[00:00:02:02 - 00:00:22:04]
Welcome to the Tech World Human Skills Podcast with me Ben Pearce. Every episode we talk through different aspects of how to really thrive in the tech world and if the podcast isn't enough for you and you want weekly micro learning delivered straight to your inbox, sign up for the Tech World Human Skills Weekly. Head over to www.TechWorldHumanSkills.com to sign up.
[00:00:22:04 - 00:01:08:04]
Hi everyone and welcome to the Tech World Human Skills Podcast. It is brilliant to have you with us. Now, before we get going, I want to tell you about Tech Show London. It's one of the biggest tech shows in the UK at the Excel Center on the 4th and 5th of March. And I'll be hosting the Cloud and AI infrastructure stage on day one. And then on day two, I'm delivering a session called Be More Valuable, and build you human skills that AI can't replace. And what's more, it's free. So come along and say hello. I'd love to see you there. And there is a registration link in the show notes below.
[00:01:09:09 - 00:01:58:10]
But now, to the matter at hand, we're talking about leading through incidents. Those are nightmare issues where something has gone seriously wrong and we need to get things back to normal. Now, our guest today has been involved in his fair share of incidents and has got some amazing lessons and learnings to share with us based on his real life experiences. Now, he is the CIO of TWC IT Solutions and has years of working in the tech world and leading teams through incidents. So please welcome to the show Richard Baker. Richard, it is awesome to have you with us. Thanks so much, Ben. Wow, what an introduction. I hope I live up to that most certainly.
[00:01:59:22 - 00:02:16:12]
Well, now, I'm sure you will have it. I had a good few chats with you before and we've talked a little bit about what we're going to be talking about, so I'm sure you will. But for all those people that haven't had a little chat with you before, like I have, could you give a little bit of information about your background?
[00:02:17:16 - 00:02:18:09]
Yeah, absolutely.
[00:02:19:22 - 00:02:22:17]
CIO, TWC IT Solutions,
[00:02:24:00 - 00:02:31:16]
been working within tech industry for around 30 years now, showing my age. But there you go.
[00:02:32:17 - 00:02:38:12]
Full systems integration, infrastructure, management, architecture, running teams
[00:02:39:13 - 00:02:43:15]
and supporting clients globally and knowing what can go wrong.
[00:02:45:06 - 00:03:03:13]
Yeah, and so that's a lovely segue into what we're going to be talking about today, because we're going to be talking about dealing with those major incidents or P1s or critical situations or cyber incidents or whatever you might call them in your organization.
[00:03:04:17 - 00:03:15:07]
But I reckon we all know what they are and how horrible they can be. And it's a subject close to my heart as well, because earlier in my career,
[00:03:16:12 - 00:03:46:23]
when I was at Microsoft, I was part of the critical critical problem resolution teams or the critical situation team, so I spent many years on these people panicking type situations. And so when we thought about what we could talk about, this just sprang right out to me because it's such an important topic. But maybe you could set the scene. What are we talking about from your perspective when we talk about these major incidents or these cyber incidents? Could you set the scene from your perspective?
[00:03:48:14 - 00:03:56:18]
Yeah, a major incident is when there is the potential of a hack or
[00:03:57:23 - 00:04:09:19]
someone is being nefarious within the business or the company has gone down. No one can work. Someone can't work. And let's not forget that
[00:04:11:01 - 00:04:47:14]
priority one to the client is everything is priority one to us. It may just be straightforward day to day work. Let's look at a ticket and find a solution. But it's all about the client. It's all about the client. And these are then the emergencies where, you know, business is down or we're being currently hacked as a live cyber incident. And there is something where it's very time sensitive, is very impactful for the business. And we have got to get on it right away. Yes. And I think the angle we're going to come at this from today
[00:04:49:14 - 00:05:02:07]
is kind of that human angle, isn't there? Because obviously there's a tech fix, obviously there's a tech problem and there's the tech stuff that you can do. But what we're going to think a bit more today, I think, is about the human side of that. Am I right there? Yeah, absolutely.
[00:05:04:09 - 00:05:46:04]
The most important part of any business is the team, the staff, the people that work for you. It's how they react within a problematic environment. It's how you've trained your team to react. Can I just tell you something really quickly, then? Yeah. Something that I've worked out over my years is that companies have processes. They have different drivers. They have different ways of dealing with any given scenario. And as you quite rightly said, we all know what the tech is. We all know how to deal with password resets. Well, that's the easiest thing on earth. However,
[00:05:47:22 - 00:05:49:03]
people run through
[00:05:50:19 - 00:06:06:08]
a fire drill, for example, people run through. Well, what do you do if there's a fire in the building? So everyone knows, stand up, leave everything. Don't pick up any belongings, order the fashion, go to the muster area, for example.
[00:06:07:09 - 00:06:32:05]
But how many companies actually do a training for a priority ticket so they know exactly what to do? It's not about business continuity, disaster recovery. It's about what to do in those situations. So everyone knows they're part to play. And the more you practice, as you well know, the easier it becomes. And the more matter of fact it becomes so that when people are in that environment, especially the team or the staff, everything goes smoothly.
[00:06:33:07 - 00:06:36:10]
Yeah. Yeah. Now, I imagine
[00:06:37:16 - 00:06:49:12]
you have got some war stories, you've got some battle scars from being in these sorts of situations. Could you maybe share an example of the sorts of things we're talking about
[00:06:50:20 - 00:06:52:05]
based on something that you've been through?
[00:06:54:02 - 00:07:02:06]
OK, one such very interesting story and the technology behind it as well may be interesting for
[00:07:03:08 - 00:07:04:19]
people watching this podcast.
[00:07:06:13 - 00:07:34:13]
We had a call from a client to tell us that one of their employees was sending out emails globally. Now, they knew it was one of their employees because they put in their password, they've authenticated via multifactor authentication. So it was definitely then. However, the emails that were going out were disappearing out the mailbox. There were forwards added on the mailbox.
[00:07:35:19 - 00:07:38:23]
And the content of the information
[00:07:40:00 - 00:07:41:18]
didn't match who they are as a person.
[00:07:42:20 - 00:07:54:04]
Anyway, we had to look into this and we found out that their authentication cookie or their session cookie for MFA has been stolen.
[00:07:55:19 - 00:07:57:14]
This has happened quite a few times.
[00:07:58:23 - 00:08:10:06]
It's a huge problem for the industry, specifically because if someone steals your MFA session cookie, they can log in anywhere and they bypass your MFA. Huge, huge problem.
[00:08:11:08 - 00:08:32:13]
Yeah, yeah, yeah, yeah. It was a huge problem. Because your identity and all the things that your identity is your security badge. You know, there's all these other things. But proving who you are and being able to trust that you can prove who you are. What are the most important things? Yeah, well, let's consider the amount of businesses and compliant businesses, especially within financial services,
[00:08:34:04 - 00:08:41:21]
use MFA to authenticate, to make sure you are who you are through your mobile. And if that session cookie can be stolen,
[00:08:43:08 - 00:09:18:08]
we are entering into a myriad of problems. Yeah, there are ways around it. That's not what this is about. It was all sorted in the end. We worked out how to deal with it through IP Lockdown. However, it caused a huge problem for their business because in their minds, they're thinking, well, we can't trust MFA now. Yeah. What do we do? And so it was how we dealt with that as a business. Yeah, yeah, yeah. It's just funny, as you're talking through that, there's a
[00:09:19:16 - 00:10:43:22]
I remember years ago when I was in this in the critical problem resolution team, I remember getting a call from a big telecoms operator and basically their main billing system had had rebooted, the server had rebooted. It was on premise. It was before cloud and it was now check disking. And I don't know if you remember check disking, but check disking is when it would come back up and before it got to the operating system, you would get this little spinning thing that goes like we're checking the disks and checking the disks. Absolutely. It was you cannot predict how long that is going to take because if you've got lots of little files, that takes forever. If you've got one massive file, that'll be done in about a second. And unless you know the exact mapping of the disk and you can't predict it. And so they sat there. They had no backups. They had no business disaster recovery or no business continuity. So their billing system was down and it was just sat there on check disk. And I remember them calling me and saying, right, how long is it going to be? You know, we went to the product group. We went everywhere. Yeah, we can't tell you how long it's going to be. You just got to sit there and wait. And they were like, you need to be on site now. I remember. And I remember because I was at the Microsoft offices and it was in the summer. I was sat there in my shorts because, you know, it's a bit chill. You're in the tech sector in the early noughties. You can wear your shorts, do whatever. And I just had to go straight to site and I turned up in my sandals. I'm not sure what's to their data center.
[00:10:44:23 - 00:11:18:18]
And had all these senior executives standing there to shout. We go, when is it going to come back up? And I'm like, we don't know. Like we either let it run or we restart it and it'll probably do it again. And you've lost it. You will. You've already lost. So, yeah, I mean, they are high pressure, aren't they? You know, when you've got senior executives talking and shouting at you, there's massive business impact on it and you're in the face of resolving that issue. Absolutely. Absolutely. And it's and it's it's really, really important that you
[00:11:20:02 - 00:11:26:12]
keep calm, I guess. It's really important that in that situation, you just keep calm.
[00:11:27:17 - 00:11:34:03]
That's how my teams have always been trained to deal with situation. First thing always.
[00:11:35:11 - 00:11:35:16]
Yeah. Yeah.
[00:11:37:02 - 00:11:52:08]
Well, and I think we're starting to move really, aren't we? Really move into some some tips. So if you find yourselves in P1 or cyber issues, whatever it might be, some tips. And so I guess tip one, you know, the first bit of advice that you'd give people.
[00:11:53:11 - 00:11:54:00]
Stay calm.
[00:11:55:07 - 00:11:55:12]
Yeah.
[00:11:56:22 - 00:12:11:04]
If you keep calm, well, let's let's. Let's push the reverse out there. If you panic, it just creates noise, it creates more mistakes. So by keeping calm, it
[00:12:12:14 - 00:12:17:14]
gives you the opportunity to make clearer decisions. But as you well know, when you're calm,
[00:12:19:02 - 00:12:26:18]
the person you're speaking to remains calm because they feel the authority in your voice. Really, really important.
[00:12:27:18 - 00:12:36:20]
It also offers better communication, specifically because if you're calm, people listen, other people are quiet. Don't raise a voice.
[00:12:38:01 - 00:12:51:23]
People listen to you when you talk to the other good level. If you're shouting, again, it just creates panic. So take it easy. It's like less haste, more speed, slow down to speed up. It's that sort of sonata.
[00:12:52:23 - 00:13:54:19]
Yeah. And do you know what? It's a really easy thing to say, isn't it? Isn't it? Keep calm. And because you think better, you think, well, I mean, so I do lots of work these days on training people and how they communicate effectively when they're under pressure and that and that is again a thing that people really hate. And the stress level goes up, the heart rate goes up. But actually, if you can deactivate yourself a little bit, if you can chill out a little bit, if you can deal with the fear of if this goes wrong or the worry, the stress, if you can deal and deactivate yourself a little bit, then you think a lot better and you can make better decisions. In fact, I was reading an article on the BBC website this morning because the Winter Olympics are all kicking off and it was an article with one of the skiers in the half pipe talking about dealing with fear. You know, she's about to spin upside down 13 times and twist 27 times or whatever it is they do when they're in the air. But it is if you can if you can deal with that fear, if you can keep calm, then you think well and if you think well, you make better decisions.
[00:13:55:20 - 00:14:12:13]
Indeed. And so have you got any practical tips? How do you stay calm? Is there anything that you personally do that helps you kind of stay calm? OK, so the way that I stay calm, it's all about preparation, preparation, preparation. So we have an excellent client services
[00:14:13:13 - 00:14:47:05]
manager who appreciates and understands what to do in those situations. And again, I think it goes back to what we discussed earlier, that everyone knows exactly what their position is when there's a priority. So yeah, keep calm is the first thing to do. But it's about the steps afterwards that really help you keep calm. You can't keep calm in a scenario if you don't have the respect of the client. I know exactly what to do in the scenario. And that's another thing. We all know that IT is not linear.
[00:14:48:09 - 00:15:05:21]
One thing within IT can take an hour to sort out because it's not about pinpointing the problem. Just there's the issue. Sometimes you have to work through steps, work through processes. And as long as the client understands what you're trying to achieve and what you're trying to do, which is all about the communication.
[00:15:07:03 - 00:15:53:18]
Everything remains purposeful and in process and gets sorted out as you move along. So just keep calm, communicating with the SLT. Certainly that would probably be the next step. Communicating well with the SLT. Well, just before we head forward to that one, because something that you said really interesting there was it's all in the preparation and you talked about these fire drills earlier. So prior to the proverbial hitting the fan. Yes. What is it that you've done before? What are the processes or the drills or the procedures? What's the prep work you've done before the disaster has occurred so that if a disaster does occur, you are able to come in here thinking that you're well prepped.
[00:15:55:07 - 00:16:05:00]
OK, so it's about understanding what the different priorities could be. That's the first thing. So understanding whether it's server side, cloud side,
[00:16:06:02 - 00:16:10:18]
user side, whether it is a hack, it's a cybersecurity breach.
[00:16:11:21 - 00:16:14:16]
And then it would be about role playing within those situations,
[00:16:15:20 - 00:16:23:00]
understanding what everyone's role is within those situations and the different processes. So
[00:16:24:05 - 00:17:13:02]
there would be one person who would be speaking with a client, another person that would be actively dealing with the people involved and our team manager, whoever the manager is for that specific team would be orchestrating, conducting what the process is so everyone understands what the process is for priority one ticket. Is that what you sort of mean? Yeah, well, yeah, exactly. So what you've done is you've sort of said, right, in this scenario, so in a cyber incident, these are the roles we're going to need. These are the responsibilities of those roles. There's clarity on who is those. And and then you've fire drilled everybody in a scenario. So we've got a cyber incident. People know what they're doing. They know what they're talking to and and they've drilled it.
[00:17:14:05 - 00:17:25:15]
Indeed. It was to go through every single step of the process would take longer than we have today. However, it's about if we get a priority one ticket in,
[00:17:26:18 - 00:17:34:16]
the team manager will go, OK, you know what to do in this situation. You know what to do in this situation. You know what to do in this situation.
[00:17:35:22 - 00:17:45:03]
Let's keep calm. Let's move forward. You know your roles because we've practiced these roles. Yeah. Keep communicating, feeding back
[00:17:46:08 - 00:18:06:14]
and and again, preparation, preparation, preparation. Yeah. Yeah. And I remember we used to we used to do this because particularly now with the hyperscalers and I don't know if you've come across this at all, Richard. I suspect you might. Sometimes those hyperscalers, Amazon, Microsoft, Oracle, Google, sometimes they have outages, sometimes.
[00:18:08:12 - 00:18:37:22]
Apparently that happens. And so I remember we used to fire drill that internally as to write if we have an outage, who is going to contact who in the company, who is going to be there for cons to the executives, who's there for cons to the people that will be fixing it or, you know, so we are we used to fire drill those scenarios as well. So, yeah, yeah, yeah, really interesting. So we've prepared. So we've got some roles and responsibilities. Yes. We've now got people staying calm.
[00:18:39:20 - 00:18:50:14]
Next next bit of advice that you'd have for people. Yes, going to be communication. OK, communicate as early as possible with SLT senior leadership team.
[00:18:52:07 - 00:18:54:03]
They need to do their own risk
[00:18:55:04 - 00:19:15:17]
assessment, make their own risk decisions, and we need to understand what they are because, again, with all the planning in the world, they may be something we don't know about. They could have a board meeting going on. They could have an IPO discussion going on. There could be so many things coming on exactly within the house. So we need to understand what's happening.
[00:19:17:23 - 00:19:49:20]
The faster we do that, the faster we can create approvals for any split second decisions we may need to make. So once we have an open channel to SLT, we know that anything we need to do that could create a risk problem for our client. The decision is being made instantly. So the containment, should it be a cyber risk, for example, is near on immediate. So the second thing that I would state would be communicate early with SLT.
[00:19:51:00 - 00:20:14:14]
Now, this is taking me back to Sonora. I remember being on site and I just happened to be on site at a major public sector organization. And whilst I was there, their entire messaging system went down. So now nobody could email each other, which was a big issue because that was the business run. And I remember there was the corner office where the boss
[00:20:15:14 - 00:20:59:14]
lived and he basically came walking out like with a power stride, stood behind then the desk of one of their top messaging. Normally in an org, there's somebody that is when the when the when the proverbial hits the fan, this is the person you want on it. Right. There's normally somebody like that and literally stood behind his chair going, what's up, what's going on? Have you fixed it? Have you fixed it? Have you fixed it? And then there was this poor bloke who is now he's trying to deal with the outage and now stood behind him, literally going, have you fixed it? Have you fixed it? What are you doing? Have you fixed it? Was the senior leader. So so the problem with getting sometimes the senior leadership team involved is that's not going to help you. Well, I would what I would say there is that.
[00:21:00:21 - 00:21:23:17]
If you have someone dealing with the SLT in a calm manner, but they are keeping them updated and a different person doing the work, so you separate the stress from the work. Yeah, it's always going to be what's going on. Why is it not up yet? Do you know how many downtime hours I have? And depending on
[00:21:25:12 - 00:21:31:22]
how important that time frame is, depends on the amount of stress they're putting on the engineer, separate it out.
[00:21:32:23 - 00:22:32:08]
Again, which is why people have their own roles. One person is dealing with SLT. The other one is dealing with the department where the problem is. So they're actively moving forward with information being fed through without SLT on their back going, when's it going to be up? When's it going to be done? As you've just demonstrated. Yeah, yeah, yeah. And the other thing that I remember used to work really well on that sort of thing was just saying when the next communication would be, because engineers tend to get into my experience was engineers would get in a situation where if they haven't fixed it, there would be no update and it would be, I'll let you know when it's fixed. And then, you know, half an hour, an hour, hour and a half still still no update. Whereas actually, if you said there's going to be 30 minute updates and the 30 and the update might just be there's no update or we're trying the next phase of the DR plan or we're doing the next thing. So no information. But that would often help the leadership team go. There is communication. They are on it. It's not a black hole. It's not a vacuum.
[00:22:33:10 - 00:22:37:17]
So it was almost like that regular comms, even if you were communicating that there was no update.
[00:22:38:19 - 00:23:57:01]
Yeah, I would suggest that any business that works within Remedy or support within any given priority issue should have this as their mantra on a day by day basis, whether there's a priority or not. So certain systems that we put in place are for a standard ticket. If a client hasn't received a feedback, any feedback within 48 hours, whether there's feedback or not, because obviously you deal with third party organisations and they have their own SLAs, you go back to the client and say, hey, what, Mr. Client, it's 48 hours, but we're still on it. We want to let you know that we're still on it. When we have more feedback, we'll let you know. The worst thing is, as a client, picking up the phone and saying, what's going on? Have you forgotten about me, especially in a priority, which again, which is why we have someone doing specifically with SLT. This is what we're doing. This is how often we're going to update you. We're going to attempt to keep an open line. What's the best channel? Are you on your teams at all times? Do you want to drop an email? Why should I just pick up the phone to your mobile? You tell me. But again, that's about building client relations so that you've got the right person speaking to us, to understand that you're working as a partner for them to get them up and running as quickly as possible.
[00:23:58:16 - 00:24:09:02]
So we've got stake arm. We have the SLT. Yes. What other advice would you have? Well, we've got get the right people involved with clear roles. So that goes back to the
[00:24:10:20 - 00:24:44:17]
preparation, preparation, preparation. So any company should have specialists within given areas, not just talking about second line, third line. Some people, especially within cybersecurity, some people, especially within infrastructure and cloud storage to make sure they've got the right people involved and they understand what their roles are, depending on the priority, because what that offers is a lead engineer in any given situation, which again, gives structure to the business within the priority and gives that calmness back to the client.
[00:24:46:14 - 00:25:41:20]
Just moving forward, if that is all in place, understand what the scope of the problem is because you can't fix what you haven't defined. So there are again, it's just building that process, understand, understanding what the scope is, understanding that the stakeholders are getting updates along the way, what's affected, what's not affected, what the business impact could be. So having all this information as we're moving through is paramount to making sure that the affected issues or the problems that have arisen from this P1 ticket are being dealt with in the right manner. Yeah. So we've understood the scope. We've understood the impact. We clearly communicated that. And now we're giving regular updates that aren't too noisy, but aren't too infrequent. So it's sort of getting that balance. And that might be client specific. Yes.
[00:25:42:20 - 00:26:11:03]
So that we can allow our people with the roles and responsibilities of just fixing the stuff to get their heads down and do their best work fixing the stuff. And then we've got some other people that are great at communicating and translating the fixing stuff into the what that means to the leadership team or other sponsors. So we've all that sort of starting to hopefully go like a slick machine. Yeah. The client needs to feel guided.
[00:26:13:02 - 00:26:36:18]
Look, a client doesn't give away their whole IT business, which more so now than ever is the backbone of most companies to any Tom, Dick and Harry. They are giving it to someone that they put in their trust in and put in their faith in. Can I tell you about something else, Tom, a situation that that came up recently?
[00:26:38:17 - 00:26:40:05]
We had a
[00:26:41:18 - 00:26:48:22]
very important client who was at a climate change event, quite a well-known one,
[00:26:50:00 - 00:26:56:00]
and the head of the business had decided for one reason or another,
[00:26:57:06 - 00:27:01:18]
whilst abroad at this event, to work off a personal laptop.
[00:27:04:15 - 00:27:14:14]
Now, knowing how important climate changes currently, there were probably about 100000 attempts and bots from
[00:27:15:18 - 00:27:18:20]
geographical locations that we won't mention on the podcast.
[00:27:20:14 - 00:27:27:06]
Lo and behold, they got hacked on their own personal email. And this is the head of the business.
[00:27:29:01 - 00:28:26:01]
So in that situation, it's about communication and more so than anything else, taking it back to what I said earlier about the company of a client putting all their faith at that priority moment in the IT company that they partnered with to find a solution in the best possible way. And it's all about being calm, understanding the situation, communication, and also about saying to the client, why the hell are you using your own laptop when you've got a business laptop set up with all the security and cyber bells and whistles? I just thought I'd throw that in. This is a really good story. Yeah, yeah, yeah. And we say in the press that we're seeing, you know, personal emails and stuff. I mean, I think politicians have been sacked and lost their jobs from from all of these sorts of, you know, these sorts of breaches. And I guess I wonder what led them to
[00:28:27:03 - 00:28:40:10]
not use the corporate laptop. So was it that the corporate laptop they felt was slow or too constrictive or just it was the wrong shape or too heavy or what? No, I see what you're saying.
[00:28:41:23 - 00:28:47:13]
Well, after everything could die down and the situation had been managed
[00:28:49:14 - 00:28:56:01]
and we had the discussions thereafter, it was it was pretty simple.
[00:28:57:22 - 00:29:25:21]
They had done for one reason or another, they had done a soft reset because the computer had stored were rushing for the taxi, rushing for the plane. It hadn't booted up yet. So they grabbed their personal laptop because they had their business emails on there, something so simple. Now, if we would have known about it, which sort of comes back to communication, we could have set things up really, really quickly just to give a basic
[00:29:27:05 - 00:29:51:13]
a level of cybersecurity, enrollment in enter ID and blah, blah, blah. Again, we don't get to touch upon the technology side of things. But it was about them rushing and not understanding the consequences and discussing it with their IT partner. There was plenty of opportunity for them to discuss it with their IT partner. Yeah. But, yeah, emails. I mean, I can only imagine what could have happened. Yeah. Well,
[00:29:53:11 - 00:30:04:19]
so when you're in these sorts of incidents like that one or the one you talked about earlier, yeah, what would be the most common mistakes that you see people making when they're in this situation?
[00:30:07:02 - 00:30:21:02]
From our side or from the client side, Ben. Genuinely, based on your experience, what are the common things that go wrong? OK, common things that go wrong in those situations are we're not told soon enough.
[00:30:23:14 - 00:30:31:08]
A primary note that we try and instill as hard as we can with our client.
[00:30:32:21 - 00:30:38:12]
We're not interested if a user has been stupid, a user has made a mistake
[00:30:39:13 - 00:31:01:04]
because we all make mistakes, we're all human. We would rather know something straight away to give us the opportunity. Second thing is tell us all the details. Don't leave anything out just because you think, oh, I'm not sure they should know that or I'm not sure I should have done that. Tell us all the details. That's vitally important.
[00:31:02:10 - 00:31:06:18]
From our side, it's going back. Try and get all the details.
[00:31:07:22 - 00:31:30:16]
Don't leave anything to chance. Even if the client says or we see something within an event management, investigate, looking to it, do comparisons, run analysis, look at risk, is there a problem? So it's it's those sort of things. But from the human side of it, communicate, report,
[00:31:32:01 - 00:31:45:15]
keep open channels, know your client as well as you can and think to yourself, is this normal? Is this normal? Was this usually happening? And from the business side, I guess, from the from the client, from the business side,
[00:31:46:18 - 00:32:42:03]
what you really want is for them to have a culture where they are open, honest, happy to be vulnerable, happy to take accountability. But that isn't always the case, is it, in businesses? And so maybe you've got people that don't want to be open or honest or vulnerable because they think they're going to get sacked or I've made this terrible mistake. No, absolutely. Tell me an IT company that doesn't feel that they're one of the first people or companies to be blamed for any situation that arises because we are. You can't win. Suppliers can't win, which is why we try and build up that relationship and that partnership with the client, because it's not about who wins and loses. It's about if we don't have that relationship, we both lose. Yeah. So so we thought there about once we're in the fire, you know, when it's when it's going really, really badly. So let's imagine that we've resolved the situation.
[00:32:43:23 - 00:33:04:13]
What would be your advice for people post the P word or post the critical situation? Yeah, it's on prevention, learning. So I guess the win is stopping any repeat incidents. That's the win because things happen and
[00:33:05:19 - 00:33:58:13]
cyber crime is moving as fast as cybersecurity. We know that. So it's about the reduction in future risk. Faster response is next time because obviously there's an education and a learn and the opportunity to learn so that can be built into your preparation, your fire drill scenario that we were discussing earlier. So introductions for that client. Good documentation as well. Excellent notes about what's happened and why it's happened. And this instills a confidence in your team. But also upon debrief and discussion with the client to say, right, from our side, we went through this, this and this process. We carried out communication with your SOT, we discussed it with the department.
[00:33:59:17 - 00:34:05:15]
What's your view on how this can be improved? How did you think we reacted to that situation?
[00:34:06:19 - 00:34:18:18]
Let's put together some sort of more, a more descriptive process should a P1 raise be raised again. So it's education, learning.
[00:34:19:20 - 00:34:20:06]
Yeah. Yeah.
[00:34:21:12 - 00:36:05:00]
And it makes me think I remember so sort of my career, I started off in support, which was fixing all the broken stuff. And then I moved into like the proactive, what we call proactive support. And that was if you do it properly, it won't break. And we started doing then these assessments. So we go in and assess your active directory back in the day or your clustering back in the day and we go in and we go, right, OK, we've assessed it and we reckon there's these high priority things, medium priority things, low priority things. Then we give the report back. And often people will go, well, how interesting. We'll file that on a shelf and not do anything about it. And then, of course, the thing goes wrong because the thing we said, like you're not patching or whatever it might be, the thing happens. And then we say, well, never waste a good crisis. So now's the opportunity to get out that report again and go, right, this thing that we couldn't get investment for before, because we said it had never happened, it's happened. So is this now a good opportunity to tighten the buckles or the braces, the belt braces and let's give you a decent disaster recovery, a decent patching system of strategy or whatever the things might be to get it fixed for the future? Yes, spot on. Because outside the human element, there's also a technical element. So going back to the authentication cookie that was stolen, what can we do? What technology can stop that happening? Are we looking at an event management system? Are we looking at a sassy, a compliance system, umbrella Cisco system, whatever it may be, as you quite rightly said?
[00:36:06:10 - 00:36:39:11]
Do they need a sock? Do they need a knock moving into the the acronyms? But yes, is there are men patching? Do they have ADR, ETS, the cybersecurity? There's a whole wealth of information that we can provide. There's a whole wealth of technical plastering that we could do. And I always describe it to clients as it's like your home insurance, your health insurance, your life insurance. You hope you're never going to need it. You spend a lot of money on it just in case it happens.
[00:36:40:22 - 00:37:36:20]
So what you quite rightly said is correct. Let's not miss an opportunity based on the opportunity we have now because of what's happened and it's getting that balance, isn't it? Because you don't want to be manipulative and profiteers. But because we work in tech, we come from a background where things do go wrong. And the business will say they won't and the risk is low. And we'll go, I probably disagree with you there. It will. You know, Murphy's Law, SODS Law will come in. It will go wrong. But we're also the people that we're going to charge you to give you that, you know, that thing. So obviously they're a bit like, well, you're going to charge us to do it. So you're just trying to make a quick buck. And we go, well, we're coming at this from a good place. It probably will happen, but it does cost you money, you know. And so therefore it's sort of getting that balance of riding the opportunity to do something better for them, but without being a profiteer. I mean, have you got any sort of guidance on how you get that balance right?
[00:37:38:02 - 00:37:59:13]
I think the the guidance would be based on various factors of the client. How large is the client? Do they work within a hybrid environment? So walking through their infrastructure, do they have a firewall? Do they manage their own connectivity?
[00:38:00:23 - 00:38:02:07]
Do they travel abroad?
[00:38:03:19 - 00:38:07:01]
The list goes on and on and on. But based on those different.
[00:38:08:20 - 00:38:12:18]
Environmental and technical challenges,
[00:38:13:19 - 00:38:41:05]
there would be a what does that mean to your business? If you're a hybrid, that means where are you logging on? What information is passing over the public Internet? And from there, building up a cyber risk spore, a cyber risk report for your client who can then work with you on, well, OK, what do we believe the risk is there? How much does it cost? What are you getting your bang for your buck?
[00:38:42:08 - 00:39:46:03]
Once you finish that, you should be able to put together an excellent cyber package. We've got different service plans, different service packages for our clients, different cyber package for each client. And I think, again, another little mantra that we have is we'll tell you everything you can have, we will give you best advice. But two things. We don't spend your money and we can't make the decisions for you. However, we'd rather tell you everything that you can have rather than there being a problem moving forward and you say, well, why don't you tell us about that? Why do we know about that? If only we would have known about that. So we want to avoid we want to avoid things. And it's all about agreement and what you can have. And it's about having some substance behind it, isn't it? So you're saying, right, based on you, based on everything we know about the industry, let's pull that together and say, this is this is our recommendation. This is what we think is best. It's not it's not a finger in the air. It's based on some substance based on your experience. And then maybe you've just had this outage. So you do know things go wrong.
[00:39:47:05 - 00:40:03:13]
And putting it together. Indeed, you wouldn't put network operating centers on a one man business. However, you wouldn't not have an event management system on a thousand person company. So it takes.
[00:40:04:20 - 00:40:13:16]
Longevity and a good understanding of the cyber market, the tools that are out there, best of the breed, good benchmarking and appreciating
[00:40:14:17 - 00:40:28:05]
what a business needs. But a lot of it also comes down to client trust, which takes you back to building a relationship, understanding your client, knowing what their roadmap is, their technology set up is
[00:40:29:14 - 00:40:39:16]
and the trust that they will work with you. Should there be should there be a problem and know that you'll be able to deal with that problem in a calm process driven manner?
[00:40:41:01 - 00:40:44:20]
Richard, I've just done some clock. We are sadly out of time.
[00:40:46:21 - 00:40:47:03]
So.
[00:40:49:01 - 00:40:53:19]
Maybe just just to summarize, what would be your key takeaways from this episode?
[00:40:55:02 - 00:40:56:22]
OK. Preparation,
[00:40:58:02 - 00:41:14:21]
good relationship with your client, make sure that everyone in your business from the manager running the priority incident through to the team that they manage dealing with a priority and incident understands their roles at any given time,
[00:41:16:02 - 00:41:32:12]
that the client understands what your role will be should there is a priority incident, good follow up, good communication and good education. Yeah, yeah, no, no, really good. And for me, as I sort of reflect on it.
[00:41:33:20 - 00:41:35:18]
You know, when I was a professional.
[00:41:37:05 - 00:41:46:09]
Big problem solver, you know, critical problem solver, that was what I did all day, every day. And there were some days I was very tired, I can tell you.
[00:41:47:12 - 00:42:02:13]
But actually, having working with somebody that that does this all the time can be really helpful because, you know, maybe this happens once every two years, once every three years, once every 10 years, it's never happened. But when you've got somebody that does this all day, every day,
[00:42:03:14 - 00:42:36:11]
you've got some real experts. So I found that I could help a lot of people because I did this all the all the time I had experience. So so it's sort of getting that balance, isn't it? You know, working closely with business. But if you've got somebody that really knows our fixed problems really well, that's a really powerful thing. There's always problems with our clients. We've got obviously the same as most others, a few hundred clients. And there's a problem that arises every day. But it's about people understanding what to do under pressure. It starts with keeping calm, ends with reporting
[00:42:37:16 - 00:42:44:13]
and knowing what the right feedback should be at the end of the day. Once everything is sorted out. Yeah.
[00:42:45:14 - 00:42:53:20]
Well, it's been brilliant to talk to you now. If you want to get in touch with you because they're interested in the things that you said, how is it best for people to get in touch with you, Richard?
[00:42:55:03 - 00:42:59:16]
A few ways they can jump on to our LinkedIn, TWC IT solutions.
[00:43:01:05 - 00:43:04:10]
They can drop us an email to
[00:43:06:16 - 00:43:10:13]
personally, Richard at TWC IT solutions dot com
[00:43:11:14 - 00:43:40:05]
or give us a call via our website that they'll find again under the business name. Brilliant. Well, I'll pop all those links in the show notes so that everybody's got all the accurate links and email and all of that kind of stuff. So the final thing for me to say is thank you so much for coming on the show. It's been a brilliant conversation about, I think, a really important topic. So thank you for taking the time to share your insight with us. Thank you for the invitation. It's been a pleasure and I hope anyone picks something up from it. Brilliant. Thank you.
[00:43:40:05 - 00:44:00:23]
Don't go yet. Remember to subscribe to the podcast and rate the show. It really helps us grow and book new great guests. And remember, if the podcast isn't enough for you and you want weekly micro learning delivered straight to your inbox, sign up to the TechWorld Human Skills Weekly. Head over to www.techworldhumanskills.com to sign up.
