lesson, but remember these key attributes. You want to align your business needs with your
organizational strategy. You want to democratize voices within your team and your organization.
You need to prepare for the organizational culture shift that will happen and focus on everyone
being on the same team. You want to communicate transparently and often and begin with the
end in mind. Cloud computing results in an actual transformation and your team and organization
are not going to be the same at the end as they were at the beginning, so be prepared because
your organization will be different, and as a business leader, your integral to deciding how it's
going to look. For your Cloud computing journey, we will cover a number of high-level concepts. By
the end of this journey, you'll be able to discuss the fundamentals of Cloud computing and its
benefits to your business. You'll create an initial needs assessment and understand the integral
role of people, talent, and organizational culture. You'll discover how cloud computing can be a
business accelerator and the importance of the shared responsibility model. Finally, you'll evaluate
a case study and consider best practices and plans for growth. Let's get to it.

In this lesson you will:

• Explore cloud computing fundamentals

• Reflect on the role of people and organizational culture in cloud computing
• Evaluate cloud computing tools as business accelerators
• Review the importance of shared responsibility models
• Evaluate cloud best practices in case study deep dive

Digital Transformation with Cloud

Throughout this lesson remember a few key attributes for successful digital transformation
with cloud computing:

• Align business needs with organizational strategy

• Democratize voices within your team and organization
• Prepare for a culture shift
• Communicate transparently
 The Cloud Computing Journey
https://www.youtube.com/watch?v=zqZY4qIiOj0
The process of moving to the Cloud is similar to building a railroad track for a train full of
passengers to move from one destination to another or from on-prem to the Cloud.
The train is your organization, the passengers are your organizational culture and people talent.
The destination is digital transformation with Cloud computing. The track represents the Cloud
computing components you will utilize to reach your destination.
The speed to your destination will be tied to the processes and Cloud infrastructure that you
choose. Cloud computing provides critical tools for digital transformation. Everyone's olive board
moving together in the train to get to the digital transformation destination smoothly and safely,
your teams and business leaders need to have clearly articulated goals and objectives. Teams and
business lines need to be in sync with one another and communication between teams needs to
be collaborative, open, and transparent. Think about the end goal. What do you have to find in your
plan? Is it to have 80 percent of your applications running in the Cloud in five years, is it to create
data and resource redundancy for disaster recovery? Or maybe it's to store your data objects
closer to your end-users, making them much faster to access, improving your customer
satisfaction. Or is it to provide your application teams with
the resources that they need to build an iterate faster? Everything needs to be in harmony and all
the wheels need to move in sync along our Cloud computing track.
Meaning your goal should be aligned with your organization's strategy and objectives.
Once those goals have been achieved, the organization can transition to both growth and
innovation mode simultaneously. Teams that are successful will immediately see
real growth opportunities come from digital transformation enabled by Cloud computing. When I
began my career in Cloud, Cloud computing was just compute, servers and storage. Cloud
computing was a way of running applications without having
to access a data center or physical servers. However, Cloud computing has evolved and grown
significantly over the years. Working in the Cloud, teams dispersed around the world can now view
internal dashboards simultaneously in real time with the exact same view. In the physical world,
this would have required installing a third-party monitoring agent and accessing the information
from an internal site. It also wouldn't have exactly been in real time and you would have had to
program all that automation yourself. Cloud computing provides a platform for running and
managing your organizational infrastructure securely, collaboratively, and transparently. Such that
the Cloud becomes a technology foundation that integrates your business goals and functions to
accelerate your business growth.

Cloud computing provides critical tools for digital transformation.

Your Organization is the Train

• Passengers – organizational culture and talent
• Destination – digital transformation
• Track – cloud computing components
• Speed – processes and cloud infrastructure

• Teams should have clear goals and objectives

• Teams across business lines should be in sync with each other
• Communication should be collaborative, open, and transparent
 Why Cloud Computing Matters?
https://www.youtube.com/watch?v=KFMAIKpzJ80
Cloud computing is often considered a tech disrupter because it fundamentally changes how
organizations and teams work. Cloud computing covers a suite of services and data infrastructure
that allows businesses to readily focus more on growth and
innovation versus maintenance and the status quo. Cloud computing has democratized IT
infrastructure by making it more accessible, making it less expensive, mitigating risks related to
human error, and making IT more liable without major upfront capital costs.
An example I like to give of democratizing IT is high-performance computing, a type of computing
often used for rapid data processing. Early in my career, I worked in the pharmaceutical industry
and I had the task of identifying specimen abnormalities based on a visual scan. Like my own
visual scan. Well, computing has come a long way since then. This work is easily done in
nanoseconds using high-performance computing.
However, until relatively recently, access to high performance computing clusters was limited to
large companies and research institutions because of the high cost of
hardware and the on-site expertise needed to manage these clusters. With Cloud computing, you
and I, if we wanted to, we can use high-performance computing to get what we need. For limited
cost with just a few simple button clicks. This is just one example of the utility of Cloud
computing. What are the fundamental characteristics of Cloud computing? 1-On-demand
compute, meaning you immediately get compute capacity that you need as you need it. 2-Rapid
scaling and resource elasticity,
so dynamically adding or reducing compute resources based on your customer demands and your
organizational needs. 3-Paying as you go, so paying only for what you use. If I use a Cloud-based
high-performance computing cluster to identify those specimen abnormalities I mentioned earlier
and it does it all in three minutes, I only pay for those three minutes. 4-Accessing resources from
anywhere in the world, so whether your teams are global or you've just gotten an adventurous
individuals on your team, Cloud computing has got you covered. These characteristics may Cloud
computing an ideal use case for situations where enhanced auditing security and redundancy are
key objectives where rapid prototyping, development and deployment are highly valued.
Where resources need to be freed up to focus on growth, innovation and R&D, and where demands
cycles may be unknown, highly variable, or seasonal. What are some poor use cases for Cloud
computing? Well, that all depends on how you identify your needs. I would argue that it's highly
likely that you're going to identify multiple use cases and applications within your enterprise that
work really well in the Cloud. However, you may also find that from day 1, some applications and
functions will not be moving to the Cloud. This could be due to governance requirements, so for
example, you might get a director from your risk team that says, absolutely no part of a particular
application can touch public Cloud infrastructure or some federal regulation or other type of
government or financial regulation might also preclude moving to the Cloud.
However, buy large, you're going to find that Cloud computing offers many compelling benefits
that should not be overlooked.
Cloud computing has democratized IT infrastructure by:
 • Increasing accessibility
• Reducing upfront capital costs and ongoing operational costs
• Mitigating risks related to human error
Cloud computing components have the following features:

• On-demand compute – compute capacity is created as needed

• Rapid scaling and resource elasticity – add or reduce compute resources based on
demand
• Pay as you go – pay only for what is used
• Global access – to resources, data, and applications

Use Cases
Ideal use cases for cloud computing include situations where:

• Enhanced auditing, security, and redundancy are important

• Rapid prototyping, development, and deployment are highly valued
• Accelerated growth and innovation are desired
• Demand cycles may be unknown, highly variable, or seasonal
 Laying the Track: Cloud Computing Components
https://www.youtube.com/watch?v=-4TnVw1XpiQ
The Cloud computing journey will fundamentally change your business. But before we begin, let's
lay out the track for the train, and understand what Cloud computing means.
First, let's differentiate between the public, and the private Cloud. The public Cloud is an
environment of resources that anyone can purchase as a service and use. Essentially, an account
is created, billing details are provided, and then Cloud resources can be consumed. Providers in
this space include Microsoft Azure, Amazon Web Services, and Google Cloud Platform. This is in
contrast to a private Cloud environment, which is generally a corporation's own proprietary Cloud.
Common use cases for private Clouds or organizations that have regulatory requirements that
may require information to be held privately. More generally, Cloud computing essentially covers
five main areas of data infrastructure. 1-Storage, 2-compute, 3-databases, 4-networking, and 5-
identity and access management. One of the first entrees organizations typically make into Cloud
computing, is Cloud-based storage. Cloud storage solutions are typically used as
backup storage locations for all sorts of data. These solutions may have different pricing tiers
based on characteristics such as size, duration of data storage, data retrieval times, etc. This is to
provide organizations with as much flexibility as possible based on their goals and their needs.
Great use cases for storage in the Cloud include redundancy, and disaster recovery or scaling for
future or unpredictable growth.
After establishing what their storage needs are, organizations typically move to create or procure,
compute resources in the form of virtual servers. Then they begin to migrate some of their
applications and their workloads into the Cloud. For example, you would install your existing
software onto these servers, and the servers would begin taking on some of the workload that in
many cases is still currently running in a physical data center. Some businesses may run in a
hybrid configuration where a subset of their application traffic goes to the Cloud while the rest
runs on prem. This can be optimal for disaster recovery and redundancy. One of the benefits of
virtual servers is also geolocation. If you have a data-center in one part of the world, and you start
to acquire a lot of customers in another part of the world, you can send those customers to the
Cloud instance of your application that's running where they are, and still keep the local traffic on
your existing physical infrastructure. Another good use case for geolocation,
are the laws and regulations that govern data generally, and customer and consumer data
specifically. When you're spinning up your compute, and procuring storage and deciding where in
the world to save your files, make sure that you're aware of regional,
and national laws because your Cloud provider will not be a party to that discussion or that
decision. This is related to the shared responsibility model, which we'll cover later on in this
lesson. For now, just know that it's your responsibility to know that you weren't
supposed to be storing the health data of German citizens over in Ohio.
Public, Private, and Hybrid Cloud
• Public Cloud – an environment of resources that anyone can purchase as a service and
use.
• Private Cloud – a corporation's own proprietary cloud environment.
• Hybrid model – a combination of both a public and a private cloud.

The Components
Cloud computing essentially covers 5 main areas of data infrastructure:

• Storage
• Compute
• Databases
• Networks
• Identity and Access Management

Cloud Storage
Cloud storage solutions are beneficial for data redundancy and disaster recovery. Storage
solutions are scalable and eliminate the utility of data centers.

Benefits of cloud compute include easy scalability

and flexibility for hybrid environments.

Cloud Compute
Cloud compute describes the virtual servers hosted by a cloud service provider. Virtual servers
provide the same functionality as physical servers, such as running operating systems and
applications.
 Laying the Track: Part II
https://www.youtube.com/watch?v=FeBQq7SuztM

Databases in the Cloud can take two forms. 1-They can be installed on virtual servers that you
control, the ones we just talked about earlier, or 2- they can be split up in the Cloud as part of a
Cloud managed service. If organizations require full control of their databases or 100 percent root
level access, then they can install that database software on any virtual machine. Those
organizations then fully managed these databases themselves. However, if root level access is not
required, all public Cloud providers have a managed service for databases. With managed
services, the database engine is pre-installed and organizations get administrative level access to
their databases. The Cloud provider takes care of the infrastructure related tasks like patching,
and updates, and scaling, etc. Teams and organizations simply manage their applications, their
users, and access to those databases. The world of Cloud computing transforms physical IT
networks into virtual private Clouds. Consider it your secure slice of the Cloud, where you control
access in and out. This access in and out is based on rules and configuration options, and it's not
based on anything that has much of a parallel in the physical world, because all virtual private
networks are software defined. If you're accustomed to a physical network and lots of routers, and
switches, and load balancers, these things exist in the Cloud, but they exist theoretically because
they're defined by software. Because of this, one of the largest benefits of networking in the Cloud
is the rapid scalability with a low upfront cost, which is simply not possible with any physical
network. Identity and Access Management, commonly abbreviated as IAM, is a critical security
and data management framework that's used in Cloud computing and there's really no getting
around it. Essentially, IAM allows organizations to easily authenticate and authorize user and
resource access to a variety of institutional data and resources within their Cloud infrastructure.
IAM is used to create Cloud users, and give those users privileges and permissions either by
assigning it to their persona or role, or by adding them to a group that has those permissions. For
a simple example, let's say Sammy works in the HR department and he's in a junior role. We could
give them access to HR related documents and data that's needed as part of their job, but restrict
levels of access based on their junior role, and make financial information inaccessible to them
altogether. Remember, users should only have access to what they need and nothing more,
otherwise, breaches may occur. When the wrong people have too much access to data that's not
part of their workflow or their job responsibility, organizations become unnecessarily vulnerable.
Databases
Databases in the cloud can take two forms -

• Virtual servers – Organizations manage their own database infrastructure

• Managed service – Cloud providers manage infrastructure-related tasks

Networks
Cloud computing transforms physical IT networks into virtual private clouds, which are software-
defined networks, based on rules and configuration options.

IAM is used to authenticate and authorize

user access to cloud infrastructure, data, or resources.

Identity and Access Management (IAM)

Identity and Access Management (IAM), is a critical security framework and allows organizations
to easily authenticate and authorize user access to institutional data, resources, and cloud
infrastructure.
Exercise: Explicit Objectives
As you've learned, starting your migration journey into the cloud begins with understanding the overall
objectives and needs of the business. Think about your own organizational context and answer the following
questions:

Consider the overall digital transformation goals of your team–

What are four or five ways in which cloud computing may be leveraged to achieve these goals? Please
provide a detailed and explicit response.
Your reflection
1. Improved efficiency By using the cloud, businesses can improve their efficiency by
getting the resources they need when they need them. This eliminates the need to
purchase and maintain hardware and software, which can be costly and time-consuming.
The costs of maintaining and running a data center can be prohibitive for many businesses.
The cloud allows businesses to outsource these costs and focus on their core
competencies. When companies don’t have to worry about the underlying infrastructure,
they can concentrate on delivering value to their customers. 2. Improved agility The cloud
also enables businesses to be more agile. With the cloud, businesses can quickly adapt to
changes in the marketplace by deploying new applications and services. This flexibility is
essential in today’s fast-paced world. By using the cloud, businesses can stay competitive
and quickly respond to changes in the market. This allows them to focus on their core
competencies and not on infrastructure. 3. Improved scalability The cloud is also scalable,
which means that businesses can adjust their resources as needed. This allows businesses
to grow and change without having to invest in new hardware and software. The cloud
makes it possible for businesses to handle spikes in traffic or changes in demand without
purchasing new equipment or making other costly investments. 4. Improved security
Digital security is critical for businesses today. By using the cloud, businesses can improve
their security by leveraging the service provider’s resources. The cloud is also a more
secure way to store and access data. Businesses can reduce their risk of data loss and theft
by using the cloud. The cloud provides a number of security features, including
authentication, authorization, and encryption that businesses can take advantage of. 5.
Improved reliability The cloud is also highly reliable. This means that businesses can rely
on the cloud to deliver services according to their SLAs. The cloud is a more reliable way to
store and access data than traditional methods. Businesses can ensure that their data is
safe and secure by using the cloud. The more reliable the cloud is, the more likely
businesses are to use it.
Things to think about

While we are still early in this lesson, it is important to establish your own cloud computing
mindset and begin to incorporate ideas of how to best leverage cloud service capabilities to
meet organizational objectives and goals. More importantly, you need to have a clear set of
objectives around which to frame and assess your current and future needs.

Have explicit objectives

In this lesson, you will frequently hear about the importance of transparent communication
across all organizational roles for successful digital transformation execution.
Your reflection
1. Improved efficiency By using the cloud, businesses can improve their efficiency by
getting the resources they need when they need them. This eliminates the need to
purchase and maintain hardware and software, which can be costly and time-consuming.
The costs of maintaining and running a data center can be prohibitive for many businesses.
The cloud allows businesses to outsource these costs and focus on their core
competencies. When companies don’t have to worry about the underlying infrastructure,
they can concentrate on delivering value to their customers. 2. Improved agility The cloud
also enables businesses to be more agile. With the cloud, businesses can quickly adapt to
changes in the marketplace by deploying new applications and services. This flexibility is
essential in today’s fast-paced world. By using the cloud, businesses can stay competitive
and quickly respond to changes in the market. This allows them to focus on their core
competencies and not on infrastructure. 3. Improved scalability The cloud is also scalable,
which means that businesses can adjust their resources as needed. This allows businesses
to grow and change without having to invest in new hardware and software. The cloud
makes it possible for businesses to handle spikes in traffic or changes in demand without
purchasing new equipment or making other costly investments. 4. Improved security
Digital security is critical for businesses today. By using the cloud, businesses can improve
their security by leveraging the service provider’s resources. The cloud is also a more
secure way to store and access data. Businesses can reduce their risk of data loss and theft
by using the cloud. The cloud provides a number of security features, including
authentication, authorization, and encryption that businesses can take advantage of. 5.
Improved reliability The cloud is also highly reliable. This means that businesses can rely
on the cloud to deliver services according to their SLAs. The cloud is a more reliable way to
store and access data than traditional methods. Businesses can ensure that their data is
safe and secure by using the cloud. The more reliable the cloud is, the more likely
businesses are to use it.
Things to think about

Keep these objectives in mind as we will be revisiting them later in this lesson.
 Choosing the "Right" Partners
https://www.youtube.com/watch?v=cEEyXOiluFE
Unless you have a really robust pipeline of Cloud experts already in place, you will need to bring in
some expertise to transition to Cloud computing. You don't want to just fumble your way through a
digital transformation. Whether you bring in consulting firms or hire people with years of
experience, your team and organization will benefit from the knowledge and experience of certified
professional Cloud architects, or those with lots of experience in the Cloud. However, you also
need to invest in the talent you currently have. Find those within your business who are interested
in taking on a new role and invest heavily in their Cloud education. This investment can be sending
them to boot
camps or other highly specialized hands-on training. We'll be discussing the talent dynamic more
in depth. But for now, know that it's the keystone for your successful and sustainable transition to
Cloud computing. Depending on your needs, there are a plethora of Cloud providers. What
differentiates them? At the core, the four largest Cloud providers are Amazon Web Services, better
known as AWS, Microsoft Azure, Google Cloud Platform, and Alibaba Cloud. Each provides the
fundamental characteristics described earlier, like on-demand compute, scalability and elasticity,
paying-as-you-go and global access. What distinguishes each of them will boil down to brand and
reputation, breadth and depth of services, special areas of expertise and customer incentives.
Choosing a partner that meets your business needs in some cases may also mean using more
than a single Cloud provider. Earlier, I stated that transforming with Cloud computing starts with
two things. You need to understand your objectives, so establish a culture of change readiness,
and communicate it across all lines of your organization. You also need to understand your current
processes and resources using both internal partners and external consultants. The sales teams
at all of the Cloud providers will be very eager and very helpful in helping you build the track you
need for a success. Now this may include helping you take a needs inventory and assessment and
assisting with professional services and your technical road-map.

Some expertise is needed to transition to cloud computing and it can take several forms
including:

• Bringing in consulting firms

• Hiring people with cloud and migration experience
• Investing in in-house talent
Choosing a Cloud Provider
Depending on your specific needs, there are a variety of cloud providers, but the four largest
cloud providers are:

• Amazon Web Services (AWS)

• Microsoft Azure
• Google Cloud Platform (GCP)
• Alibaba Cloud
 Where Cloud Digital Transformation Starts
https://www.youtube.com/watch?v=2Gq5cuTb_Lw
The start of your cloud computing transformation journey, begins with understanding first, what
your organizational objectives are. Second, understanding what processes, services, and
resources are currently in place within your organization, and consultants can be extremely helpful
in this step. Once an inventory or needs assessment has been done, the third and most critical
step for success is to build a team of individuals that will facilitate the adoption and
implementation of any new cloud-based processes or services. Now this may seem overly broad
right now, but the point here is that moving to the cloud is a process that takes lots of dedicated
time, expertise, and focus. Remember, your organization is a train and moving it to it's destination
requires a deep understanding of what's happening right now and a bit of foresight to begin to
predict how things will play out in different scenarios. You have to know your industry, know your
users, and their usage patterns, know how much data is consumed, and how much do your current
processes, functions, and services actually cost. By the way, these last three data points become
easily accessible with a click of a button once these functions are being processed within the
cloud.

The cloud computing journey begins with two steps:

1. Inventory and Needs Assessment

• What are your organizational objectives?
• What processes, services, and resources are currently in place?
2. Building a Team and a Culture
• Which individuals will facilitate the adoption and implementation of any new
cloud-based processes or services?
 Talent Strategy Management
https://www.youtube.com/watch?v=GopzJZunlCc
In my roles as both a learning architect and technical trainer at two of the leading Cloud providers,
many times organizations come to me thinking they're ready to start moving to the Cloud.
However, they haven't done the foundation work necessary to successfully transition. In a
common scenario, I'll see an IT director, some managers, and some senior software engineers,
because these may be the roles on the organization's Cloud transition team. However, without the
right starting mechanisms, processes, and collective teams in place, when business leaders get to
upskilling internal talent and
implementing required changes, many projects stall. Projects stall because the people who are
affected by leadership's Cloud-related decisions, sometimes weren't able to give early input during
the exploration and ideation phase of the project. Democratizing voices is a key point here. These
people in their early input are important because they can raise blind spots and opportunities you
may not be aware of. From the very beginning of your process, be deliberate and intentional once
the decision to move to the Cloud is made. Engage all stakeholders. Create channels to facilitate a
sharing of knowledge, discussions, and the receiving of feedback. These could be in the form of
internal blogs or Slack channels and providing periodic updates to set the expectation that change
is happening, the train has begun moving forward, and it's all one team on board for the ride.
Moving to Cloud computing as part of your digital transformation is a significant organizational
culture shift that you need to prepare for. Think back to the train analogy. Everyone plays their role.
You got the conductors and engineers, mechanics and passengers, but there are also the team
members that lay and
maintain the track and the train stations. Everyone is a part of the process for moving that train
from A to B, and everyone needs to start at the same place. In an organization,
this start maybe the official announcement that needs to go out from a few key executive leaders
like, "Hey everyone at company X. We're beginning our digital transformation, and now we're all
going to start at zero. We expect it to take up to three years or setting up a Cloud Center of
Excellence, and we're also setting up a steering committee and we're looking for an advisory
board. We're all going to transform together." Take hold of this mantra: communicate relentlessly
and transparently.
Democratizing voices means eliciting additional user input by extending past core
stakeholders to those that are in adjacent teams or roles.

Tips for Cloud Project Success

• Be deliberate and intentional
• Engage all stakeholders
• Create channels for knowledge transfer and feedback
• Provide periodic updates
It’s all One Team on board for the ride, so communicate relentlessly and transparently.
 Exercise: Status of Talent
Think about the existing talent on your team. As a group, do you currently have some cloud
computing skills and capacity, or will migrating to cloud computing require upskilling and new
hires?

Below do a brief skills inventory of your team–

1. What are the key team member attributes and skills needed to move forward with a cloud
transition?

2. Who on your team has cloud computing experience and could possibly act as cloud team lead,
resource, or champion?

3. Who should probably be on the team that is not currently part of your day-to-day team
processes?

4. Who on the team wants to accelerate their cloud learning for both the team and organization?

Your reflection
1. Cloud infrastructure knowledge, Cloud networking experience, DevOps knowledge and
automation skills, Project management skills, Analytical thinking skills, 2. abdullah 3.
abdulrahman 4. ibrahim
Things to think about

You will have many internal and 3rd party partners working with you on your digital
transformation journey; however, it's important to also have a clear understanding of your team's
existing skillset and what you aspire to
 Cloud Center of Excellence
https://www.youtube.com/watch?v=6e5N4EyxKuo
I can't emphasize enough how important it is to set up the right team and democratize voices.
Meaning, make sure you've got diverse input. I often see business leaders assume that some
members of the organization don't need to be involved early on because their role in
transformation may come later in the transformation process,
and this is a huge mistake. Enabling diverse input channels brings perspectives that we might
otherwise miss. Even from those who assume cloud computing won't impact their work. It
cultivates a vested interest in ownership in the organizational mission.
Even a non-technical person like for example, marketing or HR, will feel empowered to actively
participate in Cloud transformation initiatives, including a Cloud center of excellence. Early on,
organizations should create a Cloud Center of Excellence to act as
a catalyst to move from Cloud computing goals to full organizational digital transformation. Cloud
Center of Excellence is typically a set of individuals focused on the goal of executing successful
cloud computing transformations across the enterprise. They take in an organization's strategic
goals and in collaboration with Cloud providers and internal technical and non-technical teams,
create programs to develop, migrate, and deploy Cloud services in ways that are sustainable,
result in best practices, and drive innovation. A Cloud Center of Excellence, often abbreviated
CCoE, is a repository for cloud computing best practices and documentation that's specific to your
organization. It provides a single point of contact for the various teams. So that as a whole, your
organizational train remains on track towards strategic Cloud-related goals.
A Cloud Center of Excellence is the keystone in the bridge from current practices and
processes to the new skills and practices required for cloud computing transformation.
While it's a best practice to establish a CCoE prior to starting any formal Cloud Transformation
program, it's sometimes the case that timing requires some parts of the transformation to begin
more immediately. Regardless, the importance of establishing a CCoE cannot be overstated.

A Cloud Center of Excellence (CCOE) is a catalyst to move from cloud computing goals to full
organizational digital transformation.
• A CCOE is focused on the goal of executing successful cloud computing transformations
across an organization.
A CCOE takes strategic cloud computing goals and creates programs to develop, migrate, and
deploy cloud services in ways that:

• Are sustainable
• Result in best practices
• Drive innovation
CCOEs are repositories of best practices and documentation and facilitate communication among
various teams, partners, and stakeholders based on strategic cloud-related goals.
Iterative Talent Development
https://www.youtube.com/watch?v=_d2LetJwMjw
As a business leader, your talent strategy is critical to move and grow with great people.
Be a champion of culture, be a champion of agility, innovation, and change. Lead your teams
transparently, so everyone is clear on goals and needs. Be prepared with an internal talent strategy
that both leverages internal talent, the passengers who are already on the train, and brings in fresh
talent, new hires that will board the train later.
For organizations transitioning to the Cloud, establishing a Cloud Center of Excellence is
considered a best practice to keep the wheels greased and moving forward.

Three factors for talent management in digital transformations with cloud computing are:

• Organizational culture
• Talent strategy
• Goals and needs
 Avoid Shadow IT Groups
https://www.youtube.com/watch?v=yumyDhwrJzQ
There's something you should be aware of when beginning what is essentially a change
management process and that shadow IT groups. As you think about your talent management
strategy for Cloud computing, it's important to avoid the trap of the shadow IT organization. This is
similar to the train splitting off onto a sidetrack. Shadow IT groups are not on board with your
Cloud computing plans. They tend to jump off because they can't be bothered with the process.
This has the potential to significantly sidetrack your Cloud transformation initiatives. Shadow IT
Groups are created when one group within IT justifies going off on their own to work ahead of the
organization. Oftentimes the sentiments expressed by this group include, feeling that the
transformation processes are taking too long, or thinking that their priorities are more important,
creating a heightened sense of urgency to complete the Cloud computing programmatic goals and
move on. Or feeling his group of engineers can work on
projects ahead of schedule while everyone else gets trained. In practice, I often see these groups
turn into a pseudo cool kids click whose applications are now up in the Cloud. They accelerate,
they make presentations to different people and they get really good results because they're
smart. But again, shadow IT groups impede digital transformation objectives and goals over time.
Remember that a digital transformation is fundamentally about a mindset shift and organizational
culture change and the behavior and existence of shadow IT organizations significantly
undermines that change process. To summarize, let's think back to our train analogy. Teams and
organizations can't move forward toward their transformation destination without solid wheels to
move that train.

Shadow IT Groups can significantly undermine the change process and can be a block to
digital transformation.
A shadow IT group occurs when a group within an IT department begins to work outside or
ahead of their department.

Remember, digital transformation is fundamentally about:

• A mindset shift
• An organizational culture change
 Establishing Your Technical Sandbox
https://www.youtube.com/watch?v=19HJAHEQ27U
At this point in our Cloud computing transition, we've laid the track of core understanding,
assessed our needs, chosen a Cloud provider, communicated our goals, cultivated a
transformation mindset across business lines, and established a core team to be our internal
Cloud Center of Excellence. Now, we're finally ready to get moving.
Now, you can begin to establish a footprint that's both tactical and technical. Your team can start
getting hands-on in a sandbox environment. This is where we start seeing how things work and
begin to quickly accrue some of the benefits of moving to Cloud computing. As teams continue to
sandbox and test, there should be several workloads up and running in the Cloud. More
specifically, several of your application teams should be running at least a portion of their
workload in the Cloud under established best practices. This is where your talent strategy kicks
into high gear as well. With training, hiring, and onboarding, there should be talented people in
place that have the technical know-how to run the applications while they continue to extend their
Cloud knowledge through specialized training.

Begin to establish a footprint that is both tactical and technical.

• Sandboxes – allow teams to test new cloud computing infrastructure or services

• Test – application teams should run at least a portion of their workload in the cloud
using CCOE-established best practices
 Cloud Services & Optimization
https://www.youtube.com/watch?v=2Y0ijHGub1o
Infrastructure as a service covers the compute, storage, and networking resources we discussed
earlier. The four biggest providers of these services are Amazon Web Services, Microsoft Azure,
Google Cloud platform, and Alibaba Cloud. Next up is platform as a service. This is the next move
up the chain and deals with an organization's development and deployment environment. At this
level, some of the data infrastructure is abstracted away, and both platforms and infrastructure-
related software and hardware are provided as a service. This model allows organizations to focus
more on application development and deployment unless on the underlying infrastructure needed
for application implementation. Large platforms in this space include Oracle, IBM, Heroku, Google
App Engine, and AWS Elastic Beanstalk. The next level of abstraction is a software as a service.
Here, organizations can license complete software solutions from a variety of cloud providers. The
work of creating, developing,
and deploying an application has been stripped away to allow organizations to focus on what they
do best; focus on their core business. Examples of providers in this space include Salesforce for
customer relationship management tools, productivity software suites from Microsoft like Office
365 and Google Workspace. Companies like Dropbox for file storage and management, and Adobe
for content creation and creative asset management. Finally, we have function as a service, which
is all about serverless computing and microservices. A unique subset of serverless computing is
different from using virtual servers because all the underlying infrastructure, such as the
monitoring, the actual running, and provisioning, and scaling, is managed as a service by the cloud
provider. Basically, all you have to do is bring your code and an event,
such as a user request would trigger that code to run and your cloud provider handles the rest of
the execution. For example, behind your organization's front-end interface,
you won't have the actual servers running that you have to manage. You have functions executing,
which are really specific, very small, very fast, and very inexpensive. This is a service that's unique
to cloud computing and has no parody in the physical world.
With function as a service, all aspects of compute infrastructure are abstracted away from the
developer, exposing only an easily accessible development environment with
function execution taken care of by the cloud provider to an application's core executable base.
The application backend becomes a series of executable functions.
Currently, the most prominent function as a service providers are AWS Lambda, Microsoft Azure
Functions, Google Cloud Functions, and IBM Cloud Functions. As visualized in this diagram, these
different types of cloud services abstract away layers of IT infrastructure and can narrow an
organization's scope, allowing it to fully focus on its core business and purchase all of its
underlying infrastructure from a cloud services provider.

There are many 3rd party cloud providers that have created highly effective cloud-native tools to
support this second phase. These services fall into four categories:
 • Infrastructure as a Service (IaaS)
• Platform as a Service (PaaS)
• Software as a Service (SaaS)
• Function as a Service (FaaS) or Serverless computing

IaaS
Infrastructure as a Service – covers the previously discussed components of cloud computing
such as compute, storage, and networking resources. The 4 biggest providers of these services
are:
• Amazon Web Services (AWS)
• Microsoft Azure
• Google Cloud
• Alibaba Cloud

PaaS
Platform as a Service – abstracts away some of the data infrastructure and platforms to allow
organizations to focus on application development and deployment.
Large providers in this space include:

• Oracle
• IBM
• Heroku
• Google App Engine
• AWS Elastic Beanstalk
SaaS
Software as a Service – provides a complete set of software solutions and allows organizations
to focus on their core business.
Examples of SaaS providers are:

• Salesforce
• Kronos
• Abobe
• Microsoft 365
• Google Workspace
• Dropbox

FaaS
Function as a Service – an organization's application backend is simplified to an API and the API
triggers its targeted functions to execute.
Prominent FaaS providers are:

• AWS Lambda
• Microsoft Azure Functions
• Google Cloud Functions (GCF)
• IBM Cloud Functions

Additional Resource
Going FaaSter: Function as a Service at Netflix is a great video on how Netflix leverages FaaS
technology for its business.
 Shared Responsibility Model
https://www.youtube.com/watch?v=O_ndPfOt088
Based on the Cloud computing services you utilize, regardless of the Cloud provider, it's imperative
that you understand that as a customer, you still have significant responsibilities. These
responsibilities are typically outlined in the shared responsibility models of the various Cloud
providers. Shared responsibility models make explicit the security and compliance responsibilities
of the Cloud provider and its customers.
In essence, Cloud providers are responsible for securing Cloud infrastructure and you'll often hear
this described as security of the Cloud. These are the structures and processes, the hardware,
software, networking, and facilities that run the Cloud Service.
Cloud customers are responsible for what is known as security in the Cloud. This includes but is
not limited to creating and maintaining secure configurations and proactively managing your
Cloud services to protect data and secure access. There is no security in the world that will make
up for poor implementation by an organization.
Service providers are partners, and often have a quasi advisory role throughout the digital
transformation and service contact periods. But successful implementation,
that's the responsibility of your organization. Again, having an explicit transformation program and
a process that includes an internal Cloud Center of excellence is key and a best practice. In
addition, an organization security stance is not the responsibility of the Cloud service provider.
While all Cloud providers will have internal tools to facilitate security auditing, the enterprise IT
team will continue to need to identify and assess security vulnerabilities and fix or mitigate them.
Now that you understand the shared responsibility model, there's still the question of how to
choose the right service and/or provider to meet your business needs. There are so many different
values to plug into making this decision; the size of your enterprise, how many people are going to
be using it, what's your budget, how much time do you have, who do you have on your team, are
you running 24/7, what's your support model, and this is going to be better for us. The question is
really simple, but there are no simple or standard answers.
Shared Responsibility Models from cloud providers make explicit the security and compliance
responsibilities of the cloud provider and its users/customers.

The following links provide more detailed information on the shared responsibility models of
specific cloud providers:

• Amazon Web Services (AWS)

• Google Cloud Platform (GCP)
• SAP

Choosing the Right Service

The following are questions to consider when determining the "right" service for your context or
use case:

• The size of your organization?

• How many people are going to be using it?
• What’s your budget?
• How much time do you have?
• Who do you have on your staff?
• Are you running 24 7?
• What's your support model?
• Will it be better for your team and organization?
The question, "How do I choose the right provider?" is really a simple one, but there is no simple
or standard answer.
Exercise: Level of Service
Think about your core business, your business objectives, and the existing talent on your team:

1. Are there any structural, governance, or regulatory blocks to working with a cloud service
provider?

2. What level of infrastructure abstraction would be best for your teams and how would this
abstraction lead to improved outcomes for your business objectives?

Your reflection
yes we implementing the cits.gov.sa regulation high level
Things to think about

Remember that the various levels of cloud service types (Iaas, Paas, Saas, Faas) free up your team
resources to focus on core business functions. Higher levels of abstraction are particularly helpful
when cloud skills or hiring capacity is limited.
 Capital One's Bold Move to the Cloud
https://www.youtube.com/watch?v=TuOibfrQ9Rs
capital one is one of the largest banks and financial services companies in the united states and
it's also the nation's largest digital bank as a digital bank in 2013 and 2014 they quickly recognized
shifting customer behavior as customers move to access their platforms from their desktops to
their mobile phones in 2016 the cio of capital one said the winners in banking are going to be
companies that ultimately look like great technology companies because that's where this industry
of banking is going capital one was an early adopter of the digital first mindset and intentionally
moved its operational approach to cloud computing to create organizational agility for growth and
rapid iteration to bring in-house many of the engineering functions it had previously
outsourced and to build great customer experiences in 2013 it started its digital
transformation journey with the ambitious goal of migrating all eight of its data centers to the
cloud however one of the challenges to being a great tech company was having the right talent in
place to implement and move forward toward that goal and talent became one of the three pillars
of success for capital one's digital transformation

The Problem State

Capital One, was an early adopter of the digital-first mindset - and intentionally moved its
operational approach to cloud computing to:

• Create organizational agility for growth and rapid iteration

• Bring core engineering functions in-house
• Build great customer experiences

Pillars of Success
The three pillars of success for Capital One’s digital transformation were:

• People and Talent

• Data Analytics
• In-sourced IT for development, deployment, and innovation

Additional Resources
• Capital One’s Cloud Journey Through the Stages of Adoption
• Creating value with the cloud
 Exercise: What Would You Do?
Consider your own business case:
You have an organization with a stated goal to digitally transform. Based on what you have
learned:

1. What will be the 3-4 pillars of success for your team?

2. Based on these pillars, what would some of the measurable objectives be?

3. As the business leader, what would be the first few steps you would take to realize the
objectives you listed?

Your reflection
1. understand the value of the business understand their role How do they create value?
What's the outcome? 2. value of business they are working on 3. start mindset for team
prepare team for transformation to achieve organisation goal
Things to think about

There is no correct, "one-size fits all" response here as the answer will be based on several
conditions, such as:
• Your current tech stack
• Internal skill sets of the team
• Proprietary and organization-specific needs
• Security/regulatory issues
 Capital One's Digital Bold Move to the Cloud
https://www.youtube.com/watch?v=quCsinXxQ5s
In moving toward digital transformation, Capital One took a long-term and phased approach which
informed how its talent strategy was implemented.
Phase 1 was a proof of concept stage with select small groups internal to Capital One. The
company leveraged its center of excellence to bring together diverse roles and motivated its
technologists, product managers, and analysts to prove out the specific cloud services.
Phase 2 entailed development, testing, and initial deployments. Growth in Capital One's talent
pipeline of people with the required skills to accomplish this was imperative.
The center of excellence established best practices and was essential in formulating Capital One's
internal training program.
Phase 3 was to complete migration to the cloud with the center of excellence leading the push
through empowering the organization with governance, talent, and programmatic goals and
support. The process itself was phased in iterative due to changes in the technology and the
expanded service capabilities of the company's cloud service provider over time. In 2020, Capital
One migrated from and closed this last data center. Its IT organization of 11,000 represents 21
percent of its total workforce and the vast majority of the IT staff are software engineers. Having a
cloud center of excellence for development standards, architecture guidelines and best practices,
risk management, and governance was and continues to be pivotal to Capital One achieving its
cloud computing goals and pushing forward with continuous cloud innovation.

Part 2 - The Action

Capital One approached its transition to cloud computing in three phases:

• Phase 1 – proof of concept stage with select small groups in Capital One's Innovation
Labs including technologists, product managers, and analysts.
• Phase 2 – development, testing, and initial deployments and strategically executing on
its talent pipeline.
• Phase 3 – migration, deployment, and innovation while also remaining in compliance
with governance and regulatory requirements
Additional Case Study Readings
Essential Cloud Governance Disciplines and Best Practices
4 Ways Large Organizations Can Be Innovative Like a Startup
When it comes to innovation, size doesn’t matter
Capital One Labs
 Capital One: The Legacy
https://www.youtube.com/watch?v=4KOE6aRvFJY
In 2021, Capital One became the 10th largest bank in the United States. Capital One has built great
customer experiences and improved customer satisfaction through real-time deliveries. It is using
digital native cloud applications to aggregate data and it's using data analytics and algorithms to
build out its platform. There's a lot to take away from the Capital One digital transformation story.
The first is that there are no quick fixes or fast digital transformation journeys. This was a journey
that took seven years to realize and is an ongoing process of innovation and growth at Capital One
today. Second, having highly trained cloud experts in your talent pool is critical to executing your
cloud transformation vision. Capital One recruits IT organization from 4,500 in 2012 to 11,000 in
2020. Third, a cloud center of excellence is a catalyst for change and innovation for organizations
seeking to digitally transform. Forth, Capital One has become a highly respected breeding ground
for.a large cohort of Chief Information Officers and Cloud Practitioners across industries in
corporate America. It's also really important to note here that the cloud providers you choose will
ideally become your long-term partners for innovation and growth. As in the Capital One example,
as the company grew and changed, so did this cloud provider, AWS. Over the years, technologies
and services that were not available at the beginning of Capital One's transformation journey
became available over time. The outcome of the Capital One AWS partnership became the beta for
new services and digital transformation best practices.

The story of Capital One's digital transformation using cloud computing presents a number of
key characteristics for long-term success:

1. Digital transformation is a long-term process of growth and innovation

2. Trained cloud talent in your talent pool is critical for successful execution
3. A Cloud Center of Excellence (CCOE) is a catalyst for change and innovation

Additional Readings
Doing The Hard Things First - Lessons From Our Cloud Journey
4 Best Practices for Repeatable Software Delivery
AWS Case Studies of Capital One Digital Transformation
Capital One’s Digital Diaspora: How One Bank Became A Wellspring Of CIO Talent For Many
Companies
AWS Capital One Case Studies
 Plan for Growth and Innovation
https://www.youtube.com/watch?v=UQkCkDi4iiQ
As you begin to establish your digital transformation program, it's imperative to determine what
will constitute success. What will the OKRs and KPIs be for your team or business lines? Digital
transformation using Cloud computing is more than the sum of related timelines, budgets, and
organizational resource needs. Think about attracting and retaining talent, and once individuals
are trained, how do you plan on keeping them from leaving? Also, how can you change a
sometimes rigid cultural mindset and shift toward a growth mindset? Have a Cloud adoption
framework that includes sponsorship,
teamwork, communication, behavior, and people operations. There is no one-size-fits-all Cloud
migration journey. However, think of your Cloud computing migration in three parts. Part 1 is lift
and shift, or rehosting. This means moving your existing solutions to the Cloud such as replacing
your on-prem servers with Cloud servers. This is usually one of the easier and first things that you
would do. Second, move and improve or re-platforming with Cloud-native applications. Or moving
from just Cloud compute to maybe serverless computing in the Cloud, like with a managed
service. Then third, lift and extend or refactoring. This is using prescriptive intelligence from
company data through AI machine learning processes that are quickly and easily accessible and
cost-effective once your data is based in the Cloud.

More Thoughts
As you being to establish your cloud computing program, it’s imperative to define "success" and
communicate how that success will be measured:

What will the OKRs and the KPIs be for your team or business lines?
The Cloud Migration Journey
There's no one size fits all cloud migration journey, however, think of your cloud computing
migration in three parts:

• Lift and Shift / Rehosting – move existing solutions to the cloud such as replacing on-
prem servers with cloud servers.
• Move and Improve / Re-platforming – use cloud-native apps to create innovative
solutions
• Lift and Extend / Refactoring - leverage AI and machine learning with data analytics for
prescriptive intelligence
Leading-edge Innovation Tools

Innovations in the cloud

There are a number of areas where cloud providers continue to innovate.

These areas include:

• Serverless computing
• Containers
• Data Lake and Analytics
• Internet of Things(I.O.T.)
• AI and M.L.
• Blockchain as a service
• Edge computing
While a discussion of these technologies is beyond the scope of this lesson, it is important to be
aware that as your business needs grow and transform, cloud services providers offer products
that will innovate alongside you.
 Exercise: Growth Plans
We've covered a lot of ground and have nearly reached the end of this lesson. Themes in the
lesson included:

• Cloud components and service level types

• The importance of organizational culture and communication
• Building a talent pipeline
• Planning for growth and innovation
In this final exercise, we ask that you reflect on your current team and organization when
responding to the questions below.
You have been tasked with proposing an initial digital transformation plan to your team.

Create a short cloud migration plan that includes the following:

• A simple cloud transition goal statement such as, "We would like to retire all of our legacy
operating systems and move those workloads to the cloud by the end of the year." or "All
of our tech adjacent team members will have a foundational cloud certification by the end
of the year."
• Three objectives related to the goal above, that are explicit and measurable
• Two examples from your current workflow that would be appropriate for a "Lift & Shift"
strategy
• Detail additional resources you need to execute your plan

Your reflection
we will move to the cloud to reduce our cost and ensure scalability in this year 1. migrate
our IT to the cloud 2. 12 months 3. cut cost In this case we're not making any changes to
the software but simply leaving the hardware behind and moving our software to
hardware that's on the cloud maintained by the cloud providers. This option should
directly reduce our cost and allow us to scale. AWS
Things to think about

Thank you for your response! This is a first step in applying the lessons learned here to your own
organizational and business context.
Imagine the plan you created above has been approved, how will you communicate the plan to
technical and non-technical stakeholders?

In the space below, create a communique to launch your plan and invite collaboration and
feedback.
Your reflection
we are going to move out IT to cloud and this work it will take 12 months, we are doing this
to reduce the cost for organisation and keep employee more efficient, we will move all
software to the cloud.
Things to think about

Great job completing this exercise! The goal here is to begin thinking about how to align
objectives, processes, and teams in a way that facilitates a change management strategy and
invites constructive and creative thought, feedback, and collaboration.

Remember our mantra from earlier in this lesson –

Communicate relentlessly and transparently.
 Lesson Takeaways
https://www.youtube.com/watch?v=yOxZOHsyiro
As we wrap up this lesson, remember that Cloud computing will benefit your organization and
drive digital transformation and innovation. Cloud computing provides dynamic IT infrastructure
resources that allow for flexible growth based on your business needs. In addition, pay for what
you use cost structures, directly tie IT infrastructure costs to organizational productivity. Finally,
outsourcing or abstracting away pieces of your IT infrastructure frees up some of your most
valuable resources.
Your engineers, allowing them to focus on innovation and accelerating business growth.
Moving to the Cloud creates opportunities that would have otherwise been out of reach or
unreasonable with on-prem resources. As the business leader, you're an internal champion for your
team and organization, so ask yourself, how do I transform the way we're going to work? How do I
break down those silos and give my teams what they need to thrive and change? All these things
are huge because if people on your team don't have an openness to grow and develop the
necessary skills, your Cloud transformation program will not be as successful. Internal
organizational champions are extremely important when it comes to shifting the culture. They play
a big part in evangelizing upcoming changes. They're early adopters and they lead by being a
resource for their peers, by giving talks and providing their knowledge and their resources. We've
come to the end of our Cloud computing journey together.
But this is just the beginning for you and your organization. Congratulations on completing this
lesson and we look forward to seeing you in the Cloud.

An Internal Champion
As you set out on the digital transformation journey, some questions to ask yourself are:

• How do I transform the way we're going to work?

• How can we break down those silos?
• How can I facilitate my teams getting what they need to thrive in change?
Internal organizational champions are extremely important when it comes to shifting the
culture

• They play a big part in evangelizing upcoming changes.

• They are early adopters and lead by being a resource for their peers, giving talks, or
providing their knowledge of resources.
• They are someone that you can send a quick message to, and they'll send you links.
You are an internal champion for your team and business.
Congratulations
You have completed this lesson on transforming your business with cloud computing and we wish
you the best on your cloud and digital transformation journey!

Ongoing Reading Resources

For more information on the importance of cloud education or the ROI of using cloud versus on-
prem services, the following resources may be helpful:

• Planning your cloud migration? Don’t overlook cloud education

• Cloud Delivers 4.01 times the ROI as On-Premises

Next Steps for Your Digital Transformation Journey

If you are interested in more in-depth learning around cloud computing from an executive
perspective, check out Udacity's Cloud Computing for Business Leaders program.
Now you have some choices for the next stage of your Digital Transformation learning journey.

Option 1
Complete another topical lesson in this Transformative Technologies course that is of interest
to you.
Option 2
Move on to your next course in this program.

Congratulations again on completing this lesson and we look forward to seeing you in the
cloud!
 AI & ML in Business
https://www.youtube.com/watch?v=2GE1kRkDLbA
Imagine you are walking through a hallway and at the end there is an elegant door. You reach for
the handle and it fits perfectly in your hand. You open the door to a grand hall with large picture
windows that allow the scenery and natural light to flood the room. You feel yourself, take a breath
and sink into the space. Appreciating the stunning craftsmanship on architecture of a well-made
building is similar to appreciating the end result of artificial intelligence and machine learning
models. Today, we can see AI and ML effortlessly and seamlessly integrate into the phone in our
pockets to self-driving cars and eliminating convoluted repetitive tasks. If you were an architect
designing a skyscraper, you would start with a blueprint to guide the vision and construction of the
building. But you wouldn't be responsible for all the work. You would work with a project manager
who would coordinate the materials, the workers, and the tools to build your skyscraper. Together
that entire team, which could include many people, would collectively realize the vision of the
building. Similarly, as a business leader championing the AI and ML digital transformation for your
business, you are responsible for establishing a vision that will be realized to the combined efforts
of many people. Your digital transformation roadmap will document the steps required to achieve
your goals, and will be informed by your understanding of AI and machine learning and how it may
apply to your business. You will need an AI or machine learning manager to determine exactly
what data your company should rely on, to manage a team of data scientists, and to select the
most effective tools to use for your digital transformation. Only when all of this in place, will your
organizations transformation be possible. In this lesson, we will build up the vocabulary and
understand the capabilities and limitations of ML models that are aligned with your business
goals. You will lead AI initiatives by learning how to ask the right questions, who you need to build
out your teams, and the data and tools you need to execute. Finally, we will run through a case
study to see how all this comes together to transform a business. Hello, I'm Luis Serrano, your
instructor for this lesson. I currently work as a researcher in Quantum Artificial Intelligence. I have
a PhD in Mathematics and I worked as a research mathematician for several years. But then I
switched to machine learning and I worked in several companies, including Google, Apple, and
Udacity. I really enjoy the exposition and popularization of machine learning. Which is why I'm the
author of the book Grokking Machine Learning. I also have a popular YouTube channel with over
90,000
followers where I explained different topics in machine learning and data science. Join me in
exploring the world of AI and ML.

You are the metaphorical architect of your business' AI and ML digital transformation. You come in with the
blueprints or vision. This helps inform the lead of your ML team to get the relevant data, personnel, and
tools to develop the ML model. This can seamlessly integrate into your business.
 Comparison Between the Process of An Architect and ML Business Leader
By the end of this lesson, you will be able to:

• Have a grasp of relevant AI and ML vocabulary and knowledge.

• Learn the right questions you need to ask to build your machine learning team.
• Articulate why and how the team at Siemens digitally transformed their business with AI and ML.

Meet Your Instructor

Hello, I’m Luis Serrano! I am a researcher in quantum artificial intelligence, and I have a PhD in
mathematics with several years of research in mathematics. I switched to machine learning, working for
Google, Apple, and even Udacity.

I enjoy the popularization of machine learning and I am both an author and creator of a YouTube channel to
help explain various topics in Machine Learning and Data Science. You can check out my book Grokking
Machine Learning, which gives a rundown of Machine Learning in Business with this discount code for 40%
off:
serranopc
I am excited to have you with me to explore AI and ML in Business!

Exercise Questions
Throughout this lesson, you will be posed with several reflection questions to help connect the concepts
covered with your own business goals, needs, and context. For these questions, jot down a few ideas,
keywords, or phrases that come to mind. You will have more time to explore these questions in greater depth
later in this program.
Goal
Start thinking about a potential business goal you would like to achieve with AI & ML. If you
don't know yet what could be addressed by AI & ML, write down a few major business goals,
and as you progress you will likely see opportunities for AI & ML to help you address some of
these goals.
Your reflection
automatic fill visa form by fetching the data from photo robots
Things to think about
Way to go! This is just the beginning of thinking about how AI & ML can help you transform
your business. Whether you have a clearly defined business goal, or you're still looking for an
opportunity to use AI & ML, the concepts that we'll be covering in this lesson should help give
you an idea of what's possible!
 AI & ML and Common Business Applications
https://www.youtube.com/watch?v=fzzfkyCrSoA
Every good building starts with a good foundation. For AI and ML, we need to understand what we
are building. Let's start with a broad field of artificial intelligence,
which encompasses all the ways a computer can make decisions. This can be from something as
small as smartwatches to something as big as self-driving cars. But in essence, AI comes down to
two main forms, 1- reasoning and logic and 2- experience. Reasoning and logic are typically pretty
hard for a computer to emulate, but there are many algorithms that managed to solve these hard
problems. However, using past experience in the form of data, it is easier for the computer to
decipher things that we as humans can't easily see. How all of this fit together? AI encompasses
the entire field to get computers to think like a human. An easy way to think about this is if you are
training an expert in a specific area to ask questions about that area. For example, if you're buying
a house, you would probably choose to talk to a realtor. But if you have financial questions, you
would ask a financial advisor. The Realtor and financial advisor are’similar to the type of models
you might build with AI. Machine learning allows computers to learn from data to give valuable
information. Within ML, there are various ways to use data, and one of the most commonly talked
about ways is Deep Learning.
Deep Learning uses neural networks. Neural networks mimic the network of neurons in the brain,
making a web of computation that produce one result. Deep Learning powers AI for cutting edge
purposes. What are some of the common ways that AI and ML can be used? An easy source of
data is a matrix your company might already collect. With this large datasets, you can use data
science and machine learning techniques to get insights or find correlations. For example, at Lyft,
they used AWS is metric analysis to
identify anomalies in the countless amounts of data they are collecting. Metric analysis enabled
them to identify potential problems in real-time without needing to manually inspect multiple
dashboards to diagnose and resolve the source of the problem. Natural language process takes in
text data and is able to understand the sentiment both positive and negative of the text. It may
also read a complete sentence or even tack words as parts of speech. An example of natural
language processing application is a customer support chatbot. Chatbots can reduce the time
needed for customers to
resolve their issues while minimizing labor needs. The healthcare company, Kaiser Permanente, is
using NLP to better identify, track, and improve care for patients with heart bulk related disease by
training a machine learning model to look at echocardiography reports. The model was able to
review over a million reports and found 54,000 patients with the condition. It took a matter of
minutes instead of years that would've taken the doctors. Speech and voice process, and it takes
in and processes audio data. It can be used in things like Amazon, Alexa, Apple's Siri, or Google
Assistant. When you call a customer service line, you may have encountered automated bots that
use voice processing before being directed to a live operator.
At Insight, MLS used to create a conversational in-person banking experience that
helps customers while alleviating lines and long wait times.These decreases the frustration of
using the sometimes slope and complicated user-interfaces of a kiosk.
Computer vision takes in visual or picture data that can be used for things like warehouse, waste
management, or health sciences. For example, in 2019, an Indian hospital partner with Google
Artificial Intelligence research from Verily Life Sciences to develop an ML model to screen for
blindness caused by diabetes. This is vital in an area with a ratio of one doctor for one million
patients. The ability to diagnose patients early to potentially avoid becoming blind is life changing.
These are some of the most common uses of AI and ML, but you may find more examples in the
links below.
We are building a foundation, so we can understand why we built AI and ML models.
Next, we will talk about the main ways AI and ML are used at a high level. What goes into making a
machine learning model?

AI & ML Fundamentals
Artificial Intelligence (AI) encompasses all the ways a computer can make decisions. And comes
in two main forms:
• Reasoning and Logic
• Experience
Reasoning and Logic are used to solve hard problems. But experience uses data to make insights
and predictions that aren't easy for humans to get just by looking at the data. We will get into why
later on in this lesson.

AI encompasses the entire field to get computers to "think" like an expert. human.

Machine Learning (ML) describes how computers to learn from experience or data to give
valuable information. Within ML there are various ways to use data, and one of the most
commonly talked about ways is Deep Learning.
A commonly talked about way to do ML is Deep Learning, which uses Neural Networks to mimic
the interaction of neurons in the brain. This web of computations produces one result and is
mainly used for cutting edge purposes.
 How AI, ML, and Deep Learning Are Related
Common Business Applications of ML

Metrics
Use metrics that you may already collect to get business insights or find correlations. Like
with Lyft who used AWS Metric Analysis to identify anomalies and resolve the source of the
problem in real time.

Natural Language Processing

Natural Language Processing takes in text data and processes it to find some valuable
information:
• Sentiment of the text to be positive or negative.
• Autocomplete sentences
• Tag words as parts of speech
• Find information in a database based on user input At Kaiser they used NLP to identify,
track, and improve patient care for patients with heart-valve-related diseases.

Speech and Voice Processing

Speech and Voice Processing takes in and processes audio data and can be seen used in smart
assistants (Amazon Alexa, Apple's Siri, or Google Assistant) and automated bots before being
directed to a live operator. At Insight, they used this to make a better in-person banking
experience at a kiosk that didn't need physical input, which can be slow and complicated for some
bank users.
Computer Vision
Computer Vision takes in visual or picture data for things like warehouse or waste management
or detection. The Indian hospital partnered with Google Artificial Intelligence Researchers and
Verily Life Sciences to screen for the effects of diabetes on causing blindness leading to earlier
screenings to get the care to avoid becoming blind.

Breaking Down Your Goals into Opportunities

What are some ways you could see AI & ML being used in your business based on your business
goals?

• What is something you could do within the next month?

• What is something you could do within the next 3, 5, 10 years?
Your reflection
i will explain the AI&ML to stackholder for our business within next month we will adopt
and develop our buisness by using AI&ML
Things to think about
Great work at starting to think about how AI & ML can be used in your business in the near
term and future.

Resources
• AI Internet of Things shows the wide range of ways AI is combining with Internet of Things.
• Partner story from AWS where Lyft use AWS Metric Analysis to diagnoise and resolve
problems in real time.
• Article on Kaiser Permanente's use of NLP to identify and improve care with hear valve-
related diseases.
• Customer story where Insight used Microsoft to create a kiosk for in-person banking
customer.
• New York Times Article on Fighting Diabetic Blindess with AI and Computer Vision.
• Nature article on the detection of skin cancer using neural networks.
• Detection of mobile device screen cracks for insurance claims.
 Common AI & ML Use Cases
https://www.youtube.com/watch?v=MCMe56lhX0c
Let us start with the most common use cases for applying ML. AI and ML leverage data for two
major business use cases; prediction and insight. Prediction means that based on the data being
fed into the ML model, you are able to predict what will happen in the future. This can be
forecasting something predictable like a yearly sale, or see how something may do based on new
circumstances or product rollout. As an example, Airbnb was able to build a sentiment analysis
model which predicted if reviews were positive or negative, to have immediate feedback on their
services. This complimented some of their other useful yet slower metrics such as the Net
Promoter Score. Insights can take a look at the data you have and find patterns that you may not
have been aware of before. This allows you to make more data-driven decisions. Remember when
we talked about Lyft. They are using ML to find insights for anomalies in their data.
Those insights enable them to make a better customer experience in real-time. But if they see
larger trends, they can pivot and discover a market gap that they could easily fill. So how do we get
computers to think like humans when at their core, they can only store numbers and do operations
on them. Essentially, there are three phases in the framework. Remember past experienced by
looking at existing data. Formulate a rule that fits the existing data, then apply the rule on new
data. The cycle can be repeated to improve the rule created in the formulate phase. Depending on
the data you have available, you can use different learning approaches. There are three main types
of learning that are commonly used with the framework. Supervised, unsupervised, and
reinforcement learning. You may recall that we talked about deep learning earlier and maybe
asking why it isn't included. Each of these learning types can be applied with or without deep
learning. Deep learning can be very powerful in creating better models for solving complex
problems. But it has a small drawback too. Deep learning can make it hard for the result to be
understood by humans compared to other models. More specifically, a deep learning model can
make a very accurate prediction, but it won't give much information on what particular aspects of
the data used to make that prediction.
As a business leader, you don't want to make the decision about whether to use deep learning on
your own. It's a good idea to have a conversation with your data science or machine learning
engineering team to see if deep learning is applicable to your business case. In order to
understand these learning types better, let's think about how we categorize data and how that
leads to these learning types. Let's look at the three main learning approach so you can
understand what questions you need to ask to determine the best fit for your needs. Imagine that
your database includes information about customer engagement. Your data tells you which of
your current users select the Subscribe button. This would be considered a labeled data because
we have customer engagement information. With this type of data, we would run supervised
learning to categorize the customers based on how they have engaged; those who selected the
subscribe button, and those who did not select it. Based on how these existing customers
engaged, we can use the model to predict the engagement of new customers. Now let's say your
database doesn't have customer engagement information. This would be considered unlabeled
data, and the goal now shifts to understanding the data better.Using unsupervised learning, we can
use what data is available to organize the customers into groups based on their demographics or
behavior. But this type of analysis can also help in making predictions. For example, if you
organize users into groups, you can predict how a user may react to a recommendation based on
data of how users in the same group reacted to that same recommendation. Finally, let's talk
about reinforcement learning. With these type of learning, you usually start out with a set of rules
and a reward. For example, in a research project with Spotify, researchers created a model using
reinforcement learning that took into account the last eight or nine songs, and gave a reward that
the user didn't skip the song. This allowed their researchers to maintain user satisfaction while still
allowing for diverse music recommendations. We now know about the most common types of
machine learning models. Next, we will take a look at how to make decisions and how to set up
the team and infrastructure to build AI and ML models.

Let us start with the most common use cases for applying ML

AI and ML leverage data for 2 major business use cases:

• Prediction
• Insight
Prediction means that based on the data being fed into the ML model, you are able to predict
what will happen in the future. As an example, AirBnB was able to build a sentiment analysis
model which predicted if reviews were positive or negative, to have immediate feedback on their
services.
Insights can take a look at the data you have and find patterns that you may not have been
aware of before. This allows you to make more data-driven decisions. An example of this is Lyft
using ML to find insights or anomalies in their data.
So how do we get computers to "think" like humans? There are 3 (simple) phases in the
Framework:

1. Remember past experience by looking at existing data

2. Formulate a rule that fits the existing data
3. Apply the rule to new data
The cycle can then be repeated to improve the rule created in the Formulate phase.
 ML Framework

ML Types
Depending on the data you have available, you can use different learning approaches.

There are 3 main types of learning that are commonly used with the framework:

• Supervised
• Unsupervised
• Reinforcement
Let's look at the 3 main learning approaches so you can understand what questions you need to
ask to determine the best fit for your needs.

Supervised
Imagine that your database includes information about customer engagement. Your data tells
you which of your current users selected the subscribe button. This would be considered Labeled
Data because we have customer engagement. With this type of data, we would run Supervised
Learning to group the customers based on how they have engaged–those who selected the
“Subscribe” button and those who did not select it. Based on how these existing customers
engaged, we can use the model to predict the engagement of new customers.

Unsupervised
What if your database doesn't have customer engagement information? This would be
considered Unlabeled Data, but the goal now shifts to understanding your data better. Using
unsupervised learning, we can use what data is available to organize the customers into groups
based on their demographics or behavior. But this type of analysis can also help in making
predictions. For example, if you organized users into groups, you can predict how a user may
react to a recommendation based on data of how users in the same group reacted to that
recommendation.

Reinforcement
Finally, let's talk about reinforcement learning. With this type of learning, you usually start out
with a set of rules and a reward. For example, in a research project with Spotify, researchers
created a model using reinforcement learning that took into account the last 8-9 songs and gave a
reward if the user didn't skip the song. This allows the researchers to maintain user satisfaction
while still allowing for diverse music recommendations.
Deep Learning
You may recall that we talked about deep learning earlier and may be asking why it isn't included.

Each of these learning types can be applied with or without deep learning. Deep learning can be
very powerful in creating better models for solving complex problems. But it has a small
drawback, too. Deep learning can make it hard for the result to be understood by humans
compared to other models. More specifically, a deep learning model can make a very accurate
prediction, but it won’t give much information on what particular aspects of the data the model
used to make a prediction. As a business leader, you don't want to make the decision about
whether to use deep learning on your own. It’s a good idea to have a conversation with your data
science and machine learning engineering team to see if deep learning is applicable to your
business case.

We now know about the most common types of machine learning models. Next, we will take a
look at how to make decisions on how to set up the team and infrastructure to build AI and ML
Models.
What do you know? What don't you know?
Building off the previously identified opportunities:

1. How would you approach those opportunities?

2. What are your unknowns?
3. What questions would you need to ask?
Your reflection
1. i will analys the cost. and i will hire MLmanager to achieve the goal 2. to adopt this
technology 3. how it will wok, when it will be done, what is requirement, why it need
outsources
Things to think about
Now you are starting to think a bit more like a AI & ML business leader!

Additional Resources
• Medium article that looked at AirBnB's used AI to create a better assessment of net
promoter score.
• An article on When and When Not to Use Deep Learning.
• Research project on using Reinforcement Learning on Spotify's for better recommendation.
• Article on Progressive collecting 10 Billion miles of driving data from customers.
• AI changing the factors considered in auto insurance premiums.
• Turku City Data article on Why do AI Projects Fail.
• Project that created computer generated faces that are difficult to distinguish from human
faces.
 Innovating Your Business with AI
https://www.youtube.com/watch?v=VAjWfE7VPXQ
It is great to know what can be done, but how do you implement it? If you take a look at the
diagram we had at the beginning of the lesson, we are going to target here,
which are the three main parts of the infrastructure needed to successfully build and deploy ML
models. These three main parts are people, data, and tools. But as always, to decide what to use,
you need to know what questions you are trying to answer with ML.
Always keep this goal at the top of your mind while thinking through the needs of your team and
infrastructure. Remember when we talked about how AI is like training an expert, take a specific
business challenge or goal and break it down into questions you would ask an expert. These are
the questions you will be asking when you are designing the machine-learning model. The most
costly and important piece is the people. You will need data scientists to be able to look at your
data and figure out how to clean the data,
how to manage the data, and how to create a model from the data. In a
machine learning team, there are different roles which may vary from company to company. But in
general terms, data scientists are in charge of analyzing data and getting insights. Data engineer's
are in charge of building data pipelines in processing the data.Machine-learning engineers are in
charge of building the machine-learning models and deploying them in production. The next thing
that is crucial is the data.
You will have to consider several things. What data you already have. The quality of that data. How
will you store that data? When will you need to access the data? You will also have to consider
computational needs, which will depend on the size and scope of your models. If it is a small
model and dataset, you may be able to use in house computer to store and process the data. But
more often than not, you will have large datasets and the models may grow based on business
needs. If that happens, consider cloud storage and computing. This can be usually a good option
because you only need to pay for what you use. Instead of setting up physical servers and
processors that you have to pay for all the time. Finally, you will need to consider tools to be able
to build your ML models. The most basic way to do this is with a programming language like
Python,
which has well-used libraries for machine learning such as PyTorch or TensorFlow,
and an interactive platform to programming like Jupyter Notebooks. But if you are already
considering a Cloud option for storage and computing, they often have pre-trained models that
your team can start with rather than starting from scratch.
These are great because they are already trained on large datasets and your data can be used on
these models to customize them for your needs. A few common companies to look at will be
Amazon web servers, Microsoft Azure, Google Cloud, and IBM.
As you are crafting your talent transformation plan consider having the following three major roles
in your team. First, you have your trailblazers. They will seek new cutting edge opportunities for AI
and ML, which can influence how the business operates.
Next are the innovators or optimizers, they are able to identify and refine ways
in which AI and ML models can make the business better. The next group is formed by the
engineers and data scientists, they maintain and help build the models.
Depending on where your business is, you will have various distribution of these roles within your
team and organization. Remember, it always comes down to the goal and questions you are
asking.

It is great to know what can be done with AI & ML, but how do you implement it?

Think back to the diagram we had at the beginning of the lesson and what we are going to target here, which
are the three main parts of the infrastructure needed to build and deploy ML models successfully:

• People
• Data
• Tools

People
The most costly and important piece is the people. You will need data scientists to be able to look at your
data and figure out the following:

• How to clean the data

• How to manage the data
• How to create a model from the data
In a machine learning team, there are different roles (which may vary from company to company). In general
terms, data scientists are in charge of analyzing data and getting insights. Data engineers are in charge of
building data pipelines and processing the data. Machine learning engineers are in charge of building the
machine learning models and deploying them in production.

Data
Data is crucial. You will have to consider:

• The data you already have

• The quality of that data
• Storing data
• Accessing the data
You will also have to consider computational needs, which will depend on the size and scope of your
models.

Tools
You will need to consider tools to be able to build your ML models. Possible options include:

• a programming language like Python, which has libraries for Machine Learning like TensorFlow and
PyTorch
• cloud options, which often have pre-trained models that have already trained on large datasets
A couple of common companies to look at will be Amazon Web Services, Microsoft Azure, Google Cloud
Platform, and IBM.

Team Roles
Within your team, there are 3 major roles.

• Trailblazers: They will seek new cutting-edge opportunities for AI & ML which can influence how
the business operates.
• Innovators or Optimizers: They are able to identify and refine ways in which AI & ML models can
make the business better.
• Engineers and data scientists: They maintain and help build the models.
Depending on where your business is, you will have a varied distribution of these roles within your team and
organization. Remember that the optimal distribution of these roles always comes down to the goal and
questions you are asking.

Building Your AI & ML Team & Infrastructure

For building your team you should think about the following to achieve the opportunities you
identified:
 • Who do you need to answer your unknowns for AI/ML process, data, and tools?
• Who do you need now to get started?
• Who do you need later to build capacity and bigger plans?

Your reflection
Trailblazers Innovators or Optimizers Engineers and data scientists
Things to think about
Now you have a taken a step in thinking of how to achieve what you want to build like a AI &
ML Business Leader!
 Making Build vs. Buy Decisions
https://www.youtube.com/watch?v=Rzq7Vg2O25o
Now that you have a broad understanding of what you need to get your AI and ML teams going. It
is important to start thinking about what works for you specifically. Remember to start with the
questions you are asking the ML model. This will help you guide how to create the best team for
your needs. Revisiting the diagram again, we need to figure out how to build the teams and
infrastructure needed to create and deploy ML models. Let's start with the people. You could hire
an AI and ML manager,
data scientists and machine learning engineers. But new hires can be very expensive,
particularly in this competitive field. You could also up skill your current employees to
learn the skills necessary for these roles. Training can cost both time and money,
but it may cost less than hiring a completely new team. A third option is to hire
a machine-learning consulting company and to contract out the work you need done.
This may get your problem solved fast, and it's a good way to get started.
But it may not enable you to build internal machine learning capabilities for future endeavors.
We've laid out three options here, but you can always use a combination of
these options based on your organization's specific needs. For example, you may want to hire
some new experts and up skill your current employees. This could enable you to bring on a few
new employees with valuable experience while reducing some of the costs that come with hiring a
new team. By offering your current employees valuable learning opportunities, you can strengthen
your organization over time.
This builds capacity within your organization, which could lead to longer-term digital
transformation for your company. Now compare this to building out a whole new team.
It is good to hire an up skill of the models that you're building make your product unique.
For example, YouTube's recommendation algorithm or Tesla's auto-pilot. But if you need general
contractors to complete a job, you may be better off outsourcing most effect and only hiring a
handful of people that can help manage or coordinate between you and the contractors. Besides a
team, you will also need to consider data and computation. These are quite intertwined, so it may
be good to take a look at these together. The major options are build everything in house and use
cloud options to both store and compute your data. When you building a house, you will have to
consider the cost of space, electricity, physical infrastructure, and storage to store the data and
have enough processing power for your models. Even when you're not using these models,
you still have to pay for the maintenance of the infrastructure. On the other hand, there are Cloud
services like AWS Azure, IBM or Google Cloud, like I mentioned before.
They already have APIs and pre-trained models that allow you to get a jump-start on the solutions
you are developed. Using Cloud, you won't have to pay for the computation when you aren't using
it. Remember, whatever option you choose make sure it aligns with the needs of your organization
and your digital transformation goals.
Now that you have a broad understanding of what you need to get your AI & ML teams going, it is
important to start thinking about what works for you. Specifically, we need to figure out how to
build the teams and infrastructure needed to create and deploy the necessary ML models.

People
Let's start with the people:

• You could hire an AI & ML manager, data scientists, and Machine Learning Engineers. But
new hires can be very expensive, particularly in this competitive space.
• You could upskill your current employees to learn the skills necessary for these roles.
Training can cost both time and money, but it may cost less than hiring a completely new
team.
• You could hire a consulting firm and contract out the work you need to have done. This
may get your problem solved fast and it’s a good way to get started, but it may not enable
you to build internal Machine Learning capabilities for future endeavors.
We’ve laid out three options here, but you can always use a combination of these options based
on your organization’s specific needs. You can click on the diagram below to make it bigger.

Building an AI Team: People

Data & Tools
Besides a team, you will need to consider data and computation. These are quite intertwined so it
might be good to take a look at these together.

The major options are:

• Build everything in house

• You'll have to consider the cost of space, electricity, physical infrastructure, data
storage, and having enough processing power for your models. Even when you’re
not using the models you will still have to pay for the maintenance of the
infrastructure.
• Use cloud options to both store and compute your data
• Cloud services like AWS, Azure, or IBM, already have pre-trained models that allow
you to get a jump start on the solutions you are developing. Using the cloud, you
won't have to pay for storage or computation when you aren't using it.
Remember that whatever option you choose, make sure it aligns with the needs of your
organization and your digital transformation goals.

Should You Buy or Build?

Bringing back your business goals, how does this inform sourcing the team and infrastructure you
outlined in the previous page?
Your reflection
i will buy rather than to build
Things to think about
Great work at coming back to the your north star and figuring out the logistics to start
implementing AI & ML in your business!
 Ethical Decision Making
https://www.youtube.com/watch?v=bQe3AB8GtTI
When you are making data-driven decisions, it is imperative to consider the ethical ramifications of
those decisions that are made based on questions you have defined for the AI and ML team. One
of the most important things to be attentive to is privacy of people's data. Some questions you
may ask are, how much data can you collect?
How should you anonymize your data so that users can't be tracked? Is removing a name or ID
number enough to maintain user's privacy? This may not always be the case,
are there loss or current regulations that you should take into account. In 2006, Netflix ran a
competition to improve their recommendation algorithm. They shared a dataset that had
anonymized user information. Nevertheless, some researchers were able to
compare this data from Netflix to available data for my NDB and we're able to identify
the Netflix users based on their preferences and watching history. It may see me see enough to
make data of your customers private and unidentifiable. But it is really a tricky and nuanced
problem. As your teams prepare the data and build out models, it is crucial to take the time and
consideration to ensure that data is private. It is also critical to be aware of biases because ML
models are mimicking human behavior, it means that they can also have biases. For instance,
Twitter had an algorithm to crop a photo based on the perceived importance of people within the
photo, they found that the algorithm would choose white over black, and men over women. Luckily,
Twitter reverted the change quite quickly and are taking accountability for their mistake. Finally,
there are unintended consequences. Consider Facebook news feed during the 2020 election.
The algorithm was making election misinformation viral. Facebook employees found this out after
the election. They tried to remedy this with an internal metric on quality of journalism from the
publisher of information. This situation resulted in 2021-2022,
bill on Filter Bubble Transparency Act, which gives users an option to have a newsfeed,
not based on the data collected about them. As we close out on ethical decision-making for AI and
ML, it is critical to determine necessarily as possible what outcomes and
data are you collecting to determine if your model is successful. This process is a way to figure
out if privacy concerns, biases, or unintended consequences are occurring in the model that could
affect your customer or other teams in the business. You should strive to do the best to minimize
these ethical issues from occurring in the models.
However, mistakes happen, and it is imperative that you remedy this issue quickly and take
responsibility for the harm it may have cost. As you build responsible and ethical ML models, you
should always keep the North Star creating models that create a net positive for you, your
customers, and the world.
When making data-driven decisions, it is imperative to consider the ethical ramifications of those decisions,
including the privacy of user data; bias in data, models, and outcomes; and unintended consequences.

Privacy
One of the most important things to be attentive to is the privacy of people's data. Some questions you may
ask are:

• How much data can you collect?

• How should you anonymize your data so that users remain unidentifiable?
• Are there laws or current regulations that you should take into account?
It might seem easy enough to make your customer's data private and unidentifiable, but it is a tricky and
nuanced problem. As your teams prepare the data and build out models, it is crucial to take the time and
consideration to ensure that data is private.

Bias
It's also critical to be aware of biases. Bias can be part of the data, including what data is collected and how.
Because ML models mimic human behavior, they can also have biases.

For instance, Twitter had an algorithm to crop a photo based on the perceived importance of people within
the image. They found that the algorithm would keep white people over black and keep men over women.

Unintended Consequences
Finally, there are unintended consequences. Consider Facebook's News Feed during the 2020 election. The
news feed algorithm was making election misinformation viral. Facebook tried to remedy this with an
internal metric on the quality of journalism from the publisher of information. This eventually resulted in the
2021-2022 Bill on Filter Bubble Transparency Act, giving users an option to have a News Feed not based on
their data.

Considerations
As we close out on Ethical Decision making for AI & ML, it is critical to determine what outcomes and data
you are collecting to determine if your model is successful as early as possible. You should strive to do your
best to minimize these ethical issues from occurring in the models. However, mistakes happen, and you must
remedy any problems quickly and take responsibility for any harm caused if and when an issue arises.
Ethical concerns shouldn't scare you out of using AI & ML to transform your business but should be a north
star for creating models that create a net positive for you and your customers.
Additional Resources

Some Laws & Regulations

• European Union
• White Paper on AI.
• Artificial Intelligence Act.
• United States
• Office of Science and Technology Policy (OSTP) Blog.
• OSTP Draft of Guidance for Regulation of Artificial Intelligence Applications
• State Legislation on AI & ML
• FDA Guiding Principles - Good Machine Learning Practice for Medical Device
Development.
• Policy Brief on Fair Lending using AI.

Articles
• Netflix's Article on improving recommendations.
• Article on people being identifiable from their Netflix watch history.
• Twitter's blog on biased imaging cropping.
• Fortune article on Facebook's Election misinformation.
• In response, the US Congress enacted the Filter Bubble Transparency Act.
• Mashable article on the Filter Bubble Transparency act and Facebook's New's Feed.

Ethical Consideration
What ethical considerations or research should you do based on your business goals and how
you intend to use AI & ML to achieve those goals?
Your reflection
1.Bias. 2.Law. 3.Privacy 4.Social Isolation. 5.Employment. 6.Inequality. 7.Health. i will focus
on privacy and bias with law
Things to think about
Ethics is something to consider on a continual basis. Revisit this idea early and often to make
sure you are doing right by your customers!
 Case Study Introduction
https://www.youtube.com/watch?v=iL4smJW9em4
For this case study, we'll be taking a look at how CMSHR to counter the business challenge to
better support the learning and development of 379,000 [inaudible] purse workforce. Siemens is a
global technology company focused on industry, infrastructure, transport, and health care. This
means their HR team needs to be available 24 hours a day to be able to properly support. They're
nearly 4,000 employees in a variety of languages, legal requirements, and devices. You can
imagine how this is even more
relevant today with companies alive for more remote work, so response to COVID-19.
Let's think about some considerations based on what we know so far. First question is AI and ML
domain business. Second question is the model being built part of the core business of Siemens,
and the third question, does this need to be a custom-built solution? Here are some potential
solutions with their pros and cons. The first solution is you could hire more support staff to make
HR available 24 hours a day and specialize them in various regions that Siemen's employees may
work at. This is generally a straightforward solution that it would follow a regular hiring process,
except they would cause the company both time and money to find people and pay them a salary.
This could also be complicated with getting the support staff that stay consistent in quality
between the languages, countries, and time zones. A second potential solution is to have more
documentation like a Wiki page. This is quite straightforward to get a documentation database up
and running. It may cost the company if it isn't already in place. The potential downside is keeping
the documents of the date and the process of searching through out the documents may be
painful for the employees. Finally we get to the machinery solution. This is easily customizable,
scalable, and can collect data.
This data collected can actually be used to be fed back into the model and improve over time.The
con, is potential mistakes that a model can make at the beginning. It can also be cumbersome to
use, leading to a frustration if employees are able to recognize that they're just getting a computer
response, putting yourself into the shoes of the HR business leader, what considerations would
you make and why? In the next video we will break down what the Siemens team did.

Business Challenge
For this case study, we will be taking a look at how Siemens HR took on the business challenge to

...better support the learning and development of its 379,000, geo-dispersed workforce.
Siemens is a global technology company focused on industry, infrastructure, transport, and healthcare. This
means their HR team needs to be available 24 hours a day to be able to properly support their nearly 400
thousand employees in a variety of languages, legal requirements, and devices.

So let's think about some considerations based on what we know:

• Is AI & ML the main business?

• Is the model being built part of the core business?
• Does this need to be a custom-built solution?
Potential Solutions
Option 1
Hire more support staff to make HR available 24 hours a day with a specialization in various regions where
Siemens employees work. This would follow a regular hiring process but would cost the company both time
and money to find and pay the right people. Maintaining consistency in quality between languages,
countries, and time zones would also be difficult.
Option 2
Have more documentation, like a wiki page. Getting a documentation database up and running is quite
straightforward, although there is a potential cost if there is nothing already in place. Keeping the
documents up to date and the process of searching through all the documents to find answers to questions
can be a painful and frustrating process for employees.
Option 3
Implement a machine learning solution that can be easily customizable, scalable, and can collect data. The
data collected can be fed back into the model, improving it over time. The con is the potential mistakes a
model can make in the beginning, and being cumbersome to use, leading to frustration if employees are able
to recognize they are just getting a computer response. There is also a potential cost to implement this
solution.
Reflect
Putting yourself into the shoes of the HR business leader:

• What considerations would you make and why?

• What is their business goal?
• What considerations should they make about their team, data, and tools?
Your reflection
their business goal is to build HR system needs to be available 24 hours a day to be able to
properly support. about the team they have to consider it need more employee with many
language it will effect the data if they misused by the wrong tool what they have
Things to think about
Great work at taking the time to think through this problem and what you would do! Continue
on to find out what Siemens' HR team decided to do!
 Case Study: Siemens and IBM Watson - Debrief
https://www.youtube.com/watch?v=G6dJO5l3MaE
Now you've had some time to think about what you would do. Let's take a look at what Siemens
HR division did.They ended up with an ML solution, no surprise based on this lesson. But what
solution did they find that fit their needs? Siemens ended up using IBM and they created an HR
virtual agent named CARL, which stands for cognitive assistant for interactive user relationship
and continuous learning. CARL is an AI based HR virtual agent that uses IBM Cloud. What's in
discovery? An assistant. In order to build CARL,
Siemens engineer and HR teamed up with IBM engineers. These enabled them to understand the
problem at hand and how to integrate the IBM Watson infrastructure to see this. This type of
merger is very common when contracting with a company to build your ML needs. CARL lives on
the first page employees interact with for their HR information. They designed it to be highly
scalable and adaptable. They iterated on the model and were able to deploy it within three months
of its conception to a 120,000 employees, starting at Germany and Austria. It started with the five
most tax questions about topics which included sick leave, vacation, travel plans, share matching,
and education and training. But because of the high scalability and adaptability, they were able to
accommodate more and more users with expanded support languages and topics. IBM Watson
was a great solution for Siemens. It offered them a framework in the Watson Assistant that they
could easily build off off to create CARL. They also built an administrative control panel. This
control panel allowed the Siemens HR staff to add new topics quickly without needing to reach out
to a technical team for support.
This enabled the HR team to be more self-sufficient and increase the rate of new information that
could be found on CARL and for different regions to customize to their employees' needs. Like
every ML model, CARL is in constant need for improvement and iteration. For instance, at the time
of recording, CARL was on his 44th sprint. These iterations come from things that need to be
improved, such as bugs in the system, new HR topics to be included, new languages or localizes to
be added, and data and user satisfaction metrics picked up from user interaction. This endeavor
improved employee satisfaction and experience in accessing HR related information. It also
reduce time and resources needed from HR stuff. As of December 2020, CARL responded to one
million requests a month. The collaboration of Siemens and IBM Watson shows what the power of
AI and ML can do to create solutions for your company needs.

Let's take a look at what Siemens HR Division did!

They ended up with an ML Solution, but what solution did they find that fit their needs?

CARL
Siemens ended up using IBM and created an AI-based HR virtual agent that uses IBM Cloud, Watson
Discovery, and Assistant called CARL. CARL stands for Cognitive Assistant for Interactive User Relationship
and Continuous Learning.
In order to build CARL, Siemens engineers and HR teamed up with IBM engineers, a typical approach to
building ML solutions. CARL lives on the first page employees interact with for their HR information and is
designed to be highly scalable and adaptable. They iterated on the model and were able to deploy it within
3 months of its conception to 120k employees starting in Germany and Austria.

It started with the 5 most asked about topics which included:

• Sick Leave
• Vacation
• Travel Plans
• Share Matching, and
• Education and Training

Results
Because of the high scalability and adaptability, they were able to accommodate more users with expanded
support of languages and topics quickly.

IBM Watson offered a framework in the Watson Assistant that Siemens could easily build off of to create
CARL. They also built an administrative control panel that allowed the Siemens HR Staff to add new topics
quickly without needing to reach out to a technical team for support. Like every ML model, CARL is in
constant need of improvement and iteration and at the time of recording, CARL was on its 44th sprint.

This endeavor

• Improved employee satisfaction and experience in accessing HR-related information

• Reduced time and resources needed from HR Staff
• As of Dec 2020, CARL responds to 1 million requests a month!
The collaboration of Siemens and IBM Watson shows what the power of AI and ML can do to create
solutions for your company's needs.
Click here to download a copy of the Siemens AG PDF (also shown below), which describes the
partnership between Siemens and IBM to create the HR Chatbot CARL.

We are unable to load your Workspace.

This can occur if you have blocked third party cookies in your browser. For detailed instructions on how to
fix this error follow the link below. How To Enable Third Party Cookies For Workspaces
Redirecting failed to save a cookie at "https://3d8fe37dfc6b40e8814295052025c9e0.udacity-student-
workspaces.com". This is necessary to establish a connection to the remote machine. The browser was last
redirected seconds ago on Saturday, October 29th 2022, 4:23:12 pm
Sat Oct 29 2022 16:23:12 GMT+0300 (Arabian Standard Time) b55370c8-f700-11ec-a50c-074710667470
Further Readings
If you want to take a deeper look at the case study, you should take a look at the resources below.

IBM & Siemens Chatbot

• IBM's Case Study of the Siemens Chatbot.
• Maastricht University's Executive Summary on Siemens chatbot.
• Avande's Business Situation on the Siemens chatbot.
• LinkedIn article on how Siemens is using a chatbot to boost employee insights.
• Tweet about Siemen's Chatbot's response rate as of Dec 2020.

Related
• Ingenuity's article on Are chat bot's replacing us?.
• Reve chat's article on Chatbot Analytics.
 Lesson Takeaways
https://www.youtube.com/watch?v=5wpwEQiAFrs
ai can transform any business but in the other side of the coin if it isn't made a priority your
business may fall behind competitors when transforming your business with AI and ML remember
to always start with the problem you're trying to solve that is your north star it is a balancing act
between seeing what others have done and keeping an eye out for something that will differentiate
your business but by going through this lesson you are on your way to starting to ask the right
questions to the right people
remember that as a business leader you are the architect of the ainml digital transformation by
establishing a vision that will be realized through a team and collaboration of people tools and
infrastructure you have started to think about how AI
and ML can be applied to your business all these building blocks if planned and directed with
intention will allow your organization to transform and improve be bold and don't be afraid to make
mistakes nothing will be perfect on the first go but you took the first step and there is always
iteration that will allow the models to perform better over time

AI can be transformative if made a priority. When transforming your business with AI and ML, remember
to always start with the problem you are trying to solve. By going through this lesson, you are on your way
to asking the right questions to the right people.

Remember that as a business leader, you are the architect of the AI and ML digital transformation by
establishing a vision that will be realized through a team and collaboration of

• People
• Tools
• Infrastructure
Be bold, and don't be afraid to make mistakes! You have started to think about applying AI and ML to your
business. Keep in mind that nothing will be perfect on the first attempt, but the models will perform better
over time with iteration. If planned and directed with intention, all of these building blocks will allow your
organization to transform and improve.

Revisit: Comparison Between the Process of An Architect and ML Business Leader

Congratulations
You have completed this lesson on how AI & ML can help you transform your business!

Next Steps for Your Digital Transformation Journey

If you want to learn more about how AI and machine learning can accelerate your business' innovation and
market leadership, take a look at the Udacity course AI for Business Leaders.
Now you have some choices on your Digital Transformation journey.

Option 1
You can take another lesson in this Transformative Technologies course that is of interest to you.
Option 2
You can move on to the next course in this program.

Congratulations again on completing this lesson!

 Welcome to Data Science and Analytics
https://www.youtube.com/watch?v=Xxqes-tFzQY
Put yourself in the shoes of your customer. What do they want from your business?
Often, they want your product or service to be smarter, faster, and more personalized.
Data science is the fuel that enables your business to give your customer what they want. Data
science and analytics can also help your business make better internal decisions by monitoring
internal processes to enable more agile decision-making.
There really isn't any business that could not be improved in some way by using data science.
There are applications of data science happening across almost every industry. In healthcare, it's
often used to help patients get better access to care, or to improve the level of care they receive. In
retail, it enables consumers to get personalized recommendations on what to buy or what to
watch. Travelers can be offered a menu of the best options to plan for their next vacation based
on their timeframe and budget.
These are just a few examples, but there are so many more. From an internal business standpoint,
data science and analytics drive the creation of business metrics, such as key performance
indicators or KPIs, which are clear, measurable, and quantifiable metrics for iterative business
improvement. Using these metrics as the foundation of your business, means that you can make
more informed decisions. Having a more granular perspective on business operations, usage, and
customers based on a range of collected data, empowers you and your team to more accurately
understand the business, and assess changes and patterns over time. The additional insights data
science and analytics provide are particularly powerful in forecasting business metrics and
predicting customer behavior. Adopting data science and analytics into your business is
incremental. It doesn't happen overnight. But even the smallest steps forward can make a visible
and meaningful impact on your business goals. My name is Emily Lindemer, and I've been working
as an industry professional in data science and analytics for over 10 years. My expertise is in
healthcare, and particularly in health tech startups, who are looking to undergo digital
transformation with data science and analytics. Prior to working in industry, I received my PhD
from the Harvard MIT joint division of Health Sciences and Technology. There, I learned how data
science is being used at the cutting edge across the healthcare industry. While healthcare is my
area of expertise and it's filled with many challenging examples, I will also bring in examples from
other industries to get a sense of best practices, and how they use data science and analytics to
transform their business. In this lesson, we will take a broad look into the world of data science
and data analytics to focus on the topics most relevant to business leaders. We will define, what is
data science and analytics? We will look at data team workflows and approaches. We will discuss
the importance of a data-driven culture and collaborating with your data team. We will evaluate
when it's the right time to build or buy data-related tools and solutions. Finally, we will wrap up with
a case study that illustrates the power of data science and analytics to drive business
performance in ways that are agile and innovative. Digital transformation with data science is
becoming a necessity to stay relevant regardless of your industry. Digital transformation is
happening in every sector and failing to invest now can leave you behind your competitors. Let's
dive in to see how digital transformation with data science is relevant for your business.
Applications of data science are happening across almost every industry:

1. Healthcare – it’s often used to help patients get better access to care or to improve the level of care
they receive.
2. Retail – it enables consumers to get personalized recommendations on what to buy or watch
3. Travel and Hospitality – travelers can be offered a menu of the best options to plan for their next
vacation based on their time frame and budget
Data science and analytics can help businesses make better internal decisions through enhanced
monitoring of and feedback from internal processes, which enables more agile decision-making.

Lesson Overview
In this lesson, we will take a broad look into the world of data science and data analytics to focus on the
topics most relevant to business leaders. We will:

• Define what data science and data analytics are

• Evaluate data team workflows and approaches
• Discuss the importance of a data-driven culture and collaboration
• Evaluate when to build or buy data-related tools and solutions
• Assess a case study on using data to drive business performance
By the end of this lesson, you will be able to articulate the benefits of using data science and data analytics
to create valuable insight for your teams and organization.

Meet Your Instructor

Emily Lindemer is the Director of Data Science at Cityblock Health. She received her Ph.D. from the
Harvard-MIT Division of Health Sciences & Technology and has worked in healthcare data roles for over a
decade. She was an instructor for Udacity's AI Healthcare Nanodegree.

Exercise Questions
Throughout this lesson, you will be posed with several reflection questions to help connect the concepts
covered with your own business goals, needs, and context.

For these questions just jot down a few ideas or keywords that come to mind. There will be more time to
explore these questions in greater depth later in this program.
 The Value of Data Science & Analytics
https://www.youtube.com/watch?v=MBETr2xtMmA
Why should you care about data science and analytics for your business? Understanding how to
best leverage data science tools and technologies to obtain optimal business results has become
mission-critical for organizations across all industries. This is true for every organization because
every business should strive towards digital transformation. You will often hear it said that data is
the new gold,
and you may ask yourself, is data really as valuable as gold? The answer is both yes and no
because the statement is actually incomplete. A more complete version of that would be data
used correctly and methodically can create insights and produce recommendations that optimize
business performance in ways that are highly valuable and profitable. Yes. Data science can be
used to spot hidden trends, categories, and features that can drive business decisions and
innovative actions. It has the potential to convert any organization into a market or industry leader.
Its predictive capabilities are risk management tools that can support future-proofing and can
identify emergent opportunities and threats.

Understanding how to leverage data science tools and technologies, to obtain optimal
business results, has become mission-critical for organizations across all industries.

“Data used correctly and methodically can create insights and produce recommendations that
optimize business performance in ways that are highly valuable and profitable.”
Data science can be used to spot “hidden” trends, categories, and features that can:

• Drive business decisions and innovative actions

• Convert any organization into a market or industry leader
• Identify emergent opportunities and threats
 What are Data Science and Analytics
https://www.youtube.com/watch?v=_3OHdtpxstQ
What are data science and analytics? The overarching goal of these groups in your organization is
to look at data and to find patterns in it that can be used to draw insights and predictions. Data
analysts look at datasets and typically ask the question, what happened or what's happening now?
More specifically, data analytics uses data sets to provide insights, solve problems, and enhance
strategic decision-making. For example, in healthcare, you might want to know who are the
patients that enter the emergency room. An analyst would look at patient records and analyze
what they came in for to figure out things like whether or not there are certain injuries or
conditions that are happening frequently. This gives you a database picture of what your patients
look like.
Data science, on the other hand, may ask what is going to happen? More specifically, data
scientists create new models and processes through the use of algorithms,
specialized analysis, and prototypes, to design new processes that can unlock
information that would have been otherwise not available. Data science projects may be
predictive, retrospective, or they can be productized to provide real-time insights.
Let's go back to the emergency room example. Once you know who is coming in and why, you may
also want to know what the future demand for certain testing will be from the emergency room.
The data scientists in your organization can come in and build models to predict this. This could
lead to better management of testing resources or redirection of tests, so that there isn't a delay in
getting patients life-saving care. In practice, there's often a gray area in the delineation between
analysts and data scientists. I'll just give you an example of some real-world problems what
analysts and data scientists may work differently. That examples started with the business
question. Let's talk through a different example from a more data first perspective. Raw data often
isn't inherently meaningful, and data scientists and data analysts have the task of
extracting meaningful information for their organizations to use.
Let's think about an example that many of you might have experienced with.
Lots of us have had a Fitbit, Apple Watch or some step tracker at some point in their lives. The raw
data that comes out of your step tracker is a data stream of every step you take, the exact second
you took it and where you took it. That data on its own in its raw format isn't really going to be
helpful to accompany like Fitbit to do much with, without extracting some meaningful information
from it first. Your data team can extract information about your active times of day, then predict
when you're most likely to be active or inactive. They can then use that information to create
predictive models and recommendations to give you little nudges to get your steps in when you're
most likely to react. That's part of why consumers love the product so much. Because they feel
like it was made just for them because of the underlying data capabilities.
Data analysts typically ask two questions, "What happened?" and "What is happening now?"

Data Analytics uses datasets to:

• Provide insights
• Solve problems
• Enhance strategic decision making
Data scientists may ask, "What is the likelihood a specific event will happen?"

Data Science uses datasets to:

• Create new models and processes using algorithms and specialized analysis
• Design new processes reveal new business insights
Data science projects may be:

• Predictive
• Retrospective
• Productized

Additional Reading
• Towards Data Science has a great article on using Data Science to predict Emergency Room Tests.
• This is an interesting article from Business Insider on how data science algorithms are being
productized to create customer profiles used to accelerate and automate home loan approvals.
Exercise: The Value of Data
Given the examples that we have discussed thus far, take a few moments to quickly think about how data
science and analytics could be used to create value for your teams or help solve a particular pain point.

What are the first 2 or 3 ideas that come to mind?

Your reflection
education tourism blood test
Things to think about
Thank you for your response. Over the remainder of this lesson, you will be given a number of examples of
how the work of data scientists and analysts is being applied across industries to create and grown
business value.
 Building Your Data Team
https://www.youtube.com/watch?v=TlKzmBO0dlA
Given the collaborative nature of the work data scientists and data analysts do, how do you know
the exact data expertise your company needs? Both roles deal with some form of raw data and
they both try to extract information and insights from it.
Data scientists will have additional specialized skills related to machine learning and predictive
analytics. In many companies, key business stakeholders go to the data team with a need and
ideate with the team about possible solutions based on the available data. The data engineering
team works to prepare the data and make it accessible. Data scientists work with the stakeholders
to determine project scope and KPIs. Data scientists then begin to explore the data, develop
models, do a review of published papers, documents, and books to see what else is out there, and
when necessary work with the data infrastructure team to productize what they're building. As you
begin to build out your data team for digital transformation you need to have a solid understanding
of your existing data ecosystem and talent. More specifically, do you have reliable and accessible
data and data infrastructure? Do you have the people with the skills and the tools to extract
meaningful data insights? Once these key elements such as data engineers and infrastructure are
in place the next rung on establishing your data team ladder is the data analyst. Data teams need
dedicated analysts to provide retrospective business insights including identifying trends and
changes early that could impact the business. For example, in 2013, Capital One, a US-based
financial services company and online bank were informed by their analyst that its customers had
begun shifting their banking patterns from computer desktops to mobile phones.
This and other insights from its data analytics team drove Capital One to innovate and
subsequently become a market leader. For more advanced skills you'll need to bring in data
scientists who had to advance and specialized training in building models and
algorithms for deployment or product desertion. Let's take another financial services example.
Data scientists can take the data used by data analysts to create and productize algorithms that
can create customer profiles. These profiles can be used to predict loan default rates based on
their profiles and subsequently automate
loan approvals and interest rate offers to create an improved customer experience with faster
application response times. Once your team is in place how will the data science team function in
your organization? When you're beginning your digital transformation journey the data science
team may start off in a consultative role. The majority of their work may be focused on answering
tickets submitted by various groups in your company as they facilitate more data-driven decisions
throughout the organization.
But as you proceed through your digital transformation journey the data science team will gain
capacity to create and optimize more products and dashboards leading to
more insights and prediction capabilities that have greater impact on your customers.
When approaching the data team with a need the workflow typically will be as follows:

• Data engineering works to prepare the data and make it accessible

• Data scientists work with stakeholders to determine project scope and KPIs
• Data scientists then begin to:
• Explore the data
• Develop models
• Review existing research
• Work to productize models

Understand Your Data Ecosystem

Questions to ask include:

• Do you have reliable and accessible data and data infrastructure?

• Do you have the people with the skills and tools to extract meaningful data insights?
• How will your data team function?

Additional Reading
• Capital One Buys Data Analytics Firm To Tap Spending Trends At Local Businesses, is an
article from Forbes that offers great insight into how Capital One leaned in and built out its data
team to drive product innovation and strategic organizational decisions.
• This is a good article from dbt Labs on Centralized Vs. Decentralized Data Teams.
 Communicating Your Data Needs
https://www.youtube.com/watch?v=FUByaYFSHHE
For data science teams to be successful, communication with business leaders is critical. As a
business leader, what does that mean for you? Data teams need their enterprise leaders to provide
clear business goals. This comes through communicating clear expectations to the data team and
the data team communicating back any issues or data constraints.. Ensuring that all teams have
clarity and are aligned able them to better aid you in meeting your company's objectives. Data
teams are enabled and work effectively when business needs and requests are clear, specific, and
explainable.
Meaning it's not enough to say, I need this, fill in the blank. It is far more productive to provide
context, meaning, and specificity around needs and objectives. For example, imagine a
stakeholder who comes to you and says, if you can find me one lever that I can pull to increase my
engagement rate, it'll make this campaign successful. That might seem like a specific enough
goal, but for a data science team, it is too vague and can send them on an aimless data mining
expedition. As a data scientist, it is more helpful when a leader provides a more well-defined
request. For example, if that same stakeholder instead said, I have five levers that I can pull. Can
you investigate the magnitude of the impact of each of those levers? With this type of question, I'd
have a better understanding of how to direct my team's efforts. In fact, I should actually ask that
stakeholder to go even deeper and help me define magnitude for each different lever, so that my
team actually knows what they're measuring. At the end of the day,
there are often 10 questions nested within a single question when it comes to data.
Remember, the goal of all of this is really to understand why you should be using
data science in your digital transformation journey and how to communicate with your data team
to help you reach your goals. You can maximize the teams impact if you take this knowledge and
apply it to the questions you have for the data team and work in concert with them, which we're
going to talk about next.

As a business leader, it is imperative to communicate clear business goals by

1. Setting expectations that are:

• Clear
• Specific
• Contextualized
2. Being receptive to feedback that may:
• Add constraints
• Shift the direction of a goal
3. Ensuring all teams:
• Have clarity
• Are aligned
 Data Science Approaches
https://www.youtube.com/watch?v=S5lxaFtCcnM
Data teams generally approach a business case using one of three main approaches, descriptive,
predictive, or prescriptive. Let's say you're in your company's marketing department and you want
to look at data to understand who your customers are.
This is a deceptively difficult question. You might have numerous pieces of data about a single
consumer, such as their age, gender, zip code, or past purchases. Your data analysts would handle
this question using a descriptive approach. A descriptive approach uses statistics to analyze
historical data and provide summary statistics based on geography, demographics, average single
or total purchase amounts, etc.
The end result becomes a quantified description of various customer types. Descriptive studies
need clearly defined and articulated objectives. There are often many ways to approach a given
question. Therefore be as specific as possible when making these types of requests of your data
team. It is important to encourage the data team and expect them to ask for clarification if the
objective of a data request is not clear at
the beginning and throughout the data analysis process. Now, imagine that your data science
team has offered a descriptive understanding of your customers. Your next question might be,
which customers would be most likely to perform an action we want them to perform? For
example, if we're recommending an exciting new product on our website, we might start by asking
which of our customers would be most likely to purchase a similar product? Would it be someone
who has never purchased a similar product in the past or will it be someone who has purchased a
similar product from our website before? If it's the latter, how much time do we expect to pass
between when they purchase that first similar product to when we expect them to purchase the
new one? To answer these questions, our data science team would use a predictive approach. A
predictive approach relies on historical data and data science modeling to predict future behavior.
Predictive approaches enable organizations to identify risks and
opportunities by looking for patterns from a forward-looking perspective. In the described
scenario, the data scientists would use the predictive approach to look at
the historical data on customers and their purchasing behaviors. They would then make
predictions about how customers may interact with the new product based on that data. So far we
have identified who the business customers are using the descriptive approach, and we have a
prediction of how those customers might behave when a new product is introduced based on the
predictive approach. In this last step, we consolidate those approaches and bring it all together to
apply a prescriptive approach. The prescriptive approach goes beyond the descriptive and
predictive approaches to make recommendations about what actions to take to optimize or
mitigate the prediction results and to identify our recommendations impact on business goals. It is
also used to determine which recommended action has the highest confidence that the prediction
will happen as expected. In essence, prescriptive approaches simulate predicted
outcomes and provide recommendations on the best course of action. Let's come back to the new
product launch on our website. Data scientists could take a prescriptive approach to recommend
sending discounts. Who are customers that are most likely to buy that new product or maybe
provide an early product preview to customers in a specific region who are most likely to purchase
a similar product.

Data teams generally approach a business case using 3 main approaches: descriptive, predictive, and
prescriptive.

Descriptive Approach
A descriptive approach uses statistics to:

• Analyze historical data

• Provide summary statistics based on a given set of information
Descriptive studies need clearly defined and articulated objectives.

Predictive Approach
A predictive approach predicts future behavior by relying on:

• Historical data
• Data science modeling
Predictive approaches enable organizations to identify risks and opportunities by identifying patterns.

Prescriptive Approach
A prescriptive approach is used to:

• Make recommendations about what actions to take to optimize or mitigate the prediction results.
• Identify a recommendation's impact on business goals
• Determine which recommended action has the highest confidence that it will happen as predicted.
Prescriptive approaches simulate predicted outcomes and provide recommendations on the best present
course of action.
 Data Science in Practice
https://www.youtube.com/watch?v=P5uZOD1bIA8
I am a big fan of the data science hierarchy of needs, which is a tool that is widely used in the
industry to describe the architecture and actions needed to perform robust data science and how
they relate to one another. The first and most important thing is collecting data. I cannot
emphasize enough how critical it is to get this step right. It is the foundation that data science and
data analytics are built on top of. This includes figuring out what you can or want to collect
yourself and what data you will need to source through external channels. The more thought you
put into this foundation,
the more you will be able to do in the future. The most successful data-driven companies that I
know of, think continuously about this layer and how to improve their data collection. Next is
storing and accessing your data. There needs to be a stable way to access the data that you have
spent valuable time collecting. This is through setting up data lakes and data warehouses. This
allows your data team to be able to build models and derive insights by having readily accessible
data. Without this, no insights on the data can happen. There should be a substantial amount of
time here invested in
making sure that the data is available on-demand and isn't lost. Data collection and data access in
the storage is done through a process called extract load transform or ELT.
You may have heard of it called ETL before. They're essentially the same thing, but the industry is
moving more towards ELT as an acronym and a process. As a business leader, you have to
advocate and make sure that this system is in place to empower your data team to do their work.
At a high level, the data needs to be extracted from at least one source. Then that data needs to be
loaded into a place to store the data and
finally transformed into something the data scientist and analyst can then use. The middle section
of the pyramid is all about transforming your data and extracting meaning from it. After your data
has been collected and stored, the data team can start working with it to identify key groupings of
the data such as metrics, segments, features, and more. This section is often a hybrid exercise
between data scientists and engineers, and many data scientists spend a significant portion of
their time in this section of the data pyramid. This part of the process is done through a
framework.
The framework is usually talked about in two major ways, top-down or bottom-up.
The top-down framework starts at the business case and then works down to the data.
It's very effective if you have very data-driven business leaders. If business leaders don't have a
strong understanding of data and how it works though, this can be a very difficult way to gain good
insights. Bottom up is where the data science team is
responsible for surfacing insights to the business leaders. This model is very effective when the
team has strong business domain knowledge. Teams of data scientists who are generalists and
don't have particular expertise into the industry business and its goals, may struggle to give
valuable insights from this bottom-up framework. The approach that I would advocate for that is
optimal, is a hybrid approach between these two frameworks. This allows for a conversation and
balance to be made of the strengths of both frameworks while mitigating the potential
weaknesses and through the process, there should be research it every step to help further the
conversations.
The last thing to consider here is what the final deliverables look like. The final product for data
teams means packaging results in a way that is useful for implementation and or clearly
communicates findings to key stakeholders. Sometimes the final product is a written report or
presentation with data derived insights and visualizations. In other cases, a business may want to
productionize some data derived insights by making a predictive algorithm run in real-time, or by
creating a dashboard to track and monitor how things are going. Many businesses can enact
powerful digital transformation by stopping there. However, there is one more level of the pyramid.
While outside the scope of this lesson, artificial intelligence, machine learning and deep learning
are at the very top of the pyramid and what many people most typically think of as data science.
These aren't necessary for every company though. As the foundational work completed and the
exploration and analyzation phases may be sufficient for many business cases.
In addition, the insights gained from the explore and analyze phase give your data science
ecosystem the capacity to use AI and ML for more powerful insights and predictions.

In practice, there are 4 major steps in the data science process:

1. Data Collection
2. Data Access and Storage
3. Explore and Analyze
4. Learn and Optimize

1. Data Collection
This is the most important step and the foundation to receiving valid and reliable results.

Questions here include:

• What data can be collected by the data team?

• What data will need to be sourced through external channels?
2. Data Access and Storage
This step covers the data infrastructure and engineering required to both safeguard data and have that
data be readily accessible to the data team.

Structures and processes here include:

• Data Lakes
• Data Warehouses
• Extract-Load-Transform (ELT)

3. Explore and Analyze

• Top-Down Framework – starts at the business case then works down to the data level
• Bottom-Up Framework – starts with the data science team surfacing insights to the business
leaders
• Hybrid Framework – a hybrid approach between the two frameworks that balances the strengths
and weaknesses of the two previous frameworks

4. Learn and Optimize

While outside the scope of this lesson, artificial intelligence (AI), machine learning (ML), and deep learning
are at the very top of the pyramid.
 Executive Decisions for Data Science
https://www.youtube.com/watch?v=qJHCBAW6ieM
Data science and analytics empowers leadership, teams and organizations to execute on their
data-driven goals and OKRs in ways that positions them for success. From identifying metrics to
creating the predictions that are the basis of OKR benchmarks, the work of the data team is
foundational for not only laying out current metrics but also providing a view into pathways for
optimal future business outcomes. In the digital transformation process an Analytics Center of
Excellence, can be a tool used to centralize and mainstream data processes. This center of
excellence is different from a Cloud Center of Excellence and is specific to analytics. It is a
functional organization whose job it is to react to the data needs of the business. They also decide
how to triage data requests into long-term strategic initiatives and short-term reactive asks from
various non-data teams across an organization. The Analytics Center of Excellence, or ACoE, is a
best practice in the digital transformation with data science and analytics journey. It is a bridge for
sharing data resources, training, and best practices throughout an organization. In this model, ad
hoc data requests from the business can be handled in a centralized manner, which allows for
data scientists to participate in longer-term strategic data building for the future. When thinking
about the role of data science in your digital transformation, it's important to just do the simplest
thing first. See success with that, and then continue to grow your data science projects
keeping in mind that everything is iterative. You shouldn't set out to do a digital transformation by
assuming that you're going to build some incredible predictive model that will transform your
business overnight. However, you should think about what's the simplest thing that you can do to
get some lift and then go from there and incrementally increase. I guarantee that if you try to build
the most complex model in a short timeline without any foundation, it won't work and you will not
get any gains from that. Implementing successful data science projects hinges on having a
structured and intentional approach. To do this, I suggest asking yourself the following questions.
How much data do you actually have? What business problems are you trying to solve with that
data? Who will be the end-users of your data? Who will be the end-users of the insights?

An Analytics Center of Excellence (ACOE) can facilitate a digital transformation process by:
• Centralizing data processes
• Sharing data resources
• Creating best practices and training programs
• Being a repository for organizational data initiatives and documentation
Be Intentional
Implementing successful data science projects relies on having a structured and intentional approach.
Helpful questions to ask include:

• How much data is available?

• What business problems need to be solved with data?
• Who will be the end-users of the data?
• Who will be the end-users of the insights?

Additional Reading
This article from the Eckerson Group provides a good view into the design of an Analytic Center of
Excellence, How to Design an Analytics Center of Excellence.
 Democratizing Data
https://www.youtube.com/watch?v=EZg4sSxTrk8
One of the pillars of a successful digital transformation is having an organization that not only
values data-driven decisions, but cultivates a data-driven culture among all members of the
organization. This can be done by rethinking how reporting, for example, is treated across an
organization. Having a data-driven culture is one where
an organization's employees are using data to make decisions and always thinking about how to
use data better. It's not really about the tools that they use. It's more about the culture around data
and how and when you use it in your decision-making. When a lot of organizations start with digital
transformation, their data scientists and analysts will be doing a lot of reactive ad hoc data
answering. One way to transform out of this is to democratize data. This is done by making data
more accessible to those without specialized skills of the data team and giving them the tools to
be able to use data and both ask and answer questions that they have. Leaders can take desperate
and often siloed processes and integrate them using business intelligence tools such as Tableau,
Alteryx, or Looker with the intention of extending that accessibility of data across all members of
the organization. I have to say though that data democratization is a nontrivial endeavor. The
implementation of tools like these takes a lot of under the whole data science and analytics effort.
However, it is worth it because once you implement them, you start freeing up the time of your
data scientists and analysts.
They can spend less time acting as ad hoc data consultants within your organization because
more and more people have access to the data with the appropriate guardrails to answer
questions on their own. With this type of development, there comes more time for the data team to
start making more cutting edge insights rather than performing those ad hoc reactive tasks. Just
to set expectations, I should say that your business will probably never entirely move away for the
need for these ad hoc data request to be fulfilled. But by implementing that Analytics Center of
Excellence that I mentioned earlier and working towards data democratization with business
intelligence tools, these ad hoc requests can be better streamlined and directed towards analysts
with specific subject matter expertise to answer the business as data needs rather than having the
data scientists do that work, who should be more focused on growth and building for the future
with data

Pillars for successful digital transformation include having teams and an organization that:

• Value data-driven decisions

• Cultivate a data-driven culture among all members

Democratizing Data
Democratizing data is the process of making data more accessible to those without the
specialized skills of the data team, empowering them to use data to ask and answer
questions.
 Exercise: Being Data Driven
In this quick thought exercise reflect on the terms: Data-Driven and Democratizing-Data:

As a business leader, how are you cultivating these themes within your team(s)?

Your reflection
This is done by making data more accessible to those without specialized skills of the data team
and giving them the tools to be able to use data and both ask and answer questions that they have
Things to think about
Being hyper-focused on data at all levels, from collection to reporting or productization, will facilitate and
enhance your executive decision-making and team management skills.

Exercise: Being Data Driven

In this quick thought exercise reflect on the terms: Data-Driven and Democratizing-Data:

As a business leader, how are you cultivating these themes within your team(s)?
 Making Build vs. Buy Decisions
https://www.youtube.com/watch?v=XQ7J6zBk5f8
Depending on your organization's current size and data science and analytics capabilities, you may
face the question of whether to buy or build. Oftentimes you can buy the data that you need and
models that you need to extract insights from the data.
This is a great option if you currently don't have your own data or if you don't have enough data for
a specific business case. Something to consider though, when using third-party vendors to get
data is to make sure that you have a service license agreement or an SLA with them. An SLA is a
legal contract that can guarantee the cadence and quality of the data you are receiving. This might
seem minor, but it can become a substantial blocker if the data does not meet your expectations
or if it's delayed, which in a rapidly moving industry can be a detriment to your business.
There are companies that actually sell algorithms or models that could be what you want to
purchase as well. In this case, you would want to set up much of your infrastructure to be Cloud-
based so you can more easily connect with various third-party vendors. In this scenario, much of
the data science and algorithmic work is done by external parties, but you would probably still
need some in-house data engineer is to connect the data to the right models and manage all of the
moving pieces. The other end of the spectrum is building everything in-house, everything here is
done internally by data science engineering and data science teams. Data can be generated and
stored on a Cloud platform or on an on-premise server. You would then have data engineer's in-
house to prepare the data if it's large and complex, and then your data science team pulls insights
and writes models. This build in-house option is better if your company already has an established
data science team that has the capabilities required to manage the data ecosystem needed for
your goals. With this option, another benefit is that you have full control of making your data
science pipeline and outcomes exactly what you want. The reality though for most companies, is
that you will probably take a hybrid approach and fill in the data and engineering gaps through
purchasing some data and some models, and then you can gain insights more quickly to act on. In
reality though this process is not so linear, you're going to end up with a lot of models that form a
network and create an engine that gains useful output or insights. Over time, as your data science
team has more capacity, you may want to update models that you purchased, bringing more effort
of building in house, and that can get you more specific insights for your specific business cases.
What happens in this situation is that your models become more proprietary and tailored to your
specific business needs.
Those models that you build out can actually even become products that your company can sell in
a new business sector, and there have been a lot of unexpected spin-offs
across multiple industries due to this phenomenon. Some general questions to ask yourself when
you are thinking about build versus buy are, how long will it take to build
an efficient model versus the time it will take to buy and customize? What other engineering
resources will I need to integrate a model or third-party analytics system?
What are the cost implications of either option? What metrics will you use to assess the quality of
a model or vendor? How important is the predicted performance or accuracy of the model? You
can also set up shorter-term trial periods with third-party vendors,
and I highly recommend doing this to experiment and see if a model integrates well into your
ecosystem and is useful for your business. It is imperative that leaders and their teams think about
models and algorithms that you purchase as black boxes. They are referred to as black boxes
because your team often won't have insight into exactly how a model is working under the hood
and how its output is being generated. The reason for this is that the algorithm that accompanies
cells to you is that vendors intellectual property, so you sometimes also won't even know exactly
what data a model was trained on. Understanding the data that a model was trained on is
incredibly important,
because models are only good at predicting outcomes from data that is similar to data that they
have seen before. To this end, all models are biased towards data that they have seen before, and
if your data is very different, it is entirely possible that the model will not perform as expected on
your data. This can lead to a lot of ethical concerns and is the reason why experimenting and
testing are both so important. Doing this type of due diligence on a third-party model is less work
than building in-house, and it is a critical step you should not skip when purchasing any third-party
data services.

Buy
If your organization does not have the data needed to analyze a specific business use case, buying the data
and models from a 3rd party is a good option.

• Service License Agreement (SLA) – a legal contract that guarantees the cadence and quality of the
data you are receiving.

Build
If your company has a data team with the required capabilities, pulling data and building models in-house
allows for fuller control of the data science and analytics pipeline.

Hybrid
A hybrid approach allows organizations to fill in their data and engineering gaps through purchasing data
and models that can quickly return insights business leaders can act on.

Some Questions to Ask:

• How long will it take to build an efficient model versus buying and customizing a model?
• What other engineering resources are needed to integrate an algorithmic, model, or 3rd party
analytics system?
• What are the cost implications of either option?
• What metrics will be used to assess the quality of a model or vendor?
• How important is the predictive performance/accuracy of the model?
3rd Party Considerations
It is important to understand that purchased models and algorithms are "black boxes" because the
algorithm itself is the vendor’s intellectual property.

• Ask about the data that a model was trained on

• There is always bias in a model
• Be aware of ethical concerns
• Experiment and test
Due diligence on 3rd-party data services is critical.

Additional Reading
• For a solid summary of the build versus buy decision, as it relates to data, check out this article
from ThinkData, Data Management: Buy vs. Build.
 Considering Data Biases
https://www.youtube.com/watch?v=HhnLU_e_NcE
In any discussion of ethics and data science, data and algorithmic bias are two important topics
that come up. I can't stress enough how important it is for leadership and their teams to put their
best effort into knowing where the bias is in their data and algorithms. It's difficult, if not
impossible to avoid bias because algorithms are always biased in one way or another, they're
going to be biased to the data that they've seen before. It's really important to be cognizant of
where the biases lie though and whether or not the bias presents an ethical concern for the work
the data science team is tasked with. In order to manage this, you have to know the data. The
other major ethical concern is how results will be used if a data team deliverable is productized.
Essentially, what is coming out the other side of that data workflow. How is the output going to be
used? Is there a potential for it to be used in an unethical fashion? The issue of bias is particularly
impactful when datasets have people as the point of reference for data points. Being intentional
about ensuring that datasets in a workflow or product are balanced and representative is crucial.
Otherwise, biases gain a multiplier effect in deployment and can have significant and harmful
consequences for the people in the real world that are subject to it. This type of bias and it's
unintended consequences
can easily occur in a product that has algorithm that is based on data from a small limited
population and then extrapolated to the general population. For example, a predictive tool was
created for the banking industry to approve or reject home loans.
The data used to create this model was based on financial transactions made by people within a
particular income bracket. It worked great for predicting whether people would
pay back loans within that income bracket. However, the tool when deployed resulted in
negatively impacting people who did not fit that profile. It disproportionately rejected loan
applications from them. It also became apparent that because this was a US-based tool, income
bracket became a proxy for race and ethnicity. Thus, it disproportionately affected non-Caucasian
individuals. As a leader and a data science stakeholder,
it is important to recognize and acknowledge that biased exists and it can be introduced at all
levels from the data science process, from collection all the way through deployment. Ensuring
that product has algorithms are having the intended effect requires intentional conversations with
the data team and feedback loops that can flag issues early and often to mitigate and provide
opportunities for iteration. The question you should ask yourself is, can a model cause
unintentional harm? Bias in data science models is inevitable, but in understanding of how the
underlying data is biased is crucial to determining the reliability of the data team's deliverables.

Ethics and algorithmic bias are two important topics that are critical in any discussion of data science and
analytics.
Questions to consider include:

• Where could bias be present or introduced into the data and algorithms?
• Are ethical concerns present?
• How will results be used if productized?
• Is there the potential for it to be used in an unethical fashion?

Additional Reading
If you are interested in going more in-depth on the topic of data and algorithmic bias, there are a number
of great resources including the following:

• MIT Technology Review article on Racial Bias in Credit Scores that affected Mortgage Loans.
• A science article that looks at racial bias in an algorithm for health management.
• ACLU's Framework for Ethical Facial Recognition.
• An interesting article from Analytics Vidhya on Fighting Data Bias – Everyone’s Responsibility
 Other Critical Topics
https://www.youtube.com/watch?v=m8ez7dFDAOY
There are two final important topics to consider when you are undergoing digital transformation
with data science. We touched on this with our data hierarchy pyramid earlier, but you always need
to consider whether or not you have enough data and the right type of data to begin your data
science endeavor. The second critical topic to consider is data privacy. To determine if you have
enough data, you first have to think about the type of requests asked of the data team. If complex,
prescriptive, or predictive business, market, or industry insights are needed, then require datasets
may be significant in size. But if it's retrospective analytics, insights, and more straightforward,
forecasting and predictions, datasets might not need to be as large. This is a really good topic to
bring in data science experts into the conversation. They can help guide you in understanding how
much data you would need to meet business needs and goals. In addition to making sure you have
enough data, you will also need to make sure that you have the right types of data. Let's take an
example of predicting whether or not someone will develop cancer. You may start by asking, what
data would I need to build a model to do this? A great place to start is having your data team look
at things a doctor might look at, such as lab values, health assessments, and radiology reports.
This is also where specialized experience of a data scientist can come in and guide what types of
data you might need. Let's talk about the second point, data privacy.
It's important that you are aware of any governance and regulatory requirements that may impact
how your organization interacts with and stores data. For example, it is crucial to keep any
personal identifiable information or PII confidential. This could include consumer credit card
information, protected health information, or even basic information like name and address. This
process and data cleaning has to be done at every level of your data pipeline. We hear about
security breaches to company databases all the time in the media. They can be a devastating blow
to a company's reputation that you want to avoid at all costs.

The amount of data required for reliable insights will depend on the type of insights needed.

Very large, "Big Data", datasets are needed for insights that are:

• Prescriptive
• Complex Predictive
• Market or industry based
Datasets that are not "Big Data" are needed for insights that are:

• Retrospective
• Straightforward forecasting

Data Privacy
Be aware of any governance and regulatory requirements that may impact how your organization
interacts with and stores data.

Be intentional about data privacy and data security.

 Exercise: Build or Buy
Reflect on your own business context.

1) What 1 or 2 pain points could be eased or eliminated for your team, if you had the necessary data?

2) For the necessary data and analysis of it, what would your "buy vs. build" decision be and why?

Your reflection
1. algorithm bias and privacy 2. Depending on our organization's current size and data science and
analytics capabilities,
Things to think about
While this is a reflective exercise, it helps to synthesize all of the aspects that go into a build or buy
decision within your specific business context.
 Zara Case Study: Introduction
https://www.youtube.com/watch?v=pKgf5IsZQrU
Zara is a fast fashion apparel company from Spain that has both online and brick-and-mortar
stores. Fast fashion is specifically on-trend fashion that is directly influenced by what was most
recently on the runway. In this fast fashion industry, there are a few major pain points. The industry
has traditionally operated on a seasonal sales cycle.
In this model, a company will plan out their entire line for the upcoming season and manufacture
all of their products at once, shipping it in large batches to their stores to sell over several months.
This leads to a couple of challenges. First, there is almost always a product or two that don't sell
as well as expected over the course of a season.
But since it was already created, the stores have no choice but to put those items on sale which
leads to loss revenue. Another perhaps more interesting problem that this
creates is that it does not allow for a feedback loop between you and your customer throughout
the season that you as the company can react to to meet their more specific desires. The industry
also faces challenges with their online retail processes,
particularly with online returns. When customers can't try clothes on themselves, they are more
likely to return your product because it may not meet their expectations.
This also leads to lost revenue and a longer amount of time for each product to sell.
Zara became a true unicorn in the fast fashion industry by using data to address the major pain
points that I just discussed. The innovations that Zara made with data have led them to be a
company whose products rarely go on sale because they are not overproduced while actually
creating about five times as many unique clothing items per year as their competitors. Their
customers are so satisfied with their products that their average customer visits one of their brick-
and-mortar stores 17 times per year and when they buy products online, they rarely return them.
Let's learn about how they use data to accomplish this.

Zara is a fast fashion apparel company from Spain that has both online and brick-and-mortar
stores. Fast fashion has some major pain points:

• Seasonal sales cycle

• Online retail processes

Impactful Results
Zara's use of data to address these pain points resulted in:

• Rarely having sales

• Creating 5x as many unique items compared to their competitors
• An average customer visits a brick-and-mortar store 17 times a year.
• Customers rarely return items purchased online
 Zara Case Study: Data-Driven Decisions
https://www.youtube.com/watch?v=BKrcym6vd14
How did Zara use data to do all of this? One major decision that Zara made was to move away
from long traditional season-based cycles to very short cycles where only small amounts of
product were produced at a time. Shipping small amounts of product to their stores means that
Zara would need to be ready at all times to ship more and potentially different products to their
stores as soon as they were needed. One of the major ways that they were able to do this was by
collecting data about all of their product, particularly how well they were selling in real-time, and
how successful each product was in every selling location that they had throughout the world.
Zara accomplished this through placing radio-frequency identification or RFID tags on every
product sold.This allowed for tracking of the products from the warehouse all the way through to
them being purchased.An item could even be tracked when being tried on or sitting on a shelf,
which helped illustrate the entire product journey with data from the creation to the time that it
was in a customer's hands.Zara also got qualitative data in its stores from its employees. Zara
would train employees to enter in any customer feedback that they would hear on a daily basis. If a
customer said to their friend,
"I really like this style of jacket, but I wish it was in white," the associate that overheard this would
be able to report it. Because employees were trained to look for feedback,
the associate would keep in mind what jacket the customer was talking about and specific details
that were important. Zara also received direct feedback from customers through a traditional e-
commerce review system.This collection of various types of feedback allowed Zara to free
themselves of the long seasonal cycles, and instead, the design team could create a design and
get it into the hands of customers in 2-3 weeks.
This was done by producing a limited amount of new designs, holding smaller inventory of those
designs, and through all of the collected data, Zara could get a pulse on the demand down to the
zip code level. If an item wasn't selling well in a week, Zara could stop production of it or opt to
adjust the design based on the qualitative feedback.
This allowed for supply chain optimization to better fit the demand with a just-in-time model with a
small batch of stock rather than having a surplus stock to manage and house. Another key factor
in this is Zara's parent company, Inditex. It is incredibly data-driven and runs all of the data
management, data infrastructure, and analytics. Inditex has the capability, with its central
warehouse, to collect, store, and manage data 24 hours a day, and the capacity to stitch all of its
workflows and data together to allow for complex data ecosystem. As a company, it is able to do
this through many partnerships and third-party vendors in the areas of supply chain management,
warehouse management, and consumer behavior prediction to integrate with the models that they
also build in-house. Another major change Zara made was to minimize online returns to increase
customer satisfaction. A new tool was created on their website that surveyed the consumer.
Based on the survey results, it was able to collaboratively filter items and
make better recommendations for clothing fit and preference, essentially bringing the dressing
room to online shopping. It would ask specific questions beyond size, including how the customer
would like clothes to fit such as tight, loose, etc. With this level of questioning, it was easier to
personalize the recommendations. This led to more customers receiving exactly what they
expected when online shopping and returning far fewer items. One other data innovation that Zara
created that I find particularly interesting is more recent and specific to online shopping. Zara
started analyzing how customers were using the search bar on their website as a way to better
align with the customer's terminology and what trend was in demand. Zara would analyze the
terms that customers searched for and reconcile them with what customers actually bought.
They would then use this to actually change the names of their products to make them more
discoverable and therefore sell more. For example, if Zara has a product that they call a blazer, but
they discover that most customers find it first by searching for the term jacket, they will actually
change that product to be called a jacket.
The main takeaway is that Zara succeeded in challenging the norm and changing how to do
business in their industry because it implemented core changes around how they use data to
make decisions. Now imagine your business using data science to drive innovation and growth.

Zara leveraged its data team to small steps that led to major gains.

Zara moved from the traditional and longer retail cycle to short 2-3 week cycles with small
amounts of product produced with each cycle. This was done by:

• Placing radio frequency identification (RFID) tags on every product sold to track the product's
journey from creation to purchase
• Training its employees in ways that made them significant sources of customer data
• Its supply chain was optimized for "just in time", small-batch execution
• Minimizing returns through the intentional use of its website features
 Zara Case Study: Debrief
https://www.youtube.com/watch?v=ORul1p7lCPA
Zara has made amazing strides in changing fast fashion. But it is important to note a few more
ways it continued to adapt before we close out this case study. First, there was a risk in making a
small volume of products because that could lead to empty shelves which isn't good for business.
But Zara was able to manage that risk through having much of their other clothing production
done in house in its own warehouses,
which also allowed Zara to experiment until it landed on the current process. Zara also made a
decision to spend barely any money on advertising which is somewhat backwards in the fast
fashion industry. It instead followed its customers to where they were, its brick and mortar stores.
By using their short cycle process they were able to draw customers into their store frequently
because customers would never see the same product twice. In fact, their in-store inventory
changes approximately every 10 days. Since most products sell out, customers are incentivized to
make purchases
immediately when they see something they like. Since this worked so well, Zara chose to invest in
building more brick and mortar stores instead of investing a lot of dollars in advertising. Zara did a
great job of using its data capabilities to make it a more agile
organization and this has enabled it to rapidly adjust to market changing conditions. As they
invested in increasing customer satisfaction and making their products easier to find online, they
eventually became less dependent on the brick and mortar stores to be the sole avenue for its
success. Lastly, Zara's data-driven changes were supported by the infrastructure of Inditex. To be
data-driven, Zara fully leverages its data science ecosystem, which provided a strong foundation
of data collection and management which led to well informed insights and substantial changes
across Zara's organization.
On top of all of these important continued steps to improvement, Zara has shown that they can
quickly adopt the effects of the global pandemic COVID-19. As I mentioned previously one of their
largest strategies was opening more stores, but in the middle of the pandemic they were closing
stores because, of course, less people were shopping in person. They were able to do this and
maintain financial stability because they had already diversified and invested in using data to drive
their online marketplace.
Their items still do go on sale in their online marketplace but still not nearly as much as other
online retailers. Because of all of these choices that Zara made, they have bounced back and their
revenue has gone way up since before the pandemic with nearly all of their remaining stores also
opening back up as well as online sales increasing. Zara continue to transform and it is a
demonstration of the nature of continuous improvement driven by data science to allow them to
be successful even in the face of unforeseen challenges.

Zara's use of data as a risk management and digital transformation tool was facilitated by several factors:
 • In-house clothing production allowed for process experimentation
• Shorter inventory cycles, rather than inventory, drove customer demand
• Data infrastructure support from its parent company

Additional Reading
The following articles are helpful for more information on how Zara used data science and analytics to
create a risk management tool and optimize its business results:

• ZARA: Achieving the “Fast” in Fast Fashion through Analytics, Harvard Business School
• Zara stocks up on AI, big data, analytics partnerships and investments, CIO Dive
• 15 Zara Secrets The Press-Shy Brand Hasn’t Made Public, Refinery29
 Exercise: Working with Constraints
One of the themes of the Zara case study is that small incremental changes can lead to significant gains and
value creation.

Thinking of your own business context, what are 2 or 3 small data-enabled changes that could accelerate
value creation for your teams?

Your reflection
1. data enable to analysis daily work to give in charge employee to think for fast and accurate work
2. for the data what we have we will try to see what is the benefit data and what not to increase our
profit
Things to think about
Thank you again for your reflections here, We hope that this, and all the exercises in this lesson, have
helped you visualize and contextualize how data science and analytics can be leveraged as digital
transformation tools in your organization.
 Lesson Takeaways
https://www.youtube.com/watch?v=4rxJg37CC5E
As we close out this lesson, you should walk away with these key takeaways. Number 1, data
transformation occurs across an entire organization, but always starts with collecting data. I've
emphasized it a few times throughout this course, but collecting data is so critical to setting your
foundation up for success. Number 2, being data driven allows teams and organizations to be
agile with iterative and continuous improvement. Think about the Zara example. Zara was able to
become so much more agile with how they pleased their customer by moving from those long to
short iterative sales cycles using data. Number 3, making decisions with data can lead to
transformative, not just incremental improvement in your organization. Number 4, the simplest
tasks are the best places to start your data science and analytics journey.
Remember you are not going to build the most sophisticated, complex predictive model overnight,
but there are plenty of places I am sure in your organization where small,
simple problems can be tackled with data to make huge changes. Finally, number 5,
people are the backbone of all of this, so communicate your data goals and objectives.
A new culture that is centered on data requires cultivation, which really starts with leadership.
Challenge your employees and the people in your organization to start asking more questions with
data and getting more curious to really make that culture change happen. Congratulations on
reaching the end of this lesson. Now, go forth and be data-driven.

As we close out this lesson you should walk away with these key lesson takeaways:

•Data transformation occurs across an entire organization

•Being data-driven allows teams and organizations to be agile
•Making decisions with data can lead to transformative improvements
•Start with the simplest tasks
•People are the backbone
Remember, a new culture centered on data requires cultivation, which starts with leadership

Congratulations on reaching the end of this course. Now go forth and be data-driven!
 Congratulations
You have completed this lesson on digital transforming your business with data science and analytics and
we wish you the best on your data and digital transformation journey!

Next Steps for Your Journey with Transformative Technologies

If you want to learn more about how data science can accelerate reaching your business goals, take a look
at the Udacity Nanodegree Data Science for Business Leaders.
Now you have some choices for the next stage of your Digital Transformation journey.

Option 1
Complete another topical lesson in this Transformative Technologies course that is of interest to you.
Option 2
Move on to the next course in this program.

Congratulations again on completing this lesson!

 Welcome to Cybersecurity
According to IBM's Cost of a Data Breach Report 2021, security breach costs average $4.24 million
per event.
As the financial and reputational risks associated with cyber-attacks become more prolific,
systematic, and expensive, cybersecurity literacy has become a core competency for:
• Board Members
• Senior Management, and
• Executive Business Leaders

What We Will Cover

In this cybersecurity lesson, we will:

• Define Cybersecurity and Key Stakeholders: including Security Trends and Roles
• Discuss Cybersecurity Systems and Frameworks: including the importance of
Governance, Risk, and Compliance
• Reflect on Strategic Decision Making in Cybersecurity:
• Practice Proactively Building and Managing Security Defenses: including Table-Top
exercises
• Take a Cybersecurity deep-dive with a Yahoo! Case-Study

Meet Your Instructor

Chris Cochran is the co-founder and Chief Executive Officer of Hacker Valley Media. Chris is a
cybersecurity leader turned full time content creator. He has dedicated his career to building and
leading advanced cybersecurity missions at organizations.

Exercise Questions
Throughout this lesson, you will be posed with several reflection questions to help connect the
concepts covered with your own business goals, needs, and context.

For these questions just jot down a few ideas or keywords that come to mind. There will be more
time to explore these questions in greater depth later in this program.
By the end of this lesson, you will have a strong foundational understanding of key aspects of
cybersecurity from a leadership perspective and you will have tools that you can use to
implement and cultivate a culture of security within your organization.

Let's Get Started!

 Radically Secure- Cybersecurity Reimagined
https://www.youtube.com/watch?v=KX6SzA6cyqY
Imagine for a moment that you are a race car driver going 200 miles an hour along a race track
that's constantly shifting shape. There are sharp curves in the road, they come up suddenly
without warning and the weather can go from beautiful and clear to foggy and treacherous in an
instant. The engine is loud and the crowd is blurring.
But you are prepared, you're prepared driver, and you and your team have practiced to maneuver
safely and quickly in any situation. This is what digital transformation looks like from a
cybersecurity perspective. The car is your organization. As a business leader,
you are a driver and your team is the pit crew. The race track represents the fluidity of
the cybersecurity landscape and the curves are the cybersecurity threats and attacks.
In this course, we take a deep dive into thinking about cybersecurity within the context of digital
transformation. We will see how it can not only underpin a security strategy within an organization,
but it has the ability to serve as a tool in the cultural and mindset shift needed for a successful
implementation of digital transformation initiatives. Here we take a broad look at cybersecurity as
an integral part of every business, irrespective of industry, product, or service type. As business
leaders, we can tend to focus on thinking defensively about protecting our organizations and our
customers against the attacks that can happen every day. Ultimately, every business has
vulnerabilities,
but how do we strategically mitigate these vulnerabilities while simultaneously re-imagining
processes, teams and roles. This is where we see the interplay between cybersecurity and digital
transformation. This is why that analogy between cybersecurity and Formula 1 racing is so great.
The driver's goal is to go as fast as they can and to facilitate this, they have a headset on while
they're driving to communicate with their team in the pit. The pit crew doesn't just change tires
quickly, all four tires in three seconds, but it also monitors the health of the vehicle using sensors
to instantly diagnose and remedy both sudden and impending issues. The crew can communicate
a range of information such as the engine temperature or the fluid levels out to the driver.
This gives the contexts to the driver so they can make decisions about how hard they can push the
car given a particular situation, like a critical part of the course, where they may have an opening to
pass another driver and potentially take the lead.
As the business leader, your role is similar to that of the race car driver. People within the
cybersecurity team and across the organization act as the pit crew to inform how fast or hard to
push the organization through monitoring and managing the cybersecurity ecosystem and
implementing diagnostics, analytics, and other technicalities. However, as the driver, you can make
the case for a strategic cybersecurity path or paths forward for your organization by asking key
and judicious questions. This question and response process is interactive and serves two
purposes;
it informs senior leadership to enable strategic decision-making and it cultivates
the culture of change and innovation in the early stages of your digital transformation.
Remember a mindset shift is core to the success of any digital transformation process.
Cybersecurity can be the catalyst for innovative change with a relative digital safety.
The challenge is going from just being responsive and preparing for what we may know
is coming to being forward thinking across all levels of the enterprise.

Cybersecurity underpins the security strategy within an organization and can serve as a tool in the
cultural and organizational mindset shift needed for successful digital transformation initiatives.

In 2020, McKinsey & Company published, A dual cybersecurity mindset for the next normal, which
set out the duality of the cybersecurity responsibilities as ones that:
1. Facilitate business growth and innovation
2. Protect the organization and its key stakeholders, particularly customers/clients

The Challenge
Ultimately every business has vulnerabilities. And strategically mitigating these, while
simultaneously reimagining processes, teams, and roles is where we see the interplay between
cybersecurity and digital transformation.

Cybersecurity can be a catalyst for innovative change with relative digital safety.
The challenge is going from just being responsive and preparing for what we know may be
coming, to being forward-thinking across all tiers and lines of the enterprise. In essence, creating
a security culture where all stakeholders are compassed toward the organization's well-being.
This article, Weave cyber security into the company's DNA from KPMG, highlights this point.
 Exercise: Your Security Mindset
Reflect on Your Security Mindset
Cybersecurity can be a catalyst for innovative change with relative
digital safety.
Based on your current understanding of cybersecurity, list four specific ways it can be a "catalyst for
innovative change " in your organization or team.

We will revisit this question again, toward the end of the course to assess any change of view.

Your reflection
privileged access management unified access management Secure managed file transfer phishing
and content protection
Things to think about
Throughout this course, you will be asked to apply the concepts and frameworks we discuss to your
organizational context. These short and interactive thought exercises are meant to build the creative and
innovative "muscle" needed for successful digital transformation initiatives.
 What is Cybersecurity?
https://www.youtube.com/watch?v=3cUUZaYHMfw
So far we've talked about cybersecurity at a high level, but we have yet to define what
cybersecurity actually means. We often hear that the cybersecurity group is the department of no.
However, cybersecurity until it's pushing an organization as far as it will go in the most secure way
possible. At its core, cybersecurity is risk management through the protection of electronic
devices, communications networks, and the information stored on are transferred through these
organization assets. These assets can be anything from physical devices such as cell phones,
laptops, all the way through email and Cloud-based servers. IBM provides a simpler definition.
Cybersecurity is the practice of protecting critical systems and sensitive information from digital
attacks.
For business leaders, being cybersecurity literate is fundamental because
security is a primary tool in any organizations risk management toolbox.
Understanding the cybersecurity landscape, however, is a bit like being the race car driver on that
perpetually shifting race track. The technologies used to maliciously or unintentionally breach
hack or otherwise break organizations are the curves in that race track. Within the scope of digital
transformation, managing the cybersecurity curves may mean re-imagining how security is defined
and the role each member plays within
the context of your organizations overall strategy. Now, we've defined cybersecurity,
but it can also be described in three parts, confidentiality, integrity, and availability,
also known as the CIA triad. Confidentiality is limiting the access to read confidential information.
For example, only allowing specific roles in HR access to confidential employee information.
Integrity ensures that data isn't changed maliciously or unintentionally. For example, not allowing
account executives the ability to change financial information or metrics on accounts. Availability
is making sure that information is accessible when needed. For example, customers can access
their information whenever they need to. By describing cybersecurity with the CIA triad,
business leaders now have an opportunity to strategically transform their cybersecurity culture by
having a lexicon that everyone can point to and understand.

Cybersecurity for digital transformation is about leveraging all parts of the organization to protect
its digital assets in ways that

• Add value to the organization

• Are sustainable
• Can be improved upon
The CIA Triad

By defining security using the CIA triad - business leaders have an opportunity to strategically
transform their security culture such that every person within the organization may internalize
and take ownership of being a security stakeholder.
Delpoying People and Processes for Cybersecurity
"Cybersecurity is the practice of deploying people, policies,
processes and technologies to protect organizations, their critical
systems and sensitive information from digital attacks."
Source: Gartner Cybersecurity
As a business leader in your organization:

1. What role do non-technical team members play in protecting your organization?

2. How are you currently deploying people (technical and non-technical roles) and processes for the
purpose of cybersecurity?

Your reflection
1. ensure that the team meets requirements for the projects and tasks entrusted to it your key
responsibilities are still program 1. 1. planning resource allocation and the standard tasks
associated with leading any team from budget and timelines to QA risk management and
communication tagger 2. non-technical staff are those who aren't directly responsible for cyber
security but pose a threat a member of staff who has access to confidential files may be unaware
they just opened an email which contained malware leading to a breach technical staff are those
who are responsible for cyber security like CIOS CISOS IT managers and other roles they will
appreciate being given the opportunity to earn internationally recognized qualifications whilst we
will ensure that our employees have a broad range of cyber security skills and competence
Things to think about
Thank you for your response. We highly encourage you to revisit these exercise pages as you work through
the course to measure how your own ideas are evolving as you gain more information about cybersecurity
within the context of your organizational goals.
 Roles within Cybersecurity
https://www.youtube.com/watch?v=siF_av3f53k
While we strive to create an environment and culture in which security is seen as a key feature by
all members of our organization, as a business leader, it is important to recognize that your risk
management strategy and accountability will be highly dependent on the roles of those involved in
the strategy design and implementation. Effective cybersecurity programs have two functions; one
is governance, risk, and compliance, or GRC. This is where we establish the strategy of an
organization and how we do security. Specific functional areas can include audit, legal, strategy,
and process development. The second core function is security operations. This is where we take
the strategy created by GRC and we operationalize it to give it life. This includes operational
functions such as incident response, threat hunting, and includes the analysts and engineers. As
the primary arms of the cybersecurity strategy, the security team, regardless of its size, should be
seen both as a partner in strategy ideation and design, but then also, a champion of innovative
mindset shifts within the larger context of your corporate goals. As a strategic partner, the team
will be key in shaping forward-looking strategic perspectives, focus on rapidly iterating on
improvements to mitigate cyber vulnerabilities. Here just to remember, to avoid structuring a
strategy that weighs too heavily on optimizing existing processes, remember, the idea is re-
imagining roles and processes, and it is also about determining new ways to create and meet
business-specific goals. Optimization may play a part in this, but it is not always the objective.
Pushing for innovation, creativity, and agility, failing fast, learning quickly is very impactful here. As
a transformation champion, your cybersecurity team, by nature of their work, will be at the
forefront of any implementation across the organization, and they can be a powerful tool as
evangelists for cultural change within the company. Earlier I said every member of an organization
is a cybersecurity stakeholder. When thinking about that outside of IT and the cybersecurity teams,
the focus is not on the technical implementation, but rather change management and adoption,
remembering that innovation can come from all corners of the organization. It's important for
business leaders to be transparent with their processes and find tangible ways in which value can
be created by and for all stakeholders.

Effective cybersecurity teams include individuals with skillsets in two core areas:

• Governance, Risk, and Compliance (GRC) – where we establish who we are as an

organization and a team and how we should operate.
• Security Operations – where we take the strategy created by GRC, operationalize it, and
improve it.
The security team, regardless of its size, should be seen as:

• A partner in strategy ideation and design

• A champion of innovative and transformative thought and action to achieve organizational
goals.
Security Control
Some of the ways security professionals execute the CIA Triad (Confidentiality, Integrity,
Availability) is by implementing various security controls that generally fall into 3 categories:
• Detective – designed to detect malicious behavior allowing security professionals to
respond in some way.
• Preventive – designed to stop malicious behavior
• Reactive – designed to enable rapid responses to potential security
 Mental Agility in Cybersecurity
https://www.youtube.com/watch?v=567r1wwQpRY
Let me paint a picture for you. Imagine you're a manufacturing company. At your manufacturing
company, you make equipment for people all over the world. There's a shop floor and you have
staff and everybody's working on these computers, and in these computers is intellectual property
that is extremely valuable, let's say millions and millions of dollars and mission-critical, let's say
someone that's working on that shop floor sees a USB drive outside and they take that USB drive
and they stick it into a computer. Now, you have a risk of losing that IP. You have a risk of losing
your market advantage. There's a lot that can happen intentionally or unintentionally when it
comes to cybersecurity. That USB could steal the intellectual property, but it could also be
ransomware that could freeze up your entire operations for months on end. This scenario might
seem far-fetched, but it really isn't. As we round out our discussion about roles, it's important to
note that the number one skill that all team members need to have, both on the practitioner side
and the leaders, is mental agility. Thinking about digital transformation, there is a core
understanding, that technology is constantly changing. If you consider newer technologies like
Web 3, the economics of things like art and business and intellectual property are changing. They
are being re-imagined and adopted at a very fast pace. Having individuals on your team that have a
broad understanding of emerging innovations in their field will help the team make better strategic
decisions when it comes to digital transformation. Keeping mentally agile, considering the
emerging threats and the emerging technologies that come out on a day-to-day basis, but then
throwing away the non-essentials is going to be imperative for any business leader that's going
through a digital transformation with their team.

In the Verizon 2021 Data Breach Investigations Report, it is noted that about 20% of data
breaches are the result of data mishandling.

Innovation Everywhere
Thinking beyond cybersecurity and IT practitioners, the focus is not on technical
implementation but rather change management and adoption.

• Remember Innovation can come from any and all corners of the organization.
As a business leader, be transparent with your processes and find tangible ways in which
value can be created by and for all stakeholders.
 Prepare for the Cybersecurity Landscape
https://www.youtube.com/watch?v=xAZb-nVTmhE
before we move forward in our discussion it's worth taking a look back at how the field of cyber
security has evolved in the beginning we had workstations and desktops laptops and maybe a
single server eventually we got different it solutions and security appliances and data warehouses
but then things got even more interesting suddenly we had cloud infrastructure all over the place
and mobile devices became workstations in
our pocket now we're dealing with the internet of things or iot even your refrigerator has
an ip address this is indicative of the expansiveness of technology and is representative of the
variety of surfaces in which cyber attacks can happen in the united states marine corps I spent a
lot of time training to understand my equipment and its functionality what a specific piece of
equipment does and how it protects us understanding the cyber security tools and what they do
and how they protect our organization is imperative for the business leader looking at cyber
security these are some of the tools of the trade identity and access management tools this is
how we manage who is
connecting to our resources and what they are connecting to this is also where we can move
towards a zero trust model this is where we trust no machine explicitly security orchestration and
automated response or soar this is where we automate the boring and a repetitive task for our
security apparatus security incident and event management or sim or really any other security data
repository this is where we're going to be able to monitor the health and security posture of our
company and finally asset management this is one of the most important aspects of it and
security because you cannot protect what you cannot see so knowing the devices and technology
both inside your building
and in the cloud are of the utmost importance at this point in our discussion it is very important to
be clear on two terms that are often used interchangeably by lay people in the context of cyber
security and that's security and privacy security is about protecting the cia triad like we were
talking about the confidentiality integrity and availability for the whole organization and security
solutions are implemented to stop unauthorized access to data networks and devices privacy is
the ability to maintain that confidentiality of information which is a part of the cia triad privacy
does not always indicate protection from the outside it might be a business process that exposes
information in a way that goes against privacy standards and ethics one of the questions that
often comes up when we're talking about security especially when resources are limited is whether
or not we should standardize security across the entire
organization there are going to be things that are more important for us to protect and places
where we can lean into risk a little bit more knowing where our different security protocols are
required entails looking at where the most important centers of gravity
are for our company whether it's data intellectual property or operations those assets that are
considered the most mission critical may have more security guard rails than others testing your
cyber security defenses and your security posture is critical for
iterative improvements there are fundamental technologies that create a harder target such as
two-factor authentication multi-factor authentication and identity and access
management tools but great security strategy teams and resilient companies have incremental
improvements over time this is where champions are made every day we're asking what can we do
to make ourselves one percent better than yesterday will drive our organization to become an
impossibly difficult target to approach rapid incremental improvements is the organizational
mentality that weneed to drive digital transformation
Cyber-attacks have risen significantly over the last 20 years and with the increasing use of IoT
devices, the number of attack vectors will rise exponentially.

According to Cyber Security Ventures, global ransomware damages are expected to rise by more
than 13 times from $20 billion in 2021 to $265 billion by 2031.
To mitigate cybersecurity risks there are some common systems and structures that have
emerged.

• Identity and Access Management (IAM) – Manage who is connecting and to what
resources
• Security Orchestration and Automated Response – Automate repetitive tasks
• Security Incident and Event Management – Monitor the organization's security posture
• Asset Management – Know the devices and technologies on-prem and in the cloud

Security versus Privacy

Security solutions are implemented to stop unauthorized access to data, networks, and devices.

• Security – is about protecting the CIA triad (Confidentiality, Integrity, Availability), for the
whole organization,
• Privacy – is the ability to maintain the confidentiality of information, which is a part of that
CIA triad.
 Exercise: Assessing Your Security Context
From the perspective of the teams you lead, answer the following questions:
1) What are the primary security and privacy concerns that you and your teams manage, either directly or
indirectly, as part of your operations/processes?

2) Briefly describe how Security Orchestration and Automated Response could be of value in managing
the concerns you noted.

Your reflection
1. data privacy focuses on compliance with various data protection laws and regulations it also
focuses on how we collect process share archive and delete the data on the other hand data
security focuses on the security measures that we or our organization takes in order to prevent any
unauthorized access to the data let's understand these in a bit more detail data security is focused
on protecting personal data from any unauthorized third-party access or malicious attacks and
exploitation of data it is set up to protect personal data using different methods and techniques to
ensure data privacy data security ensures the integrity of the data meaning data is accurate
reliable and available to authorized parties data security methods practices and processes can
include the following activity monitoring network security access control breach response
encryption and multi-factor authentication on the other hand data privacy is concerned with
proper handling processing storage and usage of personal information it is all about the rights of
individuals with respect to their personal information the most common concerns regarding data
privacy are as follows managing contracts or policies applying governing regulation or law like
general data protection regulation or GDPR and third-party management data protection is a
combination of data security and data privacy data protection is the process of safeguarding
important information from corruption compromise or loss the seven principles of data protection
include lawfulness fairness and transparency purpose limitation data minimization accuracy
storage limitation integrity and confidentiality and accountability 2. allows an organization to
collect data about security threats from multiple sources and respond to security events without
human assistance
Things to think about
Thank you for your response here. It's worth noting that security automation, when configured properly,
has the added benefit of eliminating those security issues and gaps that are caused either by human error
or complacency with security guidelines.
1) Give three explicit examples of where/how you think Identity and Access Management (IAM) or Asset
Management can facilitate the digital transformation process for your team and/or company.

Your reflection
Unique passwords. The most common type of digital authentication is the unique password. To
make passwords more secure, some organizations require longer or complex passwords that
require a combination of letters, symbols and numbers. Unless users can automatically gather their
collection of passwords behind a single sign-on entry point, they typically find remembering
unique passwords onerous. Pre-shared key (PSK). PSK is another type of digital authentication
where the password is shared among users authorized to access the same resources -- think of a
branch office Wi-Fi password. This type of authentication is less secure than individual passwords.
Behavioral authentication. When dealing with highly sensitive information and systems,
organizations can use behavioral authentication to get far more granular and analyze keystroke
dynamics or mouse-use characteristics. By applying artificial intelligence, a trend in IAM systems,
organizations can quickly recognize if user or machine behavior falls outside of the norm and can
automatically lock down systems
Things to think about
Thank you for your response. As you continue on your digital transformation journey, the IAM framework
will become one of the critical tools in your security management toolkit.
 Governance, Risk, and Compliance
https://www.youtube.com/watch?v=9Qsf41fO6gw
we discussed governance risk and compliance or grc earlier when we looked at roles on a cyber
security team however this is such a critical topic for business leaders in any organization that it
bears going a bit more in depth to be clear let's review key terms governance this is the strategic
planning responsibility providing the organizational oversight and sets policies and establishes
practices for enforcement risk covers the specific safeguards to minimize risk to assets to include
the measurement of potential losses and the threat frequency risk is about the mathematics of
addressing threats from a business perspective and then we have compliance this is the
requirement that
all effective parties follow the same rules grc encompasses the strategic corporate policies and
regulatory guidelines which are the guard rails in which we must
operate as a business this is especially for businesses and industries governed by governmental
regulatory agencies and it's incredibly important to be aware of and proactively manage within the
scope of these rules and regulations grc provides a good foundational framework for doing this as
we'll see later in our case study not abiding by regulatory and industry standards can have punitive
reputational and financial impacts

Governance, Risk, and Compliance (GRC) roles do not just operate as separate functions with
specific goals. Each function can also represent a separate employee role. In fact, in larger
organizations, there are generally full departments dedicated to each role.
• Governance professionals – ensure the effectiveness of existing security controls
• Risk professionals – identify and mitigate security risks
• Compliance professionals – ensure security compliance obligations and remediate
compliance failure

Additional Reading
Examples of breaches at Target and Equifax, illustrate the consequences of missed opportunities
when security concerns are not proactively sought out and mitigated.
 Exercise: Strategic Thinking
Your organization, SwiftTech, has an information security steering committee to ensure that the
business and security strategies align. Next week is this month's meeting and you have been
provided with information related to business strategy and current security strategy (see images
below). Please review the information and answer the scenario.
Answer the following scenario:
As part of this month's information security steering committee meeting, you know of a proposal
that will be made. The proposal is to overhaul and modernize existing network security
mechanisms because several of the devices are going to be end-of-life in 12-16 months. Based on
what you know about the organization's strategy what might you advise the steering committee?
The committee will also want to discuss the existing cybersecurity budget. Based on what you
know, what assumptions might you make about the cybersecurity budget?

Your reflection
I advise the Steering Committee to improve and upgrade the quality of devices and not to rush to
buy new devices if these devices perform the tasks entrusted to them to the fullest. he assumptions
that I have made regarding the cybersecurity budget are as follows Integrate all security budgets to
reduce spending Increase employee safety training to reduce budget burdens
Things to think about
• The key to answering this exercise is realizing that a disconnect exists between corporate
strategy and security goals.
• Business strategy is shifting away from an on-premise mindset
• Business is concerned with speed and agility
• Security is heavily invested in on-premise security controls
 The EASY Framework
https://www.youtube.com/watch?v=tdoNJhYIikE
Every organization in the world is either going to have to accept or be aware of some level of risk.
Let's think back to that race car analogy we were talking about earlier. Let's say we're about to win
that championship or that Grand Prix. If we push the car just a little bit harder, we could run the risk
of blowing a tire or the engine exploding. But we want to win, so we go into that risk and say, "I'll
accept that risk of the engine catching on fire and then push in order to get into that first-place."
Taking the safer or riskier security route for your business will depend on two things, your business
contexts and the supporting data and information. Let me take you back to an earlier time in my
career. I was moving from the East Coast to the West Coast and I was joining Netflix leading threat
intelligence, which is a major part of the cybersecurity program. I was taking a lot of information
that I had learned from all these different companies and tried to apply it to this very, very different
organization. But when I arrived, I realized that the people were different, the processes, the
technology, all of these things were different. A lot of the knowledge and the information that I had
didn't relate to this new environment that I was operating. I came up with a framework that I'd use
time and time again, but I had forgotten that when I was a consultant that I use this framework. I
created the easy framework, which is a touchstone for operations. I started with threat intelligence,
but then it slowly morphed into this mental model for cybersecurity. What every business leader
needs to know when making decisions about cybersecurity is EASY. E is for elicit requirements.
What do we need to protect to ensure that the business survives? What do we need to know about
innovation?How do we stay the safest that we possibly can?Where are the gaps? Where are the
challenges? Who are the actors that are potential threats to our business? What are the critical
business issues that we need to be thinking about? Moving from eliciting requirements to what's
next with our stakeholders. A is for assessing resources. If you're an organization with limited
resources, maybe you need to consider a managed service provider or MSP or
some other outsourcing option to ensure that you have access to the expertise to secure your
organization without adding to the head count. If you are a large enterprise,
how do you best leverage your IT and security teams? How do you assess and fill those skill gaps
on your team? What are the solutions or the technologies that can be purchased or created to
rapidly move your organization towards transformation?
You have requirements and you've assessed your resources now you'd have to strive for impact,
which is one of the most important parts of this framework. What can you do to make the most
impact in your organization? This is an iterative process because it's driving for impact means
every single day getting a little bit better. Remember that one percent or maybe even 0.01 percent
incremental daily improvement. Finally Y is yielding to feed back. As a business leader working
towards digital transformation, part of your job is to be the visionary, to see what is possible and to
innovate and be creative within your organization stated goals. The defining questions here are;
what can be done better? How are we receiving our feedback from stakeholders? How are we
actively turning that feedback into smaller actionable chunks? How are we communicating
feedback, actions and resolutions throughout the organization? Once a decision has been made,
own it, support it and put your weight behind it as the business leader.
Taking ownership means being open to modification, iteration, and possibly even pivoting when
the feedback calls for it. Cultivating a team culture of active feedback and transparent
communication will facilitate these decisions and the processes,
and will allow for the team to quickly iterate on its successes and its failures.

The EASY Framework is a mental model for cybersecurity.

E – Elicit Requirements
• What do we need to protect to ensure that the business survives?
• What do we need to know about innovation?
• Where are the gaps, where are the challenges, where are the actors and threats?
• What are the business critical issues?

A – Assess Resources
• If you are an organization with limited resources:
• Maybe you need to consider a Managed Service Provider (MSP) or other
outsourcing options to ensure you have access to the expertise to secure your
organization without adding to the headcount
• If you are a large enterprise:
• How do you best leverage your IT and Security teams?
• How do you assess and fill skill gaps on your team?
• What are the solutions or technologies that can be purchased or created to
rapidly move your organization toward transformation?

S – Strive for Impact (based on your resources)

• What can you do that would make the most impact and protect your organization?
• This is an iterative process because striving for impact means every single day, getting
a little bit better - remember that 1% incremental daily improvement
Y – Yield to Feedback
As a business leader working toward digital transformation, part of your role is to cultivate a
team and organizational culture that is: visionary, innovative, creative within your
organization’s stated goals.
• What can be done better?
• How are we receiving feedback?
• How are we actively turning that feedback into smaller actionable chunks
• How are we communicating feedback, actions, and resolution throughout the organization?
 Exercise: Apply the EASY Framework
Consider a business scenario where, as the team lead, you would like to implement ways to limit "non-
team member" access to your team's digital resources:

Use the EASY Framework to sketch out key questions to consider – 1 question for each framework item:
Elicit Requirements
Assess Resources
Strive for Impact
Yield to Feedback

Your reflection
• Where are the gaps, where are the challenges, where are the actors and threats? • What are the
solutions or technologies that can be purchased or created to rapidly move your organization
toward transformation? • What can you do that would make the most impact and protect your
organization? • How are we receiving feedback?
Things to think about
Thank you for your response. For organizations in the midst of a culture/mindset shift, it's always helpful
to use a framework that facilitates a structured and intentional approach to security concerns and
potential changes.
The last point in the EASY framework is "Yield to Feedback":

1) What would be an advantage and/or disadvantages to using a continuous and automated

feedback/response model versus a more traditional and periodic feedback model?

Your reflection
Provides opportunities for learning and development Improves employee efficiency Drives career
growth
Things to think about
Great response! In general, continuous feedback and response models let themselves to more rapid
iterations and improvements over time.
Consider a business scenario where, as the team lead, you would like to implement ways to limit
"non-team member" access to your team's digital resources:

Use the EASY Framework to sketch out key questions to consider – 1 question for each framework
item:
Elicit Requirements
Assess Resources
Strive for Impact
Yield to Feedback
 Managing a Cyber Crisis Before it Happens
https://www.youtube.com/watch?v=Cz2RGj-cS6Q
In cybersecurity crisis, we often say, you don't rise to the occasion, but you fall to the level of your
preparation. Preparation and practice are fundamental in cybersecurity and one of the best ways
to do this is with tabletop exercises. These exercises bring the important decision-makers and key
stakeholders into a room to practice thought experiments on the worst-case scenarios. Now I
know what you might be thinking,
we cannot possibly practice every possible attack or response scenario, and you're absolutely
right. But consider the CrossFit Games. This is where the fittest people in the world come together
to compete and see who is that fittest person. Competitors have no idea what they're going to be
doing from a day-to-day or even exercise the exercise basis. All year long, they're training to
prepare for whatever could happen. Practicing tabletop exercises allows organizations to be agile
when handling and executing against cyber threats and attacks to build strong and transparent
lines of communication across teams and stakeholders, and also to cultivate a rapid prototype
tests feedback, and improve mindset that allows for quick assessment and execution based on
strategic goals and acceptable outcomes. This scenario-based cybersecurity practice also builds
organizational response muscles and makes gaps and processes apparent. It builds business
continuity muscles by raising potential technical implementations and it facilitates and optimizes
team communication by being explicit about who the point of contexts are. For my teams
implementing this often took the form of 30-minute incident response exercises on a Friday. We
could practice thinking quickly, critically, and creatively for our unacceptable scenario resolution.
Sometimes those elaborate tabletop exercises just aren't necessary. Sometimes we have to dice it
up into smaller chunks. One thing that I used to do with my teams is every Friday we would set
aside 30 minutes just to walk through a specific response scenario and then we would have that
incident commander, the person that's in charge of this imaginary exercise, walk from the very
beginning of that incident all the way through its resolution.
You can do this training with just your team. You can hire a third party to help orchestrate the
bigger tabletop exercises. This is just to say that it doesn't have to be this big elaborate thing. You
can dice it up into something smaller, this more digestible for your teams.

Practicing Tabletop Exercises allows an organization to :

• Be agile in its handling and execution against cyber threats and attacks
• Build strong and transparent lines of communication across teams and
stakeholders and
• Cultivate a rapid prototype, test, feedback, improve mindset that allows for quick
assessment and execution based on strategic goals and acceptable outcomes.
 Leadership and Execution
https://www.youtube.com/watch?v=lHj4xM2inDI
One of the philosophies I took from the Marine Corps that I use to this day is this concept of one
team, one fight. Being on the same page, and executing a mission together is also the culture
needed to cultivate across teams and roles throughout your organization. In my experience, when
teams lose and fail to execute on their organizational goals is because a lack of ownership and
minimal communication amongst the stakeholders. We lose empathy. We forget the other person
on the other side of that Zoom call, across the table or in that email is another human being.
They're on the same mission that we're on. When teams and organizations are small, staying
transparent and keeping open lines of communication is easy. But as they grow and teams and
roles tend to separate and become siloed, egos become involved in the mentality of, I'm always
going to do it this way because this is the way I've always done it sets in. To avoid this, the most
important thing from the perspective of teams working together is having an empathetic approach
to leadership and teamwork. When going through a digital transformation, keep in mind everyone
throughout the organization is a part of that process. When we're not all in one accord if we're not
being transparent and we're not communicating along those lines then we are poising ourselves
for failure. Change is a constant in digital transformation and cybersecurity is a journey that can be
an unknown path. Think about the uncertainty index. Remember that as humans we have a natural
aversion to uncertainty. That in an effort to minimize uncertainty, we can lose sight of
opportunities. How do we ploys ourselves for success? How amongst all of this change do we
stay on the same page? There are four spokes I love to discuss for this wheel of success, that is
empathetic leadership, transparency, actionable feedback loops, and communication. As we round
out our discussion, I want to highlight that cybersecurity matters, and it's not a cost center, but in
fact, it's an accelerator for your business and the entire organization. Beyond the IT and
cybersecurity teams, there is a strong case to be made for the critical importance of cybersecurity
having a seat at the C-suite table. Because ultimately, it is the backbone of any digital
transformation. At the highest levels of leadership needs to have a clear understanding of the risks
and the rewards of the transformation of the digital change.To fully understand the risk reward
paradigm, there needs to be a high level of collaboration and communication so that decisions are
informed and strategies are aligned. To go back to our race car analogy,
while the security organization can act as that pit crew, the cybersecurity leader who is well-
informed about the visions and cybersecurity becomes the pit boss or the driver at the C-suite
level. This strategic team member ensures that the business can propel forward and re-imagine
itself safely
Cultivating an organizational culture of "one team", across all teams and roles is mission-critical
for your digital transformation.

• Be on the same page and execute the mission together!

Change is a constant and digital transformation in cybersecurity is a journey with a bit on an

unknown path.

To poise your organization for success, align your practices and processes with the 4 spokes on
the "Success Wheel" illustrated above:

• Empathetic leadership
• Transparency
• Actionable feedback loops
• Communication
 Yahoo! Case Study: The Problem Statement
https://www.youtube.com/watch?v=6oX0Lc1YoTw
At its height, Yahoo was one of the biggest Internet companies on the planet, valued at over $125
billion. One synonymous with the Internet, Yahoo pioneered many digital innovations, such as the
first web directory before Google, the first Cloud storage before Dropbox, and the first pay-per-click
advertising model that so many businesses utilize today. How did a company with so many
innovative firsts under its name be so late to disclosing one of the biggest data breaches in the
history of the Internet? The first announced data breach took place in 2016 that affected 500
million users. Three months later, Yahoo revealed that a second breach may have stolen the
information of three billion customers, basically every user of Yahoo. Yes, I said, announced
breach.
Yahoo didn't disclose the attacks for many years. The actual incident took place in 2013 and '14.
Back in 2013, Yahoo's servers were attacked by an unauthorized third-party. The information
compromised included encrypted security questions and passwords. No financial information was
taken. In 2015, Yahoo forced all users to change their passwords and change encrypted security
answers. During their investigation, a seller on the dark web was trying to sell Yahoo user account
information for $300,000.
In 2017, Yahoo updated the number of impacted accounts to three billion users.

At its height, Yahoo! was one of the biggest internet companies on the planet valued at $125
billion dollars and pioneered many digital innovations such as:

• the first web directory before Google,

• the first cloud storage before Dropbox, and
• the first pay-per-click advertising model that so many businesses utilize today
So why was this innovative company so “late” in disclosing one of the biggest data breaches to
date?

The Problem
1. The first announced data breach in 2016 stated that it affected 500 million users.
2. Three months later, Yahoo! revealed a 2nd breach may have stolen the information of 3
billion users.
3. Yahoo!'s servers were actually attacked in 2013 and 2014 by an “unauthorized third party”.
The compromised information included encrypted security questions and passwords, but
no financial information.
Additional Reading
For more detailed information on the Yahoo! data breach discussed here and its impact, the
following resources are helpful:

• Yahoo! Inc. Customer Data Security Breach Litigation Settlement provides details of the
specific litigation brought against Yahoo!, facts around the case, and settlement terms.
• This article from the National Law Review discusses lessons from the breach.
 Exercise: What Would You Do?
As we've seen and discussed, breaches often have significant financial and reputational repercussions and
the threats are constantly evolving:

So put on the hat of your CEO, you have a major breach in your organization, understanding the
financial and reputational risks, how would you manage your stakeholders?

Your reflection
1. Summarize Each Stakeholder's Status 2. Decide What You Want From Each Stakeholder 3.
Identify Your Key Message to Each Stakeholder 4. Identify Your Stakeholder Communication
Approach 5. Implement Your Stakeholder Management Plan
Things to think about
As with all the questions in this module, there is no single correct response. However, rapid response and
communication to all stakeholders is a best practice. Transparency builds trust and helps to mitigate some
reputational risk. Using Transparency to Enhance Reputation and Manage Business Risk, is a great
article from the Harvard Business Review that speaks to this issue.
 Yahoo! Case Study: What Happened?
https://www.youtube.com/watch?v=iHSrvH8mnJU
As you would expect, Yahoo's reputation suffered. The volume of users affected compounded by
the years it took for Yahoo to reveal the attacks spawned doubt and anger across the web and
media. For users, not knowing their information could be stolen and sold was a wake-up call for
how vulnerable their data could be on the web.
Admitting to customers that there was a problem was the first step, but unfortunately, many
believed that it was a step taken too late. Dear, Bob. Why are you still employed at Yahoo, you
bleeping moron? You bleeped it out? Yeah. This came through LinkedIn. It wasn't just Twitter.
People found lots of creative ways to hunt me down and let them know how they felt. Why did it
take Yahoo so long? The company said they simply didn't know for years after the initial attack. It
was law enforcement who alerted the company of the breach, not Yahoo's internal team. To date,
we've turned over as many rocks as we can possibly find in furtherance of that investigation. But
to date, we've not been able to find the source of that intrusion to understand how it happened,
to understand who it was. Once they knew users' information was being sold on the dark web,
Yahoo then had to maneuver through different states' reporting laws and guidelines. On top of
that, different types of information require different disclosures.
Financial information has a different disclosure guideline than medical information and children.
For the global company, the complexity of disclosing can take time. You'll hear security people say
on a regular basis is that you really have to find ways to keep logs for much longer period of time
than you would normally do. In fact, if the average time between intrusion and detection is six
months, depending on who you listen to,
you're going to need to double that in order to account for other factors and for investigations.
Going back to 2013, there really were not artifacts around for us to examine. Beyond the
reputational and financial hits, Yahoo was later criticized and fined $35 million by the SEC for
failing to communicate and manage the situation.

The ramifications of the data breach were board:

• Reputational impact
• Heightened awareness among users that information could be stolen and sold
• Fines from U.S. regulators
 Yahoo! Case Study: Wrap-Up
https://www.youtube.com/watch?v=PEpVmNG5Ltk
There are many lessons to be gleaned from this Yahoo scenario, and certainly, they were not the
last company to be infiltrated by bad actors. Instead of second guessing what Yahoo could've
done or should have done, let us use this as an opportunity to hone in on the specific areas of
prevention and response. Most notably when and how to notify your customers, stakeholders, and
business partners of a breach. This decision should not be made when you discover there's been a
breach, but rather you should have a plan and practice, how to disseminate the information before
it reaches crisis mode. Who are the stakeholders involved and properly assessing the scope,
impact, and legal implications? What are the agreed upon time frames to notify stakeholders?
Having a plan to shed light on a breach to all stakeholders in a timely manner should prevent
feeling like they are being kept in the dark. As Bob Lord from Yahoo mentioned,
our facts were not available during the first attack, which made it very difficult for investigation. As
a business leader, you will set expectations on prevention knowing the protocols you have in place
will only help you make quick and crucial decisions during a crisis. Being proactive rather than just
reactive, provides a great opportunity for innovation in cybersecurity. Security investments could
have the biggest impact on the business. Remember, it's not a matter of if your company will be
attacked, it's when.
Finally, develop a culture where everyone leans into being a part of the cybersecurity function
within your business. Remember that digital transformation and cybersecurity is not about the new
tech that you buy, but rather about the mind shift and openness and re-imagining security. Having
an ear to the ground and really listening to your customers and teams will enable you to engage in
conversation about security matters.
It's the opportunity to show how a cybersecurity minded culture can make a positive impact on the
business. Yahoo may have been one of the first large breaches, but it's certainly will not be the
last. When you think about the timing of when the breach was discovered and publicly revealed,
Yahoo story is really a cautionary tale. The financial hit and the Verizon Acquisition was
substantial. Today as many business leaders are considering there exits, whether through
acquisition or partial sale. Failure to have a cybersecurity strategy can cost you money. Prepare for
the eventual incident, practice those incidents until it's muscle memory, and over-communicate
security as a value to the whole company, not just IT.

The Yahoo! case raises several questions.

• When and how do organizations notify customers, stakeholders, and business partners of
a breach.
• Who are the stakeholders involved in properly assessing the scope, impact, and legal
implications?
• What are the agreed-upon timeframes to notify stakeholders?
Lessons Learned
1. Be proactive, not just reactive, about security
2. Provide and cultivate opportunities for innovation
3. Develop a culture where all stakeholders take ownership of security
4. Communicate security breaches to stakeholders in a timely and transparent fashion
Digital transformation in cybersecurity is not about new technology, but rather about a
mindset/culture shift and an openness to reimagining security and the role every team
member plays in maintaining it.

Yahoo! Epilogue
Subsequent to the data breach, Yahoo! was acquired by Verizon in 2017 and became a
cornerstone of the Verizon Media Group. Because Yahoo! was a part of Verizon's portfolio of
companies, Yahoo! ceased to be publicly traded that same year. In 2021, Yahoo was acquired by
Apollo Global Management, a private equity firm.

As an early industry leader in the burgeoning internet space of the 1990s and early 2000s, Yahoo!
continues to adapt to industry changes while retaining its core identity and brand.
 Exercise: Your Cybersecurity Mindset – Revisited
At the beginning of this lesson, you provided 4 specific ways cybersecurity could be a "catalyst for
innovative change" in your organization or team. Now that you've completed the lesson, let's revisit those
ideas:

1) How does cybersecurity specifically fit into the strategic goals of the team(s) you lead?

2) Describe 3 specific ways in which you can leverage elements of the cybersecurity processes
covered in this lesson, to better align those you lead with your organization's strategic security
goals.

Your reflection
Chief Information Security Officer, or CISO, is the top-ranking security leader in charge of the whole
security team's vision, mission, and strategy; Under the CISO, we have directors, managers, team
leads accountable for major security functions, such as risk management, program management,
technical controls, security architecture, data protection and privacy; We then have security
analysts, engineers, advisors, specialists, and operators on various functional teams, to work on
detailed security procedures and tasks. The whole security team forms the second line of defense.
It interacts with its primary stakeholders - reporting to executive management, supporting
business functions, and aligning with internal audit and compliance. And the whole organization
works together with its external parties (such as customers, vendors) and external auditors. Chief
Information Security Officer traditionally reports to executive management. And the current trend
is to have a CISO sitting within the leadership team enterprise has a 3-level Organizational
Structure: Governance - responsible for things like business strategy, major decisions, and risk
control; Management - responsible for things like business functions, work performance, and staff
administration; Execution - accountable for things like business operation, project implementation,
and service delivery. This structure forms a classic career ladder in a corporation. How can we
position a cybersecurity job on it? Consulting and auditing firms often use "Three Lines of Defense"
model to describe the relationships among business, security, and audit. According to The Institute
of Internal Auditors (IIA), the three lines model includes: 1. Business is the first line to build
products and provide services to clients; 2. Security is the second line to guide, monitor, and
support risk-related matters. 3. Internal Audit is the third line to verify all works and recommend
action items. Now, let's combine the classic organizational structure and the three lines of defense
model.
Things to think about
Congratulations on completing this final thought exercise. Take a look back at your initial response to this
question. Has your opinion/response changed?
 Lesson Takeaways
https://www.youtube.com/watch?v=BMSJfg5Sd9A
Cybersecurity enables us to create, innovate, and concentrate on our mission. Security isn't just
about data and technology, it's about protecting people and preserving trust.
Change is a constant in technology and business, so mental agility is a business leader's secret
weapon to ride the tides of change. Empathy is key when leading a team through digital
transformation. There will be miscommunication, confusion, and adversity, and all the
components that could lead a mission to fail. Remembering that you are one team, fighting side-
by-side, going in the same direction, but also that each person is also fighting an individual, and
usually invisible personal battle will give you that additional awareness, when you need it the most.
As you've seen, approaching and managing cybersecurity strategy and development is a team
endeavor, and key to the successful digital transformation of your organization. Cybersecurity
doesn't have to be intimidating, so go into this with purpose, be intentional, and assume that you
will be attacked. It's not a question of just if or when, but also how. Proactively defend your digital
assets and be intentional about ensuring your team has the needed resources and skill sets for
agility and innovation. Be intentional about practicing for the crisis to
come and iterate on that feedback you receive. As a business leader, rally that enthusiasm to be
creative and imaginative in ways that create value for your stakeholders within the context of your
organization's overall goals. We end just as we began, you're back in that driver's seat, you're in the
car that is your organization.
You're listening to that pit crew, who is your cybersecurity team. You're going through the terrain,
you're going past these threats, you're going past competitors, and you're going to move into that
next position and become the champion that you were made to be. With that, good luck. You've
got this

As you learned throughout this lesson, cybersecurity enables a business to create, innovate
and concentrate on its core businesses in relative digital safely.
With a focus on protecting people and preserving trust, use the following guidelines as you
move forward on your cybersecurity strategy:

• Be intentional and assume you will be attacked

• Proactively defend digital assets
• Practice for the crisis to come and iterate on the feedback received
• Communicate transparently and rally enthusiasm and creativity
One Team Approach
Developing and managing a cybersecurity strategy is a team endeavor. Poise your
organization for success and cultivate a security culture and subsequently teams that are:

1. Agile
2. Inquisitive
3. Action-oriented
4. Responsive to feedback
5. Well-Practiced
 Congratulations
You have completed this lesson on cybersecurity and we wish you the best on your cybersecurity and
digital transformation journey!

Additional Reading
To stay abreast of the latest cybersecurity news, the following resources may be helpful:

• SecurityWeek provides high-level, enterprise relevant cybersecurity news and analysis

• Network World provides technical and non-technical security news analysis
• CPO Magazine provides articles on security from a leadership perspective

Next Steps for Your Journey with Transformative Technologies

Now you have some choices for the next stage of your Digital Transformation journey.

Option 1
Complete another topical lesson in this Transformative Technologies course that is of interest to you.
Option 2
Move on to the next course in this program.

Congratulations again on completing this lesson!

5. Careers: Elevator Pitch
Elevator Pitch
Imagine that you’re waiting for the elevator at your recruiter’s building. And suddenly, Elon
Musk shows up in front of you and is waiting for the same elevator. You get in and you have
around 30 seconds with him. What will you tell him?!

Probably, you want to leave a very good impression that would lead to a follow-up call. An
elevator pitch allows you to express yourself effectively, and make a good first impression
which usually leads to a follow-up conversation!

This video will tell you more about how to leave an impression when answering the famous
“Tell me about yourself “ question!

Agenda:
• What is an elevator pitch?
• Why it’s important
• Examples of an elevator pitch
• Instructions on how to write one

https://www.youtube.com/watch?v=TnX4l5qt0-Q
imagine you're waiting for the elevator at your recruiters building and suddenly Elon Musk appears
in front of you he's waiting for the same elevator the elevator arrives you both get it and you have
around 30 seconds with him auto detail you have to be prepared with your strongest tagline and
that's what you call your innovator pitch day of this micro speech is to highlight your best strength
open up proteins for collaboration and seizing opportunities with potentially recruiter or partner in
other words the elevator pitch is a brief concise timely and specific answer to the question tell me
about yourself
let's switch places here for a moment but if you wear Elon Musk what would you like to hear about
the person in those 30 to 60 seconds well maybe something I love the person is good at his or her
credentials achievements and contributions in other words a very concise format of a resume and
that's what we're going to give so to make it
clear memorable actionable and impactful first impression through your Innovative pitch these are
the items to include first your name of course followed by your strongest value proposition what
are you a subject matter expert at why should the recruiter hire what are you bringing to the table
for example I have five years experience in Python second present your target audience or area of
specialty along with the results you deliver for instance I work on designing state-of-the-art
websites or I deliver unique technical training programs for programmers third Stitch your
objective or your plan for example I'm looking for an opportunity to utilize my coding experience
with your unique and seasoned team fourth articulate your strongest most recent project if it's
relevant to the recruiter number five and finally finish with a call to action this is usually in the form
of a question to schedule a follow-up touch point don't use yes or no questions like can we set a
meeting or have a call tomorrow well maybe the recruiter would say no
instead ask the second question assuming you've already got an approval on the concept for
example when is a good time to talk or even suggest a time if it doesn't suit them they will counter
offer but don't walk away without sealing a commitment let's see an example my name is mean
Amir I have over eight years of experience in changing people's behavior through training and
coaching I use my enthusiasm creativity and empathy in addition to my knowledge in human and
organizational psychology to connect with and influence others to bring out their best I do this with
individuals teams and organizations I believe I can utilize this experience within your organization
and add real value when can we grab a coffee to talk about collaboration plans this week here's
another example from Udacity team hi my name is muzung I work at Udacity U.S based education
startup I focus on developing and launching career services for Tech graduates in fields of data
science and web development this includes resume reviews Career Fairs and job interview magic
prior to Udacity I was a business analyst at mckinsian company where I analyze data for
companies to increase their profitability I'm currently looking for a role that can combine my
passion for the education technology space and my skill in data analysis what about you your
elevator pitch is helpful because it allows you to express yourself effectively and make a good first
impression this good first impression is what usually leads to a follow-up conversation and to
strengthening your network and you're still able to use it virtually by sending it to Recruiters on
LinkedIn or as interest in your emails work on drafting your pitch try it a
couple of times on your own then get a feedback from friends and professional colleagues made
the necessory tweaks until you're satisfied with their final version demonstrating confidence and
comfort while saying it and by the way just know that an
elevator pitch is a 30 to 60 second Max but in an interview it might reach two minutes so have a
longer version available where you can elaborate more on each of the items you've mentioned go
dancing

Don’t forget to attend your Career Coaching sessions to have all your career-related questions
answered!

Don’t forget to check your inbox for the email entitled “First Career Coaching session reminder” that
includes all the info about your career coaching sessions, so just be there on time and make the best
out of them!

Below are the resources that will help you put together an impressive Elevator Pitch,

• Body Language
• Personal Branding
6. Leader Perspectives
Preparing for the Challenges
https://www.youtube.com/watch?v=7-mcpuTCNYk
As you've figured out by now, implementing a digital transformation will not be easy. As you lead
your team into the unknown, you must be prepared to actively manage the changes your team will
encounter. You'll need to develop and nurture a culture that supports your transformation journey
and you'll need to build a team that can respond with agility to the new learnings that come your
way through this process. To help you on your way, we have invited leaders who have been
through transformation journeys to share the experience and offer some practical advice. You'll
learn what works well and also hear about some common pitfalls to avoid. Choose at least one
topic that aligns with your organization's challenges and opportunities.

Leading into and in the Unknown Is Not Easy!

You need to develop and nurture a culture that supports your transformation journey and you'll
need to build a team that can respond with agility to the new learnings that come your way
through this process.

In this part of the program, we have invited experienced transformation leaders to share their
experiences and some practical advice on:

• Effective change management

• Building a digital culture
• Agile teams and talent
Choose at least one topic that aligns with your organization's challenges and opportunities
Successful Change Management
https://www.youtube.com/watch?v=1MmYhyWwX0M
We're going to discuss the challenges of change management with Tara Beckman.
Tara is a business transformation and change management leader with a career built around
delivering creative strategies and solutions to organizations that fuel growth in dynamic
environments. She has worked across a wide range of industries, including retail, manufacturing,
utilities, healthcare, and high-tech. Welcome Tara. Nice to be here. Nice to meet you, Pascal. Let's
jump right into it. We're talking about change management. I'm just curious how do you even
define it? It's that structured process to be able to help individuals and organizations transition
from a current state to a future state. For me, it's a little bit of art and a little bit of science because
even though it's structured, I think every practitioner, every person that does change management,
does it a little bit different. That being said, when I look at change management clearly,
we're talking about specifically about digital transformation. Is that a different process to other
types of change management or are they all the same? The way I would look at it and the way that
I attack it when I talk any change management project or initiative is always look at what is the
complexity of the change and what is the scope of the change? That's no different for me when I
look at a digital transformation, I think folks often don't consider the people part of it. That is truly
you're not going to have any change. Be successful if it relies on your people changing the way
that they need to work together or a process that's involved in the change. It ultimately all comes
back to the people needing to do something different or work in a different way. The super-secret
trick or sauce is involving them. Who? Yeah, It's actually involving the people that are going to be
impacted by the change. Is for me the biggest piece or the biggest secret is the magic in doing this
transformation. I'll give you an example for our transformation that we're doing right now in utility,
back in the design phase of the project, we stood up a change agent network. Now we didn't call it
that because the field, they're all men first of all and they don't like anything called change
management.
No. We'd let them choose their name and they came up with their own name for the group. We
pulled a cross-section of folks and we said the reason we want to do this is we want to give you a
voice. By getting those folks and we had frontline folks and a few managers on a different group
participate and they have been giving us feedback the whole time and we've used that group not
just on this project, but we've been using them on messaging. Like, Hey, what do you think about
this messaging? Well, this resonate, do you think for the field? They give us real feedback like no,
that's too corporate speak. Nobody will understand what that means. I really appreciate that. They
like it when we ask them, they thank us to go. Thanks for asking us. Thanks for asking us what we
think and letting us know. It's helped us bridge a gap, I think between what's perceived as
corporate and the field and bridging that barrier. That's how I typically bring about change as how
can I get them to go through an experience so they can feel it, which is either simulation, how can I
simulate something? Or how can I get them somebody else who's gone through that experience so
they can share it.
Meet Tara Beckman
• Business Transformation and Change Management leader
• Experience in retail, manufacturing, utilities, healthcare, and high-tech

Key Points
Change management is a structured process to help individuals and organizations transition
from a current state to a future state.
• Change management is both an art and a science.
• Your plan of attack depends on both the complexity and scope of the change.
• The "secret sauce" is involving the people who will be most impacted by the change.
Digital Transformation Across Industries
https://www.youtube.com/watch?v=N1rlpZsi6TA
You've worked in anything from retail to manufacturing to utilities, the people who make electricity,
very different businesses, and then all the way to high-tech, the people who consume the
electricity, ultimately, I guess. I'm curious, in all of these organizations, where do you see digital
transformation actually mattering? Is this across all of them?
Is it just a few of them? How do we need to think about that? It's a great question. I think it's really
happening all over the place, and it's evolving, I would say. It started there for me, in retail. What it
looked like in the retail company that I was at is they really wanted to get closer to their
consumers, and they decided to build a lot of technical applications. Suddenly, they were hiring a
whole different skill set. They were hiring tons of engineers, data scientists, because they wanted
to really get those insights from their consumers on what would speak most to the consumer to
build those stories in order to meet their consumers where they are. Another example, and one
that's very close right now, is in the utility where we're looking at how do you upgrade and
transform your electrical grid? What we're doing and what we've seen a different utilities that I've
been at is we're looking at, how do we automate some of the equipment that's on the grid?
In our control center, we have operators that we are implementing new platforms within the
control center that that operator can control equipment that's out in the field from the control
center. That person can see everything that's on that distribution network along the grid,
understand what it's doing right now, and then during an outage scenario,
they can actually make the outage smaller. As a customer or consumer, you and I,
we have to sit at home sometimes with these long outages, maybe days, and that's not a regular
experience if I'm a customer, I don't want to sit in the dark for days, and that's really when I notice
that I have a utility. Suddenly I'm like, I'm not a very happy customer.
That's not what you want to be known for, as a utility. You want to be known for reliability and
safety. You always want to be able to flip that light switch and see the lights come on. What are
the likely types of change you see as a pattern emerge for
a company when it embarks on this journey of "digital transformation"? It's interesting. Both
companies, when they have embarked on this journey is they have changed their model to say,
instead of saying they're a retail company or where a utility company, both are starting to identify
as, we're a technology company. That's an interesting thing, just to know. They really want to flip
what they're known for. We're a technology company.
We move fast. It's almost like re-identifying their culture. We're results-oriented, we move fast,
we're agile, and we're going to bring in the newest technology as fast as we can in order to best
serve our customer.

Transformation Matters Everywhere!

Transformation may look different in different industries, e.g. in retail, it might require a focus
on data to better understand customers vs. a utility that needs to automate equipment to
improve outage response time.

The common thread: organizations who transform successfully identify as technology

companies.
First Steps in Change Management
https://www.youtube.com/watch?v=Tqr-09ncwgI
We got a couple of things around the mindset shift. There's a fundamental understanding of we
are a bit digital company now, but I believe there's more to that and I'm curious to hear from your
experience, what is it we need to do as the first steps here? Yes, I think first it's aligning within your
teams or your leadership team, so one, can I get an alignment and prioritizing what are you going
to do. Before you can start on the journey with your company I think some of the things that I've
experienced or run into is there is a lot going on at companies. Everyone has their favorite project
that they want to move along. If you're going to make big transformational change, you can't be
doing 100 different projects or you won't be able to really focus in on those big nuggets that are
going to move the organization to create that value, so really prioritizing and getting agreement so
we can all move in the same direction. It doesn't mean you're only going to focus on one thing, it
just means making sure that we've truly prioritized where our resources are going to spend their
time because right now we're all starting to feel this talent shortage. I think what we're noticing is
it's harder to find great talent where we need them and so do we have enough talent that are going
to be able to execute these projects and implement them, and then also to operationalize them, so
we need to be prioritizing. Before we can prioritize, we need to align. Then the other thing is also to
build that change story. If we're going to bring the organization along on this journey,
we don't necessarily need to know the end-state because I think digital transformation,
I don't know if we necessarily know exactly where we're going that's part of a transformation, the
things are evolving and changing. I find some leaders are like,
we don't know where we're going so how can we tell people and then they don't want
to say anything and that's not the answer. We need to tell people, so I think it's okay to say, Hey,
we're embarking on this journey. We don't know quite the end-state, we're going to go on this
journey together. It's a lot of different things. It's as simple as digitizing or automating reports,
which can be quick and helpful to these big things like implementing a platform which then you
can have advanced applications and add on over the years and I'm sure it's going to mean even
more in the next few years as we continue to evolve and change. I find it's become this phrase that
can mean so much and it involves a lot with business model changes and how you operate
differently.
I think it's really important to start with the alignment and then building,
and talking about that change story. The why, why are we doing this? Why do we need to embark
on this journey and start telling it to folks to bring them along. I think that's a good way to start.

Getting Started
What are the first steps in change management?

1. Achieve alignment: get everyone organization is heading in the same direction.

2. Prioritize: ensure that the organization has the right talent and resources to execute and
operationalize the critical projects.
3. Build a change story: focus the story on the journey because you can't know the end state at
the start of transformation.
4.
Scoping Change Management
https://www.youtube.com/watch?v=U7QcXb2964c
Tell me a little bit more about how do you scope digital transformation? As in, how do you figure
out when you are embarking on this journey? Is this about some, say, robotic process automation,
so turning paper into digital processes, is this about a complete revamp of our business model?
How do you go about this? How do you find out what the scope is of the endeavor? That's a great
question. I think for me when I've been supporting or being involved in it as a change manager or a
change leader, usually, there is a sponsor. That's one important role in a change where somebody
that has some money, because usually these involves some money and a person who's going to
bring resources to bear, they have an idea. So they bring a business case because they want
some business benefit that they're going to bring to the organization. As we determine what's the
change, I'm always asking, okay, so let's think about our stakeholders. How is this impacting them?
What's the impact based on that change? What's the implication of that? Because that really is
what drives the solution that then I'm going to have to come up with to support them through that
transition and that is really where the crux of the solution is. I'm looking at it from a process
perspective, a behavioral change perspective, an all perspective, are we going to have enough
people to support this new way of doing things? How are we going to measure that it sticks, and
supporting it through communications and training, and looking at it very holistically? I'm trying to
look at it across the organization holistically and even outside of the organization. Are we asking
our customers to do something differently or our vendor partners or suppliers, the whole nuts and
bolts of the whole supply chain. End to end, how is this going to work? What are those interactions
going to be like and those handoffs? Because I think sometimes when you work in an organization,
we tend to get so heads down and siloed, we don't always think of those cross-functional
interactions. That's really my sweet spot, it's asking those questions and getting people to practice
that before or as we're changing, especially when we have new behaviors and new ways of
working and those new interactions like, let's practice and see how that's going to work, and is it
going to work or do we need to think of doing something differently?

How Big Is This Change?

To scope a transformation you need to identify:

• A sponsor: the person who has the resources and what is the business case for the
change.
• The stakeholders: the internal and. external people who will be impacted by change
and how will it impact them.
• The handoffs: the supports the affected stakeholders need and the team that will
provide that support.
Allies and Naysayers
https://www.youtube.com/watch?v=KtiQA5Q7abo
You mentioned something interesting around what I like to call allies, forming this band of allies,
people who are in support of the mission, the transformation, your work, have you found in your
work that there's certain groups inside of an organization, but you really should find as allies or
how do you think about it? I think its allies and they could be naysayers. Quite frankly, I asked for
folks on that group of field workers or represented folks, I said I would like your most influential
people, even if some of them are naysayers because they're influential too. Now, I don't want folks
that are never going to get on the bus, so to speak, because that's a waste of your time if they're
never
going to get on the bus but I do want somebody that's very vocal, that they're constructive in what
they say. They tend to have a loud voice and they are critical because if I can sway them or get
them to give their feedback and they say, this is a bunch of hooey and I can say, okay, tell me why
it's hooey and what would you change about it? They give me their advice and we can have a
banter and a back-and-forth and we can come to some agreement or meet in the middle. Then I
think you can turn those people. You can get them to turn to be an ally and, or you can at least earn
their respect.
That to me goes a long way because you may not agree, but you can get a commitment.
I think commitment versus compliance is huge. If I'm the hero in this story, in the digital
transformation story, what can I do to maximize my own impact? You already shared a whole
bunch of strategies which we should deploy. I wonder if there's another layer on top of that which
you find as an individual, what can I do to maximize my impact and
maximize my efficiency and effectiveness in the process? I think coming with that mindset of
curiosity and openness and willingness like a growth mindset. I think as an individual, if you want
to add value and then seeking out those leaders who are wanting to change and then thinking
about, how can I be more customer centric? How can I look broader than just my area? Is there an
opportunity for me to look up and think more enterprise wide? What are those more holistic ways
to think about the organization?
Is there an opportunity for me to grow my skillset? Because in this time of change,
we all need to be thinking about how do we grow our skills? Is there something within the
organization that is going to be the next that I could be building my skillset. Do you have a passion
around anything that your organization is growing into that you can then try and train yourself in
the flow of work. Is there a way you could just take a class as you're working that will help impact
your organization and support what your organization is trying to do. Because I really do believe
we all owe it to ourselves to either do an hour of learning even once a week. It's amazing or listen
to a podcast at least once a week, just to keep ourselves fresh and understand what's out there. I
think we all get so bogged down in work we don't know when to do that.

Form a Band of Allies to Support Your Mission

• Include the most influential people -- even if they are naysayers.
• Look for people who are both vocal and constructive.
• Even if you can't reach complete agreement, you can often get respect and
commitment.
Maximizing Your Impact
• Start with a mindset of curiosity and openness.
• Seek out leaders who want to change.
• Grow your own skillset.
Change Management Challenges
https://www.youtube.com/watch?v=ENPs45yDQMU
Let me go to the Dark Side of the Moon. I am curious. What have you found are the typical
challenges we face like what is this stuff which goes wrong when we embark on this journey?
What I've been facing lately is honestly lack of resources or not scoping of the project correctly,
resource-wise, so we're on this huge transformational journey right now within the utility. We don't
have enough subject matter experts. We are desperate to roll out this project and we've had to
delay it. I find that this talent shortage has been really tough and that has had morale issues with
the current people that we're working with. That's one thing that has been a challenge. Resistance.
I think you can always find
resistance on any project or any effort that you're starting, particularly with people who don't
understand. It's a tough one. It goes back to that new ways of working together and how do we
drive that? That could be organizational development supporting that
if in your organization could be changed management. I know we're helping to support a bit of
that. It's a tough that's some of the challenges we're facing and if we don't address these things, it
can lead to not meeting your timelines, which we're seeing.
It truly gets to this point where you are prioritizing and constantly juggling that kind of thing. I
guarantee that's happening across numerous organizations right now as we're looking at this
talent shortage in different areas. Like if we know it's going to take two years to build this type of
person or this role. We better, we start now. We've said that, what are we doing then to prepare for
two years from now, we need to be starting more prentice-like programs or how are we building
those next, those back groups in now,
we need to do that because they don't grow on trees overnight. How do we build more of them and
get them upscaled?

Common Challenges
• Lack of resources and talent shortage
• Resistance to change
Confronting Resistanc
https://www.youtube.com/watch?v=EtN350Ce7Ok
You mentioned the potential for resistance inside of an organization, inside of a project. How do
you deal with those pockets of resistance? What are the strategies to overcome them? The
strategies, I think it depends on what it is. Most people resist, either through fear of not knowing,
not understanding, and some are just not willing. You have to figure out which of these flavors is
this person coming from? I like to start from giving people grace or starting from good intent so
that if they just don't know or they've come from a different experience. Maybe meet each person
as much as you can where they are. I know some organizations are super huge, so you have to
think about it from using personas or if somebody is not knowing, how do we meet that type of
resistance? If somebody is unwilling, we might have to leverage their managers or make it in their
performance appraisal like if you don't do it, which is not my favorite thing to do, but if you've got
80,000 or a 100,000 people in your organization, you sometimes have to use a different way of
doing things. If they're not knowing, they're going to get training. There's some level of, you build
awareness, you build this over time and they will start to understand, become aware, and they'll
build their knowledge, and you'll get past all of these. Let me drill down into this idea around
resistance a little bit more. One common theme which you hear quite a bit is this generational
conflict. The youngsters versus the old stirs. The young people who are digitally native versus the
old people who don't get it. I'm curious. Do you see this? Do folks respond to change differently?
What are strategies again, how do you cope with it? How do you overcome it if it exists?
Yes. I have seen it. I do think that the retail organization where there are probably more digitally
native or folks in that younger generation, they come in and it's awesome because I can use more
digital technology and more social media to use that in my solutions for change. You can interact
with them that way. In the utility that I work at where there's people that have been there for 30-40
years and you're just a baby, if you've been there for 5-10 years. When I went out into the workforce
and I was training them and we were training them on putting an app on their phone. This guy
pulled out his, I'm not kidding, flip phone and he is like, "Can I put an app on this?" He had a little
Apple sticker on the outside of his flip phone and there was no way you're putting an app on that,
but he was joking with us. I know he knew that, but he was basically saying,
there is no outgoing on this to me. People are resistant because they don't want to do it,
in a way he was basically telling us, so there are. It depends on I think some industries and some
people that are just like, I don't want to learn that. But I think we're getting to that point where we're
saying to do your job and to do it effectively, we're needing you to turn that corner now. That's a
generalization. I do have some folks who are totally great,
who've been in the workforce for quite awhile and I'm one of them. I've been in the workforce for
quite awhile and I love new things and new technology and I'll sit around and try it. I'm not an
expert all the time and I do need help, but there is a difference.

Where Does Resistance Come From?

• Fear of the change
• Unwillingness to change
• Generational differences - digital natives vs digital immigrants
Overcoming Resistance Requires Different Strategies for Different
People
• Start with good intent and build trust.
• Provide training to reduce fear.
• Leverage managers and performance appraisal consequences when needed.
Why is Change Management Important?
https://www.youtube.com/watch?v=n4QISHUqFOI
let me ask the heretical question why should i even care about digital transformation and change
and change management i think you should care as a leader if you're trying to get business benefit
right i think it comes down at the end of the day to what are you trying to achieve are you trying to
achieve some kind of benefit for your organization and it's been proven you know time and time
again that if you have change management working closely you know on your effort that you're
going to get there
faster and it's going to you're going to get quicker adoption it's i i think it's hard for them to also
focus just as much on the people side of things the people side of things
is a very big effort especially in a transformational project it's includes what are those process
impacts what what are the different ways of working how are people impacted
who is all impacted right it's not just one area typically is going to be multiple areas of the
organization and and defining how they're impacted you're finding that out for quite a while and
then designing what are those interventions or experiences that they go through it's not just
communications and training it's more than that and it's it's it's hard to explain sometimes it's not
just it's the secret sauce I mean i think it comes across as communications but they're each
designed to create that experience and i think companies are going to start to get left behind if
they don't consider what is
their strategy around um connecting with their customers in a in a kind of different way in a
technology technological way right like even though it's not all about technology it it a great part is
through technology it's how are we serving our our consumer and it the one of the first things you
have to do is figure out are we you know connecting and communicating to our customer through
a platform whether it be web or app i mean today our customers think about who all's coming up
right you mentioned digital
natives well yeah gen z is entering the workforce so behind them are going to be digital natives
and so we need to all be ready to be more agile and build that capability to be resilient and and to
best better support our people and to build that change capability
within our organizations right so that we are not uh it doesn't feel as overwhelming
you know as we when we change as much so we all feel like okay yep it's another change i can roll
with it or it's another tweak to this yeah I can do it right it doesn't it feels less overwhelming and it
doesn't feel like oh my gosh there's so much change coming at me so i think that's that's another
benefit and i would say as a change practitioner what we're doing what i'm trying to do is also
bundle or make sense of it right we have so many different things going on how do we create a
thread through a lot of it so that it doesn't feel like i've got 50 different changes going on we've got
different efforts but you know what they all relate and that that can make it seem like it's less
of less overwhelming to the people that are receiving the changes i'm curious what do you find are
the common mistakes you've seen being done in change management i think common mistakes
are treating it you know like a checklist is just kind of going through uh and checking the box and
when you execute the activities this gets back to
the art and science change management is not just checking a box to complete an activity like i
did a change plan or i did my stakeholder list or my communications plan
that's not effective at all i it's a good place to start right to understand what you need to do but it's
not so much about filling out a template it's really more about what the outcomes of the template
right or the the exercise and doing it and making sure you're involving the right people that is really
the value of it if you if you really don't know
enough about change and you need some advice I think it's important i don't know if everybody
always understands the value of change management you do if you get a good change manager i'll
put it to you that way

Why Should We Care About Change Management?

• Allows you to get where you need to be more quickly
• Keeps you from being left behind
• Builds resilience in the organization

Common Mistakes
• Not focusing on the people side of change management
• Ineffective communication
• Not connecting with customers
• Treating transformation like a checklist
Closing Thoughts
https://www.youtube.com/watch?v=wjnSTjI1hK4
Tara, thank you so much for this conversation. I loved our interaction. We talked a lot about
change management and why we should care and how we can do it and a couple of key learnings I
took out of this is, it's really about the people. We talked a lot about the potential resistance, the
allies we need to form, the resistance to overcome, the inspiration and aspiration we need to give
to people. We talked about the leading into
and in the unknown and being comfortable and good at that. Also, just like the acknowledgment
that yes, it is a very complex and maybe very complicated topic,
but there is a path through it. There is a way for us to get started, which isn't all that hard. I took a
lot of personal encouragement out of that and I'm just curious as a last question for you, what is
one immediate action you would give a leader who is embarking on that journey? As in, that's the
thing you should do. That's what I recommend you start doing right now today. If you're ready to
embark and you have that digital transformation ready to go, I'd say start on your change Story.
Get it going because you cannot build alignment unless you really have what you're going to start
changing. Start building on what is it, and most importantly, why are you going to be doing it?
Because that will help you build alignment and start bringing people along that journey with you.
Tara, on that note, thank you again so much for your insight, your wisdom, sharing your experience,
your personal stories, bringing so many practical examples to our conversation. Thank you. Thank
you. Thank you.

Key Learnings about Change Management

• Focus on the people: building allies and overcoming resistance.
• Change is complex -- but there is a path through it.

Your First Step

Start building your change story:

• What does change mean?

• Why are you doing it?
A good change story will build alignment and bring your team along on the journey.
Culture Eats Strategy for Breakfast
https://www.youtube.com/watch?v=0IS3PeOj6Hc
There's a quote, Culture eats strategy for breakfast, that is often attributed to Peter Drucker. The
point is that you can have a perfect strategy, but if your culture doesn't support what you're doing,
that strategy is likely to fail. This is especially true when your organization is on a transformation
journey. It's critical to get your culture right. To learn more about how to develop and nurture
culture that supports transformation,
let's talk to Sha Hurley. Sha is a global program manager and digital transformation advisor at
Google, where she helps high potential digitally native companies and Fortune 500 organizations
accelerate growth. She's also a certified well-being and leadership coach. It is wonderful to meet
you, Sha. It's so nice to meet you too, it's so nice to be here. Sha, let's dig into it. We're talking
about digital culture, and how do you define what is an effective digital culture for you? Yeah. I
think when we talk about the definition of digital culture, we really need to ask ourselves why it's
important in the first place. Based on my experiences working on Google in the past five years,
working with hundreds of thousands of organization going through this digital transformation, I
simply put the why in three different packets. One is for growth, two, efficiency and the third one is
creating competitive edge. Now, with a clear understanding of the why, that makes it easier for us
to talk about what is effective digital culture. It's a huge conversation, but let's just make things
simple today. The first one, I think it's focused on the user. That goes down to empathy, strong
understanding of the customer needs and second one is technology or talking about digital
transformation and so technology.
People wanted to feel they're doing something meaningful and work. If you really think about the
worst case scenario and that's you give people the work that can be simply replaced by
technology. Do you have the right tool for your people and your organization to create competitive
edge for your company? That's the second one. The third one is culture of innovation, which is
something I'm super passionate about myself. It's a culture where you allow fresh ideas to flourish,
supported by tools. Allow your people to test it out, learn a new skill and something we're going to
talk about a little bit more later on, it's failure. How can you fail fast? You do really fast. Even
celebrate failures. I know failure sounds scary, especially for larger organizations, our decisions
are high stake.
But it's essential in the digital culture. Last two, one is the people operation. We are all human
beings. We all work in the organization even though we're talking about digital transformation, but
it's really, we're talking about people. Do you have what it takes to get the very most out of your
very most important asset, which is your people? The last one is a patient and leadership. I believe
we're going to dive a little deeper into leadership. Effective digital culture is really where everyone
is taking some leadership. You don't have to be a manager to take a leadership role, and it has to
be rooted in every single person you hire. They feel they have the ownership to create innovative
initiative, and really push the company to move forward.

Meet Sha Hurley

 • Leadership & Transformation Coach at Google
• Certified well-being coach
Note: Sha Hurley is not speaking on behalf of Google or Alphabet.

Defining Digital Culture

A strong digital culture is focused on:

• Empathy for the user and a strong understanding of customer needs

• Using technology to create a meaningful competitive edge
• Innovation and fresh ideas, including a tolerance for failure

"Culture eats strategy for breakfast"

Attributed to Peter Drucker
Creating an Effective Culture
https://www.youtube.com/watch?v=JznLSYLSIwc
Let's go a little matter and zoom out a tiny bit before we zoom in. I'm curious if you're thinking
about an effective digital culture and to contrast this with probably an ineffective digital culture,
one which doesn't quite work, which is maybe even harmful to an organization. What are the
hallmarks which you see in organizations to tell you it's effective or ineffective? What makes it
work? What makes it not work? I think it's easier to really look in the things that does not work. The
first very, very easy red flag you can pay attention to is a high turnover rates. If people are leaving
the company for a good reason, for their career growth, that's good. But if you can't really dive into
the root cause and people exit, interview a conversation understanding why the employee is
leaving. If that leads to inconsistent leadership support, that's a big no-no. Second one is fear. I
know I talked about fear earlier, I think that's a huge topic. We just have to talk about fear, it's a
fear of change, fear of failure and fear of conflict. I work on Google Executive Briefing Center and
we have thousands of executive, C-level leaders come to Google and then tell us, hey, we want to
work with you guys, we want to go through this digital transformation. We don't want to fail, how
can you help us to get that? That's almost like a mission impossible. It's really died down to how
can we work with our fear? Then you can really easily spot, just listen in to your leadership talking
or listening to yourself talking. What question? What comes up your own mind? Fear of change, if
you don't want to change then this transformation is not going to work. Next one, I want to talk
about diversity, lack of diversity, equity and inclusion. It's such a hot topic right now in the world. If
you think about digital culture, we're talking about globalization.
We're talking about targeting customer that's in different side of the country, I mean the world. If
you only have certain demographic like male or people from certain country to work together,
you're not really getting the diverse perspective that you need for you to really push the
transformation forward. If your employees don't feel they have the ownership of the process of
results, that's going to harm our organization because essentially you want to give the employees
full freedom to utilize their talents. The last one is if your employees are just burned out, mental
health and not happy and that's a huge red flag that you need to pay attention to because high
productivity and innovation transformation most likely are incubated in an environment where
people feel safe, belong, empowered, sense of well-being. I'm curious. We are recording this at the
beginning of 2022 and Headlines Galore talk about the great resignation. This fact that we've seen
people in unprecedented numbers quitting their jobs. You said something earlier in your
commentary about looking at people quitting, attrition rates. How do you differentiate in terms of
practical terms? How do you know if this is just an outburst of
the great resignation or people taking different career opportunities, as you mentioned,
that might be if even a good thing versus all the other factors you talked about, people being
dissatisfied or not happy with their job or don't feel they can do or should be able to do what they
want to do. That's where empathy can play really important role in their understanding, what is
going on in this person's life, is it just a phase because of the pandemics happening? We're all
dealing with so much in life and work. War is something else. I guess the short answer is really
talking to your employees, communicate with employees and understanding what's going on and
how you can help them. One example on Google, we have this internal mobility program 20 percent
projects. We give people opportunities to do 20 percent projects and doing something
that they feel like I want to just test the water and see if there's something else I wanted to do
within our organization. That way you can see if this person is just all happy about
the organization in general or it's just because this person wanted to try a different path and grow
their career path. A tactic is really, have some programs structures in place.
You give your employee opportunities to try different things before they leave. But if they just want
to leave, then it's a good time to have a conversation.

Signs of an Ineffective Culture

• High employee turnover
• Fear of change, failure, and/or conflict within the organization
• Lack of diversity, equity, and inclusion on your teams
• Employees do not feel ownership in the process and results
• High levels of employee burnout

Empathy is Critical
• Talk to employees to understand what is going on and how you can help them.
• Develop internal mobility programs to allow employees to explore different career
paths within the organization.
Developing Empathy
https://www.youtube.com/watch?v=gMO6zuGq9jc
Let me connect something you set in your first statement to the point about employee satisfaction
and your ability as a manager to actually suss out if people leave for the right reasons or the wrong
reasons and that is empathy. In your first statement, you also talked about customer empathy. I'm
curious. I do believe that generally speaking, we all understand empathy is important. We've heard
this a million times. Design thinking teaches us this. It feels to me like it's such an ambiguous
topic though, because what does empathy even mean? How do we develop empathy and do we
need to develop it, or shouldn't we, as human beings have empathy by definition, I'm curious, how
do you instill this trait in your people or how do you activate it? I think there are really three
questions in there. What is empathy? Why is empathy important? How do you instill empathy in
your organization? Let me start with, what is empathy? What is empathy? I think if you asked 100
different people, they might give you different answers. But it really comes down to the human's
basic needs. If you look in our basic needs, we want a few same, we want to feel hurt. We want to
feel, we are understood. If we really want to dive deeper in why is empathy important, which is a
second question you asked is,
we all want to accelerate growth. We all want to create a competitive edge and we want to create
efficiency. Empathy really play a really important role in there all business is people business and
sustainable growth needs to be really backed by solving customer problems and meeting their
needs, which really roots into empathy and customer empathy. Co-founders Larry Page then he
had this philosophy and then it said, "Every single idea we have needs to pass the Toothbrush
Test." If you've heard about the toothbrush test. We all brush our teeth twice a day. If not at least
once a day.
Whatever idea you have, you are solving the problems the people need you to use your idea at
least twice a day, or at least once a day. In the example, you really dive into our Google products. If
you think about Google Search, Gmail Drive, YouTube, Map.
How many times do people use the products? Probably even more than twice a day.
Then that's where we play really dip into this customer empathy. What does customer needs, and
then how can we be empathetic bringing that into our product innovation.
The second one is create a competitive edge. We will talk about spoil your customer all the time.
You got two choices right there when customer come to you and complain about something, you
got one choice which is, "Hey, our products are amazing.
It is you who are not doing this right," and a second choice you got is, "Hey, how can we embrace
this is spoil for the customer." This customer can actually be part of your innovation and digital
transformation. One example is, years ago there was no Wi-Fi on the airplane and then some
airplane started to add Wi-Fi in there. And there spoiled your customer starts to compliant. "Hey,
the Wi-Fi is not fast enough, " I said, it's two choices you've got either you push the customer way
or you try to add faster Wi-Fi on the plane.
That's how innovation digital transformation can really get initiated. The third one is really empathy
can help us create efficiency. It's important in digital transformation because you need to
understand the customer's needs. If you bring in empathy to the customer needs and even within
the organization, your employees, bringing more empathy to the employees. That gives you a very
clear understanding of what a part needs to be automated, and you'll be scaled for your
organization to go to the next stage. If you find yourself with a leader who comes to you and says,
"Sha, I get it,
empathy is incredibly important. I, myself probably the most empathetic person in the world, but
my people aren't. How do I get my people to be more empathetic?" What is your answer to them?
How do you get started? Do we all need to do a "Toothbrush Test" or what is the approach we
should take? While diving into the strategies I want to share something with you and Google.
There's a simple policy that's part of the onboarding process for engineers. It was created by an
engineer and manager. It's saying if users cannot spell, it's our problem. If they don't know how to
find a query, it's our problem. If they don't know what words to use is our problem. If they can't
speak that language, it's our problem. If there's not enough content on their website, it's our
problem. If the website is too slow it's our problem. We look on the whole problem. You see we're
bringing all the customer-focused, this guideline or philosophy, everything we do in the process. I
love that he shared this, let's call it a manifesto. It's all our problem. It's never the customer's
problem. It's us who have to solve this for our customers, which of course is deeply rooted in
empathy.

What is Empathy?
Everyone -- employees and customers -- want to feel heard and understood. This is a basic
human need.

Why Is Building Empathy Important?

Building a culture of empathy will help you:

• Accelerate growth: Develop a deep understanding of your customer needs to solve

their problems.
• Create a competitive edge: Embrace the idea of "spoiling the customer" by listening
to their complaints -- and then innovate to a better product.
• Build efficiency: Understand your customer needs and your internal people and
processes to determine when you can automate.

Building Empathy in Your Organization

Focus the team on the customers' needs: If the customer has a problem, it is our problem.
Is is never the customer's problem.
Creating Purpose
https://www.youtube.com/watch?v=dPowu2JPMes
i'm curious can you talk a little bit about the relevancy of purpose as it comes to companies and
their culture we talk about all businesses people's business and organization culture is really
backed by people in the organization and so it's really about the purpose is really about the you
create a big picture which we call this north star and have a clear vision mission and integrate that
in strategy and communication which is super important and the operational process so on top of
the vision we talk about values a lot and then of course depending on how big the organization is
there's also a lot of microculture so really thinking about how each team culture microculture
aligns with the organizational culture the bigger the organization is the more challenging it is to
actually unify the whole culture and then value in a way that aligns with the company's north star
how do we actually even instill a sense of purpose an actual sense of purpose other than make
money inside of an organization and if you really think about how people apply for the role and
within the organization the initial rhythm there is some sort of alignment the candidates will would
feel like you know hey the organization is doing something awesome that i want to be part of so
part of his really connected thoughts connects the complexity to the person's personal personal
mission and vision the tricky part is as we grow as we evolve as human beings our
passion our vision of our life it changes so it's really the time and that's where the managers can
really help the employees to dive a little bit deeper into what's important to you google we have our
TGIF that's on a thursday and then where our co-founders
daniel lari they basically talk about our vision for the next quarter and then answer questions from
all employees some of the questions can really be tricky but all the questions and answers that we
observe we hear as employees that got us to think about things like purpose wow you know
sometimes i hear a question asked by employee and answered by our co-founder that actually
comes to thinking wow this is the reason why i'm here i'm doing something meaningful a great
leader once told me that you can only transform individuals crowds can only evolve which i
thought was a really lovely statement and i think it's fundamentally true i'm curious the other thing
you said which i find fascinating is to say you mentioned that your personal purpose and
your purpose inside of the organization google is connected to the greater goal of
google making the world's information useful and accessible but it doesn't directly support that
mission as in you're not writing the code for the search engine or you know like working in the data
center or something what have you found and i believe that
to be true for many organizations and many people inside of your organization
there's only a small minority of people who are actually working directly on the core of the purpose
the mission of the organization what have you found in terms of
communication strategies for a manager to link those two worlds together what
probably what helped you i when i was in google second year when i was in the
classrooms and then thinking should I leave google should I should i do something else and then
that was the time with my manager in my pdp uh conversation professional development planning
process conversation my manager asked me hey charlie what do you want to do in your life right
so not even thinking about the organization um not about thinking about how this person can can
help reach your okrs and kpis and rather really honor this person as a human being and bringing
that loan permission to how that matches to whatever opportunity we have within the organization
like on google i'm not an engineer creating the product search product and then people really
billion users gonna be using it but what i'm passionate about what i feel i have a purpose is really
transformation helping people um to reach their potential and they can actually do the work so
organization we need a diverse talents that can push the organization move forward and so
managers their role is really coach the employee and to to help the employee find their purpose
you want to create a team that can leave the organization whenever they want but they don't want
to leave the organization because they see the opportunity to grow even more within your
organization

Culture and Purpose

Purpose starts with a clear vision and mission.

• The vision and mission must be integrated into strategy and communication from
leadership.
• Each team's microculture needs to align with the greater organization's culture and
values.

Individual Purpose
• Individual and organizational purpose are typically aligned when a person is hired but
may drift as the person and organization evolve.
• Alignment is important, even when the individual doesn't work in a core business.

Role of the Manager

Managers play a critical role through performance reviews and development plans:

• Coaching employees to find their purpose

• Developing paths for their employees to align their purpose within the organization's
needs
Building Psychological Safety
https://www.youtube.com/watch?v=7PHO4nLa0l4
According to McKinsey, 70 percent of employees say that their sense of purpose is defined by
their work. According to Gallup, only four in 10 employees strongly agree that the mission or
purpose of their organization makes them feel their job is important. There is a mismatch here.
Sense of purpose is important to employees, but most organizations are not doing a good job of
creating a sense of purpose. How can an organization create a sense of purpose to transform its
culture? I happen to know that Google did numerous studies and some very well published studies
on this concept around psychological safety, which I think has a lot to do with trust and ownership
and the way effective teams actually work. Can you talk us through a little bit,
what even is psychological safety? It's a big word. Obviously it's scary. Yes. Then I would love to
understand a little bit more. Why does it matter and how do you instill,
how do you create psychological safety inside of your organization, inside of your teams? In the
workplace, digital culture, psychological safety is basically where people feel safe to share
opinions, share their thoughts, share their fears, share something that normally wouldn't be
sheared in a normal public environment. Environment where they feel they can take risks without
being blamed for the decision was not right. What I found essentially really helped me to feel like I
feel safe psychologically in Google was,
we had this internal guideline, which is forgiveness over permission. I know whatever happens, if I
need to make a decision at 9 PM, I don't have to bother my manager.
I don't have to worry about this decision not going to right, I'm going to make the decision. I'm
going to move these things forward. It's really allow your employees to make decisions, to lead, to
take actions in an environment where they don't feel like they are so afraid and they are so anxious
if the decisions are not the right decision. It feels to me at least, that requires also an ability to be
okay with failure. Yeah. I love talking about failure. Psychological safety and failure are so
connected. In the digital culture, we're talking about digital transformation, we're talking about
changes, that requires us to try new things. If we're talking about probability, how likely this thing
that you are going through, this change, this transformation going through, are going to be
successful? We really don't know. It really comes down to taking calculated risks and moving
things forward and be okay with a failure. Failure is not really a bad thing if you look. In our
products, we fail multiple times in Google. If you remember the Google Class, I don't know
[inaudible] if you saw this first product, Google Class. It was completely disaster and failure. Who
wanted to wear this [inaudible] heavy- I was part of the Alpha testing team, yes. I run around with
Google Glass on the Google Campus. Oh, yes. Yes. You know what I'm talking about? I wish I could
show this iteration. The first one was really ugly. But the idea was to bring in something, innovation
into the world. We actually leveraged the failure as lesson learned then for us to push the
innovation to the next step, and to the next step. It's going to be a journey. It's going to be
iterations.
That's a whole essence of transformation we are talking about. How do you get people to be okay
with failure though? Because, ultimately as a human being,
failing doesn't feel good. You can tap me on the shoulder as many times as you wan and say,
"Man, you are amazing," and you get the failure of the month award. It just doesn't feel good. From
the organizational perspective, then how do we make people feel it's okay to take risks and fail?
Basically, it has to be a coaching culture where
the managers know how to bring in a more safe environment and that's where you can have
conversations, see if this is a failure, how can we come together and then learn from on this?
Instead of saying something like, why did you do? Why did you do that? This blaming culture. We
turn that into something like, let's debrief, let's talk about what we can learn from on that and what
are the lessons learned, and how can we take that to the next step? How can we do this together
next time to make it to a better state?

What is Psychological Safety?

Psychological safety occurs when people feel safe sharing opinions without fear of
retribution and can take risks without fear of being blamed for making the wrong decision.

How to Instill Psychological Safety

• Empower employees to make decisions and take actions without fear - "forgiveness
over permission".
• Coach managers to make people feel okay about taking risks.
• Actively leverage failure to push innovation.
Diversity and Inclusion
https://www.youtube.com/watch?v=p09J1aEO7tU
I want to come back to something you said earlier around diversity, equity and inclusion. If you
push beyond the yes, we should do this, which I think there's absolutely no question yet. Yes, we
should do it and the headline of course being, you build a better company. Study after study shows
that you are more successful, you have better returns, better revenue, people are happier. But if
you peel the layers a little bit for me,
if we can get to, first of all, why should we really care? Then secondly, I'm curious if you have some
like, probably hard-won insights into how do you actually do it other than again just like the
platitude of all add, hire more diverse people. Yeah, diversity. I love that. It's important and we'll
just tick on the first part of the question, why is it important? It's important because when we talk
about digital culture, we're going transformation. We are really talking about the localization. We
were talking about we. The team is going to be in different parts of the words and you serve the
customer that's everywhere in the world. Having a diversity cultural environment, you really create
the environment where all different perspective and opinions are coming together. Thus stimulates
innovation. It stimulates a digital transformation. The more diverse your employees are, the culture
you create, the more safe people can actually feel they can share ideas. Five-years ago when I first
went to Google, I work on the Cloud team. I was the only woman on the team among 11 male. I
could've feel our culture was not going well. I didn't feel belong. I didn't feel like I could share
innovative ideas among 11 white male on the team. Luckily, we had this culture where every single
individual in Google can create grassroots projects to get whatever problems we see and resolved.
We had a lot more diversity people in the last five years and now I'm on a team with people from
Brazil, different country and different gender. We talk about diversity, not just like gender where
you are from and also personalities, introverted, extroverted. We think about things differently, but
when I'm surrounded by a diverse environment, I automatically feel it's okay. I have my own
opinion. I also want to be curious about other people's opinion, knowing that they come from
different background and then you have different experiences. It's really important to make sure
we're not doing a surface work. There is a time when we hire more women for the sake of we have
more women. But it's going to actually hurt the environment and the end of the culture more if you
hire women and you don't make them feel belong, you don't create a psychological safety feel like
they can be themselves. For example, women feel like they have to be super sturdy but strong,
lead like men. After work they feel like, Oh my God, I can finally take off my mask and relax, but it's
really not sustainable. When we're talking about diversity,
inclusion and equity, really think about how do we create an environment that does not just create
the environment, but also instill psychological safety. All the things we talked about, they all play
nicely together.

Benefits of Diversity and Inclusion

• Stimulate innovation by getting more ideas on the table.
• Builds psychological safety and encourages employees to share their ideas.
• Allows people to feel like they can be their true self at work.
•
Culture Transformation isn't Easy
https://www.youtube.com/watch?v=CELNTt1UysE
It feels to me everything you said, and this is the beauty of it, and it might mean this as the most
glorious compliment is all pretty common sense. It's really hard to do though, and it also feels to
me like it will take quite a bit of time to actually do all of those things.
If you're thinking about this transformation journey. Again, let's say you've got your hypothetical
CEO in front of you who says, "Sha, I get it. I want to do all of these things.
How do I get started? Where do I start my journey?" What do you recommend for them as in terms
of the sequencing and what is the patience they need to bring with them? It really comes down to
what's the top priority for your organization? What's the number 1 challenge and problem your
organization is needed? That comes back to the empathy we were talking about earlier. Again, if
you're talking to communicating with your employees and your customers, there are different ways
you do it. Every single time we got a new leader, the leader does one-on-one with not just leaders,
but also individual contributors to understand what are the hidden topics that we don't feel
comfortable sharing in a public meeting, but rather one-on-ones. Then with customers, there are
different ways to do it; leadership circle, you can do quarterly business review, and reserve 10-50
minutes for voice of the customer and allow the customer to speak whatever they wanted to
speak. It's also important you create psychological safety with the customer, it's everywhere and
that requires us to take feedbacks in a way that we're not making the person feel like, "I don't feel
comfortable to share feedbacks." That requires a growth mindset. We're taking this all the way
back to the leadership traits that require the leader to have a growth mindset. That'd be defended
when people are sharing those feedback. They might not be the things you wanted to hear, but
how can we embrace that in the feedback loop and take it from there. From the feedback, you
understand your priorities and understand your challenges and then pick one,
if we could call this low-hanging fruits, that's going to give you the most impact but it does not
require too much work. Assume this conversation is being heard by somebody in middle
management, someone who isn't the CEO. What can that person do? Is there a role for her to play
or is this a thing which has to come from the top where if the top management, the CEO, the
founders, the board isn't fully bought in, we don't even need to start? It's really middle managers
who play a huge role in this transformational journey because the leader top-down, they have the
vision and the bottom place are doing the work. We used to say on Google, it's leadership bringing
the rain. The rain is on the cloud, how can we let the rain to touch the ground? That's the middle
managers' work. It's really about creating structures, creating programs, and creating trust for the
employees to take on responsibility to show their leadership and then pulling that rain down the
ground. Fascinating. I'm curious, on this journey as a leader regardless where I am in my position
inside of the organization, there clearly is a whole bunch of things we need to learn. You
mentioned many of those like our ability to think about failure and psychological safety. When you
get better at diversion, equity, and inclusion, what are the things we need to unlearn? What is the
stuff we need to get rid off or need to be okay because they're completely outside of our control?
Yeah, there are so many things.
COVID is out of our control, there are a lot of things externally like the environment. It's about
understanding what's out of our control. One is the natural disasters or things. It's coming up and
we don't know what's coming up or earthquakes, those things.
Another thing is really the outcome. The outcome is really out of our control.
The control of the outcome, I always tell people it's the illusion. People say, "Hey, I got everything
under control. I have this under control", it's really illusion. It's about break down the whole
process, understanding how can we maximize the control. We don't ever have 100 percent of the
control of the outcome. Understanding that, that will put the leadership in a better position in terms
of pushing the innovation forward. The other one is people. We talk about retention, we talked
about the people we hire. We don't really have control whether the people are going to go.
Sometimes we have this amazing employee and then this employee is leaving the organization
and we might blame ourselves, a leader instinct, "Hey, what did we do wrong to lose this
employee?"
But that's really out of our control. Sometimes it's because this person is moving to another
country. The whole organizational change, how can we play with the change and be okay with
change? The same way as how we can be okay with the failure.

Setting a Path to Successful Cultural Transformation

• Listen to your employees and customers with an open mind.
• Prioritize your efforts on the areas where you can make the most impact.
• Involve all levels of the organization -- leaders set the vision but employees do the
work.
• Create trust and encourage all employees to show leadership.
• Recognize what is beyond your control.
• Be okay with change.
Closing Thoughts
https://www.youtube.com/watch?v=8MeBorzRO8M
Sha, I absolutely loved our conversation. We dug so deep into this idea around digital culture and
transformation and how all these things are being put together. We talked about customer
empathy and psychological safety and how these things fit together and why it is so important to
fail and be okay with failure and do it in a smart way. We talked about ownership, and trust, and
diversity, and inclusion, so much richness in our conversation. As a last closing question, if you are
confronted with a leader coming to you today, what is one immediate action you would
recommend them to do? One action for leaders will be find a quiet spot and ground of yourself,
make at least of the three top things that needs to be let go of, for you and your organization to
embrace the transformation and create a digital culture that works for the organization. Could be
mindset, could be something you think, hey, this is not going to work and how can you let go of
their mindset? Could be a limiting belief. Could be something like, a limiting belief for example
would be, I'm not a person for change. I don't like change. Is that true? Ask yourself how true is
that. It could be certain emotions that could be fear, anxiety. Anxiety and fear coming from a
leader can really be amplified through the organization. How can we let go of that emotion? What
can you do to let go of that?
Could be people. There are people might not align with your organizational vision and culture
anymore. It's time for them to really find the right spot to thrive, which you're doing good for them
and also for your organization, and most importantly, take action on it. The key here, pro tip is to be
brutally honest with yourself here. No fluff and just be super honest about what are the three top
things that need to be let go of. Sha, I love that you ended our conversation with not a piece of, this
is something you have to do as in like add something to your current repertoire, but actually take
something away because I think you're absolutely right. It's so important for us to reduce things to
become better at doing probably less but better and really focusing on the things which matter.
Sha, thank you so much. Thank you so much for sharing your insight, your personal story, for
allowing us to have psychological safety together and for sharing your wisdom and experiences.
Thank you so much. My pleasure. Thank you for all the amazing questions so you've been asked.
Thank you.

Key Learnings
A successful culture transformation requires:

• Developing deep customer empathy

• Building psychological safety throughout your organization
• Learning from failure
• Creating ownership and trust
• Nurturing diversity and inclusion

Your First Step

Make a list of three things that you or your organization need to let go of to embrace transformation.You must
be brutally honest with yourself!
Why Are Agile Teams Important?
https://www.youtube.com/watch?v=hyzZTecnz40
Winning or even survival, in our digital world requires agility, flexibility, innovation, collaboration,
rapid iteration, and a tight focus on creating value for the customer.
Agility requires both the right culture and having the right people with the right skills at the right
time. That's what we're going to talk today about with Gayle Karen Young and we will find out how
we can find, develop, and nurture the talent in our organizations.
Gayle Karen Young is a culturable and a catalyst for human and organizational development. She
comes from a rich organizational consulting background with both corporate and non-profit
clients. She's a former chief culture and talent officer at the Wikimedia Foundation, best-known for
Wikipedia, of course, and has worked with clients including McDonald's Corporation, Kaiser
Permanente, Yale University, and Ernst & Young, now known as EY. Gayle, super stoke to have you.
It's my pleasure to talk to you today. Let's dig into it and let's start with the hard question. Why
should we even care?
Why is agile transformation important? Let's take a look at our environment, it is changing so
rapidly. There's a phrase my husband uses. He was an Irish poet, and he talks about being more
able for, was it to be able to this life? Was it to be able for a circumstance you find yourself in?
What does it mean for an organization to find themselves to be able for how rapidly things change
with technology, with what goes on in the social sector, with how we respond to environmental
things, whether it's digital currency or coronavirus. Adaptation, the capacity to see, to understand,
and navigate, to build for the future is a really important capability for organizations to have. I love
that frame, 'the being able for'. With that frame in mind, I'm curious. As a first step, we often need
to assess our talent. We need to figure out where are we today, where do we need to be. You're
getting tips on how to figure out what we're actually missing. How do we start that process?
There's a couple of things in there. One, in order to figure out what you're missing, you should
know what you have. What is the organization that you built?
What is it well-suited for? Is that a match for what it needs to be in the future? If it is a match and
it's a matter of growing what you have in house, great. If it's not a match, how do you start to begin
to assess that? How do you understand where they might be, capabilities missing? Have you over-
rotated on the things that you're good at to be good at it. If you have designed for flexibility, and
not necessarily for scale. How do you even look at that? Have you over-designed for flexibility?
Have you become so loose that generating a capacity to be consistent enough for scale is actually
missing in that picture. In some sense, I think part of the way to think about agility is your capacity
to re-calibrate around the things that were formerly strengths for you. Then at some point when
they're over-rotated on, actually become weaknesses. Start with what your organization was built
for, what your founders were built for, what the original ideas you had instigated. Then what do you
need to go to?

Meet Gayle Karen Young

• Culture-builder and a catalyst for human and organizational development
• Former Chief Culture and Talent Officer at the Wikimedia Foundation
• Consulting experience with McDonald’s Corporation, Kaiser Permanente, Yale University
and Ernst & Young.
Agile Transformation
Agile transformation helps us be more able for the things we need our organization to do in our
rapidly changing world.

Getting Started
You need to start by understanding what you have:

• What is the organization that you built?

• What is it well suited for?
• Is that a match for what it needs to be in the future?
Answering those questions helps you figure out where you need to go.
Future-Ready Skills and Traits
https://www.youtube.com/watch?v=bBMI9xtURD0
Have you experience is very a common set of key skills or traits you are looking for in people
where you say, we should all really have those to be ready for the future. One of those pieces is a
growth mindset, there's been a lot in leadership and literature about growth mindset. But
fundamentally, it's the idea that we are not static, that we have an ability to grow and change and
to move with the world. Going back to the thing you originally asked me about, why is agile
transformation important first place to be more
able for what is fundamentally a changing world? The scale of the changing world,
I think, is an important thing to address. It's not only just out there, but it's also inside us.
Like, how do we grapple with the things that are larger than ourselves? The things that are larger
than ourselves, whether it has to do with rapid technology change, or climate change, or evolving
social infrastructures. I'm curious. When you look at talent and you look at the people and you
mentioned the growth mindset as one of the key attributes you look for, in your experience, do all
people possess it? Is it just a question of awakening it, or do you find yourself in a situation where
you actually have to do the assessment of your people and say, well, some people, they might not
make it? I'm psychologist by training, so I want to believe that everyone can make it. That said, it
depends on what timeframe and what you're starting out with, and what you have to invest. As an
organizational leader, I think that you will have to be put in the position of really thinking about do
you have the time? I'm not sure that it's necessarily an organization's job, and this might be
disputed. But I don't think it's an organization's job to be the place that people find their way to
enlightenment and fulfillment and personal happiness. You have to navigate. This is funny paradox
that goes on in that I don't think it's an organization's job to make people happy and so fulfilled.
That said, I don't think organizational leaders who don't pay attention to those elements will be
successful leaders. There's many paradoxes of leadership in this particular case. But part of being
a leader is to be able to attend both to a person's development and to think about what is the
business need and along what timeframe? If you had infinite time and infinite money and infinite
resources, absolutely take people along for the ride with you.
But that's not often the case. In that situation you have to think, what can we do with the people
that we have and the time that we have? In some cases, it actually puts undue unfair pressure to
say to someone, change or else, be this person that you're not or else,
as well as practical thing to do is to say, you know what, this isn't a good fit right now and let's see
how we can help you off-board in a way that the relationship is still there,
but there might be a more suitable job for you in some other industry. There's a lot of talk about
soft skills and there's a lot of emphasis on soft skills. You mentioned earlier that leaders, one of
the first roles, one of the first priorities they have is to identify where are we today, what is
important to us, what is relevant to us, what makes us us, and see if that's expressed in the people.
That seems to be easier to be done, I believe, on the hard skills, on the actual factual knowledge.
How do you assess this on soft skills? How do you approach soft skills in that manner? Part of the
challenge to us as human beings, we're biased human beings. We having to either through the lens
of our own capacity for discernment, which are inherently a little bit flawed so I think it's a
combination of both of those things. At the end of the day, that relationship between the leader
and direct report is certainly one of the most important relationships to the direct report's life. A lot
of the things that organizations are grappling with, especially when I hear organizations grappling
with diversity inclusion, which is a significant topic in every industry that I'm running into, whether
it's health care or technology or entertainment.
The capacity to invite a person in fully to offer the fullness of their skills and their whole beings to
an organization. That invitation, I think, is partly source of acknowledgment of their capabilities
and very, very tangible skills. But it's also based on intuition, based on kindness, based on
empathy, based on knowing someone. Being able to appropriately calibrate work to where
someone is developmentally. You can't ask somebody that doesn't have experience and say
prioritizing this over that, to be able to suddenly prioritize. It's not kind to ask somebody to do
something that was above their skill level,
above their capability set.

Assessing Skills and Talent

• A growth mindset is a critical skill because it allows us to be more able for a changing
world.
• A leader must consider what can we do with the people that we have and the time that
we have.
• Talent planning needs to balance the individual's development needs the business
needs.
• It's unkind to ask somebody to do something that's above their skill level.
• If an employee isn't a good fit right now off-board to more suitable job and maintain
the relationship.
Effective Leadership
https://www.youtube.com/watch?v=lcboEsHNxxc
How do you as a leader become that leader? It sounds like there's a lot of work you as a leader
ought to do on yourself and probably in the circle of your peers before you unleash yourself onto
the wider organization. As a leader, how do I think about this? How do I start? There is a self-work,
the self-knowledge, know thyself. Know where you're coming from, know what experiences have
led you to be who you are. What experiences have you personally found supportive? What mentors
have said things to you that his mattered? What developmental experiences grew your capacity?
How do you run experiments for yourself that actually test you? But organizations can actually be
a great developmental pathway for that to happening because it's a living learning lab. The
challenges that you have in an organization as a leader are going to be the place where you get to
mindfully test that, and the keyword in that is mindfully. Where do you get feedback from? Where
do you have trusted partners who can let you know where you're steering a little bit too far into
deep water or whether you're being too safe? Where do you find those perspectives that help
calibrate you and how do you actively learn from it? So that's a reflective capacity. You're not just
going through your days and rushing from one meeting to the other and putting out fires that
you're building in time for yourself to think strategically, how have I done? What could I have done
better? Where is there an opportunity for me to try something new? That's a deliberate approach to
development that takes place within the context of your own role that develops your own agile
capacity, but nurturing that and the people who report to you is equally important because you
want them to be thoughtful about what they do and why they do it. Not just careening from one
situation to another, which in the course of a really hectic day is often what we do. I'm curious to
stay in this theme a little longer.
I'm really curious. If you look at a leader in today's organization going through these massive
changes, innovation disruption, digital transformation, how much of your energy and time and
focus is on the softer people side of things as we just talked about and maybe also your own
development in that regard versus the development and fostering of hard skills, process projects,
that stuff? It is human tendency as things get tough to default to sometimes what's easier. It's like
the path in the woods. You hike the path along the trail that you see. You don't necessarily go
tracking off with what. Well, you got trucking off through the woods, but other people don't always
go tracking off to the woods. I think in some sense, the "hard skills" are easier. They're easier to
measure.
You can do code review on them. That said, I think there are two pathways along soft skills. One is
to have people around you who are natively good at it. Because for whatever reason, some people,
whether it's personality, predisposition, upbringing,
for a thousand reasons might have a native skill set around soft skills, use them and then use
them well. A leader who once hired me because she said I can trust you to hold this part because
this is not my skill set, and so we actually formed an incredible partnership from that perspective.
The other thing is that I also don't think it often takes as much as we think it takes. It's not like you
have to be as good in the soft skills and hard skills per se. It's not about finding some magical
place of equalizing. It's like, how do you have enough soft skills to be able to really have your
people feel like they're seeing understood, valued, contributing? How to craft the landscape of their
work so that they can contribute fully? In service of the tangible hard skills being done in the
organization, whether it's finance or code review or other formal work. Tech innovation that there
is.
Leadership Requires Self-Knowledge
Effective leadership requires you you do some work on yourself to understand what led you
to be who you are. You need to identify:

• Experiences have you found supportive

• Mentors who have said things to you that have mattered
• Developmental experiences that have grown your capacity
You also need to think about where you can get help going forward

• Trusted sources of feedback and partnership

• People who have skills in your areas of weakness
Upskilling, Reskilling and Hiring
https://www.youtube.com/watch?v=ZdtmmcuXl0U
If you're thinking about re-skilling, upskilling, whatever term we're using. First of all, let me just start
with a simple question, is there even a difference for you? Because these terms seem to be thrown
around. Some people tend to use them interchangeably. Some other people say they're very
different things. How do you conceptually think about those things? I think about development of
people in terms of horizontal and vertical development. Horizontal development is acquiring new
skills, like learning a new language, learning code, learning different kinds of organizational
structures and how to navigate that. Then vertical development is shifts in worldview, shifts in
mindset, including growth mindset, or agility, or complexity. Those are two terms I use that can
probably likely be mapped onto upskilling and re-skilling. But I don't think I make too much of a
distinction between re-skilling or up-skilling. That's fascinating. How do you feel this fits into the
overall agenda of an organization? As in, you have choices as a leader, you can either invest into
your people, you can hire new people, you can outsource. There's a whole array of instruments to
play in this orchestra. I'm curious if you're thinking about re-skilling, upskilling your existing people,
how important the role, on average, in a transformation project is that for you from your
perspective? It's pretty core because the people are the means through which your strategy gets
accomplished. You can't execute a strategy without the capability set, either in-house or bolted on
in order to do that. Then we go back to the question you first asked, which is, how do you know
where those skills need to be? Then you go back into, how do I really get a good assessment of it?
Is it interviews? Do I trust the levels of leadership under
me when they say they've got this capability set and not this capability set? Is somebody in there
eager and capable of growth or are they not? That's, by the way, also really complicated question
because you can take the same person and at one point in their life they could absolutely be ripe
for re-skilling and up-skilling for meeting a new challenge, and then you take the same person and
say that something significant happened. There could be a death in the family. There could be a
COVID moment.
We sometimes compress as human beings. The assessment of human being is more complex
than saying, yes, they're capable or no, they're not. It's contextual for who they are at that moment
in time. I would love to talk a little bit more about the gap. As a leader, you've identified, and thank
you for pointing out or pushing us as leaders to really holistically think about our people and make
this a core part of our job, I personally believe that in any form of transmission, this is just crucial,
but let's say I've identified a gap and we talked about the instruments which I have at my disposal,
one being re skilling and up-skilling, we talked about this a little bit already, the other being, of
course, going into the market and hiring new talent, and then the third one might be even
completely outsourcing, I'm curious, if we go into the hiring talent space, how do you strategically
think about this? When do you hire versus grow your own talent? I'm not talking about clearly if you
need bodies clearly. Yeah. But I'm curious. if you identify the need, the necessity to fill a gap, what
makes the buy versus build decision ultimately?
We take different risks with hiring, versus outsourcing, versus re-skilling. In hiring, I think a lot of it
is based on the optimism that you'll get the perfect person which has been tested. You want that.
You want the possibility, a new blood, that they can possibly bring. But culture fit is really
challenging and sometimes the risk, especially at senior levels of an organization of somebody not
working out, the cost of that is high. The possibility of the promise of it that you have somebody
that's more able for a role has to be worth it. Part of it is need. Do you need this? Part of it is that
does somebody have a requisite skill-set or experience-set that would really add to your
organization in a significant way that you don't have in house. Because nothing replaces
experience. When somebody has a lived experience of something, they are much more able to
build on that. If you're dealing with somebody internal the organization that you hope can do the
work but doesn't have the experience but the promise of it, you have a couple of options there, you
can either hire somebody that already has that experience with a larger probability that they'll get
what you need done. If you wanted to up-skill the person in-house, I would say get them a mentor
and really developed them, really bring in resources around them where that experience-set is in
the wider system and make sure that that person that you're upskilling gets a benefit of that
experience-set.

Horizontal vs Vertical Development

• Horizontal development is acquiring new skills
• Vertical development is shifting one's worldview or mindset

Assessing Skills
People are the means through which your strategy gets done so it is important to understand
if your organization has the skills it needs.

Assessing an individual requires:

• Thinking holistically and considering where the person is at this moment in time
• Determining if the person is capable of growth

Hiring vs Growing Internal Talent

You take different risks with hiring versus outsourcing versus re-skilling right in hiring:

• Hiring is based on the optimism that you'll get the perfect person
• A new skillset or set of experiences can add to the organization's capabilities
But:

• Culture fit can be challenging

• The cost of a person not working out can be high, especially for senior positions
To successfully upskill internal talent, use mentoring, and bring in extra development
resources.
Diversity Matters
https://www.youtube.com/watch?v=BQLg7ru1KR8
you mentioned this early in our conversation diversity and diversity in i just want to be sure we're
talking diversity in every single aspect it's not just gender or ethnicity ethnicity but it's also
neurodiversity for example exactly i'm curious if you were to explain to someone why it matters
what are the words you're using what is the sentence you're giving them why does why do i even
need to or should care about it from your perspective you wanted an organization that was more
agile right and so with agility comes the capacity for complexity with the capacity for complexity it
means different perspectives and different lived experiences and you get different perspectives
and
different lived experiences by hiring a diverse cast by hiring a diverse organization and really being
able to invite that through the doors of your organization those forms of diversity so for me agility
complexity diversity inclusion are all entwined with one another what do you find are the common
mistakes the common problems you have when well-willing leaders and well-intended leaders go
out and say we build diverse teams I get it it's important what are the stumbling blocks you find it's
a thousand kinds of pitfalls and um i think what a leader can do here is educate themselves in the
space come to some clarity for reasoning for themselves in this like it has to come from really
authentic we can't just want to build a diverse organization because woke people say you have to
do it like that's a terrible reason to build a diverse organization you know and it's max of a certain
kind of hypocrisy so you have to find the place you believe it in yourself and maybe that's in a
limited way right um so i think finding the place in you that can buy into that is really important um
i think one of the most important things to know is that you're gonna mess up once in a while you
know you're not going to get it
right you're going to say the wrong thing you're going to um uh put out a an rfp for a job that will be
accused of as not being um appropriately diversity friendly right there's there's a whole bunch of
different um pitfalls so i'd say the first thing is also there
to get educated just to find out like whether you don't have to adopt all the
best practices and perspectives in there um some of them might not be a good fit for your
organization and some places you're going to be limited anyways because the pipeline is limited
like I wanted to hire a whole load of female engineers at wikimedia and at the time I was there the
pipeline and i was going to all sorts of conferences trying to get female engineers but the pipeline
at the time was limited it's growing um but we still have a pipeline issue there um so have your
intentions get advice you know invite people who are adjacent to the people that you want to be at
the table to be at the table
don't make it performative it's not about having one black person and one asian person like that
that doesn't work either um that goes back to the authenticity piece if you're you're authentic in
your desire it won't be performative and i think that piece is um
that piece can be felt something happens you know whether it's in silicon valley around diversity or
me too if the focus is on let's um keep this from happening again it's very much like like let's close
the pastor door after the cow got out which is not actually effective in complexity there's
something more important about especially in agile environments about being the kind of
organization that is resilient enough to be able to hold difficult conversations and support learning
that isn't punitive or reactive or restrictive that says i'm just gonna do the bare minimum and paper
over this and assume that things won't happen again the hidden biases we all carry the hidden
prejudices like the context we have etc which i believe in in the context of an organization in the
context of being a leader in an organization might make us
see certain people more than we see others simply because they're more like us we relate to them
to them more or they're louder how do you find and develop the hidden stars in your organization
how do you find the key contributors potential key contributors which are probably hiding behind
that shell or are being hidden by your own biases yeah well this is why getting multiple
perspectives is so important this goes back to why diversity is important like you want to invite
different points of view not just
because somebody looks different than you but because they might see things
differently than you do

Agility, Complexity, Diversity, and Inclusion Are Intertwined

• Agility requires the capacity for complexity.
• Complexity requires different perspectives.
• You get different perspectives and different lived experiences by hiring a diverse organization.

Avoiding Common Mistakes

• Be authentic and find the place in yourself where you truly believe that diversity is important.
• Get educated about best practices and adopt the ones that are the best fit for your organization.
• Don't make it performative. Get advice from the people you want to be at the table and people who
are adjacent to those people.
• If something bad happens, be resilient and have the difficult conversations so that it doesn't
happen again.
• Challenge your biases by looking for extraordinary contributors who don't fit the typical profile of
your organization or their role.
Retention
https://www.youtube.com/watch?v=n_0OjSb1QaU
I'm curious how you think about retention and there's this big debate at the moment about the
grade resignation may it be whatever it is. But I'm curious how do you think about two things. One
is, how do you keep people inside of your organization and not just keep them, of course, behind
locked doors, but have them happy and productive?
I didn't know golden handcuffs seem awfully effective. They keep going. Fair enough. Also, how do
you get people particular as you're transforming an organization, as you're embarking on a new
journey, you're going into the unknown, into the world which becomes incredibly murky and very
complex. How do you get them excited about that?
Because my assumption is if they are not excited, it will be a slog. Yeah. Well, one of the ways you
can keep them being excited is not to burn them out. I often talk to people about designing human-
size jobs. Like if you've had to downshift your organization and collapse departments and
suddenly somebody who had five direct reports has 20 and hasn't gotten up-scaling or a pay raise
and that is just a fast road to burnout and burnout people are not excited and anticipatory about a
future that might imply that they have to do more work. So minding paying attention to the
experience of your employees as they're going through significant transition is a piece of it. The
second thing I would say is there's a really important piece around accompaniment. Like if you're
not doing it to other people, but you're on the journey with other people, that's a big deal. That
they're not in the murkiness alone. That you will figure it out. That nobody actually has the answer
and you will figure out how to navigate it together through experimentation,
through solicitation of different ideas, through testing outlandish and fun things and that's another
thing which personally I think are particularly good at, which is making things fun. Like to hold that
approach, to model the optimism, to engage with it and not see it as something to be pushed
away, diminished or denied or managed down till molecular level. Being able to model that
yourself, which means keeping yourself renewed. I think it's a really important capability set for a
leader to have. How does this play into a challenge a lot of organizations have, particularly as
they're embarking on their, "digital transformation journey, " where if you're an incumbent, you've
been around for a while, you have a workforce which might be aging and less so aging as a core
attribute here. But probably you have a workforce which isn't simply used to all the digital tools
and like it's not quite as fluent in them and outside of the skill itself of the sit in front of a computer
and whatever learned to program if need be. How do you conceptually deal with that gap you
develop and, or even have the tension where you might bring in new talent, fresh talent, young
people from the university who have a very different perspective on what the digital world looks
like? That question is soo hard. One of the reasons being, of course, is that for me, it begins with
compassion and the fact that we will all get there. Just because I believe that I was always on the
cutting edge of technology and putting together my own computer as this home computers for
paying bills. All of a sudden finding myself thinking like, what the hell is this metaversely? TikTok
what is this? Just finding myself there was incredible moment of realizing that the adaptation
needed to keep up can be exhausting. I think there's two pieces to this. One is there is an
imperative around business needs and you have to have people who are digitally skilled.
Wikimedia had an assistant there who was just not
facile with the various tools that were needed for her job in that environment. Seeing your own
organization as part of a much broader set of ecosystems, I think is a really important thing. Partly
because it's again, not your job as an organization to provide jobs for everybody. Yeah. Figuring
out what fit looks like and then also if you have additional resources to help people move on to
places where they can feel valued and where their own insecurity is not going to be constantly
triggered, that's a good thing.
The degree of support exists for that to happen. I'd say begin with the humility that we will all get
there somewhere someday. Second, do prioritize needs. There's nothing wrong with prioritizing the
needs of the organization especially if you're doing a digital transformation and especially if you're
a tech company, that's important. There is something this does intersect with a larger question, is
that I think a lot of particularly millennials are looking for leaders to be much more values-aligned
and have perspectives on values and have perspectives on politics and stand up or not stand up
for Black Lives Matter, etc. I think that's an interesting shift that's going on in the workplace world,
what people are expecting from their employers. If you're going to see yourself as part of a broader
set of ecosystems, I think it's well-worth the question of the US and organization have any
responsibility to those broader ecosystems to and from which you get your workplace.

Bringing Your Team Into the Unknown

As you embark on your transformation journey, you need to keep your team excited and
engaged.

• Design human-sized jobs and don't burn them out. People are not excited about a
future that means more work.
• Pay attention to the experience of your employees as they go through this transition.
• Make it a team effort. Solicit ideas about how to navigate the journey together.
• Experiment and make things fun when you can.
• Model optimism.

Not Everyone Is Fit for the Journey

• Figure out the skills needed for your transformation.
• Provide support as people adapt to new requirements.
• Help people who can't adapt move on to places where they can feel valued.
Handling Resistance
https://www.youtube.com/watch?v=d3hLBJs7CdI
I'm curious, we talk a lot about the immune system response organizations have where you might
find employees who are resisting actively, sometimes resisting change. How do you deal with
that? How do you go about it? Figure out how to make them your allies.
That means, first of all, identifying who they are. Don't immediately weed them out of the system.
Really asked yourself, just like you asked yourself, could I be wrong here?
Is there some value there playing? Is there some role they're playing in the system at a larger
scale? Whether they're holding onto an organizational value on behalf of the system, whether
they're retaining a skillset that actually creates redundancy that you might need later on, there's a
few different ways in which these shadow parts are disparate parts of the organization might
exactly, they might exist for a reason.
This is true in nature as well. We have funny redundancies, we have funny offshoots.
I would say that the first tactics is not necessarily be eradication. The ideal tactic would be to see,
if you can make them allies and when some way shape or form for some part of your strategy.
Theoretically, strategy, if it's built for a complex market, is complex enough to hold different kinds
of people doing different kinds of things, and so being aware of them, maybe even nurturing them
could be important because you never know if you might need them. Now, if they're actively
subversive, like actively malignant, I
would say that you need to exit them sooner rather than later, even if they're prominent.
I think Silicon Valley for while had a real biased towards hiring for brilliant engineers,
whether or not they were nice people, and so there's a certain culture of hacking a certain culture
of blowingness that was really challenging in Silicon Valley and still may yet be. But if they are
actively toxic, I would say have a low tolerance for toxicity in general. But if it's a matter of
maintaining a legacy or holding onto something about the organization's history, or holding onto
something that's part of the organization's broader legacy, depending of course, how long your
organization has been extant. Some organizations have been around for two years, and there
those who has been around for 40 years, so different weight if they've been around longer. Then
find out, and be creative about well, why do they exist? I do believe in firing quickly. Like if you just
kept like some people retain far longer than they need to. Yes. Really, and it's a real talent,
especially if they were their friends or you get an early startups like these really nested
relationships and people hire for convenience early on. It's better to exit quickly with kindness. I do
suppressive kindness even if it's not received because it can be perceived as betrayal, and betrayal
is one of the hardest human emotions to get over. But evolving your organization quickly towards
what it needs to be feels really important, especially with agile transformation in play. So don't
hang on.

Resistance May Be an Immune Response to Change

• Identify employees who are actively resisting -- but don't immediately weed them out.
• Ask yourself if you could be wrong. Do they understand something about the organization that
you don't?
• Try to make resistors your allies.
Don't hang on to employees who are actively subversive or malignant. Exit them quickly.
Culture
https://www.youtube.com/watch?v=dOVKgqhOHXc
I'm curious, how do you think about culture as a core ingredient of a transformational journey?
Absolutely. Well, there's a lot of different ways to define culture. I think of culture is the dark matter
of an organization. If you think about the night sky, you can see the stars. Those are the obvious
things. You can think about that was the tangible things, your product, your people. But what we
know about the universe is that it's largely comprised of dark matter. If you don't take the dark
matter into account, as you think about the composition of the universe and make any
calculations, then you're screwed. Culture is a thing that if you don't pay attention to even if it's not
tangible, if you don't pay attention to it you're still screwed. Culture shows up in every aspect of
what we've talked about. Is your organization willing to be responsive to complexity, or is it just
going to react and play whack-a-mole with the nearest iteration of it? What is your culture of
recruitment? What kinds of questions do you ask? How do you see challenges ahead of you? Do
you see them as fun and interesting and you have a culture of seeing them as fun and interesting?
Or do you see them as something that needs to be project managed, which by the way, you can't
project manage complexity. It's not. You can project manage what's complicated, you can't project
manage what's complex. One thing you hear a lot about and people talk a lot about is learning
culture and I think it plays into your note about Carol Dweck's work on the growth mindset. How do
you create, how do you develop a learning culture? Because it can't be that you just give everybody
a copy of Carol's book and say, develop a growth mindset, we're good. A learning culture exists in
the practices you have. Agile versus Waterfall in technology
actually has some embedded practice for it and it's retrospectives. A learning culture really
embraces its retrospectives not to judge people with, but to say, could we have done that better if
people hear their executives reflect biweekly, quarterly, annually about what they're experiencing,
what they've learned, what they did with some challenge that got presented for them. It models it
for the organization as well.
There's ways to integrate learning into the way an organization operates on a day-to-day level. How
do you think about culture in terms of its hierarchical structure? Is culture is something which is
dictated or being lived by the top of the organization and then trickles down and shapes the
organization. Is it something which bubbles up because it's the stuff which happens at the
proverbial water cooler. I'm curious, how do you think about the texture of culture in an
organization and how do I need to think about it as a leader, if I want to influence it? As a leader I
think the most humbling thing are realized right off the bad, that you've already influence it for
better and also probably for worse initially. Because even the way that you early made decisions,
invited somebody to see that, that sets culture and most leaders are not quite as deliberate about
it as they might like to think they were. There's a note of humility there. When I became Wikipedia's
Chief, well now I'd be probably called Chief People Officer but Chief Cultural Officer. I thought the
title is hilarious because there's, what am I going to do? The culture already exists and so it's got
its own weight to it. Which is why if you bring in an organizational leader who's ostensibly at the
top of the house and not a culture fit, they can get balanced out because once it has momentum, it
has a certain robustness which is really difficult to change. The best time to influence culture is at
the very beginning. Otherwise, it'll shift a lot because there're metaphor I like to use is the periodic
earthquakes, an organization will undergo a shakeup that radically shifts the culture, in which case
it tensor Corinne from one polarity to another and then finds some integration point in the middle.
But leaders often unintentionally setup organizational culture just by the way they'd be and that's
why founder's shadow was such a real thing. I knew a founder who was allergic to meetings
because he had ADHD and his father then put them into military school and he developed such an
allergy to that level of rigor that when he became an executive, he hated meetings. As a
consequence of this, even when the organization was 30, 60, 90 people, the anti structure belief
set of the CEO and consequently the people he hired around him made it really hard for the
organization to get good at scaling, because scaling required some degree of structure that was
routinely rejected by the CEO and the initial people he drew around him. It was a fascinating study
in aspect of culture actually predisposed an organization to not be good at something that they
eventually needed to get really good at.

Culture Is the Dark Matter of the Organization

Culture is not tangible like your product or your people, but it manifests in everything your
organization does. You need to recognize your culture and pay attention to it!

Creating a Learning Culture

A learning culture exists in the practices. You need to integrate learning into the way an
organization operates day-to-day.

• Learning is embedded in agile practices like retrospectives.

• The focus should be on figuring out how to do things better, not on judging people for
past actions.
• Reflection and learning need to be modeled at the top of the organization.

Culture and Hierarchy

• Leaders play a big role in setting culture through their early decisions.
• Once set, culture tends to be difficult to change.
• When culture does change, it tends to be through periodic earthquakes that radically
shift the culture.
Closing Thoughts
https://www.youtube.com/watch?v=oDF9v7ajX2g
This was an absolutely phenomenal and fascinating conversation Gayle. I learned a new term or
phrase able for which I absolutely adore and I will adopt and we'll be using throughout my career. I
also love your idea and your concept around thinking about human potential and the development
of it in a vertical and a horizontal scale, as in the skills as well as your mindset. It's really
fascinating for me to think about this as a way to conceptually think about where do I need to bring
my people to? Quite frankly, I will never ever look at the dark sky and not see the dark matter of
culture radiating out of that dark sky I was really fascinating. I have a last question for you. As
we're wrapping this. What do you think is one very specific concrete action item you would
recommend anyone who just listened to us and watched us talk? Take. Know your workforce. How
well do you know it? Are other people managing it for you? No. Where are your employees in their
developmental spectrums? Are they all early career, are they mid-career, are they burnt out? Are
they excited? Who can you rely on that can reliably get results? You over rely on them and not give
other people an opportunity. These are the questions I ask and I start with questions because I
think what you're developing is a lens on your own workforce, which is the most important thing
because if you're going to tinker with your workforce to evolve it to where it needs to be more
agile. The first thing you have to do is to understand what you have. Gayle I love that, and with that
being said, thank you so, so much for spending time with us and really allowing us to look into the
whole space of people from a very different perspective and a different lens. Thank you so much.
Your so welcomed. Any excuse to talk to you? I'm so happy to see your face.

Key Learnings
Building an Agile team requires understanding:

• The importance of focusing on being able for the things we need our organization to do in our
rapidly changing world.
• The difference between horizontal development (acquiring new skills) and vertical development
(shifting one's worldview or mindset)
• The role of culture as the intangible but important dark matter in your organization
Your First Step
If you're going to evolve your workforce to where it needs to be, the first thing you have to do is
understand what you have.

Ask yourself:

• Where are your employees in their developmental spectrums?

• Are they burnt out?
• Are they excited?
• Who can you rely on that can reliably get results? Do you over-rely on that person and not give
other people an opportunity?
 6. Careers: Digital Profiles
Polishing your LinkedIn profile!

How often have you googled someone? And when you google yourself, what comes up?

We all have an asset that is constantly available to us, which is the internet, and the internet
nowadays knows everything about us. This means that we all have a digital identity.

So, at the very least, you obviously want to have a professional digital profile, in terms of
having an updated Linkedin profile, personal websites, so on and so forth.

The more you update your profiles, Google will increase your rankings, and your most up-to-
date information will come up at the top!

This video will teach you more about how to polish your LinkedIn in a way that would pitch
your skills and convey the right messages about you to employers and recruiters!

https://www.youtube.com/watch?v=8_RSYLWbyok
what's the first thing that you do when you hear a piece of news that you need to know more about
yes you will get it that's what recruiters do when they see your resume based on surveying 1000
hiring managers and reporters in the US by Career Builder 30 of them check candidates social
networks and 60 of them use search engines to know more about them so yes your digital
presence matters even your comments photos and interests the survey highlighted that they
mainly look for information to support your
qualifications your professional online presence what other people post about you and they're
more than willing to exclude you as a candidate if they find a good reason let's say a poster
doesn't welcome diversity or information that contradicts what you have on your resume we're
focused now on your Professional length and profile in order to make the best out of it let's first
agree that for recruiters hiring is a game of elimination this
came through tens of maybe hundreds of CVS and profiles looking for someone to stand out so
the less information they have available the more they are prone to exclude the candidate
altogether therefore to make it easier for them we need to have a complete profile that is clear and
concise at first then elaborative towards the end that's why LinkedIn has given us the option to
write our control right under the profile picture which we will cover in a minute as well as a brief
about who we are and what makes us we use that now to clarify these are three factors for you to
consider in your LinkedIn profile number one personal hygiene this has to do with your profile's
first impression
you need to complete profile with your current position or maybe seeking employment if you don't
have a current job summary experience education and skills as for your profile picture you know
that a picture is worth a thousand words and we are now living in a visual digital world so the
picture can either boost your profile and hence your recruitment chances or demolish them
completely you need your picture to reflect confidence professionalism and appeal if you want to
stick in the employer's mind
so choose your outfit wisely and also your background you don't want distracting backgrounds of
crowds or many colors you also don't want your profile picture to have a low quality this might
reflect lack of attention to details you might consult a photographer friend on how to position your
face in the picture to leave a good impression finally make sure grammar and vocabulary are
serving you best number two you need a powerful summary this is one of the main tools that
should make you stand
out with the recruiters has to be catchy to Tender recruiter to scroll for more this can act as a mini
elevator pitch which we will also cover in more details in another video highlighting your
background best skills and professional goals all these will help you stick in the recruiter's mind it
shouldn't be more than four sentences written in first person number three your experience
mention the companies you've worked at is not enough but you need to include the roles you've
taken and the dates as well as your
achievements within those roles finally educational skills start with the latest degrees or
certificates and include descriptions on what you've learned and applied according as for your
skills add those that you master especially the technical ones and the non-technical ones of
course in a nutshell take good care of your digital profile especially your professional one maintain
a complete good looking profile with a catchy summary clear experiences with achievements and
showcasing your education and skills list all your key skills so that your profile will rank within the
correct SEO keywords post
articles and engage with people by communicating on their posts so stay on top of their mind and
pave the way for more opportunities this applies also to all your digital profiles so move around
updating your digital presence everywhere keeping them always up to date and creating more
engagement whenever possible see you in the next video
Crafting your Resume!
Yes, we are in the social media era but resumes still matter and we want to make the best out
of them as well. The good news is, that your resume is a formalized version of your LinkedIn
profile, so you can easily copy what you’ve added there with some slight tweaks.

Amidst the hundreds and hundreds of resumes that recruiters get to see every day, you want
to give them something that would keep them engaged with your resume as long as possible!

Watch this video to know more about the tips and tricks that you can follow when putting up
your resume together or updating it in a way that would make it look more catchy for
recruiters!

https://www.youtube.com/watch?v=6ARIjT0FjTY
yes we are in the social media era but resumes still matter and we want to make the best out of
them as well the good news is your resume is a formalized version of your LinkedIn profile so you
can easily copy what we've added there with some slight tweaks again remember recruiters see
lots and lots of resumes and they are in the game of elimination we want to give them something
to keep them engaged with our resumes as long as possible digging deeper you need to consider
two guidelines first the structure and the format of your resume at first begin the heading with the
relevant info your name your phone email location and links like LinkedIn or maybe your web page
or if
you have one then you need to Showcase your best strength so begin with your working
experience projects followed by your education and skills yes very similar to your LinkedIn profile
use the same formatting for all sections emphasizing the headings and what you want to highlight
under each of them also try to fit it in one page I know
it's hard sometimes but we don't want to overwhelm recruiters but long document that they feel
Troublesome going through so stick to the highlights and what you really wanted to know about
you and your work experience to wrap up the first section make sure that your resume
demonstrates strong structural format including correct textures and headlines consistent
formatting with font and design and Alignment within and between the section the second thing
we need to fill the sections effectively so under
your first section The Experience biological role responsibilities and your best achievements
anyone can mention they have a big role of achievements act as some kind of proof after all
recruiters want results you can include non-technical accomplishments as well like assembling
and leading a powerful theme that made big achievements or for example engaging your people
through various activities or projects and so on include at least one bullet point of professional
contribution and one for results or success metrics under each role start your sentences with
action verbs while taking care of the tenses for example I designed concept and established
partnership with major Telecom players after your work experience cover your certificates and
courses followed by your formal education degree and GPA finally your skills section mention your
technical Knowledge and Skills like the programming languages you've been using also don't
forget to State your non-technical leadership skills like planning organizing and coaching Etc I will
also share with you some resume
examples so as you can see here the resume has no professional formatting the sections are not
typically correct in order the experience with great companies is there but there are no details or
useful responsibilities summaries of certificates are not there
so there are only names or certificates with no details whatsoever versus this format
so it follows the structure it's on one page consistent formatting of bullets The Heading is clear
and the sections are very clear and detailed here you can see projects experiences you can see
action verbs at the sentences and the sentences are not
longer than a line and a half to wrap up remember that your resume is your ID card that can open
up opportunities for you so put a lot of thought into it and it's not always what
you say but how you say it so how the resume looks like is as important as what it entails so make
sure this formatting is neat and attractive it will leave a powerful impression on your employer
lastly don't forget to mention your achievements in the form of figures as well as using the
powerful action verbs all these will leave a strong
impression that will increase your chances of securing an interview try to highlight your
achievements when you are in charge of a team or an initiative that elaborates what your new
employer will gain after hiring you to manage a new group of people or take a certain initiative
start working on your resume now by opening the template trade on
slack download the checklist from your career panel resume review lesson after
preparing your resume submitted on the career portal by the next week start building your
impressive resume now best of luck
Don’t miss out on attending your career coaching sessions!

Below are the resources that will help you polish your digital profiles,

CV Builders:
• Zety
• Resumenerd
• Resumenerd
• Livecareer
Resume & CV mistakes to avoid:
• Topic 1
• Topic 2
• Topic 3
• Topic 4
Cover Letter:
• Topic 1
• Topic 2
Profile Picture:
• Topic 1
8. Cybersecurity for Business Leaders
Meet the Instructor
https://www.youtube.com/watch?v=hXOFnyPNEN4
My name is Dr. Eric Todd Hollis, MBA, PhD, a 30-year US Navy veteran, having served in more than
50 different countries during my military career. While serving in the military, I worked in
Information Technology and Cybersecurity. In addition, I am currently a university professor,
teaching Cybersecurity, Information Technology, Business Analytics, IoT, Blockchain, and a
plethora of PhD dissertation classes. Currently, I have my own consulting company, Hollis Group
LLC, which is a disabled veteran owned small business. In addition, I have the following
certifications, CISM, CDPAC, Security plus CE, IoT and Blockchain.

My Cybersecurity experience
I have been working in the field of Cybersecurity for more than X years in a variety of
capacities:

• As a 30-year U.S. Navy Veteran, I was involved in Information

Technology and Cybersecurity. I traveled and served in more than 50 countries.
• I teach a Cybersecurity at the university level
• I have multiple cyber-certifications:
• CISM: Certified Information Security Manager (CISM) is an advanced certification
that indicates that an individual possesses the knowledge and experience
required to develop and manage an enterprise information security (infosec)
program.
• CDPSE: The Certified Data Privacy Solutions Engineer (CDPSE) certification is the
first experience-based, technical certification of its kind, assessing a technology
professional’s ability to implement privacy by design to enable organizations to
enhance privacy technology platforms and products that provide benefits to
consumers, build trust, and advance data privacy.
• Security + CE: A global certification that validates the baseline skills necessary to
perform core security functions and pursue an IT security career.
More about me
• I also teach university-level classes on Information Technology, Business Analytics, IoT,
and Blockchain
• I am CEO of a Disabled Veteran Owned Small Business (SDVOSB)
Course Outline
https://www.youtube.com/watch?v=1bihKwlDSUs
Senior leaders, you need to address cybersecurity as such, either you have been breached or you
are going to be breached. Question is, what are you going to do about it? Let's take a look at how
the course is designed. In the first lesson, we will introduce you to what threats are, types of
threats, where they originate, and how they attack. We will also look at your biggest vulnerability,
your people. Your best defenses against an attack would be a combination of people, policy, and
technology. Having a network detection system is your first line defense for an attack. But you will
also need to have a plan in place in case of a breach incident. The culture of any organization is
shaped by leadership. This is especially true when developing and nurturing a cybersecurity
culture. Senior leaders must practice and promote a organizational culture that embraces
cybersecurity. An organization's cybersecurity posture is only as effective as the investments
made unto cybersecurity. How important is your organization's data, and how much are you willing
to invest to protect it? Each industry has its own special challenges and attack vectors. We will
take a deep look into the technology, finance, and healthcare industries. By the end of this course,
you will have an understanding of how to help your organization develop a strong cybersecurity
program.

Course Outline
This course is designed to get you started in thinking about the place for cybersecurity in your
organization.
Here are the topics for the course:

Cyber Challenges We Face Today

What threats are, what types of threats, where do they originate from, and how do they attack?
We will also look at your biggest vulnerability: your people.

Effective Detection and Responses

Your best defenses against an attack will be a combination of people, policy, and technology.
Having a network detection system is your best first-line defense for an attack, but you also need
to have a plan in case of a breach incident.

Cybersecurity Culture
The culture of any organization is shaped by leadership; this is especially true with developing and
nurturing a Cybersecurity culture. Senior leaders must practice and promote an organizational
culture that embraces cybersecurity.
Making Investments
An organization’s cybersecurity posture is only as effective as the investments made into
Cybersecurity. How important is your organization’s data, and how much will you invest in
protecting it?

(Elective Lesson) Threat Analysis By Industry

Each industry has its own special challenges and attack vectors. We will deeply examine the
technology, finance, and healthcare industries.

A note about reflection questions

At the bottom of each page is a question prompt to get you started thinking about cybersecurity
at your own organization. Many business leaders like to record their ideas as they go along the
course. You can go back at any time to review or modify your response.
Additionally, we have created a template for you to use to record all of your ideas and thoughts in
once place. You can find the file Cybersecurity for Business Leaders Question
Template located under the Resources section of this lesson.
Lesson Overview
https://www.youtube.com/watch?v=qVnQtq9USbg
In this first introduction to cybersecurity lesson, we will start by defining cybersecurity and look at
why it matters for your organization. In the next section, we will answer many questions about
threats, such as types of threats exist, what levels of threats exist, where they originate from, how
they attack and why they lead to attack in the first place. In the top threats section, we will look at
major threats that target businesses.
But we will especially look at social engineering, which is the most dangerous threat you will face.
Tabletop exercises are essential for planning. We will walk through your role in making sure that
your organization understands and practices these exercises on a regular basis as needed. Finally,
we will look at real world examples so you can see how cybersecurity or rather a lack of
cybersecurity affected a well known company. Let's get started.
Lesson Outline
This lesson will teach you what you need to get started understanding what cybersecurity is and
how it affects businesses of all types and sizes. Here are the topics for the lesson
What is Cybersecurity
In this first introduction to Cybersecurity lesson, we will start by defining cybersecurity and
look at why it matters for your organization.

Introduction to Cyber Threats

We will answer any questions about threats such as what types of threats exist, what levels of
threats exist, where they originate from, how they attack, and why they tend to attack in the
first place.

Top Threats for Business

We will look at the major threats that target businesses, but we will especially look at social
engineering, which is the most dangerous threat you will face.

Tabletop Exercises
Tabletop exercises are essential for planning. We will walk through your role in making sure
your organization understands and practices these exercises on a regular basis as needed.

Case Study Analysis

We will look at a real-world example so you can see how Cybersecurity, or rather a lack of
Cybersecurity, affected a well-known company.
What is Cybersecurity
https://www.youtube.com/watch?v=91k-hN-2wRk
In this section, we will answer many questions about threats, such as what type of threats exist,
what levels of threats exist, where they originate from, how they attack, and why they tend to
attack in the first place. Cybersecurity is the practice of ensuring your information is protected
from entities who are not permitted to access it. I like to start this journey with a story. This
happened doing my military tour in Seoul, Korea on the importance of cybersecurity awareness
and culture within your organization at every level and from every employee. While stationed in
Korea, I was the Information Systems Security Manager, directly responsible for all US Navy units
operating in Korea. My primary job was to provide oversight for all Sabi security-related issues
throughout the peninsula. At that time, there was a new virus called ILOVEYOU that was
promulgated throughout the world. Unfortunately, one of my close Navy colleagues who was 100
percent familiar and aware of the importance of security and intelligence, received an email with
the subject, I love you, assuming it was from his girlfriend back in United States, there was no
reason for him to be suspicious. He clicked on the email to read it.
Almost immediately, the virus spread across more than 15,000 military and civilian units
throughout the peninsula bringing our network to a call that at times was so slow, it could not even
be used. It took my cybersecurity team over one week to eradicate the virus on all computers in
the region. The military was not only affected, 10 million computers were affected worldwide.
Businesses were extremely vulnerable. What is the lesson learned? In today's technology reliant
world, we cannot afford to let our guard down ever. We need to think about our actions that can
put
our company at risk including your company. This is why it is critical that every organization
makes cybersecurity a priority. But what exactly is cybersecurity? Think about all the data that is
part of your business. That data consist of documents, images, videos, databases, software
program, and any other digital files that are part of your business. In order for your business to
operate, that data needs to be assessed by and your software needs to be used by local
employees, remote employees, business partners, suppliers, third party vendors, and customers.
This is why cybersecurity matters. The real challenge is keeping data protected but also
accessible and available for people and companies. It is paramount that cybersecurity vigilance is
at the forefront of every business leaders mind. The goal of this course is to empower business
leaders to understand how and why cybersecurity needs to be an integral part of their
organization.
Cybersecurity is the practice of ensuring your information is protected from entities who are not
permitted to access it.

Knowing your data

Your business data includes documents, images, videos, databases, and any other digital files that are part of
your business. All that data needs to be accessed through your network by internal employees, remote
employees, suppliers, 3rd party vendors, business partners, and customers.

The real challenge is keeping all that data protected, but also accessible and available to whoever needs to
access it.
QUESTION 1 OF 2

Which of the following is true about cybersecurity?

• The real challenge in cybersecurity is providing access to your network and data, but at the same time
protecting it.

• The real challenge in cybersecurity is limiting access to your network and data in order to protect it.

Thinking about the data your organization.

Depending on the company, industry, and type of data involved, there may be strict regulations on
how data is collected, accessed, or modified. Each department may require specific steps based on
who needs access. For example, the IT team needs one type of access, the Sales team needs a
different type, and the clients connecting in from offsite may have another. The formal steps they use
to access the data can be defined as protocols. What protocols are in place to protect and provide
access to that data? How do the protocols differ based on who is accessing that data?

Additional Resources
• Read more about one of the first global viruses, The I Love You virus
Introduction to Cyber Threats
https://www.youtube.com/watch?v=_9VaalOaHV0
Not only does a breach in cybersecurity cause damage to the organization, but it also causes
financial, legal, and reputational damage to the breached organization. There is a progression of
danger that I want to lead you through. As we begin our journey, it is important that we use correct
terminology when we talk about these. Cybersecurity threat is a malevolent act where a bad actor
strives to destroy, capture, or disturb your organization's digitally connected workplace.
Cybersecurity attack occurs constantly by bad actors, both internal or external, attempting to
penetrate your organization cybersecurity defenses. Finally, a cybersecurity breach occurs when a
bad actor, either internal or external, has successfully penetrated your organization cybersecurity
defenses and stole unauthorized data. We're going to start our journey, first, talking about threats.
What makes these threats especially dangerous to organizations is that the methods that bad
actors use to break into a network are constantly changing. What this means is the threats you
detected yesterday, might be different than what you detected today. What's worse, the
mechanism you put into place to protect today may not be effective tomorrow. Cyber threats
affect specific people, all types and sizes of organizations, and entire governments. Yes, big
companies are targets. However, you might be surprised to learn that over 50 percent of actual
breaches occur at small businesses. Identifying a threat is the key to preventing an attack and a
breach. But surprisingly, it is not always clear on exactly what is and what is not a threat. In
cybersecurity, a threat becomes real if there is actual evidence to suggest that your organization
meets the criteria that a bad actor or threat appears to be targeting, and there is opportunity and
motivation to actually be attacked. A real threat has a higher probability of becoming an attack or a
breach. But there is another type of threat called perceived threat, and they can be distracting, so
we need to address that perceived threat. A perceived threat is one where there is no actual
evidence, nor is there real opportunity or motivation to be actually attacked. However, you or
people within your organization simply believe that there is a threat anyway. Usually, these are just
based on lack of knowledge and fear. For example, on the news, you hear about a data breach at a
hospital in Florida that had to address a ransomware attack, and because your brother works at
that hospital, you are keenly aware of the details. This threat is in your mind, even though no
particular threat has been verified. This is an important distinction because you have limited
resources, so you have to make sure to focus your intention on real threats.
The first step in Cybersecurity is understanding basic vocabulary. This allows you to ask
probing questions from your teams.
• A Cybersecurity threat is a malevolent act where a bad actor strives to destroy,
capture, or disturb your organization’s digitally connected workplace
• A Cybersecurity attack occurs constantly and is by bad actors, both internal and
external, attempting to penetrate your organization’s cybersecurity defenses
• A Cybersecurity breach occurs when a bad actor, either internal or external,
has successfully penetrated your organization’s Cybersecurity defenses and stolen
unauthorized data
What makes threats especially dangerous to organizations is that the methods that bad actors use
to break into a network are constantly changing.

Based on these scenarios, see if you can identify which stage is appropriate.

Threat
There is political unrest in a country known to have sophisticated hacking expertise. You have a
supplier headquartered in that area of the world. Because your organization is high profile, there
has been buzz on social media that mentions your company name. But, as of now, you have not
noticed any suspicious behavior.

Attack
You have several layers of cybersecurity protection in place, one of which can automatically detect
suspicious activity on the network. You have received several alert messages that concern you.
There may be something going on right now.

Breach
Your IT director has informed you that there is evidence that the attack was successful. While no
data seems to be deleted or changed, it does appear as if a large amount of data was copied to an
offsite server.
Real vs. perceived threats

A threat becomes real if there is actual evidence to suggest that your organization meets
the criteria that a bad actor or threat seems to be targeting and there is opportunity and
motivation to actually be attacked.
A perceived threat is one where there is no actual evidence to suggest that your
organization meets certain criteria nor is there a real opportunity or motivation to actually
be attacked. However, you or someone within your organization simply believe that there is a
threat anyway. Usually, these are just based on a lack of knowledge and fear.

https://www.youtube.com/watch?v=Ja7sY3kk6xA
Breaches happen when threats are not properly addressed by your organization. It is even more
vital that organizations remain vigilant, and have a cybersecurity awareness, embedded in every
decision they make, every plan they develop, and every action they take. The phone call, no
business leader wants to hear is, "Hello, we have a security breach". It is clear these threats exist.
But where are they coming from? This is important to know because, sometimes your business
units might be so forth down in the weeds of defense, that they may not be considering where
threats can originate from. One source is internal. These are current members of your
organizations. They can be unhappy employees who are intentionally being malicious. Or it could
be someone just randomly clicking on a link, or inadvertently given secure information to another
person, they trust it or a person who simply unaware, not paying attention and making bad
decisions. By external sources, we mean a person or entity from outside the organization. Your
company may deal with suppliers, customers, business partners, competitors, and vendors who do
not have the same appreciation for cybersecurity as you. Research has shown that 63 percent of
breaches occur from external sources. There are three main types of these. Rogue nations break
international law, and are a threat to global peace. Does your company have any government
contract with countries where cybersecurity is not a top priority or worse, where they have a strong
distaste for the country you are from. Terrorist organizations. A group that is determined to
commit acts of violence, generate fear or disrupt infrastructure of any nation or business. You
have to be careful of what relationships you develop with people you do not know personally.
Competitors. A similar corporate organization that produces the same product or service as your
organization. Do not assume that your competitors have the same standards of ethics that you do.
Be careful of the relationships that exists with people in competitor businesses. Ultimately, a
threat exists because there is a person or a group who has the capability and motivation to attack
your organization. The actual mechanism of attack can originate from a variety of tools. The end
product of that attack were most likely fall under one of these categories. Financial gain. This is
when hacking occurs in an attempt to elicit money, either by stealing money, selling private data,
selling information or through some type of blackmail. Corporate espionage. This refers to hacking
into an organization system to steal trade secrets. This might be from a competitor trying to get a
competitive advantage or a rogue nation trying to help his own economy or a hacker group who
can sell information on the black market. Disruption. The intention is simply to cause havoc,
disrupt operation called a downfall or hurt business.
Sources of threats
Research has shown that 63% of breaches occur from external sources.
Threats original usually from 2 possible venues:

Internal employees
• Disgruntled: This can be from angry and disgruntled employees who are intentionally
being malicious
• Unaware: Someone just randomly clicking on a link, inadvertently giving secure
information to another person they trusted or a person who is simply unaware and
making bad decisions.
External
• Rogue nations break international law and are a threat to global peace. Does your
company have any government contracts with countries where cybersecurity is not a top
priority or where they have a strong distaste for the country you are from?
• Terrorist groups are determined to commit acts of violence, generate fear or disrupt
the infrastructure of any nation or business.
• Competitor: A similar corporate organization that produces the same product or
service as your organization. Don’t assume that your competitors have the same standards
of ethics that you do. Be careful of the relationships that exist with people in competitor
businesses.
Top reasons for attacks
Can you identify the motivation for thecyber-attack?

THE ATTACK (BLUE COLOR) REASON FOR THE ATTACK

Financial gain
An international bank was hacked

Corporate espionage
The recipe for Coke was accessed on a cloud computerused to store backup data for Coca-cola.

Disruption
A popular website was defaced and rendered useless

Most attackers tend to have one of the following in mind when they attack:

• Financial gain: This is when hacking occurs in an attempt to elicit money either by
stealing money, selling private data, selling information, or through some type of
blackmail.
• Corporate espionage: This refers to hacking into an organization's system to steal
trade secrets. This might be from a competitor trying to get a competitive advantage, a
rogue nation trying to help its own economy, or a hacker group that can sell the info on
the black market.
• Disruption: The intention is simply to cause havoc, disrupt operations, cause a
downfall, or hurt business.

Thinking about threats, attacks, and breaches.

Has your organization ever been involved in a cyberthreat, cyberattack, or cyberbreach? What
were some of the lessons learned from that experience?
Top Threats for Business
https://www.youtube.com/watch?v=LPNSl1Jg1M8
There are numerous ways in which attacks can happen. As a leader of your organization, you need
to be aware of some of the most common. One common threat is denial of service or DoS. This
type of threat is focused more on disrupting business.
It is an orchestrated attack on your website meant to be so intense that the website literary
crashes preventing customers and clients from doing business. These other attacks are more
about getting access to your network and data. Some attacks originate through your third-party
supplier, partner, or vendor systems. Many leaders don't recognize this as their vulnerability. A bad
actor can gain access to the network through something as simple as a air conditioning control
unit, which is actually a device on your network. Your own infrastructure can be a source of
vulnerability. This can be any software program or devices on your network. It is hard to keep
everything up-to-date so these are often targets. The other way is through login accounts. Simple
passwords, not enough characters, and incorrect permissions are frequent causes. This brings us
to your people. The methods of attack we just looked at have something in common. At some
point, an actual person in your organization was involved. Any business leader will tell you that the
employee is the most important asset of the organization. However, just as my colleague who
opened the "I love you email" can confirm within every organization, people are the cause of the
vast amount of cyber security breaches. Humans by nature, bring a certain amount of uncertainty.
Over 20 percent of all reported data breaches in businesses were caused by employees. In fact,
over 80 percent of cyber attacks were orchestrated through email. That means employees you
trust clicked on something, looked at something, or forwarded it to others. This leads us to one of
the most dangerous methods of attack called social engineering. This is the one I need you to
especially pay attention to. Essentially, social engineering is the manipulation of an individual to
have them divulge information or perform an action which can lead to an attack. Social
engineering is dangerous for your business because it involves relationships, emotions, and
decision-making,
things which are human nature, which you cannot control. This can happen in a single instance or
may happen over time. It can happen via email, telephone, or even in person. This information is
used to gain access to your network. We have all seen the email from a distant relative who left
the money or that you have won the lottery. But this could just as easily be an email from head of
the company asking you to click here, or a phone call from your IT cyber team asking you to
change your password with the link they will send you. For the attack to be successful, someone
had to click a link which enabled the attackers, or what we call bad actors, to have access to your
network and data. When they actually enter your system and access that data, it's when it turns
into a breach. While there are many ways social engineering can manipulate people, by far the
most common is phishing, spelled with P-H and not an F. You can imagine a person in a boat
throwing a baited hook over the side hoping for anything to bite. The bait is usually an email or text
sent hoping to entice anyone to click on a link. That link is not what it seems and may result in
malware or ransomware being installed or going to a destination website, which is also not what it
seems. These messages might appear to be from someone in IT or a trusted colleague, but they
are not. You especially need to be aware of two specific types of phishing. The first one is called
whale phishing. This is where bad actors focus specifically on people like you, the top leadership.
The second is called spear phishing, and it is targeted to specific people or roles. For example,
they may target the head of HR.
Any business leader will tell you that the employee is the most important asset of the organization. However
within every organization, people are the cause of the vast amount of cybersecurity breaches.

Top threat methods

Business disruption
• Denial of Service: DOS This type of threat is focused more on disrupting business. It is an
orchestrated attack on your website meant to be so intense that the website literally crashes,
preventing customers and clients from doing business.

Gaining access to network and data

• Third-Party Exposure: A bad actor can get access to the network through something as simple as
an air conditioning control unit, which is actually a device on your network
• Insecure Networks: Your own infrastructure can be a source of vulnerability. This can be any
software program or device on your network--it is hard to keep everything up to date, so these are
often targets. The other way is through login accounts--simple passwords (not enough characters)
and incorrect permissions are frequent causes.
• Social Engineering: A psychological manipulation to trick users into making security mistakes or
giving away sensitive information. It is the most dangerous for your business because it involves
elements of human nature such as relationships, emotions, and decision-making.

Phishing
One of the biggest threats to any organization is called Phishing, which is a form of social engineering. It is
the leading cause of the majority of attacks and breaches. The two most common ways this works:
1. When a trusting employee or partner is tricked into giving confidential information. This could be
over the phone, in chat, on social media, or in a company email. These messages might appear to be
from someone in IT or maybe even a trusted colleague…..but they are not. Any information
collected is used to infiltrate the network.
2. Getting an employee or 3rd party to perform an action, such as clicking on a link or going to a
website. Except that link is not what it seems, and may result in malware or ransomware being
installed, or going to a destination website which is also NOT what it seems.
Phishing has evolved because it is so lucrative. Business leaders need to be especially vigilant with regard to
2 types of fishing

• Whale fishing: This is targeted at top leadership.

• Spear fishing: This is targeted at specific people or roles. For example, they may target the head of
HR

Social Engineering is the most common threat vector for attack. How well do you
know about phishing?
Sole phishing

WHO IS TARGETED?

PHISHING TYPE
Whale phishing
High level executives are targets

Spear phishing
Influential and key personnel are targets

Phishing
Any person willing to click on a link or give voluntary information

Thinking about social engineering.

Have you ever received a phone call, message, or email that could be considered "Phishing?"
What made you suspicious?

Additional types of common threats

As a leader, it is worth your time to explore the various types of common threats. This will give you the
appropriate vocabulary to interact with your team leaders.
• Malware - A Software program that has the purpose to install and infect your computer or mobile
device. This type of threat can breach your cybersecurity network and put your organization at risk if
you or one of your employees clicks on a suspicious email link.
• Ransomware - This type of attack has grown in recent years and involves breaching and then
encrypting the victim's data and demanding to be paid a ransom (usually in BITCOIN) to decrypt the
data for the victim. Please review this blog post: Why hackers rely on Bitcoin for ransom
payments for additional information.
• Attack on IoT devices - In today’s connected digital environment, there are more than 50B IoT
devices connected to the internet and more importantly, a vast majority are not properly secured with
strong passwords. This vulnerability allows hackers the opportunity to breach these IoT devices and
cause damage or shut down an entire organization. Once breached, these devices can also be used
as DDOS instruments
Tabletop Exercises
https://www.youtube.com/watch?v=JkN70VoReK8
In this uncertain world, the best strategy you can use is to be proactive before attacks and
breaches happen. There is a best practice you need to be aware of called a cyber-security crisis
tabletop exercise. It's a scenario-based planned exercise, that assist in evaluating your
organization's capability to handle a cyber-security breach. In essence, what you're doing, is going
through a mental exercise about handling common scenarios, such as malware attacks,
unauthorized access, and ransomware. A tabletop exercise may be one of the most important
tools you can use to enhance your cyber-security posture. What are they? How do they work, and
what is your role? First, this is not something you pass off to others. You need to take ownership
of this. Show your full support leading up to, during, and after the event. Insist that these take
place formerly at least once a year. You need to get your business units comfortable having these
conversations, and it takes practice. You need to ensure that these exercises includes all internal
stakeholders, including board members, C-Suite leadership, leadership of every business unit, and
key personnel who can add value with their institutional knowledge. Assuming you have the event
planned, and everyone is sitting around a table, the exercise itself begins. You don't actually have
to lead this event. The entire exercise should be facilitated by an experienced and trained evaluator
who specializes in leading cyber-security tabletop exercises. This person can help manage and
ensure appropriate people are involved in the discussions by asking tough questions, and helping
guide the direction of the discussion. During this exercise, the entire group works through every
aspect of cyber-security in your organization. From prevention to detection, response, and
recovery. But what can enhance this experience, even more, is to include external stakeholders
such as law enforcement, third-party vendors, and affected customers. Each can bring an
unbiased perspective and feedback. In essence, the tabletop exercises help you start to answer
the who, what, when, where, why, and how questions. One of the most important results of a
tabletop exercise is the detailed lessons learned report that you build during the exercise. Which is
your to-do list, telling you where and how to improve and enhance the organization's cyber-security
posture. Through the lessons learned and conversations around the items on the list, your crisis
management procedures start to take shape. Identify all key stakeholders within the organization,
and highlight their roles and responsibilities in preparation and response to a breach. Underscores
the need to collaborate, and have effective communications which select the team members and
business units to ensure organizational cohesiveness. Part of the communication needs to be,
how the organization will respond publicly with shareholders and customers. Highlight any missed
procedures or gaps in the organization's cyber-security restoration plan. I mentioned doing these
at least once a year, but some organizations do them more frequently, even in a less formal style.
The key is, practice, practice, practice. The knowledge and understanding you collect doing these
exercises will help improve your cyber-security posture. Later in the course, we will discuss several
ways to do that.
What is a Tabletop Exercise?
A Scenario-based planned exercise that assists in evaluating your organization’s capability to
handle a cybersecurity breach. Leadership teams and other stakeholders work through mental
exercises involving handling common scenarios such as malware attacks, unauthorized
access, and ransomware. These are usually led by professionals who specialize in leading
these types of exercises.

What is the purpose of the Tabletop Exercise?

To work through every aspect of cybersecurity in your organization,
from prevention to detection, to response and recovery.

What is your role?

Your primary role is in 4 areas:

1. Make sure these happen with your support and involvement. These conversations get
your business units comfortable having these conversations.
2. Ensure that the exercise includes all internal stakeholders, including board members,
C- suite leadership, the leadership of every business unit, and key personnel who can
add value with their institutional knowledge
3. As a follow-up to these exercises, ensure that an Incident Response Plan(IR) is
created or modified based on findings during the exercises (We will talk about IR in this
course). Additionally, hold team leaders accountable for following up on any identified
vulnerabilities.

What are the outcomes of a Tabletop Exercise?

• A detailed lessons-learned report that you build during the exercise, which is like your
to-do list telling you where and how to improve and enhance the organization’s
cybersecurity posture. This informal document will be used to create an Incident
Response plan(discussed in the next lesson)
• Highlight roles and responsibilities of all key stakeholders within the organization.
• Underscores the need to collaborate and have effective communications with
selected team members and business units to ensure organizational cohesiveness.
• Highlight any missed procedures or gaps in the organization’s cybersecurity
restoration plan
As you think about your role in implementing Tabletop Exercise, what several
things you need to do?
• Make sure these happen with your full support and involvement.
• Ensure that the exercise includes all internal stakeholders.
• Be prepared to lead the entire event
• Afterward, ensure that an Incident Response Plan(IR) is created or modified based on findings
during the exercises.
• Afterward, hold team leaders accountable for following up on any identified vulnerabilities.

Thinking about tabletop exercises.

Who are the internal and external stakeholders that will take part in your tabletop exercises?
What scenarios will you focus on?
Case Study Analysis
https://www.youtube.com/watch?v=DncBXQAvdfk
senior leaders let me underscore why you should be mindful of attempted social engineering
threats and breaches within your organization let's take a look at entertainment powerhouse sony
who was breached due to a spear fishing attack a few senior executives at sony were targeted of a
spearfishing attack they were duped with fake messages on facebook from a friend who
encouraged them to log in with an apple id that login information was used to access sony's
network and personal information of employees and actors which was leaked to the public the fbi
believed the breach originated from a hacker group that has ties to north korea who were
retaliating to a release of an upcoming comedy about north korea sony had to pay more than 8
million
dollars in fines and restitution over employees personal data laws sony learned a lot from that
experience and their takeaways is a great starting point for any organization
on how to approach cyber security while it is not possible to completely protect your network and
data here are four things you can do to best be prepared for cyber threats
your people have to be aware of what cyber security is and its importance to your organization
they need to have the necessary training to help them make smart decisions in their day-to-day
work have certified professionals regularly test your network to identify potential vulnerabilities
invest in software and hardware that
continuously monitors your network for suspicious activity your leadership team needs to have
regular discussions on how to respond to cyber attacks throughout this course we will expand on
these ideas

Sony spear-phishing attack

A few senior executives at Sony were the target of a Spear Phishing attack. They were duped
with fake messages on Facebook from a friend who encouraged them to log in with an Apple
ID. That login information was used to access Sony’s network and personal information of
employees and actors was leaked to the public. The FBI believes the breach originated from a
hacker group that has ties to North Korea, who were retaliating against a release of an
upcoming comedy about North Korea.
Sony had to pay more than $8M in fines and restitution over employees’ personal data loss.
Sony restructured its security team and hired outside firms to clean up and improve its
cybersecurity posture.
Takeaways
• Everyone should be aware of the impact of cybersecurity on your organization:
• Provide necessary training to help them make smart decisions in their day-to-day work
• Have certified professionals regularly test your network to identify potential
vulnerabilities
• Invest in software and hardware that continuously monitors your network for
suspicious activity
• Hold frequent leadership teams discussions about your response to cyber attacks

https://www.youtube.com/watch?v=deHtgeS6GRE
Let's review what we've learned in this lesson. As a leader, you have to understand how important
having an understanding of what cybersecurity is, so you can defend against threats that are
common in business. Leading your organization through mental exercises of likely scenarios helps
prepare your team to think proactively about cybersecurity.

As a leader, you have to understand how important having an understanding of what cybersecurity is,
so you can defend against threats that are common in business. Leading your organization through the
mental exercises of possible scenarios helps prepare your team to think proactively about
cybersecurity.

We covered these topics

• What is Cybersecurity
• Introduction to Cyber Threats
• Top Threats for Business
• Tabletop Exercises
• Case Study Analysis
Lesson Overview
https://www.youtube.com/watch?v=VXNZ4mBuYNI&t=1s
welcome back fellow business leaders how will you know that your organization is being attacked
and subsequently breached in this section i'll introduce you to your first line of defense network
detection and response compliance and standards are especially important in helping you prepare
your network your team and your business for a strong cyber security posture i'll introduce you to
some of the organizations who can help you navigate this complicated landscape should a breach
occur there are several legal considerations you need to be aware of i'll walk you through what you
need to know and how to approach handling a breach your incident response plan is your
playbook for preparing for and detecting an attack and should the attack be successful
it will help guide you in your response your people are your biggest liability but also your greatest
asset we will look at taking advantage of the power of your team and finally we will look at a real
world example so you can see how a major retailer handled a data breach okay let's get started

Lesson Outline
This lesson will teach you several strategies you can use to detect intruders. We will also explore
strategies for how to respond if you do detect something "suspicious." Here are the topics for the
lesson:

Introduction to Detection and Response

How will you know that your organization is being attacked and subsequently breached? In
this lesson, we learn about your first line of defense: Network Detection and Response

Compliance and Standards

Compliance and standards are especially important in helping you prepare your network,
your team, and your business for a strong cybersecurity posture. I’ll introduce you to some of
the organizations that can help you navigate this complicated landscape.

Legal and Disclosure Issues with Breaches

Should a breach occur, there are several legal considerations you need to be aware of. I’ll walk
you through what you need to know and how to approach handling a breach.

Incident Response Plan

Your incident response plan is your playbook for preparing for and detecting an attack, and
should the attack be successful, it will help guide you in your response.

Working Together as a Team

Your people are both your biggest liability, but also your greatest asset. We will look at taking
advantage of the power of your team.

Case Study Analysis

Consider a real-world example so you can see how a major retailer handled a data breach
Introduction to Detection and Response
https://www.youtube.com/watch?v=AMyluLKTyg0
in the last lesson i focus on threats however i also mention attacks and breaches i want to clarify
something the vast majority of the digitally connected world considers and treats a cyber attack
and a cyber breach as the same thing as a business leader you need to understand that they are
different a cyber attack is specifically referring to
the attempt of breaking into your network not all attacks are successful a cyber breach is an
occurrence where a network is successfully attacked and data is accessed in an unlawful manner
so ultimately successful threats turn into attacks and successful attacks can then turn into
breaches here is a number that should scare you on any given day your network will be bombarded
by over 2000 attacks if one of those attacks is successful that means your data and systems may
be compromised order to remain competitive and profitable an organization has to protect its data
and you need to be able to detect any suspicious network activity which could be an indicator of a
possible cyber security attack for humans to be able to detect an attack as it is happening is highly
unlikely the sheer volume of network traffic just on an average day is beyond human
comprehension this is where technology can help ndr or network detection and response is one of
your main instruments of protection it is a network solution that can detect and respond to
intruders on the network even with huge amounts of data network detection and response is
extremely effective at recognizing both known and unknown threats it uses machine learning to
help recognize these threats and also provide the best response to eliminate or at least quarantine
the threat prior to it causing any damage to the organization ndr is one of your best first line
defense
against intruders

Cyber-attack vs. A cyber-breach

The vast majority of the digitally connected world considers and treats a cyber-attack and a cyber-
breach as the same thing. As a business leader, you need to understand that they are different.

A cyber-attack is specifically referring to the attempt of breaking into your network. Not all
attacks are successful.
A cyber-breach is an occurrence where a network is successfully attacked and data is
accessed in an unlawful manner.
Which of the following accurately describe attacks and breaches
• A cyber-attack is specifically referring to the attempt to break into your network. Not all attacks are
successful.
• A cyber-breach is an occurrence where a network is unsuccessfully attacked, and data does
not appear to have been accessed.
• A cyber-attack is specifically referring to the attempt to break into your network. Any
attempt is considered successful.
 • A cyber-breach is an occurrence where a network is successfully attacked, and data is accessed in
an unlawful manner.

Distinguishing threats, attacks, and breaches.

Many people confuse threats, attacks, and breaches. Describe how they relate to each other.

Network Detection and Response

For humans to be able to detect an attack as it is happening is HIGHLY unlikely. The sheer
volume of network traffic just on an average day is beyond human comprehension. This is
where technology can help. NDR, or Network Detection and Response, is one of your main
instruments of protection. It is a network solution, involving hardware and software that can
detect and respond to intruders on the network. NDR uses a variety of mechanisms to detect
suspicious activity, including artificial intelligence.

Improving your organization's detection and response.

Does your organization already have an NDR solution on your network? Are you taking full
advantage of its capabilities?
Compliance and Standards
https://www.youtube.com/watch?v=6Dn1bObTjrU
compliance and standards are foundational for organization security first let's define what we
mean by compliance and standards cyber security compliance standards are rules and regulations
that organizations must adhere to in order to protect corporate
and personal information from a data standpoint the primary objective in cyber security
compliance is to safeguard and protect and individuals or organizations more sensitive and
private data such as trademarked items copyrighted and intellectual property
but also health information financial data and personal identifiable information such as an address
or social security number because of the nature of this data some industries and government both
nationally and internationally have made efforts to encourage organizations to protect that data
these are why standards and regulations exist from a business point of view median compliance
standards communicates to their particular industry customers and competition that they are
making every effort to adhere to
government rules and regulation it also brings up the ideal of cyber insurance which would cover
you in case of a breach one of the due diligence steps is to be in compliance with and up to date
with any appropriate regulations not being in compliance could jeopardize a claim from a legal
standpoint should a breach ever occur the fact that your organization was doing its best to be in
compliance with government and industry standards can be vital we will talk more about that later
there are two main standard organizations that your organizations will interact with regularly to
improve your cyber security posture on the national level nist or national institute of standards and
technology is the go-to for topics related to all science and technology at the international level the
iso or international standards organization is an overarching umbrella for over 160 countries
national standards and is to go to for topics related to business and technology especially cyber
security they are especially useful for business continuity management security controls and data
protection keep in mind
both of these organizations provide guidelines for best practices however they are not mandatory

What is compliance?
Cybersecurity compliance standards are rules and regulations that organizations must adhere
to, in order to protect corporate and personal information.

Why do compliance and standards exist?

The primary objective of Cybersecurity compliance is to safeguard and protect an individual’s
or organization’s more sensitive and private data, such as trademarked items, copyrighted,
and intellectual property; but also health information, financial data, and personal identifiable
information (PII)such as address or social security number. Because of the nature of this data,
some industries and governments, both nationally and internationally have made efforts to
encourage organizations to protect that data. These are why the standards and regulations exist.
Standards organizations and frameworks
There are two main standard organizations that your organization will interact with regularly
to improve your cybersecurity posture:

• On the national level, NIST (National Institute of Standards and Technology), is the
primary resource for topics related to all science and technology.
• At the international level. The ISO (International Organization for Standardization),
is the overarching umbrella for over 160 countries' national standards and is the go-
to for topics related to business and technology, especially cybersecurity. They are
especially useful for Business Continuity Management, security controls, and data
protection.
Both of these organizations provide guidelines for best practices; however, they are not
mandatory.

QUESTION 1 OF 2

Which of the following are true about compliance and standards?

• The status of being in compliance means your organization has implemented all requirements
specified by an industry governing body or a national government.
• Standards are best practice recommendations and guidelines for preparing and handling
cybersecurity in an organization.
• Compliance is optional for a business.
• Standards are usually not worth the effort of investigating.

Being in compliance.
How can you ensure that each business unit leader is in compliance with any industry,
national, or international regulations? Are there any gaps that need to be addressed?
Technical standards resources

International Standards Organization

• International Standards Organization (ISO) 22301 – Best practice framework for
Business Continuity Management. ISO 22301 also assists organizations in renewing and
initiating BCMS within their organizations to enhance and improve the totality of
business-critical practices
• ISO/IEC (International Electrotechnical Commission) 27001 - ISO/IEC 27001 assists in
providing a structure for an organization to define and promote an enhanced security
management system
• SO/IEC 27002 - Best practice guidance for applying controls to improve organizational
security
• ISO/IEC 27032 - Guidance on cybersecurity or cyberspace management and
underscores the importance of protecting information and integrity of information in
cyberspace
• ISO/IEC 27701 – Privacy Information management (PIMS) was released in August 2019
and focuses on privacy defense as part of information security

NIST frameworks
• NIST Cybersecurity Framework, NIST 800-53 and NIST 171. The NIST Cybersecurity
Framework Core provides for crucial infrastructure, cybersecurity risks, and general
information security.
• NIST 800-53 and NIST 800-171 offer security controls for executing NIST Cybersecurity
Framework (CSF).

Cybersecurity and Infrastructure Security Agency

• CISA leads the Nation’s strategic and unified work to strengthen the security, resilience,
and workforce of the cyber ecosystem to protect critical services and the American way
of life.

Common Vulnerabilities and Exposures (CVE)

• Common Vulnerabilities and Exposures (CVE) is a continuously updated list of
vulnerabilities. This document highlights the most critical software updates (patches)
for cybersecurity threats that an organization should be aware of.
Legal and Disclosure Issues with Breaches
https://www.youtube.com/watch?v=Dq_YAaW9KeE
senior leaders need to be aware of the governing guidance pertaining to a data breach
once a data breach is confirmed your primary effort is to stop the attack limit the loss of the
breach and notify their property authorities and individuals affected the moment an attack is
detected your organization must act legally there are protocols you have to
adhere to these include communicating with all stakeholders as mandatory by law both internal
and external this may involve public or private communications responding in a reasonable time
frame especially when private or sensitive information is involved time may be vital making a
concerted effort to limit the losses caused by the breach this involves doing whatever is necessary
to stop the attack then following up by researching the attack to find out the origin of the attack
which is called the attack vector the most common legal matters tend to originate from these
areas meeting your legal responsibility following a breach may get complicated when you consider
where your organization may have employees customers or vendors in today's remote work world
employees for example can be located in numerous locations throughout the world there are legal
authorities in those areas that you are bound to for example if your headquarters is in canada one
of your suppliers is in new york and you have customers in the uk there may be several
international regulations you have to be aware of asides from geography legal issues that are
involved in data breaches are extensive the legal cost of a breach can be expensive for instance in
2014 after a massive data breach home depot paid over 15 million dollars in just attorney fees in
many cases companies are required to offer pay for identity monitoring for affected individuals
this can exceed a hundred dollars per person then when you consider a class action lawsuit that
cost can go up anthem for example paid 115 million to settle class action lawsuits government
fines can be exorbitant for example equifax was fined 575 million dollars
after they lost personal and financial data of 145 million customers a breach has a trickle down
effect which affects partners vendors suppliers and your customers
the reputation of not only your company but that of others as well these delicate issues can find
their way into the courtroom think about the price of a stock which directly affects the valuation of
your company this also affects your ability to borrow money
yes the legal considerations of cybersecurity are far and wide what's the takeaway not investing
time money and effort in the beginning can have long lasting consequences
organizations must be prepared to accept the legal consequences pertaining to cyber security
breaches and be aware of the notifications and reporting procedures required let's revisit the sony
breach we mentioned earlier two years after that incident sony lost a 8 million dollar class action
lawsuit that alleged sony failed to properly invest in adequate cyber security i want you to pay
special attention to what the court added
quote it is commonly known that consequences resulting from identity theft can be both serious
and long lasting
If a breach occurs, legally, there are protocols you have to adhere to.

These include

• Communicating with all stakeholders is mandatory by law, both internal and external. This may
involve public or private communications.
• Responding in a reasonable time frame. Especially when private or sensitive information is
involved, time may be vital.
• Making a concerted effort to limit the losses caused by the breach. This involves doing what is
necessary to stop the attack and then following that up by researching the attack to find out the origin
of the attack, called the Attack Vector.

Meeting the legal responsibilities following a breach may get complicated when you consider where your
organization may have employees, customers, or vendors. In today’s remote work world, employees, for
example, can be located in numerous locations throughout the world. There are legal authorities in those
areas that you are bound to.

For example, if your headquarters is in Canada, one of your suppliers is in NY., and you have customers in
the U.K, there may be several international regulations you have to be aware of.

One of the most important first steps you can take during, or after, a
successful attack, is ____ .
• Reprimand any responsible individuals
• Limit the losses caused by the breach
• Check your insurance for claim information

Legal considerations
Aside from geography, legal issues that are involved in data breaches are extensive.

• The legal cost of a breach can be costly.

• For instance, in 2014 after a massive data breach, Home Depot paid over 15 million dollars in
just attorney fees. More information here.
• Required to pay for identity monitoring or restitution for any affected individuals.
• This can exceed $100 per person. Then when you consider a class-action lawsuit, that cost
can go up. Anthem, for example, paid $115 million to settle class-action lawsuits. More
information here.
• Government fines can be exorbitant.
• For example, Equifax was fined $575 million dollars after they lost the personal and financial
data of 145 million customers. More information here.
• A breach has a trickle-down effect, which affects partners, vendors, suppliers, and your customers.
• The reputation of not only your company but that of others as well.
• The price of stock directly affects the valuation of your company. This also affects your ability to
borrow money.
Not investing time, money, and effort in the beginning can have long lasting consequences

In the Sony breach, we discussed in the last lesson, 2 years after there was an $8M class-action lawsuit. The
judge added to his findings, “It is commonly known that the consequences resulting from identity theft can
be both serious and long-lasting.”
Learn more about the high legal costs of data breaches

Becoming familiar with the legal side of cybersecurity

Based on what was discussed in this lesson, what is the most important thing you have learned about the
legal side of breaches?
SUBMIT

Legal authorities

National
• Federal Trade Commission (FTC)
• Recently, as of May 2022, the Federal Trade Commission (FTC) underscored that not
disclosing a data breach could be a violation of section 5 of the FTC ACT, which highlights
unfair or deceptive acts of initiatives pertaining to commerce.
• Security and Exchange Commission (SEC)
• fined a London (UK-based) company a $1M dollar fine for not disclosing information on
cybersecurity it experienced. Interestingly, laws and regulations vary by country, state, and
local jurisdictions pertaining to individuals, stakeholders, and organizations.

International
• The United Kingdom (UK) enforces the General Data Protection Regulation (GDPR) which is the
most stringent regulation in the world. It became effective May 25, 2018, and sets the guidelines for
the European Union (EU) and its citizens to have control over their personal data.
• Singapore has a Cybersecurity Act of 2018, which underscores measures to prevent, manage and
respond to cybersecurity threats and incidents, including critical infrastructure. See attached:
• In Japan pertaining to cybersecurity, the Act on Protection of Personal Information (APPI) has some
of the most stringent (similar to the UK’s GDPR) in terms of violating an individual's privacy rights.
To include, it applies to all business operations that handle the personal data of individuals in Japan.
See attached:
Incident Response
https://www.youtube.com/watch?v=jnBINhd2gAs
an incident response plan is a business term used across many industries and in most
businesses it is part of their cybersecurity posture the incident response is your organization's
formal plan preparation and response to a cyber security attack or data breach the incident
response plan helps you focus on how your business will handle a cyber security crisis it will focus
on several specific areas how you will re-establish organizational business operations even if it is
at a minimum level you can bet your employees clients and customers are anxiously waiting how
will you manage reputational damage to the organization have you lost trust of any stakeholders
public perception is important however equally important is how your customers clients and
partners perceive it long term that could affect revenue stock prices and valuation what changes
will you make to eliminate the vulnerability that was targeted in the attack remember a
vulnerability is a weakness there should be a maximum effort put into operational restoration your
security team must not only identify how the attack occurred but fix it and also prevent it from
occurring again what exactly are the components of this incident response plan identify what
procedures already exist and what resources in your organization need to be safeguarded for
example this helps you figure out your organizational values conduct a business impact analysis
bia protect
what agreed upon precautions are executed to guarantee the security of organizational resources
for example based on your bia have a plan and be ready to execute agreed upon precautions to
guarantee the security of organizational resources detect are there applicable measures in place
to detect a cyber security incident for example does your organization have an intrusion detection
protection device in place respond what methods are in place to suppress the effects of cyber
security instances for example has your organization created an ir plan and rehearse tabletop
exercises to respond to a cyber incident recover what pertinent practices are ready to be
implemented to reinstate resources that were affected during this cyber security incident for
example how will you restore your customers data in the event of a ransom attack when and how
is the rr plan created in the last lesson you learned about tabletop exercises which involves all
teams participating in various cyber related scenarios based on the conversations in those
meetings and what you've learned one of the outcomes of those exercise will be to create your ir
plan but incident response is actually part of a higher level initiative called business continuity
management also known as bcm technically bcm is defined as the capacity of a business to
sustain critical organizational functions proceeding during and after a disaster in layman's terms it
is an initiative that focus on re-establishing organizational business operations and reducing
monetary losses during that time of crisis the bcm handles scenarios of any disaster and crisis
such as a cyber security attack to the leaders out there hear me on this your organizational is
profitable when you have a great product or service however if your organization is breached and
the public loses confidence that you can protect their data they will go to your competitor
therefore it is critical that your organization has a thoughtful and productive
bcm in place no business leader likes to hear the words we have been breached in the case you
are breached it will be an all hands on deck scenario now follow your ir plan
What is an (I)ncident (R)esponse?
Your organization’s formal planned preparation and orchestrated response to a cybersecurity
attack or data breach.

What are the major components of your IR plan?

• Identify - What procedures already exist and what resources in your organization need
to be safeguarded? For example, This helps you figure out what your organization
values. Conduct a Business Impact Analysis (BIA)
• Protect - What agreed-upon precautions are executed to guarantee the security or
organizational resources? For example, Based on your BIA, have a plan and be ready to
execute agreed-upon precautions to guarantee the security of organizational
resources.
• Detect - Are there applicable measures in place to detect a cybersecurity incident? For
example, Does your organization have an Intrusion Detection/Protection device in
place?
• Respond - What methods are in place to suppress the effects of cybersecurity
instances? For example, Has your organization created an IR plan and rehearsed
tabletop exercises to respond to a cybersecurity incident?
• Recover – What pertinent practices are ready to be implemented to reinstate
resources that were affected during the cybersecurity incident? For example, How will
you restore your customer data in the event of a Ransomware attack?

QUESTION 1 OF 2
Your Incident Response plan is one of the most important documents you will have. Can you
match the elements that are included?
Submit to check your answer choices!
QUESTION TO ASK
IR ELEMENT
Identify
What procedures already exist and what resources are available?

Protect
What agreed-upon precautions are executed to guarantee the security or organizational resources?

Detect
Are there applicable measures in place to detect a cybersecurity incident?

Respond
What methods are in place to suppress the effects of cybersecurity instances?

Recover
What pertinent practices are ready to be implemented to reinstate resources that were affected during the
cybersecurity incident?

What are the major goals of your IR plan?

1. Reestablish organizational business operations
2. Manage reputational damage to the organization
3. Limit losses by Addressing known cybersecurity vulnerabilities

Improving your Incident Response plan.

What type of formal/informal planning is done in your organization to address threats,
attacks, and breaches? Are roles and responsibilities clearly defined for all employees?
Working Together in Teams
https://www.youtube.com/watch?v=jn08IFOZhdE
as we mentioned earlier your employees can inadvertently or intentionally put your network at risk
with that said they can also be your greatest asset in detecting and
responding to cyber threats attacks and breaches your employers must know where you stand on
cyber security before an attack even occurs employees have to be aware of cyber security as they
have learned new behaviors in their day-to-day work the impact of that awareness and training of
your employees is a reduction of your risk and should a
breach occur those same people will be the ones to get you back online because of your time
spent in tabletop exercises and developing your rr plan means your team is well rehearsed in the
time of crisis everyone knows their roles and responsibilities and can be your best chance at not
only surviving the attack but getting back to normal operations be clear about your cyber security
expectations of your partners suppliers and third party vendors even at the risk of jeopardizing
relationships you must insist on high prioritization alignment of cyber security posture there is a
balance you need to manage between providing access to your network and simultaneously
protecting the data and central to these strategies is your relationship with your cyber security
slash teams work with your cyber security it teams to insist your network and data are protected
using best in industry security controls this means you and your cyber security slash it teams must
align on your decisions related to budget compliance
expectations and priorities

Your employees can inadvertently or intentionally put your network at risk. But, your employees
can also be your greatest asset in detecting and responding to cyber threats, attacks, and
breaches.
As a leader, requiring and enforcing organizational top-down cyber-security awareness
training sends a strong message. It’s tough love, but it also shows you care.

• Your employees must know where you stand on cybersecurity. Before an attack even
occurs, employees have to be aware of Cybersecurity as they learn new behaviors in
their day-to-day work. The impact is the reduction of your risk, and ….should a breach
occur, those same people with be the ones who get you back online.
• Your time spent in tabletop exercises and developing your IR plan means your team is
well rehearsed in times of crisis. Everyone knows their role and responsibilities and can
be your best chance at not only surviving the attack but getting back to normal
operations.
• Be clear about your security expectation of your partners, suppliers, and 3rd party
vendors. Even at the risk of jeopardizing relationships, you must insist on the high
prioritized alignment of cybersecurity posture. There is a balance that you need to
manage between providing access to your network and simultaneously protecting the
data.
• Nurture your relationship with your Cybersecurity/IT teams. Work with your
Cybersecurity/IT teams to insist your networks and data are protected using best-in-
 industry security controls. This means you and the Cybersecurity/IT teams must be
aligned on your decisions related to budget, compliance, expectations, and priorities.

QUESTION 1 OF 2

What is true about the people in an organization?

• Statistically speaking, most likely it will be a person who is responsible for an attack, but it will also
be a person who helps stop the attack and recover your business.
• With technology, it is unlikely a person will be responsible for an attack.

Building your teams

In your own organization, what are the main teams that are involved in your Cybersecurity
discussions?
Case Study Analysis
https://www.youtube.com/watch?v=zUrWHugVJWo
let's look at a situation that happened to a major retailer several years ago a department store
experienced a data breach that affected over 100 million customers interestingly
that breach occurred not because of one of their own systems but was due to poor security
posture by a third-party vendor that was servicing their hvac because the hvac controller was on
their network it was just like any other device which is why it is equally as vulnerable this is how
the bad actress was able to access credit card data of 100 million customers in addition to
suffering public embarrassment they also lost confidence of their customers which resulted in
millions of dollars of lost sales
on top of those lost sales they also had to pay a hefty government fine of 18 million dollars
however you can also learn from this incident the retailer needed to enhance
security monitoring and logging of network activity they also needed to provide more secure
access to their network by third-party vendors too much focus was spent on ease of access and
not enough on security

Data breach of a major retailer

Several years ago, a department store experienced a data breach that affected over 100
million customers. Interestingly, the breach occurred not because of their own systems but
was **due to poor security procedures by a 3rd party vendor** that was servicing their HVAC
( Heating Air Conditioning and Ventilation systems). Because the HVAC controller was on their
network, it was just like any other device, which is why it is equally as vulnerable. This is how the
bad actors were able to access the credit card data of 100 million customers.

Results of Breach
In addition to suffering public embarrassment, the retailer also lost the confidence of their
customers, which resulted in millions of dollars of lost sales. Additionally, they also had to pay
a gov’t fine of $18M dollars

Key Takeaways
• They needed to enhance the monitoring and logging of network activity.
• They needed to provide more secure access to their network by 3rd party vendors. Too
much focus was spent on ease of access, and not enough on security.

Cyber breaches outside Your company

It’s not just your own breaches that should get your attention. Any breach, within your
industry, or among your competitors, is an opportunity to be vigilant and learn from their
successes and mistakes. Having knowledge of how other organizations' data breaches
occurred and how they responded will highlight areas you need to be aware of within your
own organizations. Ask yourself….is there something in common between your network and
theirs, that might be similarly vulnerable? If their cybersecurity network was breached
because it could mean it is coming your way.

It important to distinguish between real and perceived threats!

Lesson Review
https://www.youtube.com/watch?v=z9gCIgiVmlc
in this lesson we looked at detection and responses within your own organization but when it
comes to cyber security breaches outside of your company meaning happening to others as a
business leader you must stop listen watch and learn why it's not just your own breaches that
should get your attention any breach within your industry among your competitors is an
opportunity to be vigilant and learn from their successes and mistakes having knowledge of how
other organizations data breaches occurred and how they responded will highlight areas you need
to be aware of within your own organizations ask yourself is there something in common between
your network and theirs that might be similarly vulnerable in the same vein your organization
should not only observe your competitors from a business perspective but you should also be
concerned if their cyber security network was breached because it could mean it is
coming your way this is why it is important to distinguish between real and perceived threats let's
review what we've learned in this lesson we looked at strategies for being able to detect attacks
but also how to be in compliance and use standards to harden your infrastructure before an attack
occurs we also looked at the value of your incident response plan which will help guide your teams
in the event of a breach

We looked at strategies for being able to detect attacks, but also how to be in Compliance and use
standards to harden your infrastructure before an attack occurs. We also looked at the value of
your Incident Response plan, which will help guide your teams in the event of a breach.

The Following Topics Were Covered in the Lesson

• Introduction to Detection and Response
• Compliance & Standards
• Legal and Disclosure Issues with Breaches
• Incident Response Plan
• Working Together
• Case Study Analysis
The Value of Culture
https://www.youtube.com/watch?v=4msEEvreNe0
It does not matter how good your policies, systems and, processes are, if your employees do not
buy into your organizational culture of cybersecurity, these programs are likely to fail. Remember,
your employees will be your biggest asset in growing a culture which embraces cybersecurity. A
cybersecurity culture reflects the attitudes, knowledge, assumptions, norms, and values of the
entire organization. This will be the foundation of a successful cybersecurity progra

Your employees will be your biggest asset in growing a culture which embraces cybersecurity!
Lesson Overview
https://www.youtube.com/watch?v=iGWjLneFX4k
Leaders, why do you need to nurture your cybersecurity culture? Answer, because like any winning
team, members need to be motivated and objectives to be met to achieve goals. In this case, a
cybersecurity awareness culture. Empowering your people with knowledge and skills in
cybersecurity is perhaps the most important step you can take towards building your cybersecurity
culture. One of the biggest challenges you will face in trying to build your cybersecurity culture is
getting the buy-in of your people, in your organization. That's because buy-in comes from people
believing in what they are doing. Finally, we will look at a real-world example so you can empower
a culture that embraces cybersecurity. Let's get started.

Lesson Outline
This lesson gets you started thinking about the people in your organization who are the central element of
your culture. The culture you build around cybersecurity can make or break your efforts. Here are the topics
for the lesson:

Nurturing a Cybersecurity Culture

Like any winning team…members need to be motivated and objectives to be met to achieve goals…in this
case a cybersecurity awareness culture!

Training
Empowering your people with knowledge and skills in cybersecurity is perhaps the most important step you
can take toward building your cybersecurity culture.

Buy-in and Participation

One of the biggest challenges you will face in trying to build your cybersecurity culture is getting the buy-in
of the people in your organization. That’s because buy-in comes from people believing in what they are
doing.

Case Study Analysis

We will look at a real-world example so you can the power of a culture that embraces cybersecurity.
Nurturing a Cybersecurity Culture
https://www.youtube.com/watch?v=KloCsl0LEwA
You can invest as much as you want in technology such as network detection, and prevention
software. However, not having a culture that embraces cybersecurity awareness will make these
defenses less effective. What is most challenging for organizations is having the top-down buy-in
for cybersecurity awareness and training that underscores the need for everyone to unite around
cyber security initiatives. It is a combination of top-down and bottom-up leadership involving the
entire organization. Moreover, from the top, it takes money, time, commitment, and persistence.
However, for employees, it requires that they change their thinking and their behaviors, which will
enforce an organization-wide culture of cybersecurity. Let's take a look at what a great
cybersecurity culture looks like. Strong executive buy-in from you on cybersecurity awareness will
be a model for the rest of the company. Your management team is actively part of cybersecurity
efforts and support this through business and budgetary decisions. From all team leaders. There's
thoughtful and consistent communication about cybersecurity topics, current events, and the need
for each person in the organization to remain vigilant. Clearly defined roles and responsibilities for
individuals directly involved in cyber security initiatives. These roles are reinforced, rehearse, doing
tabletop exercises, and described in your R-R plant. Your CIO, CSIEO, CFO, and HR all have roles to
play. But additionally, their employees on those teams need to know if the roles of others on their
own team, as well as their own roles. As a business leader, you need to have open and productive
conversations about cybersecurity and sure both positive and negative experiences with the entire
company. Show respect for your employees by listening closely and responding honestly and
thoroughly to their questions and concerns. Invest in consistent, relevant, engaging, and regular
cybersecurity awareness training. This empowers people by giving them the understanding and
tools to have great cybersecurity hygiene. Below the video are several links to organizations that
are well-known for their strong cybersecurity culture. One of your most proactive defenses against
attacks and breaches is to have an organization that embraces a culture of cybersecurity
awareness and training. Bringing awareness to cybersecurity empowers employees to make better
decisions in their day to-day routine, directly reducing the overall risk from threats. It also
encourages collaboration between employees. Essay discuss entry on cybersecurity topics. So
should there be an attack or breach people know how to respond. Because of your leadership
supports this training, it's a major step in building culture. It shows you care about data, privacy
and people. This will help to instill confidence in your people, help retain current employees and
help attract new employees who value and will enforce his culture.

You can invest as much as you want in technology, but not having a culture that embraces
cybersecurity awareness will make these defenses less effective.
Attributes of great cybersecurity programs

Strong executive buy-in from you on cybersecurity awareness will be a model for the rest of the company.
Your management team is actively part of Cybersecurity efforts and supports this through business and
budgetary decisions. From all team leaders, there is thoughtful and consistent communication about
cybersecurity topics, current events, and the need for each person in the organization to remain vigilant.
Clearly defined roles and responsibilities for individuals directly involved in cybersecurity initiatives.
These roles are reinforced, rehearsed during tabletop exercises, and described in your IR plan.
• CIO(Chief Information Officer) - Manage all information systems
• CISO (Chief Information Security Officer) - Provides guidance on the cybersecurity program from
a strategic perspective
• CFO (Chief Financial Officer)- Account for allocated and track spending on cybersecurity
initiatives
• HR (Human Resources)- Schedule and track training
Open and productive conversations about Cybersecurity and share both positive and negative experiences
with the entire company.
Show respect for your employees by listening closely and responding honestly and thoroughly to their
questions and concerns.
Invest in consistent, relevant, engaging, and regular Cybersecurity awareness training. This empowers
people by giving them the understanding and tools to have great cybersecurity hygiene.
QUESTION 1 OF 2

There are many elements of a great cyberculture. Which of the following are top priority?
• Strong executive buy-in from you on cybersecurity awareness
• Investing in consistent, relevant, engaging, and regular Cybersecurity awareness training
• Identifying people to blame for past incidents
Why Cybersecurity awareness and training is a crucial element of cybersecurity
culture
• Brings awareness to Cybersecurity empowers employees to make better decisions in their day-to-
day routines and directly reduces the overall risk from threats.
• Encourages collaboration between employees as they discuss and train on cyber topics, so should
there be an attack or breach, people know how to respond
• Shows that support and care about data, privacy, and people. This will help to instill confidence in
your people, help retain current employees, and help attract new employees who value and will
reinforce this culture.

Building your cybersecurity culture.

Take a moment to reflect on your own Cybersecurity culture. What elements did you learn about in this
lesson that you can bring into your organization?
SUBMIT

Cybersecurity culture resources

A study of over 250 companies helps identify successful implementations of a cybersecurity culture.
The European Union Agency for Network and Information Security (ENISA) worked with
SecurityScorecard to create an excellent document, Cyber Security Culture in Organisations, which walks
through successful trends in cybersecurity culture in businesses worldwide.
Here is a tool to help you evaluate all aspects of your cybersecurity culture.
Training and Awareness
https://www.youtube.com/watch?v=ME3dWobiFLY
I encourage you to think about cybersecurity training differently than other training. Moreover,
you've heard me state that it is a huge element of building a cybersecurity culture. Because it gives
people the understanding and knowledge that empowers them to make good decisions in their
jobs but you need to think about training as a long-term investment, not a one and done activity. It
needs to be a part of your continuous planning and budget input on a yearly basis. Also, it includes
employees at every level of your organization because threats are constantly changing and your
training will need
to align with the changing threat landscape. For leaders you may wonder, how do I allocate money
and what training is needed to keep my organization safe. The size of your company will determine
the amount of cybersecurity training funding needed to remain cybersecurity vigilant. For instance,
some large organizations spend between $15-$20 million per year on training. While smaller
organizations can only afford a few thousand dollars per year, your training will accomplish two
things: help people become aware of what cybersecurity is, what threats are out there, and how
they can attack and help them understand what changes in their actions at work can support a
cyber SOC here, work environment. Saying that you are promoting a cybersecurity culture is
important but if employees don't know how to be cybersecurity aware, this training will be integral.
You need to visibly support and be personally involved so your employees know that cyber security
is important. If you are requiring every employee to attend training sessions, you and your
leadership team need to be there also. That is part of building trust in your cybersecurity culture. If
it is important for them, it is important for you. Training needs to be regular, required and monitor.
Your HR and cybersecurity departments will work together to provide constant training on a
regular basis. In the same vein, add impromptu learning sessions to keep up with current events
happening around the world. Your HR department needs to have a no exception policy when it
comes to attendance up training. It's called being proactive because you're asking people to think
and act differently. These skills are also what empowers them to be cyber aware in thought and
practice. Training needs to be offered in a variety of ways, including online, in-person, on-site, off-
site and hybrid. Additionally, in a variety of formats, including readings, discussions, videos,
scenario simulations, and hands-on exercises. Most importantly, it should be engaging. Coordinate
with your IT cybersecurity teams to research known training programs, to select one that best fits
the needs of your organization and employees. Be prepared to support those employees
interested in seeking certifications, tailored training to fit the needs of each department. What IT
needs is different than what HR needs, which is different than what marketing needs and most
likely will include such awareness and practice topics as understanding of what threats are, how
attacks happen, actions and behaviors that reduce risk and immediate response roles,
responsibilities and actions require in case of a breach. This is where tabletop exercises and
incident response plans come into play. Think of this training as pay now or pay the price later
case and point. The total cost of a home improvement breach was calculated at a 180 million,
including 19.5 million to customers affected by their breach, and a 134 million to affect it credit
card companies. Interestingly, the massive breach was in part due to poor cybersecurity hygiene
and lack of basic cyber security awareness training. Moreover, had the home improvement center
allocated funding for training and may team members aware of
third-party vulnerabilities along with advanced cyber intrusion detection and prevention initiatives,
this could have been avoided as a leader, you need to ask yourself, do I invest now or pay later?
What's the takeaway? Just do it. Whatever you can afford, start with anything and grow it as you
can.

You need to think about training as a long term investment. It needs to be a regular part of your continuous
planning and budget input on a yearly basis.

Why does training contribute to Cybersecurity culture?

Your training will accomplish two things :

1. Help people become aware of what Cybersecurity is, what threats are out there, and how they can
attack.
2. Help people understand what changes in their actions and behaviors at work can support a cyber-
secure work environment.
QUESTION 1 OF 2

Training is vital for your culture and also to give your people the tools they need to make good
decisions. Which of the following are benefits of intentional cyber-training?

• People want to be able to act appropriately with regard to cybersecurity. Training helps people know
what changes in their actions and behaviors at work can support a cyber-secure work environment.
• People are naturally resistant to change, so attempts at training will most likely fail.
• People want to be able to recognize suspicious activity and behavior. Training is what gives them the
knowledge they need.
• That the company is offering the training shows that it is a priority. This helps with buy-in as well.

What is needed for a successful training and awareness program?

• You need to visibly support and be personally involved so your employees know that
Cybersecurity is important!
• Training needs to be regular, required, and monitored.
• Be prepared to offer impromptu learning sessions to keep up with current events
• Training needs to be offered online, in-person, onsite, offsite, and in hybrid formats.
• It must be engaging
• Include a variety of formats including readings, discussions, videos, scenario
simulations, and hands-on exercises.
• Tailor training to fit the needs of each department. Each department should
approach training differently. You need to support this customization.
• Awareness and practice topics
• Understanding what threats are and how attacks happen
• Common Threat methods, called Attack Vectors
• Actions and behaviors that reduce risk
• Immediate response actions are required in case of a breach.
Creating great training and awareness for Cybersecurity.
What is the status of your current training and offerings related to Cybersecurity? What have you learned in
this lesson that you can use to enhance your own program?
SUBMIT

Certification resources
• Security + CE
• the basic cyber security certification and continuous Education (CE)
• Network +
• basic networking certification
• Certified Ethical Hacker (CEH)
• Certified Ethical Hacker CEH v11 will teach you the latest commercial-grade hacking tools,
techniques, and methodologies used by hackers and information security professionals to
lawfully hack an organization.
• Certified Information Security Professional (CISSP)
• The most advanced technical cybersecurity certification
• Certified Information Security Manager (CISM)
• The most advanced managerial certification for cybersecurity
• Certified Data Privacy Solutions Engineer (CDPSE)
• CDPSE is focused on validating the technical skills and knowledge it takes to assess, build
and implement a comprehensive privacy solutions
Buy-in and Participation
https://www.youtube.com/watch?v=5mP1tFeGoYM
Your training and awareness program will help people understand the logistics of cybersecurity.
But you cannot really train people to genuinely care. Buy-in is more about people really believing in
what they are doing. Giving people a variety of reasons and experiences to value cybersecurity is
how you can best support organizational wide buy-in. The most common reason for lack of
cybersecurity buy-in, is due to poor communications and lack of enthusiasm to embrace a
cybersecurity culture from leadership. Employees will lose focus and purpose, if leadership is not
invested or if it is not clear where cybersecurity is on the priority list. Obtaining genuine buy-in of
your employees at all levels, is the ultimate goal of your efforts related to cybersecurity culture. I
mentioned the importance of your clear commitment to organizational wide awareness and
training. But in addition to that, there are some things you can do,
to demonstrate your full support of cybersecurity. Establish a cybersecurity risk governance
committee, that provides periodic updates on the status of emerging threats and also keeps
employees current on any initiatives with the organization.
This committee is made up of a variety of team leadership, but also employees at different levels.
Not only does this help build better awareness, but gives additional opportunities to employees
interested in playing a bigger role. Most companies rely on third party vendors, suppliers, and
partners. Your employees need to see you set expectations and needs for those third parties to
buy-in to your cybersecurity strategy.
In your partnership agreements include specific cybersecurity requirements they must adhere to.
You must decide if you are willing to break off relationships if they do not embrace your priority.
Not everyone will understand or appreciate to technical awareness and training. It is also
important to talk about cybersecurity from the business point of view and how it impacts the
customer; include business metrics, which are quantifiable, can be presented visually and provide
objective cybersecurity benefits that coincide with organizational benefits. These are just some of
the things you do that shows your employees that you support them in every possible way. You
can't really teach buy-in, employees choose to buy-in based on what they have seen, heard, and
experience. Has training been engaging and interactive? Are their incentives for completing levels
of training? Are there opportunities to recognize people going above and beyond in their daily
practices? Are employees seeing leadership support,
cybersecurity in every possible way.

Your training and awareness program will help people understand the logistics of cyber security, but
you cannot really train people to genuinely care. Buy-in is more about people really believing in what
they are doing.
Top reasons for poor Cybersecurity buy-in
The most common reason for the lack of Cybersecurity buy-in is due to poor
communications and a lack of enthusiasm to embrace a Cybersecurity culture from
leadership.

Which of the following statements is true about cybersecurity culture?

• The most common reason for the lack of Cybersecurity buy-in is poor communications and
a lack of enthusiasm to embrace a Cybersecurity culture from leadership.
• The most common reason for the lack of Cybersecurity buy-in is the constant barrage of
news stories about attacks worldwide.
• The most common reason for the lack of Cybersecurity buy-in is inadequate resources.
Steps you can take to help build a Cybersecurity culture
• Provide Training and Awareness
• This will be your most important step
• Establish a Cybersecurity risk governance committee that provides periodic updates
on the status of emerging threats and also keeps employees current on any initiatives
within the organization.
• Helps build better awareness
• Provides additional opportunities for employees
• Introduce topics related to Cybersecurity from the business point of view and how it
impacts the customer. Use visuals and business metrics to provide objective
cybersecurity benefits that coincide with the organizational benefits.
• Most companies rely on 3rd party vendors, suppliers, and partners. Your employees
need to see you set expectations and needs for those 3rd parties to buy -n to your
Cybersecurity strategy. Be willing to break off relationships if they do not embrace
your priority.
You can’t really teach buy-in, employees choose to buy-in based on what they have seen, heard,
and experienced.

Increasing buy-in
Think honestly about your current Cybersecurity culture. What steps could you take
immediately to start to improve the buy-in across your organization?
Culture Case Study
https://www.youtube.com/watch?v=sf1E7zoClXI
As a former Naval officer assigned to an aircraft carrier with more than 5,000 women and men
assigned for six months at sea cultivating a culture of cybersecurity was extremely challenging.
Yet in order to successfully execute highly classified missions, every aspect on board had to
protect critical data through cybersecurity awareness. As the leader, the commanding officer
required the chief information officer to co-ordinate with all departments to develop and promote a
cybersecurity training awareness program that encompass the entire ship's crew. Human
resources accounted for the completion of all cybersecurity training completed by the entire crew.
What resonated the most with senior leadership team and the entire crew was that, we all
understood what cybersecurity was, why it was important, and made it a part of our everyday life
onboard. There was no doubt that the entire crew had a mindset that embraced a culture that took
cybersecurity very seriously. Creating a robust and effective cybersecurity culture starts at the top
with you and traverses throughout the entire organization.

Cybersecurity while at sea

As a former Navy officer assigned to an Aircraft Carrier with more than 5000+ women and
men assigned for 6 months at sea, cultivating a culture of cybersecurity was extremely
challenging. Yet in order to successfully execute highly classified missions, every aspect of
life on board had to protect critical data through cybersecurity awareness.
Each department developed and promoted a cybersecurity training awareness program for
its own teams, which ultimately encompassed the entire ship’s crew. Human Resources (HR)
accounted for the completion of all cybersecurity training completed by the entire crew.

What resonated the most with senior leadership team and the entire crew, was that we all
understood what cybersecurity was, why it was important, and made it a part of our everyday life
onboard.. There was no doubt that the entire crew had a mindset that embraced a culture that
took cybersecurity very seriously.
Lesson Review
https://www.youtube.com/watch?v=T1ZKKdLc7Zw
Let's review what we've learned in this lesson. The strength of your cybersecurity program would
be based on the strength of the culture you have created around cybersecurity. Empowering
people with knowledge and skills to be cyber aware is the first step towards generating a genuine
buy-in from people in your organization.

The strength of your cybersecurity program will be based on the strength of the culture you
have created around cybersecurity. Empowering people with knowledge and skills to be cyber-
aware is a first step towards generating genuine buy-in from the people in your organization.

The Following Topics Were Covered in the Lesson

• Nurturing a Cybersecurity Culture
• Training
• Buy-in and Participation
• Case Study Analysis
Lesson Overview
https://www.youtube.com/watch?v=xkASWqk_XlA
Leaders why is investing in cyber security an integral part of securing your data
Answer it's less expensive for organization to be proactive versus reactive when addressing cyber
security budgeting and investing in other words pay now to prevent being breached or pay more
later to repair your organization after the breach leaders
your budget and ri for security will determine how much you are willing to invest on cyber security
initiatives we will look at risk scores and even walk through the financial side of a mock data
breach talent and hiring are integral parts of your cyber security culture and you must recruit and
keep the best talent for your organization however understand that other organizations are doing
the exact same thing so competition is fierce the risk that steam from cyber security in each of
your business units helps you
understand risk at the enterprise level okay let's get started

Lesson Outline
This lesson goes through the financial investments you need to consider as you build your cybersecurity
program. Here are the topics of the lesson.

Budget and Investment

It’s less expensive for an organization to be PROACTIVE vs REACTIVE when addressing cybersecurity
budgeting and investing. In other words, pay now to prevent being breached or pay more later to repair your
organization after the breach!

Budget and ROI

Your budget and ROI for cybersecurity will determine how much you are willing to invest in cybersecurity
initiatives. We will look at risk scores and even walk through the financial side of a mock data breach.

Talent & Hiring

Talent and hiring are integral parts of your cybersecurity culture and you must recruit and keep the best
talent for your organization. However, understand that other organizations are doing the exact same thing, so
competition is fierce.

Enterprise Risk Management

The risks that stem from Cybersecurity in each of your business units help you understand risk at the
enterprise level
Budget and Investment
https://www.youtube.com/watch?v=MLdWMX7cGWA
to support and promote a culture of cyber security you will have to make financial investments
resources are finite so you will have to decide which investment gives you the biggest bang for
your buck it alarms me that even the recent breaches we talked about with two large organizations
and they still fail to fully grasp the catastrophic damages their organization's experience from a
cyber breach if they do not start investing in prevention now your budget should be a combination
of items involved in preparations for threats detections and response to attacks this provides
multiple layers of defense to increase your cyber security posture one of the key investments is a
network detection and response system there are several levels and types of this protection you
can purchase which can range from several thousands to several hundred thousands of dollars
and will need to be approved and allocated in the i.t cyber security budget additionally it is
becoming more and more important to include artificial
intelligence technology to which gives the additional capability of recognizing patterns behaviors
and actions that are not normal within your network off-site storage is a great way to back up your
valuable data this provides assurances to you and your customers there are several factors that
determine the rates for off-site storage including type of storage and amount of data stored invest
in your people with training and certifications
there will be lots of flexibility with training because there are so many types you can choose from
either on site in person online or off site also leave the door open to those employees who have
shown an interest in obtaining cyber security certifications employees may view this opportunity
as a reward which in turn will help your organization there are two major professional service you
will want to explore one is called penetration testing or pin testing this is when certified
professionals do
annual network penetration testing on your network by using the same techniques that hackers
use it is an excellent tool for uncovering hidden vulnerabilities or weaknesses
this can cost several thousands of dollars but it can be incredibly important the other service you
want to explore in case of a breach you may need a forensic cyber security expert to help
determine exactly what happened how it happened and help to recommend changes to protect
your network from similar attacks and finally insurance
only 35 of companies invest in cyber security insurance to protect against the inevitable
there are several factors that determine the rates for insurance so be clear on what your network
needs are work with your i.t cyber security and other business units and align with best practices
in your industry to decide the appropriate levels of liability and protection these are your main
cyber security related budget items to think about on a
yearly basis

To support and promote a culture of cybersecurity, you will have to make financial investments.. Resources
are finite, so you will have to decide which investments give you the biggest bang for your buck.

Common budget items for Cybersecurity

Your budget should be a combination of items involved in preparation for threats,
and detection of and response to attacks. This provides multiple layers of defenses to increase
your Cybersecurity posture
 • A Network Detection and Response system is a combination of hardware and software
that exist on your network to detect and respond to attacks. There are several levels and
types of this protection you can purchase; which can range from several thousand to
several hundreds of thousand dollars and will need to be approved and allocated in the
IT/Cybersecurity budget. Depending on the level of security you need, a NDR system can
run from a few thousand to hundreds of thousands of dollars.
• Offsite storage is a great way to backup your valuable data. This provides assurance to
both you and your customers. There are several factors that determine the rates for offsite
storage, including the type of storage and the amount of data being stored. Storage is
cheap, so the cost-benefit of having backups offsite is worth the small investment. This can
be as small as tens or hundreds of dollars per month for a small business.
• Invest in your people with training & certifications. There will be lots of flexibility with
training because there are so many types you can choose from…either onsite, in-person,
online, or offsite. Also, leave the door open to those employees who have shown an
interest in getting certified. That employee may view this opportunity as a reward, which
will in turn help your organization. Training is one of the most valuable investments you
can make, and the quality of the training you provide is definitely affected by price.
Depending on decisions such as whether you are customizing the training content or are
you bringing someone onsite, these costs can be in the thousands or tens of thousands
and it is an ongoing expense.
• Professional services
• Penetration testing (Pentesting). This is when certified professionals do annual
network penetration testing on your network by using the same techniques that
hackers use.
• Forensic Cybersecurity experts for post-breach analysis to help determine exactly
what happened, how it happened, and to help to recommend changes to protect
your network from similar attacks.
• Pen testing will have to be done by highly qualified professionals, which means this
is going to be from several thousand to tens of thousands of dollars. Often times, it
depends on how long they will be on site and how thorough you want to test.
• While only about 1/3 of companies have Insurance for cyber-protection, it becomes
more common as the stakes get higher, and threats increase. Work with your IT,
Cybersecurity, and other business units, and check for best practices in your industry, to
decide the appropriate levels of liability and protection

QUESTION 1 OF 3

Which of the following are useful items in the budget for cybersecurity?
• Penetration testing
• Training
• Laptops for IT staff
 • Network Detection Response system
• Insurance
• Offsite data/backup storage

QUESTION 2 OF 3

Ok, now you have identified the major budget items related to cybersecurity. Can
you also match how each is handled?
Submit to check your answer choices!
BUDGET ITEM
DETAILS
Insurance
Renogotiated yearly, but is ongoing

NDR system
One time purchase but may also involve a monthly subscription for software updates

Offsite storage
Ongoing as long as you are in business. Changing companies is a major effort, so try to find a plan
and company and stick with them. Also, some companies charge by volume, some charge only
when it is accessed.

Penetration testing
One-time cost, but recommended to occur annually

Training
Can be a subscription to the online portal, or can be a private training company that has existing
training or customizes specific to your needs.
https://www.youtube.com/watch?v=q-9-dPKh10M
there are a wide variety of benefits resulting from your budgetary investing first and foremost your
leadership teams and employees see that you support cybersecurely fully
this goes a long way with buy-in and culture cyber security is a multi-layered approach to
protecting your business including training in dr security controls and improved
processes ease of mind in case of a cyber security breach where the data is corrupted
stolen or deleted having an investment in backups or offsite storage could save your
organization from a devastating financial loss and business disruption this gives your customers
and employees confidence that even after a breach business can continue
confidence from your suppliers vendors and customers that you are using best practices to be
prepared for the possibility of a breach this also ties in with reputation
as a responsible business it is important to know how an organization's cyber security
posture would be affected if investments are not made in cyber security and what
level of impact would this have as an example would it be worth the investment
to purchase a new intrusion network detection or response device for 150k that will detect and
prevent breaches by 90 percent or decide not to make the purchase and if your organization is
breached you potentially face massive financial loss in revenue and restitution this is why it is
critical to conduct a cost benefit analysis prior to deciding on any large investments especially in
cyber security keep in mind the impact is not just in money in one survey 41 percent of business
leaders say they are most concerned about brand or reputational damage from a cyber security
breach

Benefits of investments

• Your leadership teams and employees see that you support cybersecurity fully, this
goes a long way with buy-in and culture.
• Cybersecurity is a multi-layer approach to protecting your business including training,
NDR, security controls, and improved processes.
• Ease of mind In case of a cybersecurity breach where the data is corrupted, stolen, or
deleted, having an investment in backups or offsite data storage could save your
organization from a devastating financial loss and business disruption. This gives your
customers and employees confidence that even after a breach, a business can
continue.
• Confidence from your suppliers, vendors, and customers That you are using best
practices to be prepared for the possibility of a breach. This also ties in with a
reputation as a responsible business
41% of business leaders said they are most concerned about brand or reputational damage from a
cybersecurity breach.

Thinking about short term and long term investing

Based on your conversations with your senior leaders, what are some short-term and long-
term cybersecurity investments you need to make?
Budget and ROI
https://www.youtube.com/watch?v=u077J1DDEQQ
consider this 4.2 million dollars was the average cost of a cyber security breach in 2021. this can
include loss of revenue restitution fines and legal fees which can continue for years after a breach
however an average organization spends between 6
and 14 percent of their i.t budget on cyber security it is surprising that given how costly
these attacks can be many organizations still do not allocate proper funding towards cyber
security let's talk budget your budget should be based on risk reduction within your organization
what can you invest in now that has the best chance of reducing
your overall risk in the future your cio and ciso can provide metrics and evidence to support and
justify their recommended cyber security investments based on your own priorities you will decide
how to balance budget and risk so how do you know if your investments are actually worth the
investment it comes down to whether or not the
amount you actually invest across all cyber security measures is less than the cost of experiencing
a breach there is no one definite answer but you can estimate this by using a simple roi or return
on investment calculation compare your actual investment
for addressing a specific type of attack with the average cost of recovering from
the same type of cyber attack or breach the unknown factor in that calculation is risk factors how
likely is it that any specific cyber security threat actually becomes a reality and how big of an
impact would that have on your organization and this is where you use a risk analysis tool there is
a technique used by many businesses which helps you approximate risk score of a threat this is an
excellent high level tool for leaders
here is how it works for each type of threat your team will decide how much
of an impact it would have on your organization along with the probability of the threat
actually occurring how likely is it to happen and if it did occur would it halt operations or just be
inconvenient we calculate risk score by multiplying impact times probability
so at the intersection of probability and impact tells you how serious you should take this threat
risk the colors help you know how to interpret the risk score on a scale from
control meaning you probably don't have to worry about it at this time all the way up to critical
which means your systems network and data are not accessible below this video i have included
expanded information on these color codes now as a leader how you interpret this threat and risk
score depends on your tolerance for risk but at least it can help you prioritize when you need to
focus your attention and your dollars moreover you and your leadership teams will discuss how to
best fund in order to
address the threat

Your budget should be based on risk reduction within your organization. What can you invest in now that
has the best chance of reducing your overall risk in the future?
 Basic ROI for Cybersecurity Investment
QUESTION 1 OF 2
Your budget should be based on risk reduction
What does that phrase mean?
• Each item should have an immediate effect on risk.
• What can you invest in now that has the most chance of reducing risk in the future?
• It is risky to invest in items of which the impact is unknown.

Risk analysis for threats

Risk Score
RISK SCORE is calculated by multiplying threat Impact x **Probability
• How much of an impact would a specific threat have on your organization
• What is the probability of that threat actually occurring?

Strategic Severity Risk Matrix

Your Risk Score will give you an idea of where you need to focus your time and money. Each
organization defines the levels Critical, Severe, Disruptive, Serious, and Controlled differently, based
on their own risk appetite and tolerance.

Risk Score color severity

Use the following severity levels as a starting point for your own definitions, but note that each of
these is a range and will differ based on the size of your organization, industry, existing
cybersecurity posture, and risk tolerance. Also note: Risk Scores apply only to real threats, not
perceived threats.
• Controlled (1 - 2) — Not overly concerned at this time. Immediate action is not required
• Serious ( 3 - 6) — Actively monitoring just in case. It needs to be on your radar.
• Disruptive ( 8 - 9) — Need to explore more about this. Should move up in priority
• Severe (10 - 16) — Rapid research and action are required. Should be a top priority
• Critical ( 20 - 25) — This needs attention and action immediately. Should be the top priority

Risk Score calculation walkthrough

https://www.youtube.com/watch?v=KGmjtPShVho
let's walk through an example together that shows how you would use risk score to help you
decide how much to invest related to a specific threat imagine you are evaluating how concerned
you should be about a ransomware attack first choose level of impact on your organization if you
decide it was serious threat level would be a three for that
same threat how likely is it to occur at your company this year then choose level of probability if
you felt it was fairly certain to happen then this would be a four to get your risk score we multiply
impact times probability in our case three times four which is twelve notice the orange color the
color indicates the level of severity of severe now how you interpret this threat and risk score
depends on your tolerance for risk but at least it can help you prioritize when you need to focus
your attention and your dollars you and your team will discuss best how to spend dollars to
address the threat it can be hard preparing a concrete budget when there are so many unknowns
with cybersecurity
threats and impacts of a breach i want to lead you through a scenario to help you think about this
in terms of finances consider a sample scenario provided by nist this scenario involves a post
breach response from a financial perspective despite the investment in awareness training ndr
software and penetration testing imagine a large enterprise experiences a breach of highly critical
and sensitive customer data through a vulnerability in a public facing website now let's consider
the potential financial implications of such a breach let's say the initial impact of the breach was
not disruptive and the company did not immediately detect an issue but once it was discovered
there were several areas of impact the company had to consider right away
first that was the cost of a focused investigation into the breach next surprise restitution for
customers whose data was compromised such as paying for credit monitoring services then there
was the expense of a third-party specialist to provide
forensic expertise and ensure adequate mitigation of this cybersecurity incident finally
the cost of immediate capital investment to address cyber security issues that contributed to the
breach in any breach long-term or secondary effects may be equally impactful this can include
loss of market share due to eroded trust in the company's
reputation revenue losses from organizations that choose not to renew contracts fines and
penalties from regulators use scenarios like this to help you in your own budgetary considerations

Sample breach scenario from a financial perspective

Imagine a large enterprise experiencing a breach of highly critical and sensitive customer data
through a vulnerability in the public-facing website.

Short-term financial impacts

Once the breach is discovered, there are several areas of impact the company had to consider right
away.
• First is the cost of a focused investigation into the breach.
• Next is the price of restitution for customers whose data was compromised such as
paying for credit monitoring services.
• Then there was the expense of an expert third-party specialists to provide forensic
expertise and to ensure adequate mitigation of the Cybersecurity incident
• Finally, the cost of immediate capital investment to address cybersecurity
issues that contributed to the breach

Long-term financial impacts

• Loss of market share due to eroded trust in the company’s reputation
• Revenue losses from customers, partners that choose not to renew contracts
• Fines and penalties from regulators

More information about this scenario

Ransomware
https://www.youtube.com/watch?v=4tvarQhmZuw
no discussion about financing and cyber security would be complete without addressing
ransomware which is a type of malware that prevents users from assessing their network or data
until a ransom is paid payment is usually made in cryptocurrency
this is very real dangerous and a costly breach when it occurs so if it does happen to you do you
pay or do you take your chances with your valuable data in one survey of businesses hit by
ransomware 50 paid to ransom yet only about 15 percent actually got
their data back as expected the cost of ransomware is far more than just ransom money itself you
also have to consider your company's reputation perception of security as well as your data every
organization is different when it comes to paying or not paying the ransom there is no blueprint or
cba for businesses according to law enforcement they recommend do not pay however ultimately
it is up to the organization
to depend on business leaders and border directors to direct them key takeaways again
awareness and training can help but also penetration testing and most importantly
data recovery testing if you lose your data can you restore

Ransomware is a type of malware that prevents users from accessing their network or data
until a ransom is paid. Basically, the network and data are locked.

The attackers usually demand a ransom to be paid in cryptocurrency

Pay or not pay?

In one survey of businesses hit by ransomware, 50% paid the ransom. Yet only about 15%
actually got their data back as expected. Every organization is different when it comes to
paying or not paying the ransom. Law enforcement recommends NOT PAYING;
however, ultimately it is up to the organization to depend on the business leaders and
Board of Directors to direct them.

More information on this The Long Road Ahead to Ransomware Preparedness survey

Think about the threats facing your organization.

Which threat are you most concerned about? What are some specific measures you should
implement based on the Risk Score for that threat?
Talent and Hiring
https://www.youtube.com/watch?v=6lZ52W8wciU
Interestingly along with the covid-19 pandemic came an increased in cyber security attacks and
breaches that plus A Renewed emphasis on data privacy there is a growing and expanding need
for cyber Security Professionals to help companies protect their data your challenge is recruiting
hiring and keeping cyber security Talent this perhaps
would be your most important investment let's take a look at the current landscape there are over
1 million individuals currently working in cyber security with more than 475000 new employment
opportunities advertised yearly the Bureau of Labor Statistics
anticipates an annual growth rate of 31 each year for cyber security the competition for qualified
cyber Security Professionals is fierce 69 percent of organizations reported there was drastically
understaffed but don't have the budget to add more employees
which is why upscaling is a viable option to securing their businesses 58 of organizations on the
school that they have the budget to hire but have not found qualified cyber Security Experts who
meet their needs 32 percent of organizations reported it took over six months or longer to feel
cyber security positions yes you can advertise on your website post job vacancies on leading jobs
search sites but the competition is so fierce that you may need to employ additional strategies
one of the most effective methods of identifying and recruiting cyber security Talent is to attend
cyber security conferences and hiring events these are conducted globally and offer both
networking and employment opportunities for cyber security personnel
for example NSA and Osaka and ISC Square all enjoy tens of thousands in attendance
visit colleges to recruit students major in cyber security or technology related fields
also visit lesser-known colleges and even community colleges they might have strong programs
and the competition for recruitment is less also consider reaching out to
underclassmen who are not yet in the job search mode you might think out of the box and out for
perks such as bonuses and scholarships don't limit your search to folks with industry certifications
and experience in cyber security this Narrows your audience remember you can train new hires
after you employ them lastly and even most importantly your best option might be right in front of
you invest in your people offer Advanced Training offer incentives to get certifications in cyber
security those efforts also help build your culture and people are attracted to strong cultures in
business
cyber security is interesting in that there are definitely practitioner skills that can be learned
through training Workshop college degrees and certification surprisingly
some cyber security jobs do not require Advanced skills in areas such as network
analysis hacking or software development so this actually is an opportunity for you by expanding
what skills you are looking for you can explore out of the box options on where to look and how to
find people for example cyber security involves a high degree of critical thinking and problem
solving what types of people have these skills are there any professions that especially utilize
these skills the point is you may have to identify people outside the norm target audience in your
search and provide them with formal
cyber security training after being hired also be willing to recruit for hybrid jobs what this means is
people with business management communication organization
and Leadership skills but also have a basic understanding of the main topics of cyber security
such as the topics presented in this course
Recently, there is an increase in cybersecurity attacks and breaches . That plus a renewed emphasis on
data privacy, there is a growing and expanding need for cybersecurity professionals to help companies
protect their data. Your challenge is recruiting, hiring, and keeping cybersecurity talent.

The Current Landscape of Cybersecurity Hiring

The Bureau of Labor Statistics anticipates an annual growth rate of 31% each year for cybersecurity.

• 475,00 new employment opportunities are advertised yearly

• 69% of organizations reported they were drastically understaffed but don’t have the budget to add
more employees, which is why upskilling is a viable option for securing their business.
• 58% of organizations underscored that they have the budget to hire, but have not found qualified
cybersecurity experts who meet their needs.
• 32% of organizations reported it took over 6 months or longer to fill cybersecurity positions

Strategies for Hiring

Of course, advertise on your website, and post job vacancies on leading job search sites, but the competition
is so fierce that you may need to employ additional strategies
• One of the most effective methods of identifying and recruiting cybersecurity talent is to
attend Cybersecurity conferences and hiring events. These are conducted globally and offer both
networking and employment opportunities for cybersecurity personnel. For example, RSA
Conference (Rivest, Shamir, and Adleman )and ISACA(previously Information Systems Audit
and Control Association®), and ISC2(International Information Systems Security Certification
Consortium) .
• Visit colleges to recruit students majoring in Cybersecurity or technology-related fields. Also, visit
lesser-known colleges and even community colleges. They might have strong programs and the
competition for recruitment is less. Also, consider reaching out to underclassmen who are not yet in
job search mode. You might think out of the box and offer perks such as bonuses and scholarships
• Don't limit your search to folks with industry certifications and experience in Cybersecurity, but this
also narrows your audience. remember you can also get new hires certified after you hire them.
• Your best option might be right in front of you. Invest in your people. Offer advanced training.
Offer incentives to get certifications in Cybersecurity. Those efforts also help build your culture, and
people are attracted to strong cultures in business.

Think out-of-the-box
Some cyber security jobs do not require advanced skills in areas such as network analysis, hacking, or
software development. By expanding what skills you are looking for, you can explore out-of-the-box options
on where to look for and how to find people
Cybersecurity involves a high degree of critical thinking and problem-solving. What types of people have
these skills? Are there any professions that especially utilize these skills?
Identify people outside the normal target audience in your search and provide them with formal
Cybersecurity training after being hired.

Knowing the current landscape for talent and hiring.

In the city where you are located, what is the current landscape for Cyber professionals? Are there any local
events to attract talent?

Finding talent
Can you identify all the colleges, community colleges, and universities within a couple of
hours' drive? Additionally, are there any local "boot camp" programs that focus on cyber
security?
Enterprise Risk Management
https://www.youtube.com/watch?v=nVWSjtoEWpo
the definition of enterprise risk management or ERM is the detailed and enterprise-wide approach
of mapping out and addressing all future risks to mitigate damage across the entire organization
as a leader you will need to provide strategic direction for your company for all aspects of cyber
security this includes your investment and priorities
both of which have a certain amount of risk associated with them so you will need a solid
understanding of risk in your organization both at the micro and macro levels this is where
enterprise risk management comes in in order to effectively do this you will need to know exactly
where the risks lie especially cyber security risk in every business unit of your organization that's
why enterprise risk management is important erm is a process where each business unit in your
company intentionally works through all aspects of its own risk to define their own risk posture as
a leader this information empowers you from the risk perspective to set priorities make
connections recognize
common ground and allow you to see where and how risk of the business intersect
at the enterprise level let's break it down instead of focusing on the individual
business unit level the focus is at the enterprise level while this does address cyber security risk it
really takes a more holistic approach highlighting risks related to personnel safety environment
financial internal and external threats very likely there are threats that impact several areas of your
business but in different ways
erm focuses on managing protection for the entire organizations from these threats and develops
opportunities to improve overall business success the power of erm comes from the fact that
each business unit is researching preparing and handling their own risk assessment because of
that however there will be some challenges each business unit may address risk from a different
perspective interpretation of level or type of threat likelihood of attack and impact of a cyber
security breach may be significantly different because of the obvious crossover there may be
times where it seems like cyber security and erm are conflicting so you will need to clearly
communicate your priorities at the micro and macro level each business unit may lack
the personal resources and knowledge to manage erm within their organization
they may already be short staffed so make sure the resources are there to do the requested work
resistance to change among some business units risk management asks people to think and act
differently based on risks whether it's cyber security or not lack of organizational cultural
participation in the last lesson we talked about how to build a cyber security culture until you
develop your culture there may be some pushback as we mentioned many times in the lessons
third-party vendors suppliers and
partners are part of your risk it is important that these are not overlooked under prioritized one of
your first steps is to obtain perspective from each of your business
units you will clearly instruct each business unit to work through a series of major
steps to explore their risk assessment now keep in mind erm is meant to be more extensive than
just cyber security but for this course cyber security is your focus right now several times in this
course we have mentioned this and yet again we use that
resource here for best practice guidance on what to include for each step identify contacts in what
type of environment are you assessing risks for example define goals and objectives of the risk
management activity how the risks would be assessed and who is responsible from each business
unit and what is the scope these will be different depending on your particular organization identify
risk what actions could help you
and your organization achieve its objective for example managers from each business
unit will need to identify their particular risk such as hazard risk financial risk operational and
strategic risk that could affect their individual units analyze risk what are the likelihood and
potential impact of events for example how would each business unit respond to the risk by
engaging or not engaging in certain activities that may affect the organization in a negative way
prioritize risks in lieu of likelihood and impact what risks want a higher priority than others for
example based on bia which risks are more important to respond to than others based on harm to
the organization plan and execute risk strategies what actions will your organization take to
manage risk for example there are four actions or strategies an organization can take pertaining to
risk risk transfer the risk avoid the risk or reduce the risk monitor evaluate and adjust how will your
organization monitor risk over time for example document any actions or events that change the
status of the risk that could affect the organization in a negative way from a strategic point of view
robust enterprise-wide risk management enables you to align risk assessment and growth
opportunities with longer term strategic plans
this is not one and done process but ongoing and long term as we have learned about cyber
threats they are always changing which means your risk management will also change

Enterprise Risk Management (ERM)

Instead of focusing on the individual business unit level, the focus is on the enterprise level.
While ERM does address Cybersecurity risks, it really takes more of a holistic approach,
highlighting risks related to personnel, safety, environment, financial, internal, and external
threats.
There are threats that impact several areas of your business but in different ways. ERM
focuses on managing protection for the entire organization from these threats and
develops opportunities to improve overall business success.
Challenges in implementation
The power of ERM comes from the fact that each business unit is researching, preparing, and
handling its own risk assessment.
There will be some challenges:

• Each business unit may address risks from a different perspective. Interpretation of
level or type of threat, the likelihood of an attack, and the impact of a Cybersecurity
breach may be significantly different. Because of the obvious crossover, there may
be times when it seems like Cybersecurity and ERM are conflicting, so you will need to
clearly communicate your priorities at both the micro and macro levels.
• Each business unit may lack the personnel resources and knowledge to manage
ERM within their organization. They may already be short-staffed, so make sure the
resources are there to do the requested work
• Resistance to change among some business units. Risk Management asks people to
think and act differently based on risk, whether it is cybersecurity or not.
• Lack of organizational culture participation. In the last lesson, we talked about how
to build a Cybersecurity culture. Until you develop your culture, there may be some
pushback
• 3rd party vendors, suppliers, and partners are part of your risks. It is important that
these are not overlooked or underprioritized

Working with business units

One of your first steps is to obtain a high-level perspective from each of your business units.
You will clearly instruct each business unit to work through a series of major steps to explore
their risk assessment.

• Identify context - in what type of environment are you accessing the risks? For
example, how do you identify your membership, structure, and activities of methods of
operation? These will be different depending on your particular organization.
 • Identify risks - which actions could help your organization achieve its objective? For
example, managers from each business unit will need to identify their particular risks;
such as hazard risks, financial risks, and operational and strategic risks that could affect
their individual units
• Analyze risks – what are the likelihood and potential impact of events? For example,
how will each business unit respond to the risks by engaging or not engaging in certain
activities that may affect the organization in a negative way?
• Prioritize risks – in lieu of likelihood and impact, what risks warrant a higher priority
than others? For example, based on BIA, which risk(s) are more important to respond
to than others…based on harm to the organization
• Plan and execute risk strategies- what actions will your organization take to manage
risks? For example, there are (4) actions or strategies an organization can take to
pertaining to risks:
• Accept the risk
• Transfer the risk ( insurance to 3rd party)
• Avoid the risk
• Reduce the risks
• Monitor, Evaluate, and Adjust – how will your organization monitor risks over time?
For example, document any actions or events that change the status of the risks that
could affect the organization in a negative way.

Implementing ERM
ISO best practice recommends business units use NCRR, or National Cybersecurity Risk
Register, as shown below. It is meant to be simple to fill out and simple to read.

QUESTION 1 OF 2

Investing in the development of a true ERM plan can pay off long-term. Knowing the major
elements of this are important. Can you identify these?
Submit to check your answer choices!
QUESTION TO ASK
ELEMENT OF ERM
Identify context
In what type of environment are you accessing the risks?

Identify risks
Which actions could help your organization achieve its objective?

Analyze risks
What are the likelihood and potential impact of events?

Prioritize risks
In lieu of likelihood and impact, what risks warrant a higher priority than others?

Plan and execute risk strategies

What actions will your organization take to manage risks?

Monitor, Evaluate, and Adjust

How will your organization monitor risks over time?

NCRR Risk Register is used to store ERM data

Additional ERM resources

• The National Institute of Standards and Technology (NIST) has published guidelines on
identification and analysis pertaining to organizational risks.
• The International Standards Organization(ISO) has published guidelines ISO 31000 that
highlight principles, a framework, and a process for managing risks.
From a strategic point of view, robust, enterprise-wide risk management enables you to align risk
assessment and growth opportunities with longer term strategic plans.

Knowing the risks in your organization

Which of your business units has the most obvious risk? How does that business unit's risk
appetite, tolerance, exposure, and posture align with the organization?
Lesson and Course Review
https://www.youtube.com/watch?v=zKeKee9_gkU
let's review what we learned in this lesson it is less expensive for an organization to be proactive
versus reactive when addressing cyber security budgeting and investing being able to interpret
returns on those investments is vital for successful budgeting one of the most important you will
have will be in the people you hire and in the people that already are part of your organization all of
your investments will have an inherent amount of risk associated with them erm helps you to
interpret those risks from the enterprise strategy level congratulations on getting through the
course by now you should have a fundamental understanding of the topics of cyber security
the next step in your cyber journey will be to demonstrate your cyber security leadership skills in
the final project where you will develop your own cyber security plan for your
organization

It’s less expensive for an organization to be PROACTIVE vs REACTIVE when addressing cybersecurity
budgeting and investing. Being able to interpret return on those investments is vital for successful
budgeting. One of the most important investments you have will be in the people you hire and in
the people that are already part of your organization. All of your investments have an inherent
amount of risk associated with them. ERM help you interpret those risks from the enterprise
strategy level

The Following Topics Were Covered in the Lesson

• Budget and Investment
• Budget and ROI
• Talent & Hiring
• Enterprise Risk Management
Technology Industry
https://www.youtube.com/watch?v=LU1Bp6Y2Yno
In today's global and connected society, organizations are in a constant cyber security threat. This
is critical in technology companies with global offices and employees dispersed worldwide.
Technology companies have to be extremely vigilant in recruitment to hire the best talent because
there is a shortage in the tech industry. Many of these companies have embraced a remote work
setting, so the threat of a breach by remote workers is increased. This industry has both
proprietary hardware and software, trade secrets are a primary target for bad actors. Rogue
nations and terrorists nation are also common attackers simply because the technology
companies are such a big part of digital society and have a target on their back. In the same vein,
supply chain-related attacks, both hardware and software can be especially vulnerable to
manufacturing organizations around the world. Business leaders in the technology industry must
constantly be aware of the various threats facing their organizations, such as social engineering,
especially phishing, supply-chain attack, ransomware attacks, third-party attacks, and mobile
devices getting breached. Below you will find information and resources for each.

Technology companies with global offices and employees dispersed worldwide, including remote
workers, are especially vulnerable to attacks. Many of these companies are large organizations so,
in addition to large numbers of people to train, they also have a large amount of technology that
has to be protected, including legacy machines, that can add risk. On the product side, this
industry deals with proprietary hardware and software, including IoT devices, as well as a
significant online presence.

Due to the monetary worth of these companies, rogue nations and terrorist groups will be
common attackers, looking to blackmail with Ransomeware, deface or take down a website, or
steal trade secrets to sell. Additionally, just because technology companies are such a big part of
everyday digital society, they tend to have a target on their backs. Companies that have
manufacturing throughout the world also have to deal with supply chain-related attacks.

From a talent perspective, technology companies have to be extremely vigilant in recruitment to

hire the best talent, because salaries are increasing, demands in high, and there is a shortage in
the tech industry. Once you hire great talent, for those same reasons, you will have to fight to
keep them.
Top threats
This is not an exhaustive list; however, these cybersecurity attacks should be at the forefront of
your cybersecurity awareness training.

• Cryptomining attacks
• Cryptojacking is the unauthorized use of the resources of a computer, server,
desktop, or laptop to illicitly mine cryptocurrency. Mining for cryptocurrency
requires a massive amount of computation, so offloading that to a "zombie
machine" can be profitable. The catch is cryptojacking code works quietly in the
background, so people might not notice.
• Phishing attacks
• An attempt by a fraudulent individual/group using email to entice you to click on a
hyperlink to capture your personal or organizational information. 57% of all
cybersecurity breaches are a result of this type of breach*; therefore, make sure
your employees are trained and aware of phishing attempts.
• Ransomware attacks
• This type of attack has grown in recent years and involves breaching and then
encrypting the victim's data and demanding to be paid a ransom (usually in
BITCOIN) to decrypt the data for the victim.
• Network perimeter and Endpoint Security
• If endpoints are not protected with appropriate security, bad actors could use those
access points to bypass your perimeter security and introduce outside threats into
the environment. What that means is an incorrectly secured endpoint can undo all
of the security protection that exists on the network. One type of this is IoT,
discussed below.
• Mobile Malware
• Mobile devices and Smartphones are used by the vast majority of the civilized world,
which makes them prone to malware attacks. Again, once these devices or
breached, just like computers, attackers can embed malware to capture all personal
data, including passwords, banking details, and health-related information. An
example of this would be Remote Access Tools (RATs), which are installed on the
device.
• IoT Devices
• IoT devices are any devices connected to the internet; in other words, they have an
IP address. Therefore, we are talking about Smartphones, Computers, Tablets,
Doorbells, video recordings, vehicles, Smart TVs, Refrigerators, and any Bluetooth
device. In today’s connected world, one has to assume that both organizational and
personal devices can be breached, and the only way to mitigate threats is for an
organization that has a culture of cybersecurity awareness. In today’s connected
digital environment, there are more than 50B IoT devices connected to the internet,
and more importantly, a vast majority are not properly secured with strong
 passwords. This vulnerability allows hackers the opportunity to breach these IoT
devices and cause damage or shut down an entire organization. Once breached,
these devices can also be used as DDOS instruments
• Supply Chain attacks
• A Supply Chain attack is an attack that targets 3rd party vendors that supply goods
and services to your organization. The bad actors employ both software and
hardware attacks to disrupt your organization’s supply chain. A software attack is
when the bad actor injects a malicious code into the application to affect all users
using that portal or application to place orders. Meanwhile, a hardware attack
attacks the physical components of an organization’s supply chain to achieve the
same outcome. Both attacks can cause damage and financial hardships to your
organization.

Technology sector attack examples

Hackers infiltrated a major software company’s network to obtain over a hundred million users'
credit card information. Additionally, the source code for several major products was stolen.

One online platform was the target of an attack by a hacktivist group with a personal grudge
against the company. More than 70 million passwords and credit card information were stolen.
Once the attack was detected, the company was forced to shut down its online operations for
more than a month.
Finance Industry
https://www.youtube.com/watch?v=SjfTkNz-YD8
Because money is a primary medium of business, the financial industry has been a target for bad
actors since the creation of the banking system. Moreover, in today's online banking and use of
mobile devices to conduct financial transactions, the risks for a breach increases exponentially.
The financial industry runs on transactions which takes milliseconds, so detecting and responding
to attacks quickly is vital. Investing in a variety of robust NDR solution, which especially focus on
the financial sector is a must. You can harden your organizations by employing leaning edge AI to
help detect intruder and also initiate immediate response. Cybersecurity in finance includes credit
risks, operational risks, and liquidity risk, which all can affect an organization's ability to function
as a profitable unit. Encrypting every type of financial data is vital, so even if it is stolen, it cannot
be accessed. Business leaders need to be especially aware of threats such as phishing,
ransomware, SQL injections, man in the middle, DoS and DDoS attacks.

In one report, over 100 financial services firms were targets of DDoS attacks last year.
Many of these financial companies are large, multinational organizations, which means people
from a variety of backgrounds, environments, priorities, and training will be part of the equation.
In addition to large numbers of people to train, they also have a large amount of
technology that has to be protected, including legacy machines, that can add risk.
Because money is the primary medium of business, the financial industry has been a target for
bad actors since the creation of the banking system. In today’s online baking and the use of
mobile devices increases the risk for a breach increases exponentially. The financial industry
runs on transactions that take milliseconds, so detecting and responding to attacks fast is vital.
Investing in a variety of robust NDR solutions which especially focus on live data transactions for
the financial sector, is a must. You can additionally harden your organizational infrastructure by
employing leading-edge Artificial Intelligence (AI) to help detect intruders and also initiate an
immediate response. Cybersecurity in finance includes credit risks, operational
risks, and liquidity risks; which all can affect an organization's ability to function as a profitable
unit. It should be obvious, but encrypting every type of financial data is vital; so, even if it was
stolen, it can not be accessed.
More information about cybersecurity in the financial sector
Top threats
This is not an exhaustive list; however, these cybersecurity attacks should be at the forefront of
your cybersecurity awareness training.

Ransomware attacks
This type of attack has grown in recent years and involves breaching and then encrypting the
victim's data and demanding to be paid a ransom (usually in BITCOIN) to decrypt the data for the
victim.

SQL injections
A SQL Injection is when criminals or bad actors enter malicious commands into search fields or
Uniform Resources Locators (URLs) to steal delete or change your data. A SQL is only possible
when there is a vulnerability (weakness ) in your software for web applications. The only way to
prevent a SQL attack is to have updated software and used stored procedures for input fields for
WeB applications.

Bank trojans
This type of attack is often disguised as a legitimate application and seeks to compromise users
who conduct their banking business — including money transfers and bill payments — from their
mobile devices. This type of trojan aims to steal financial login and password details.

Phishing attacks
An attempt by a fraudulent individual/group using email to entice you to click on a hyperlink to
capture your personal or organizational information. %57 of all cybersecurity breaches are a
result of this type of breach*; therefore, make sure your employees are trained and aware of
phishing attempts.
Distributed Denial-of-Service attacks (DoS, DDoS)
Denial of Service (Dos) and Distributed Denial of Service (DDoS) A bad actor using a computer (
DDoS) or multiple computers (Zombies) to overload your servers, causing them to have denial of
service for your organization.

Cloud Providers
Many banks store information offsite in the cloud. If these servers are not secure, the banks can
still lose important data. Unsecured cloud providers can also be the cause of a data breach that
exposes clients and customers to identity theft.
Financial sector attack examples
A ransomware attack on a major bank in the USA in 2020 where hackers publicly posted personal
information of bank customers online.

The New Zealand Stock Exchange came to a halt in 2020 following an extended DDoS attack on a
network provider.

A major online stock trading company experienced a massive data breach where PII data of
millions of customers was accessed.

Ecuadorian bank Pichincha Bank was attacked in 2021, resulting in business and banking service
interruptions.
Healthcare Industry
https://www.youtube.com/watch?v=SMcrorMpjsM
As we are all aware of, there has been significant improvements in technology, especially in the
health care arena. Within the last several years, health care has been in the news for a plethora of
cyber security breaches, including several ransomware attacks that lead to ransom being paid to
restore critical services. Bluetooth technologies, Wi-Fi, and connected medical devices that are
used in all health care facilities, especially hospitals, make them a prime target for cyber security
breaches. Business leaders in health care have to double down to insure third party vendors are
maintaining all the equipment and keep any patient, operations, or facility software up to date.
Additionally, there is personal data PII, which is regulated specifically by HIPAA,
which is a common target of attacks. Breaches involve PII, which can lead to huge legal
consequences in addition to reputational damage, which so many people involved in the business
of health care, from your nurses and doctors, to your administration, to your cleaning staff.
Medical facilities are especially vulnerable as it is easy to get caught up in caring for people and
forgetting to apply good cyber security hygiene. Properly trained and prepared personnel is vital.
Business leaders in the health care industry
needs to be aware of various threats facing their organizations, especially fishy ransomware, and
attacks through medical devices. Below, you will find information and resources for each.

There have been significant improvements in healthcare-related technology. Within the last
several years, Healthcare has been in the news for a plethora of cybersecurity breaches including
several ransomware attacks that led to ransoms being paid to restore critical services.
Bluetooth technologies, Wi-Fi, and connected medical devices that are used in all Healthcare
facilities and especially hospitals, make them prime targets for cybersecurity breaches. Business
leaders in healthcare have to double down to ensure 3rd party vendors are maintaining all
equipment and keep any patient, operations, or facility software up to date. Additionally, there
is personal data(PII) which is regulated specifically by HIPAA, which is a common target of
attacks. Breaches involving PII can lead to huge legal consequences in addition to reputational
damage.
With so many people involved in the business of healthcare, from your nurses and doctors to
your administration to your cleaning staff, medical facilities are especially vulnerable as it is easy
to get caught up in caring for people and forget the apply good cybersecurity hygiene.
Properly trained and prepared personnel is vital.
The average cost of a healthcare data breach far exceeds 7, 000,000 per breach!
Top threats
This is not an exhaustive list; however, these cybersecurity attacks should be at the forefront of
your cybersecurity awareness training.

Trojans
This type of attack is often disguised as a legitimate application and seeks to compromise users
who conduct their banking business — including money transfers and bill payments — from their
mobile devices. This type of trojan aims to steal financial login and password details. This sector
had more Trojan attacks than any other sector. Eighty percent of malware infections at healthcare
organizations were in the form of Trojans. Emotet was the most common Trojan used in attacks.

Phishing
An attempt by a fraudulent individual (s) or using email to entice you to click on a hyperlink to
capture your personal or organizational information. As indicated %57 of all cybersecurity
breaches are a result of this type of breach; therefore, make sure your employees are trained and
aware of phishing attempts.

Ransomware
This type of attack has grown in recent years and involves breaching and then encrypting the
victim's data and demanding to be paid a ransom (usually in BITCOIN) to decrypt the data for the
victim.

Medical device security/ Third-party risks

The use of 3rd Party vendors is used extensively in medical facilities. However, the plethora of
cybersecurity breaches in hospitals has been with Bluetooth devices supplied or serviced by 3rd
party vendors.
Healthcare sector attack examples
A major collection and billing service to medical laboratories, physician groups, and hospitals, had
a massive data breach, where hackers gained unauthorized access to AMCA’s servers to access
patients’ personal, medical and financial information. Eventually, they reached a settlement with
41 states and were ordered to pay $21 million dollars in fines

A major cloud computing software and data intelligence services provider to non-profits noticed
some suspicious activity that was trying to disrupt the business operations by preventing
companies to access their own data and server. It was quickly identified as a ransomware attack,
but before they could act to stop the attack, the cybercriminals were able to obtain data from
millions of customers from the company's servers. The ransom was paid.
Project Summary
Companies in today’s global environment must always anticipate their organization being
breached. In 2021 alone, there were 1,862 breaches, which is an increase of 764 from the
previous year.
The impact?

• 294 million people affected

• 18 million records exposed
There are obvious consequences like lawsuits and data loss, but there are also considerations
such as reputation or financial loss.

This is why it is paramount for you to understand cybersecurity risks in your organization.

This project will get you started thinking about cybersecurity risks as they relate to your own
organization.

The major sections of the project are:

1. Research and identify critical cyber threats and risks related to your industry or organization
2. Create an ERM plan for your organization
3. Create an Incident Response Plan (IRP)
4. Create a 3-year cybersecurity budget
5. Describe your organizational-wide cybersecurity awareness campaign
Project Instructions

Submission Instructions

Download the student template file called Final Student Template for Cybersecurity Business Leader
Project.docx from the Resources section located in the left column of this page.

Identify the 5 sections of the template

1. Current Threats
2. Enterprise Risk Management
3. Incident Response (IR) Plan
4. Cybersecurity Investments
5. Culture Awareness Plan
You will complete each section as specified in the instructions in the template. You are expected to use
skills learned throughout the course, so feel free to revisit any topics for a refresher.

Note: The project is designed to be used with data and information collected about your own company, but
if needed you can use fictitious data as long as it is realistic.
Project Submission
If you are ready to submit your project, please confirm the following

1. Verify that all 5 sections in the template have been completed

2. Verify that your responses are aligned directly with the Rubric.
When you are ready, upload the same template document called Final Student Template for Cybersecurity
Business Leader Project.docx that you used to complete each of the 5 sections