To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

In times of major change–whether in IT or the economy–organizations should take a fresh look at their sourcing strategy. Companies outsourcing key functions need to re-examine the reasoning and scrutinize the results. The same goes for in-house functions. IT leaders need to ask: is our sourcing strategy in line with our current corporate and IT... Read more »

Sure, some days you hate your job. But how do you know when an IT position has gone from being run-of-the-mill annoying to truly toxic? And what do you do about it? Johna Johnson and John Burke are joined by Sandy Miller, a pseudonym for a CIO at a major global company who talks about... Read more »

Network-as-a-Service (NaaS) promises enterprises the ability to set up and configure connectivity and network security with a couple of clicks. But for NaaS to truly transform enterprise networking, one thing has been missing: standards. Enter Mplify (formerly the Metro Ethernet Forum), a non-profit focused on standardizing NaaS service definitions. Mplify’s CTO, Pascal Menezes, joins Johna... Read more »

The modern enterprise is built on cloud, with most organizations using SaaS for their “horizontal” work horse layers, such as communications, conferencing, HR, and payroll. That makes the enterprise entirely dependent on the good-faith execution and good-will delivery of the cloud providers. Those providers have a huge economic incentive to reliably deliver software – but... Read more »

Google now estimates that the specs for a Cryptographically Relevant Quantum Computer (CRQC), which can break conventional public key encryption in a useful amount of time, are lower than they had previously estimated…by 95%. Given the breadth and pace of advancement in quantum computing, this makes the advent of the CRQC likely to happen years... Read more »

Is adding AI to your environment a software purchase? Or is it more like hiring an employee? Heavy Strategy’s John Burke and Johna Johnson debate whether AI should be treated as just another application you buy and use, or be handled like an employee you’re bringing on staff (complete with background and reference checks, training... Read more »

Whether it’s CNAME records pointing to dead endpoints or abandoned cloud storage buckets still mentioned in the makefile or Chef recipe, seemingly innocuous bits of infrastructure that don’t get cleaned up can turn into serious security threats. (Both of these examples are taken from real-life attacks, BTW). When and how and who within IT should... Read more »

Here we are, a bit more than halfway through the year. How’s your execution against your strategy going? Roiled by the economy? Disrupted by tariffs? Thrown off by staff retirements? If you built a proper technology strategy in the first place, driven by the business strategy, then no matter what is happening don’t ignore it,... Read more »

IT teams deal with technology lifecycle issues all the time–including Y2K, which enterprises across the world grappled with for years. The Epochalypse, or Year 2038 Problem, is similar. Specifically, some Linux systems’ date-time counters will go from positive to negative at a specific date in 2038, potentially wreaking havoc on embedded systems and any other... Read more »

You need someone to design your operations processes–or perhaps redesign them. That’s an Ops Architect. Should you take an ops person and train them up in architecture? Or an architect and train them up in operations? Do you even have that ops/engineer/architect organizational structure – and should you? Johna and John dive into this discussion... Read more »

How far ahead should you plan, and what things belong in your strategic plan? Conventional wisdom holds that a 3-year planning horizon is “about right”–but in a period of rapid technical and geopolitical change (such as we’re arguably in right now) does that go too far out, particularly when agile methodologies recommend shorter action plans... Read more »

It’s all well and good to develop a technology strategy, articulate and document the strategy, and agree (supposedly) on that strategy. But what do you do when one or more of the tech teams act in apparent opposition to the strategy? John and Johna discuss why this happens and what questions you need to ask... Read more »

AI can impact an enterprise in several ways: making individuals more productive, making products and services more effective, and making it easier for customers and partners to do business. IT plays a critical role in enabling AI to have these impacts. On today’s sponsored Heavy Strategy, Cisco CIO Fletcher Previn explains how to locate AI use... Read more »

Most organizations have a long list of security holes in the form of unpatched systems and other known but unresolved vulnerabilities. Is it time to hit the big PAUSE button and fix, patch, or mitigate all of that before we resume deploying new systems (and their accompanying risks)? Join us as we tear into whether... Read more »

Is it actually possible to run a team without lying? Steven Gaffney, author of the book, “Just Be Honest”, joins Johna and John to talk about why being honest is harder than it sounds–and how (and why) to do it anyway. Steven spends his career advising science and technology leaders about how to be more... Read more »

IT and network leaders need more than uptime—they need to know what their networks cost, what they deliver, and how future changes will impact the business. That’s where Netos comes in. CEO and founder Richard Foster joins Johna and John in a lively discussion to explore how Netos turns complex operational data into clear financial... Read more »

What do you do when your colleagues or senior leaders ask you to do something illegal? It’s hardly hypothetical; recent years have seen high-profile firings and convictions of CIOs and CISOs who’ve been ordered to break the law. John and Johna discuss steps that tech leaders can take if they’re put on the spot. Episode... Read more »

IT teams too often wrap a strategy statement around a basket of projects already in progress or known to be coming, rather than defining a strategy and then letting it spawn, guide, or absorb projects. On today’s Heavy Strategy we discuss whether IT teams have any alternative to this approach, given how much gets “thrown... Read more »

Someone needs to be scanning the horizon for the threats and opportunities that are distant for now–and they need to be able to turn that foresight into action. We welcome John Miranda of Intel for a lively discussion of how to look ahead, how to get folks to pay attention to the alerts you raise,... Read more »