Trillium Insights

Thoughts and Insights from Trillium's Practice Leaders

Does Honesty Pay Off?

Does Honesty Pay Off?

A key challenge for candidates looking to land their next opportunity is how to manage concurrent pursuits.   From a candidate’s standpoint, they want to make sure that they do not eliminate an opportunity until they have landed one; this includes candidates faking illnesses or creating other arbitrary conflicts to stall one pursuit while they are pursuing another.   Here are two recent examples: 

1.       A client lost both their two top candidates, because they were waiting to final interview a candidate that had lied about an illness to pursue another opportunity, and their other top candidate landed another opportunity during the wait.  

2.       A candidate was completely transparent with the hiring manager about a second pursuit that they had.  In this instance, the client sped up their hiring process, so that the candidate could evaluate both offers together.  He took the job with our client. In the end, our client raised our candidates offer, because his actions showed his level of integrity.

Which side of the fence would you fall on?

What Caused the Cybersecurity Breach?

What Caused the Cybersecurity Breach?

Over the last 12 months, we have all read news stories about cybersecurity breaches that have occurred at very well-known organizations.  The stories tend to focus on the number of people that are potentially impacted by the breach – a good piece of information to know.  Many of the news stories then talk about a known security vulnerability that the cyber attacker was able to exploit, because the company’s servers were not current with their patching.

When you dig a little deeper, you will likely see that those high-profile organizations have specific policies and standards in place regarding security and patch management.  In most cases, the breakdown occurs because the controls are not in place to ensure adherence to the policies.  Some key questions that should be asked are:

  • What controls (reporting) were in place to notify the Security Officer that the patching was not done?
  • Was the Security Officer notified and no action was taken? 
  • Did the reporting exist, but the server that was exploited was not being tracked? 

For many mid-market companies, the policies and standards are not in place, so their risk is even greater.

Cybersecurity - Where Do I Start?

Cybersecurity - Where Do I Start?

Every day or two, we hear about another cybersecurity attack in the news.   High-profile companies with millions of customer’s personal information has potentially been compromised.  The numbers are so big that most people cannot comprehend the impact.   The business impact of a breach can be huge in terms of lost customers, lost revenue, and taking a major brand hit. 

We are told that known vulnerabilities are being exploited.  In most instances, high-profile companies have defined policies, procedures, and standards in place that should have either prevented or at least mitigated the risk of the attack.  Where does that leave mid-sized businesses that don’t have the resources of larger companies?

The key for Small and Mid-Sized Enterprises (SME’s) is to first identify where the risk areas are and then determine what the right plan of action is to address them.   Perform an assessment and develop a risk register.  The register is a living tool that enables you to rank each finding to segregate the risk.   This enables an organization to analyze both the business risk and cost to determine the appropriate actions to be taken to mitigate risk. 

Any action that needs to be taken falls into the three buckets that we are all very familiar with – People, Process and Technology.  We will focus on those activities in a later blog.  The key is understanding what the risk is, quantifying the business impact of the risk, and the cost of addressing the risk. Once these are understood, the next steps will be clear.  

Why do the good ones leave?

Why do the good ones leave?

I have recently worked with several strong full stack developers and helped them transition to new companies.  There were two common themes for why they decided to make the transition.  The first was challenge and the second  was their intense desire to stay current. 

Each of the developers told me that they had been with their current companies for over 2 years and they felt that the excitement/ challenge of being a change agent within the company had worn off.   It can be difficult for a company to identify ways to challenge their people.  At the same time, the cost of not identifying ways to keep current employees engaged and challenged can be high, in terms of the cost of hiring and training new personnel as well as the productivity lost with the transition.

Many strong technical people have an intense desire to make sure they stay current.  As the use of XaaS technologies proliferates, it is becoming increasingly important that your key technical talent be given opportunities to expand their tool kit by either taking training or being given side projects to provide them with an opportunity to learn and share.

Keep looking for ways to challenge your people; it will really pay off.