Midwest IT Survival

AWS Makes Coding in the Cloud Easy

With all of the IT punditry talking about how everyone who is anyone is “moving to the cloud”, I thought I would take a serious look at what Amazon’s Amazon Web Services (AWS) has to offer for hosting applications in the cloud. Since I’ve already written about my perspective that “the cloud” is evolutionary rather than revolutionary, I thought I would roll up my sleeves and challenge myself to interact directly with some “cloud” services. What also helped propel me forward was discovering that AWS has a free “get starting” package that includes the ability to provision a server with Internet access, storage and all the AWS development packages and libraries pre-setup.

[Feel free to skip down to the source code if you aren't interested in the next section on business context]

Business Context

Now if you have read any of my articles on this blog you know I mostly cover the challenges of working in a large, corporate IT environment both from a staff and management perspective. So, this is a bit off the beaten path for me. But the rate of business groups pushing corporate IT to implement cloud solutions, especially in the on-line product space, is on a significant up tick. Now, especially in financial services, integrating on-line products with “cloud/SaaS/ASP” hosted applications as product extensions is nothing new. It seems almost as soon as financial firms had an on-line application, they were looking to integrate with existing partners that also were standing up on-line versions of their service offerings: think on-line banking and viewing statements electronically, etc.

The trend difference I’ve observed from the late 90s and early 00s of “ASP” integration to the present is the non-traditional “cloud” companies looking to work with banks. Prior, companies that were already working with banks to provide outsourced off-line services progressed to offer on-lines services. Thus, the maturity of the pre- and post-sales process was familiar to both parties. The ASP providers knew how to address data protection, regulatory compliance and complex/unique technology integrations. The new “cloud” application service providers are using all of the cloud infrastructure as a service (here is the tie-in with AWS) offerings to produce new robust products, but they are completely unfamiliar with how to architect a complete product and service solution for financial services. Thus, many are having to address retrofitting their solutions to be akin to the needs of regulated, conservative banking institutions including all of the security assurance overhead needed (think SAS 70s, penetration tests, security standards and procedures, site visits, lengthy contracts, etc.).

What does all this mean?

In summary, current cloud service providers such as AWS, offer a great suite of building blocks to stand up a robust application. But choose your technologies strategically, especially if you are planning to integrate your product in any way with financial services customers. Be prepared to have to transition to company owned and managed application infrastructure including data storage for the foreseeable future until cloud providers, such as AWS, are universally accepted by the financial services security community as “secure”.

Technical Stuff

Ok, now for a bit more fun technical stuff, I went ahead and signed up for the free AWS package which was incredibly easy. Just a few mouse clicks and I am sitting in the AWS web based management console. Without any serious investigation, I was off creating my own “bucket” of storage in their Simple Storage Service (S3). Next step was to provision a server to host my application experiment. The Elastic Compute Cloud (EC2) tab was equally easy to click through a wizard of picking basic server configuration options. I opted for the Amazon Linux Micro Instance (specifically the Amazon AIM platform as I assumed it would be optimized for using AWS services) in order to stay within the “free” parameters. At the conclusion I was provided all the pertinent remote connection details including a client/user certificate and literally the ssh command syntax to cut/paste and connect.

Since I am clearly taking AWS for a spin years after it first came on the market, I am assuming I am benefiting from significant end user functional improvements made within that time duration. It has been over a decade since any server I built or any code I wrote actually was deployed in a corporate production environment, so to say I have been relegated to a tinkerer in my technical career would be an understatement. But the simple wizard based configuration of the server and storage provisioning clearly allows even a novice technician to be exceedingly productive within AWS.

The Goal – Functional Application Running in AWS

Now that I have cloud storage and a cloud server I needed an application development challenge to solve. So after some thought, here is what I came up with:

Java based application service that will replicate my Dropbox files into my new AWS S3 storage “bucket”.

Note: Yes, Dropbox uses AWS as it’s back-end storage platform so I’m really duplicating my data within the same storage cloud so what am I gaining? Ok, real world, not much gained but this is a throw away experiment to begin with so just permit me this architectural short-sighting.

This experiment involves:

• Installing the Dropbox GUI-less client on the Linux Micro Instance
• Connecting all the Java AWS libraries together to access my S3 storage “bucket”
• Scheduling the application to periodically replicate the Dropbox files to my S3 “bucket”

By using AWS’s example “S3Sample.java” code from their Java SDK, in a matter of a few hours (those hours mostly spent getting all the correct jars linked together in the classpath), I was able to start copying files. Of course, after I reverse engineered how their sample program worked I ran across this article on AWS’s blog that hand holds you through everything.

I was able to follow the directions provided on Dropbox’s site I was able to download and install the Dropbox client on my Linux Micro Instance without a single hick-up.

As I mentioned above, it has been quite a long time since I cracked open an editor and started coding, so any comments on the lack-o-elegance of my Java is most likely very accurate. Plus, I didn’t go so far as add any mechanism to traverse directory trees to copy nested files. Additionally, all I achieved was a one way copy of all files rather than a true sync or any date/time check to see if a file even needs to be re-copied if it already exists.

Goal Achieved!

Here is a link to my (lame, err, not production ready) Java source here.

I welcome any comments around reader’s thoughts on cloud application development and AWS specifically.

Initial Foray into Tablet Computing

In keeping up with my personal trend of being an early technology investigator yet a late technology adopter, I finally made the leap into tablet computing. After following the blogosphere cover the literal explosion of tablets onto the consumer and corporate market, I finally decided I needed to try and commit to integrating a tablet into my daily computer using habits. After getting my spouse a Kindle Fire as a Christmas gift in a response to her request for an ebook reader and helping her get it setup, I knew I would have to make a product selection for myself. I immediately got the sense in handling the Kindle Fire that today’s tablet fits a computing need I really didn’t know I had. That need, for me, is filling the gap between when one is logistically barred from one’s primary desktop computer and yet equally inconvenient to fire up the laptop/netbook to access Internet content. And so, this week arrived a RIM Blackberry PlayBook to my door.

What? A PlayBook? Isn’t RIM the mobile incumbent vendor that has let the market pass them by.

Yes, thus permit me a few minutes to explain … here goes: I use a Blackberry Curve mobile phone with quite some time still left on my service contract and find the tethering option to access the Internet via my personal netbook invaluable in my effort to keep my personal computing pursuits completely separate from my full-time professional demands. In my mind, having a security related position ratchets up the need to fully and completely embrace all policies and standards surrounding using company resources for only company business. Thus, when I researched the tight integration between the PlayBook and Blackberry phones, that became a plus for me.

My primary intention for the tablet is for consumption of Internet hosted, primarily written, content. In other words, I’m not really interested in playing games or watching movies or even outright purchasing ebooks. These interests don’t seem to constrain anyone to any particular tablet manufacturer but RIM has been focused on the corporate user, rather than consumer to their suggested demise, and with the addition of having a strong security framework around mobile computing, I drifted towards the PlayBook with that in mind.

Then came the “fire sale” and the prospective of having a corporate designed tablet device with 64gb of storage originally priced at $699 for $299. It seems unclear as to RIM’s specific motivations for such deep discounting of a product that has taken a beating in the media since being announced last year right before a major upgrade (OS 2.0) next month (Feb. ’12). Add RIM’s significant investment in this year’s Consumer Electronics Show (CES ’12) showing continued investment in the PlayBook product and picking up a discounted PlayBook, still a gamble, owning one could be intriguing.

Learning that OS 2.0, from folks brave enough to install the development beta version, will include the ability to run native PlayBook apps as well as Andoid apps, thus even if RIM is unable to gain significant leaps in market-share and corresponding development investment to enrich the product’s capabilities, the product should benefit from enabling the Android Marketplace as a source of additional usefulness.

All things considered, the price point is what really pushed me over the edge to make the purchase. If RIM continued to leave the PlayBook 16gb entry level point at $499 I am pretty certain I would still be researching the vast tablet landscape.

So, after a few more days of use, I’ll post my initial experience of how tablet computing and the PlayBook specifically is working out for me.

Today's IT Projects Need Transparency to Change

For large organizations it seems that as technology grows more and more integrated, IT related projects become more complex and thus longer in overall duration. There is no doubt the rise in cloud/SaaS solutions has exacerbated this increase in overall IT project complexity. I’ve written on the impact of cloud in this manner prior here. Gone are the days of a large corporate IT shop having a project manager engage the same three or four familiar delivery stakeholders and with little outside involvement, execute the project beginning to end. This increase in technical integration means a project manager can no longer count on those three or four stakeholders having the cross systems knowledge and technical systems access to implement changes as crisply with few artifacts as to what the project has done/is doing/when/etc.

To help illustrate this evolving shift, consider the following hypothetical large corporate IT conversation:

PM: “Welcome everyone to the FlimFlam upgrade project’s twentieth weekly status meeting and a special welcome to Jim who is joining to help sort out all the changes that impact others outside of our core team.”

<General welcoming gestures and verbal niceties ensue>

Jim: “Ok, is there any diagram that captures all the flows of data in and out of the current FlimFlam system?”

Core Team: “Um, no, we just know them from working on FlimFlam for the last five years.”

Jim: “Um, ok, have you mapped out what new features of the upgrade are turned on compared to off and who would be affected? Or say, documented the link between the features and business requirements?”

Core Team: “Well, not documented, but we know HR wants the real-time instead of batch interaction and Operations wants better reports. But HR outsourced last year to a cloud provider and we have no idea what Operations is doing …”

Jim: <thinking to himself> “… oh boy, good people, but this project is looking like a train wreck already …”

Clearly a “business as usual” approach to this upgrade isn’t going to work any more.

In the past, with so few stakeholders having comprehensive access to the silo-ed systems impacted by these types of changes, the need for easy to digest transparency into what changes were going to happen when and how was not critical. Sometimes the only visibility to what such a small project team was doing was in the production change management review and approval process:

Change Control Board: “Ok, next up is change record number 72,578 which reads ‘Enable the employee web portal to support the time off calendar’. Anyone here have any concerns with this change? Hearing none, approved. Next on the list …

Today’s Problem: IT systems are too interconnected for lack of project transparency to change

Sounds like 72,578 is a simple change that an HR delivery team of the past could have easily implemented without much cross team impact. But today, that example time off calendar may need to interact with the HR system to record those time off days against how many the employee actually has as part of their compensation package. There probably is a need to support some management approval work-flow. Plus, there are probably other work scheduling systems and PMO resource planning tools that need a feed of that data in order to accurately support their user base. There is probably some single sign on/web access management technology involved to support all employees accessing the web portal, some central provisioning system to handle access plus some remote access needs to support today’s mobile workforce. It is probably safe to assume that some of those integrated systems are in-house and some are cloud/SaaS or a mix of all of the above.

Additionally, with matrix-ed internal and external project resources with contracted and off-shore delivery coupled with the “cloud” vendor resource engagement model, a simple change could have a variety of stakeholders in need of agreement on what is changing when, etc.

Thus, hopefully I’ve convinced you that something as simple as a web portal for employee time off entry can involve a number of different internal and external teams and systems that all need to coordinate changes to support the business objectives of this example project.

So how does this all drive the need for “transparency”? Isn’t this just a basic PMO 101 issue of dependency management and cross project impacts?

Yes and No

The project team needs to produce deliverables that don’t just get the core team in agreement to pass the next quality gate in the project life-cycle (never to be revised again); the project team needs to produce deliverables that outline, at a high-level, the following basic project elements:

• Scope of the project in a sentence or two
• What is changing from present to future state
• Who is impacted by the change (and have they been engaged)
• Lastly, what isn’t in scope (that a non-core stakeholder might assume is in scope)

… for non-core stakeholders to easily digest and understand … and update the material frequently to have at the ready anytime it might be needed.

Besides an effective communications vehicle, another subtle yet important aspect to this deliverable is its ability to build confidence in the effective management of your project in outside stakeholders. This confidence can lead to senior management getting the impression the project is “under control” and move on to another project for increased scrutiny rather than assigning all kinds of ancillary people to dig into your project to figure out why they don’t have that “under control” feeling.

Stated another way, large corporate IT projects today need to adopt a bit of “program management”, specifically, some of the enterprise reporting themes. A Gantt chart (which I’ve extolled the benefits of before here) isn’t the end-all-be-all here. A slide deck that contains a few slides covering these topics with lots of pictures and drawings where ever possible would be more effective in serving this communication need.

So if you are a project sponsor or a project manager, consider having a communication deliverable that is actively maintained, even if your PMO PLC doesn’t explicitly call for one, to provide simple and easy to digest transparency into key aspects of your project at the ready at all

For any of those in the Cleveland/Akron, Ohio, USA area the week of 1/22, I’ll be speaking at the University of Akron on the topic of Identity Management in “the cloud” and general career opportunities in the Information Security industry.  More specifically, the title of the presentation is “Identity and Access Management Reference Architecture for Cloud Computing” and I’ve already published the slides on SlideShare here.

I’m looking forward to good interaction with the students and faculty.  If you are in attendance, please stop by and say hello!

Statistics for 2011

Hard for me to imagine but 2011 represented another year for MidwestITSurvival.com. I thought it would be interesting to share some statistics from 2011 in the same format as I did last year:

(Per Google Analytics)

3,708 Total unique visitors

6,783 Pages viewed

Viewer traffic sources:

I enjoyed that 23% of visitors that come directly here to read articles and the additional 31% that come here from other sites that link people here which was statistically similar to last year.

The top 3 articles in terms of number of unique visitors reading them are:

1. Organizational Structure and Enterprise Architecture [502]
2. Is the Gantt Chart Useless in Agile Projects? [389]
3. Conflict Between Agile and Architecture [287]

A total of 33 articles were published in 2011 with a total of 33 comments submitted to those articles.

All in all, having no goal of X number of comments per article or Y number of unique visitors per month, etc., I continue to be pleased with the blogging experience overall.

In 2011 I changed employers and roles in late February and switched from a general development/delivery role to an enterprise architecture role focusing on information security. Thus, the content of my articles switched about a third into the year from the trials and tribulations of IT delivery in a large IT shop to general security issues facing all IT organizations today. IT delivery challenges tend to be similarly themed across industries and rather easy to generalize to avoid sharing any direct information about one’s employer. On the topic of enterprise security, I found it a bit more difficult to generalize on matters that allowed depth of material presentment while not exposing any specific employer information. Hence, blog posting frequency started strong in the beginning of the year and tailed off towards the end of the year. I am hoping to find more general IT topics to share this year.

On the positive, on certain posts, especially the ones surrounding the 2011 FFIEC Guidance on Internet Banking for Financial Institutions, the comment dialog significantly enhanced the material I was presenting by adding additional industry depth and opinions. I strongly encourage you to check out those articles if you haven’t already and read through the comments.

Here is to 2012 and all the new challenges ahead!

Produce a Business Case Deliverable

In the first part of this series on senior management communication for those more comfortable with grep-ing an exception log or tracing through lines of code to find that elusive bug the conclusion was:

No matter how technically proficient you are in your respective discipline, not investing in effective communication skills will limit your over-all effectiveness in your organization.

In the second part of this series, we used an example of engineer Bob recommending his company invest some cash and resources into an operating system upgrade. The initial logical conclusion that a sequence of facts surrounding how awesomely technically cool the new OS is would convince anyone to make the investment. Yet, spewing facts isn’t as compelling as it is to:

Relate the facts and figures to senior management’s goals/vision

To do this, structure a presentation into a story following this sequence:

1. Describe the Current State including gaps/challenges/issues/problems
2. Describe the “Optimum” Future State
3. Describe the Roadmap to get from Current to Future State
4. Outline the immediate next steps to get started on the Roadmap
5. Throw anything ancillary or supporting to the above 4 steps in Appendices

In the Bob’s case, consider “telling the story” of ultimately what aligns to senior management’s goals/vision in this example context: computing capability at reduced cost.

Using the above sequence as a template for Bob:

1. Current State

• Number of servers running prior OS, server count over time
• CPU utilization
• Maintenance costs (total cost of ownership if it can be computed, support contract costs)
• Indicators when “bad news” like special support contract costs, etc. show “doing nothing” is a negative
• Intersection with any other projects that need capabilities provided by your Future State

2. Future State

• All servers running new OS phased in over timeliness
• CPU utilization
• Maintenance costs

3. Roadmap

• Upgrades broken into simple chunks
• Chunks representing some useful grouping (rather than random)
• Testing or other functions supporting the upgrade
• Costs over the duration

4. Next Steps

• $$$ approved to buy hardware
• $$$ approved for 2 resources
• Initial steps within your organization to get a formal project going

5. Appendices

• Data showing why 2 resources are needed, what happens if you get 1 or zero or 12
• Any other data, facts, figures around “hot button” issues that might come up like a trend to out-source or in-source work, strategic vendor partnerships, etc.

Your goal in telling this story is to have a compelling deliverable in the form of your presentation that conveys to anyone that it would be just plain silly not to execute your roadmap. That “anyone” needs to be both technical and non-technical people. I am certain your technical peers are going to be 110% behind anything that involves implementing new, cool technology. What techie holds the position of “nah, I still want to be a Windows 98 shop.” At the same time, the more holes that can be poked in your analysis the more likely your great idea is going to get trampled by the masses and not acted upon.

Sure, others might suggest not putting this much effort into a request that “should just stand on it’s own to support action”. A recent (how timely!) tweet from @rands suggests as such:

And although it might seem highly desirable to be able to convey your technical request in words and have immediate understanding and support, those veterans of large corporate IT shops know there is a big complex organization with overlapping, competing and sometimes contradicting priorities that can easily mount a campaign against your plan. Thus, those quick to dismiss the value of a slide deck deliverable in corporate IT might be missing a critical element of this series: producing a deliverable.

Sure, once you have a deliverable out there others can still mount a defensive. But, you also empower your management with a strong case to move in your direction that can be forwarded along and forwarded up. The more compelling your story, the more it stands on its own as a viable business case to make a strategic company investment the more the financial/business minded in IT will be able to comprehend and support your plan.

So, before you write-off the value of putting the effort into crafting a story deliverable that compels the non-technical decision makers to act on your plan, consider the alternative: a verbal request to spend money on some cool technology? If you are planning to invest a significant portion of your own money, do you want to buy some cool technology or act on a strategic technology investment with data backed returns?

Speaking in the Zone

Recently, @rands posted a very timely, for me, article on what goes through the conference speaker’s mind as he or she is about to get in front of a large audience and give a presentation. Everyone that presents at a technology conference, no matter how frequent a speaker, probably goes through the same thought processes that I found myself going through. I recently presented at a technology security conference. For fun, I’ve sequenced that thought process below:

Topic Submission/Call for Papers

Did I have a compelling enough topic that I will get selected?

Do I seem credible enough as a presenter in the first place?

The submission forms are usually well structured, but since the selection process is usually blind to the submitter, you really have no idea what the selection committee is prioritizing for topics and speakers. You may think you have the most brilliant topic but unless you have an inside source, you are completely at the mercy of the selection committee.

Speaker Acceptance

Awesome, I’m going to get present!

Holy cow, I have to put together a presentation!

It is quite exciting to find that a topic you proposed actually has enough merit for some folks, who are pouring through submission form after submission form, to actually select it. It is also a nice boost to your ego that you and your topic are compelling enough for a conference presentation time slot. This excitement is quickly followed by the immediate realization that you have only just started this very public commitment. You need to pull together a compelling presentation to justify the honor of being selected to speak. I would be fibbing if I skipped mentioning the slight panic that follows the boosted ego moment that you are going to have to actually give this presentation.

Presentation Submission

Geez, did I get everything I needed into the presentation?

Did I spell check everything?

Did I even come close to what I originally proposed that got me selected?

No matter if you start your presentation before you got the official selection notification or if you procrastinate till the night before your sides need to be submitted, there is still a moment of panic immediately following your presentation submission. Just after you hit “send”, you wonder if you really got everything just right. Sure, in a moment of panic you can beg and plead with the receiver of all speaker materials to replace your original submission with a last minute revision, but do you really want to annoy the masters of the conference agenda? They could put you right after lunch on the last day. That slot is probably one of the most challenging given you have the entire conference to sweat about your pending public speaking including the very real concern that very few conference stragglers will actually come back to your session after that last lunch with planes to catch and general conference fatigue in full affect.

Tip: I have found that starting immediately on your presentation and then leaving a few days prior to submission to make final corrections to be the most effective for me. In between I make it a point to ensure I have a few days to completely ignore the presentation all together. I am amazed at when I pick back up after that break how many “What was I thinking; this doesn’t make any sense?” review moments I encounter.

Conference Start

I have plenty of days/hours. I’ll survey the room, take in a few sessions and size up my peers.

I still have a few hours, I’ll find a quiet stop and skim my notes.

Holy cow, I’m speaking in 10 minutes. Where did the time go?

It seems time both slows down and speeds up. Sitting in sessions makes you wonder if you have prepared enough. Reviewing your notes with tons of time remaining becomes a struggle to focus. Lastly, you find all the time you thought you had just zoomed by and your session is about to start.

Waiting to be Introduced

I am totally going to bomb.

Someone is going to throw me off track with a unexpected zinger question.

Why did I submit this topic in the first place. I could be sitting in one of those attendee chairs just zoning out right now.

Speaking in the Zone

In hindsight, I always wonder why I was stressed out at all. It seems for me, once I get started speaking, the process of giving the actual presentation just flows out smoothly. In volunteering to present on topics of which I’ve researched and have actual experience with, I am reminded that I really do have some solid knowledge in what I am presenting. “Zinger” questions are an opportunity to have a healthy exchange with the audience in a way that breaks up the sometimes methodological bullet point by bullet point nature of the slides.

All that stress evaporates as the session comes to an end replaced with a deep sense of a job well done. Feedback, of course, is the ultimate verifier of a good presentation. Most recently, someone came up to me at the conclusion of my session with:

“Great presentation. It was the only session worthwhile out of all I attended today.”

That one comment made all the hours of work and stress prior completely worth it … and I was  the last speaker that day.

As I mentioned in my previous post, I had the opportunity to present at the 9^th annual Information Security Summit 2011. The full title of my presentation was “Identity and Access Management Reference Architecture for Cloud Computing” and just about filled the room with attendees. I was impressed with the turnout given I was in the last speaking slot on the first day up against three other speakers with very interesting topics.

For those interested, I’ve placed my slides on SlideShare:

All in all, it was a great conference attracting mostly local security and audit professionals. Given my tenure in the area, I ran into all kinds of familiar faces going back at least 10+ years. It was great to catch-up with all those of which I’ve crossed paths.

Information Security Summit 2011

For any of those in the Cleveland, Ohio, USA area next week, I’ll be speaking at the 9th annual Information Security Summit 2011on the topic of Identity Management in “the cloud”.  More specifically, the title of the presentation is “Identity and Access Management Reference Architecture for Cloud Computing” which is in the last slot on the first day of the conference [agenda link].  I believe the Twitter hash tag will be #infosecsummit11 thus look for some of my observations and knowledge bits throughout the two day event.  I’ll post my slides on SlideShare shortly after my presentation slot.

If you are in attendance, please stop by and say hello!

Raw technical data won't speak for itself

In the first part of this series on senior management communication for those more comfortable with grep-ing an exception log or tracing through lines of code to find that elusive bug the conclusion was:

No matter how technically proficient you are in your respective discipline, not investing in effective communication skills will limit your over-all effectiveness in your organization.

Thus, if you were following the argument to support this claim, you appreciate the notion that, ultimately, there are diminishing returns to exclusively honing your technical skills to perfection without making investments in your executive communication skills. Your frustration level will continue to rise as you see decision after decision being made against your common technical sense.

You need to assist senior management with data to aid in shifting decision making to include your technical vision.

In being pragmatic, this “shifting” is more analogous to turning the Titanic than a row boat. No fancy PowerPoint deck with brilliant technical strategy in-line with corporate objectives backed by irrefutable financials will guarantee decisions in your favor. There is an element of decision making that involves emotion that just can’t be trumped by reason 100% of the time [evidence].

As an example, a certain executive may favor one vendor over another. No matter how many Forrester Wave or Gartner Magic Quadrants you quote touting a vendor’s industry recognized superior product, a weaker product from a different vendor can get selected.

I am not saying to give up on collecting data to support your recommendation. But knowing non-logical factors influence decision making, you can appease your engineering brain to some degree, when rejected, with the notion that you exhausted your resources and produced a compelling business case that stands on its own. Plus, you never know if the next re-org will change the senior management decision ownership. You may very well get a chance to make your pitch again with a new audience that might just have a different emotional dynamic that is more in your favor. And since re-orgs occur more frequently the large the organization, you might not have to wait very long. I’ve written about corporate IT leadership change prior.

So, back to the topic of communication and the first fallacy of executive presentations for the technically proficient:

Raw technical data will speak for itself

Fallacy: If you just put your accumulated knowledge down on paper (or PowerPoint) in a logical, fact based sequence, the recommendation will just speak for itself.

Rarely, if ever, have I observed a senior manager approve a decision based on the spewing of sequential technical facts without any questioning.

Bob: “We need to upgrade to RHEL 6 because it more efficiently uses multiple core processors reducing overall OS resource consumption by 10% freeing those resources up for applications to uses. Fact, fact, fact, fact … thus give me two people and $200k to start the upgrade process.”

Those maybe compelling, industry proven, lab test supported facts that indicate some new technical something is vastly superior to what you currently have and the company will benefit greatly, maybe even eliminate some current outstanding problems, reduce costs, and cure cancer … but what problem do they solve or opportunity do they create for the senior manager?

Quickly clarification, “what problem do they solve or opportunity do they create for the senior manager” is not be taken as you need to pander to the whims of the senior manager. This statement should be interpreted as: How do all these facts and figures relate to the senior manager’s goals and vision?

Relate the facts and figures to senior management’s goals/vision

One of the best ways I’ve learned to do this is to structure a presentation into a story following this sequence:

1. Describe the Current State including gaps/challenges/issues/problems
2. Describe the Future State
3. Describe the Roadmap to get from Current to Future State
4. Outline the immediate next steps to get started on the Roadmap
5. Throw any ancillary or supporting data for the above 4 steps in Appendices

In the case of Bob’s desire to convince senior management to invest in an operating system upgrade, consider “telling the story” of ultimately what aligns to senior management’s goals/vision in this example context: computing capability at reduced cost.

Keeping with this logical theme of presenting a story aligning your recommendation to senior management’s goals/vision, the next article in this series will built upon this theme.