Principles and tools focused on early-stage companies developing their internal technology strategy. Discussion includes business strategy, IT prioritization, sustainability, cybersecurity, technical debt, and tables reviewing technology product categories and recommendations for initial consideration.
2. Agenda
• About Mike
• Part 1: Principles
• Start with Business Strategy
• Define Your IT Priorities
• Cybersecurity Fundamentals
• Consider Sustainability, Outsourcing, and Tech Debt
• How to Research Technology Product Categories and Vendors
• Part 2: Tools
• Starter Pack
• Non-IT Technology Recommendations
• IT Management Tools
• Cybersecurity Tools (Core)
• Cybersecurity Tools (Life Without MSSP)
• Tactical Force Multiplier Tools and Culture Hacks
• Questions?
What’s not in today’s scope?
• Covering every category of technology solution
• Detailed discussion about specific technology product categories
or vendors
3. About Mike
• Investor and Advisor
• Former technology executive
(COO to CTO to CIO/CISO) at
Halfaker and Associates from
2008 through its sale to SAIC
in 2021
• Started my career at
Lockheed Martin doing
systems and security
engineering
• https://mikehking.com
5. Start with your Business
Strategy
1. Don’t let IT or other things be a “tail
wagging the dog”
2. Don’t throw technology at people or
process problems --
develop holistic solutions
3. Realize entrepreneurship is
continuous problems and
opportunities – you’ll never finish all
the things, so you need to prioritize
what’s important instead of just
trying to “catch up”
Sept - Assess
Assess current strategic
issues and opportunities
(SWOT, Strategic
Retrospective)
Oct - Collect
Strategic
Input
Begin bottoms-up
(crowdsourcing)
brainstorming possible
strategic goals for next
year
Nov -Draft
Strategy
Draft new 1- and 3-year
strategic plans
Dec -
Finalize
Strategy
Refine strategy package,
with clear, specific
measures of success (e.g.,
OKRs)
Jan - Launch
Launch new strategy,
ensuring priorities are
clear across the
organization
Ongoing -
Monitor and
Adjust
Establish recurring
cadence to monitor
strategic progress and
issues (e.g. weekly,
monthly, and quarterly
reviews)
Example Annual Strategy Cadence
6. Define Your IT Priorities
1. Don’t be overwhelmed by all the IT
stuff you could work on – focus on
identifying what’s the most important
and attack the list in order (e.g.,
Quarterly Strategic Themes)
2. Align IT priorities with your business
strategy
3. Align IT priorities with your company
culture – don’t prioritize systems that
won’t get used!
4. Be intentional with how fast you’ll
complete IT priorities -- balance building
corporate infrastructure (IT, cyber
security, processes) with focusing on
growth – avoid building a house of cards
or rock-solid IT without revenue
Business
Strategic Goal
Category
IT Goal IT Measures
Customer
Satisfaction
Deploy Customer Survey System
>= 75% Customer Response Rate
by Feb 28
Deploy Project Health Dashboard to
show Customer-Facing Project Health
(Revenue, Profit, Deliverable
Compliance, Customer Experience, and
Employee Experience)
Version 1 deployed by Jun 30
Financial
Performance
Reduce Cyber Risk by Deploying new
Endpoint Protection Tool
Fully deployed by May 31
Process
Maturity
Establish new Quarterly Improvement
Meeting for leaders to discuss how to
improve company processes and
technology
Complete first meeting by Jan 31
Improve employee experience related
to approval requests
Define Forms technology
approach/platform and deploy 3+
New Employee Self-Service Forms
to Improve Tedious Processes by
Aug 31
Talent
Development
Select new Payroll vendor and
associated HR Information System, and
build launch plan
Complete by Aug 31
7. Cybersecurity Fundamentals
1. Don’t be overwhelmed by
cybersecurity – take a breath and
think about the next step to make
your company a little more secure
2. Focus on the fundamentals – don’t
consider any complex cyber tools
until you have a solid foundation
3. Pick a simple framework to
measure yourself against, such as
CIS Controls and then NIST Cyber
Security Framework (CSF), and go
in order making your company
more secure
4. See Expel.io’s CSF assessment
spreadsheet template
8. Consider Sustainability,
Outsourcing, and Tech Debt
1. Flee from complexity – use SaaS when you can, and
avoid complex systems and processes
2. Use what you have – keep your infrastructure simple by
using existing functionality instead of investing in other
tools, which make things more complex to maintain and
for employees to navigate (e.g., Consider using
Microsoft Planner or Google Keep before investing in a
tool like Trello)
3. Consider outsourcing functions where it makes sense
(e.g., cyber monitoring (Managed Security Service
Provider (MSSP), graphic design services)
4. Consider Technical Debt, the idea of taking shortcuts
now will cost you more complexity/headaches/bad
options later
5. Invest in consistency and clarity – do your employees
know which technologies they should use for what?
9. What to Consider for a Big
System Rollout
1. Define, before selecting a technology, a System Charter for the project
(Business Owner, IT Lead, Administration/Sustainment Owner, Problem
Being Solved, Project Scope, Project Objectives, Target Timeline)
2. Define RACI chart of who will do what on the project to select,
configure, and launch the system
3. Define system requirements and the source for each one (including
functional, security, and compliance requirements)
4. Capture assumptions throughout the project
5. Define selection and launch project plans (timeline, milestones,
collaboration tools)
6. Define information architecture (how the system will be
configured/navigated)
7. Iteratively create and validate design package: User interface design,
System workflow, System notification approach, Permissions model,
SLAs and reporting approach, Testing Approach
8. Define Communication and Change Management Plan, including
rigorous acceptance testing (is this ready to launch?), communication
(multiple messages in multiple channels!), go-live activities, and post-
launch triage (help me get to fully launched)
10. How to Research Technology
Product Categories and Vendors
1. Google for Gartner Magic Quadrants by
category to find free versions of their
analysis of competitors
2. Look on websites like YouTube, Reddit,
and Quora for technology solutions
3. Engage with your local startup
community (e.g.,
https://www.dcstartupweek.org)
4. Look at early-stage company-focused
technology offerings, like
https://appsumo.com
11. Part 2:
Tools
• The following slides show
categories of technology
products and suggestions
by levels
• The levels are not
prescriptive – each
organization should
mature at different rates,
based on business model,
organizational culture,
industry, etc.
12. Starter Pack
Category Notes Level 1 (Startup) Level 2
Core Collaboration Platform
(Email, Chat, Video, Calendar,
Docs/Drive, Planning, App
Building)
Consider enabling legal/litigation hold, for future
legal discovery needs.
Look here before investing in any other systems!
Microsoft 365 or Google Workspace Microsoft 365 or Google Workspace
Accounting System
Don’t rush into a big system until you really need
it
QuickBooks Online or Xero
NetSuite, Microsoft, or industry-
specific (e.g., Unanet, Deltek)
Sales
Keep this lean – you can go a long way on simple
spreadsheets instead of paying for pricey
systems
Spreadsheet, CRM/Pipeline
Management (e.g., HubSpot,
Pipedrive)
Consider Salesforce
Laptop Type Consistency is valuable BYOD (Employees use their own) Managed Windows or Mac endpoints
Smartphones
You may need to control data on endpoints as
you grow, depending on your culture and
compliance needs
BYOD (Employees use their own)
Consider Mobile Device Management
container (e.g., Microsoft Intune)
Forms/Approval Platform
Get approvals out of email chains and into a
system
Email
[Consider building with M365 or
Google Workspace]
Social Media Publishing Able to schedule posts across platforms HootSuite or Buffer HootSuite or Buffer
Email Newsletter Pick what’s easy for your team to use MailChimp or ConvertKit MailChimp or ConvertKit
Web Hosting
Focus on attractive UI and simple administration
(no patching!)
Wordpress.com or Wix Wordpress.com or Wix
Managed Service Provider
(MSP)
Outsourced IT operations/administration Not a Priority (N/P)
XPERTECHS, DP Solutions, DesignData,
RedRiver
Fractional CIO Service Pay for a sliver of CIO time (e.g., 2 hours/week) Not a Priority (N/P) Hartman Exec. Advisors
Note: No recommendations for Service Delivery (Ops), Contracts, or Legal, as they are industry-specific
14. IT Management Tools
Category Notes Level 1 (Startup) Level 2
IT Asset Tracker
• Track equipment (laptops,
phones), software assets
(licenses, SaaS subscriptions),
etc.
• Also known as Configuration
Management Database (CMDB)
Excel spreadsheet on Teams,
SharePoint List, or Google
Sheet
Custom app (e.g., MS Power
Apps or Google App Builder)
or a system that aligns well
with your IT ticketing system
(e.g., ManageEngine)
Data Backup
Determine where your critical data
is and how you’ll protect it,
shaping the culture around it (e.g.,
Do employees keep critical info on
their laptops? Or on cloud
collaboration tools?)
None (Remind employees to
keep files/data on cloud
services)
Consider SaaS backup
services for relevant
platforms (e.g., Veeam)
Availability
Monitoring
Relevant to monitor any
websites/web apps you run, even
if it’s just your company website
StatusCake (Free plan)
Site24x7, Pingdom, or
NewRelic
15. Cybersecurity Tools (Core)
Category Notes Level 1 (Startup) Level 2
MSSP / MDR (Managed
Security Service Provider /
Managed Detection &
Response / SOC as a Service)
Cyber Monitoring as a Service Not a Priority (N/P)
Arctic Wolf, CrowdStrike,
Sophos,
RedZone Technologies
Security Training
Teach/remind your employees
not to get hacked
KnowBe4 (Free phishing
assessment)
KnowBe4
Password Vault
Password vaults increase
security and make employee
separations easier to
coordinate
1Password or KeePass 1Password or KeePass
Identity Management and
Single Sign On (SSO)
Consolidate identity to make
onboarding and offboarding
easier and more secure
None (Leverage Password
Vault)
Azure Entra, Okta SSO, Cisco
Duo
Endpoint Management (EDR,
XDR)
Protect laptops and
smartphone devices
Not a Priority (N/P) Microsoft Intune, CrowdStrike
Governance, Risk, and
Compliance (GRC) or
Regulation Operations
(RegOps)
Track relevant compliance
requirements (e.g., GDPR,
CCPA, HIPAA, CMMC), your
compliance approach, and
relevant evidence
Compliance spreadsheet in
cloud collaboration platform
Spreadsheet or RegOps tool
like RegScale or AuditBoard
16. Cybersecurity Tools (Life Without MSSP)
Category Notes Level 1 (Startup) Level 2
Secure Email Gateway
Provides security layer for
incoming and outgoing
emails, to increase security
(e.g., phishing, credential
attacks)
N/P M365 E5 or Proofpoint
Vulnerability Management
Identifies vulnerabilities on
devices (patches not
applied) for computers and
servers
N/P Tenable or Rapid7
SIEM
Collects alerts from systems
to analyze possible attacks
N/P
ManageEngine, Rapid7, or
Splunk (expensive)
Data Loss Prevention (DLP)
Monitor and control data
moving into and out of
company systems
N/P
Code42, Google Cloud DLP,
Microsoft Information
Protection, Netskope
Note: See the CIS Top 18 Controls list for how to prioritize Cyber investments – start at the top and go in order.
Note: At Level 2, start evaluating against NIST Cyber Security Framework.
17. Tactical Force Multiplier
Tools and Culture Hacks
• In addition to core tools, consider where you
could use focused tools to make dramatic
improvements in your business capabilities,
such as:
• Loom video recorder (capture and share)
• Fathom AI Notetaker
• X Mind mind-mapping tool
• Calendly for scheduling acceleration
• (AppSumo.com to see startup tech tool trends)
• Several years ago, Gartner popularized the idea
of “culture hacks” – consider things like “office
hours” or Amazon 6-pager docs as you shape
your organizational culture
Note: Shoutout to Ashlee Berghoff of https://asquaredonline.com for some great tool
recommendations!