SlideShare a Scribd company logo

Technology Strategy for Early Stage Companies

Michael King
Michael King

Principles and tools focused on early-stage companies developing their internal technology strategy. Discussion includes business strategy, IT prioritization, sustainability, cybersecurity, technical debt, and tables reviewing technology product categories and recommendations for initial consideration.

Technology
1 of 18
Technology Strategy for Early-Stage Companies Mike King (mikehking.com) Octber 5, 2023
Agenda • About Mike • Part 1: Principles • Start with Business Strategy • Define Your IT Priorities • Cybersecurity Fundamentals • Consider Sustainability, Outsourcing, and Tech Debt • How to Research Technology Product Categories and Vendors • Part 2: Tools • Starter Pack • Non-IT Technology Recommendations • IT Management Tools • Cybersecurity Tools (Core) • Cybersecurity Tools (Life Without MSSP) • Tactical Force Multiplier Tools and Culture Hacks • Questions? What’s not in today’s scope? • Covering every category of technology solution • Detailed discussion about specific technology product categories or vendors
About Mike • Investor and Advisor • Former technology executive (COO to CTO to CIO/CISO) at Halfaker and Associates from 2008 through its sale to SAIC in 2021 • Started my career at Lockheed Martin doing systems and security engineering • https://mikehking.com
Part 1: Principles
Start with your Business Strategy 1. Don’t let IT or other things be a “tail wagging the dog” 2. Don’t throw technology at people or process problems -- develop holistic solutions 3. Realize entrepreneurship is continuous problems and opportunities – you’ll never finish all the things, so you need to prioritize what’s important instead of just trying to “catch up” Sept - Assess Assess current strategic issues and opportunities (SWOT, Strategic Retrospective) Oct - Collect Strategic Input Begin bottoms-up (crowdsourcing) brainstorming possible strategic goals for next year Nov -Draft Strategy Draft new 1- and 3-year strategic plans Dec - Finalize Strategy Refine strategy package, with clear, specific measures of success (e.g., OKRs) Jan - Launch Launch new strategy, ensuring priorities are clear across the organization Ongoing - Monitor and Adjust Establish recurring cadence to monitor strategic progress and issues (e.g. weekly, monthly, and quarterly reviews) Example Annual Strategy Cadence
Define Your IT Priorities 1. Don’t be overwhelmed by all the IT stuff you could work on – focus on identifying what’s the most important and attack the list in order (e.g., Quarterly Strategic Themes) 2. Align IT priorities with your business strategy 3. Align IT priorities with your company culture – don’t prioritize systems that won’t get used! 4. Be intentional with how fast you’ll complete IT priorities -- balance building corporate infrastructure (IT, cyber security, processes) with focusing on growth – avoid building a house of cards or rock-solid IT without revenue Business Strategic Goal Category IT Goal IT Measures Customer Satisfaction Deploy Customer Survey System >= 75% Customer Response Rate by Feb 28 Deploy Project Health Dashboard to show Customer-Facing Project Health (Revenue, Profit, Deliverable Compliance, Customer Experience, and Employee Experience) Version 1 deployed by Jun 30 Financial Performance Reduce Cyber Risk by Deploying new Endpoint Protection Tool Fully deployed by May 31 Process Maturity Establish new Quarterly Improvement Meeting for leaders to discuss how to improve company processes and technology Complete first meeting by Jan 31 Improve employee experience related to approval requests Define Forms technology approach/platform and deploy 3+ New Employee Self-Service Forms to Improve Tedious Processes by Aug 31 Talent Development Select new Payroll vendor and associated HR Information System, and build launch plan Complete by Aug 31
Cybersecurity Fundamentals 1. Don’t be overwhelmed by cybersecurity – take a breath and think about the next step to make your company a little more secure 2. Focus on the fundamentals – don’t consider any complex cyber tools until you have a solid foundation 3. Pick a simple framework to measure yourself against, such as CIS Controls and then NIST Cyber Security Framework (CSF), and go in order making your company more secure 4. See Expel.io’s CSF assessment spreadsheet template
Consider Sustainability, Outsourcing, and Tech Debt 1. Flee from complexity – use SaaS when you can, and avoid complex systems and processes 2. Use what you have – keep your infrastructure simple by using existing functionality instead of investing in other tools, which make things more complex to maintain and for employees to navigate (e.g., Consider using Microsoft Planner or Google Keep before investing in a tool like Trello) 3. Consider outsourcing functions where it makes sense (e.g., cyber monitoring (Managed Security Service Provider (MSSP), graphic design services) 4. Consider Technical Debt, the idea of taking shortcuts now will cost you more complexity/headaches/bad options later 5. Invest in consistency and clarity – do your employees know which technologies they should use for what?
What to Consider for a Big System Rollout 1. Define, before selecting a technology, a System Charter for the project (Business Owner, IT Lead, Administration/Sustainment Owner, Problem Being Solved, Project Scope, Project Objectives, Target Timeline) 2. Define RACI chart of who will do what on the project to select, configure, and launch the system 3. Define system requirements and the source for each one (including functional, security, and compliance requirements) 4. Capture assumptions throughout the project 5. Define selection and launch project plans (timeline, milestones, collaboration tools) 6. Define information architecture (how the system will be configured/navigated) 7. Iteratively create and validate design package: User interface design, System workflow, System notification approach, Permissions model, SLAs and reporting approach, Testing Approach 8. Define Communication and Change Management Plan, including rigorous acceptance testing (is this ready to launch?), communication (multiple messages in multiple channels!), go-live activities, and post- launch triage (help me get to fully launched)
How to Research Technology Product Categories and Vendors 1. Google for Gartner Magic Quadrants by category to find free versions of their analysis of competitors 2. Look on websites like YouTube, Reddit, and Quora for technology solutions 3. Engage with your local startup community (e.g., https://www.dcstartupweek.org) 4. Look at early-stage company-focused technology offerings, like https://appsumo.com
Part 2: Tools • The following slides show categories of technology products and suggestions by levels • The levels are not prescriptive – each organization should mature at different rates, based on business model, organizational culture, industry, etc.
Starter Pack Category Notes Level 1 (Startup) Level 2 Core Collaboration Platform (Email, Chat, Video, Calendar, Docs/Drive, Planning, App Building) Consider enabling legal/litigation hold, for future legal discovery needs. Look here before investing in any other systems! Microsoft 365 or Google Workspace Microsoft 365 or Google Workspace Accounting System Don’t rush into a big system until you really need it QuickBooks Online or Xero NetSuite, Microsoft, or industry- specific (e.g., Unanet, Deltek) Sales Keep this lean – you can go a long way on simple spreadsheets instead of paying for pricey systems Spreadsheet, CRM/Pipeline Management (e.g., HubSpot, Pipedrive) Consider Salesforce Laptop Type Consistency is valuable BYOD (Employees use their own) Managed Windows or Mac endpoints Smartphones You may need to control data on endpoints as you grow, depending on your culture and compliance needs BYOD (Employees use their own) Consider Mobile Device Management container (e.g., Microsoft Intune) Forms/Approval Platform Get approvals out of email chains and into a system Email [Consider building with M365 or Google Workspace] Social Media Publishing Able to schedule posts across platforms HootSuite or Buffer HootSuite or Buffer Email Newsletter Pick what’s easy for your team to use MailChimp or ConvertKit MailChimp or ConvertKit Web Hosting Focus on attractive UI and simple administration (no patching!) Wordpress.com or Wix Wordpress.com or Wix Managed Service Provider (MSP) Outsourced IT operations/administration Not a Priority (N/P) XPERTECHS, DP Solutions, DesignData, RedRiver Fractional CIO Service Pay for a sliver of CIO time (e.g., 2 hours/week) Not a Priority (N/P) Hartman Exec. Advisors Note: No recommendations for Service Delivery (Ops), Contracts, or Legal, as they are industry-specific
Non-IT Technology Recommendations • For these non-IT categories, refer to the great SignalFire Back Office Guide
IT Management Tools Category Notes Level 1 (Startup) Level 2 IT Asset Tracker • Track equipment (laptops, phones), software assets (licenses, SaaS subscriptions), etc. • Also known as Configuration Management Database (CMDB) Excel spreadsheet on Teams, SharePoint List, or Google Sheet Custom app (e.g., MS Power Apps or Google App Builder) or a system that aligns well with your IT ticketing system (e.g., ManageEngine) Data Backup Determine where your critical data is and how you’ll protect it, shaping the culture around it (e.g., Do employees keep critical info on their laptops? Or on cloud collaboration tools?) None (Remind employees to keep files/data on cloud services) Consider SaaS backup services for relevant platforms (e.g., Veeam) Availability Monitoring Relevant to monitor any websites/web apps you run, even if it’s just your company website StatusCake (Free plan) Site24x7, Pingdom, or NewRelic
Cybersecurity Tools (Core) Category Notes Level 1 (Startup) Level 2 MSSP / MDR (Managed Security Service Provider / Managed Detection & Response / SOC as a Service) Cyber Monitoring as a Service Not a Priority (N/P) Arctic Wolf, CrowdStrike, Sophos, RedZone Technologies Security Training Teach/remind your employees not to get hacked KnowBe4 (Free phishing assessment) KnowBe4 Password Vault Password vaults increase security and make employee separations easier to coordinate 1Password or KeePass 1Password or KeePass Identity Management and Single Sign On (SSO) Consolidate identity to make onboarding and offboarding easier and more secure None (Leverage Password Vault) Azure Entra, Okta SSO, Cisco Duo Endpoint Management (EDR, XDR) Protect laptops and smartphone devices Not a Priority (N/P) Microsoft Intune, CrowdStrike Governance, Risk, and Compliance (GRC) or Regulation Operations (RegOps) Track relevant compliance requirements (e.g., GDPR, CCPA, HIPAA, CMMC), your compliance approach, and relevant evidence Compliance spreadsheet in cloud collaboration platform Spreadsheet or RegOps tool like RegScale or AuditBoard
Cybersecurity Tools (Life Without MSSP) Category Notes Level 1 (Startup) Level 2 Secure Email Gateway Provides security layer for incoming and outgoing emails, to increase security (e.g., phishing, credential attacks) N/P M365 E5 or Proofpoint Vulnerability Management Identifies vulnerabilities on devices (patches not applied) for computers and servers N/P Tenable or Rapid7 SIEM Collects alerts from systems to analyze possible attacks N/P ManageEngine, Rapid7, or Splunk (expensive) Data Loss Prevention (DLP) Monitor and control data moving into and out of company systems N/P Code42, Google Cloud DLP, Microsoft Information Protection, Netskope Note: See the CIS Top 18 Controls list for how to prioritize Cyber investments – start at the top and go in order. Note: At Level 2, start evaluating against NIST Cyber Security Framework.
Tactical Force Multiplier Tools and Culture Hacks • In addition to core tools, consider where you could use focused tools to make dramatic improvements in your business capabilities, such as: • Loom video recorder (capture and share) • Fathom AI Notetaker • X Mind mind-mapping tool • Calendly for scheduling acceleration • (AppSumo.com to see startup tech tool trends) • Several years ago, Gartner popularized the idea of “culture hacks” – consider things like “office hours” or Amazon 6-pager docs as you shape your organizational culture Note: Shoutout to Ashlee Berghoff of https://asquaredonline.com for some great tool recommendations!
Questions? Follow up at https://linkedin.com/in/mikehking/ or mike@mikehking.com

Recommended

CIO 101 for Entrepreneurs (2016)
CIO 101 for Entrepreneurs (2016)CIO 101 for Entrepreneurs (2016)
CIO 101 for Entrepreneurs (2016)Michael King
 
Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Daljit Banger
 
Week8 Topic1 Translate Business Needs Into Technical Requirements
Week8 Topic1 Translate Business Needs Into Technical RequirementsWeek8 Topic1 Translate Business Needs Into Technical Requirements
Week8 Topic1 Translate Business Needs Into Technical Requirementshapy
 
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18Fldn resource -_impact_of_the_use_of_it_on_business_systems_18
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18Natasha Ali
 
Bussiness needs
Bussiness needsBussiness needs
Bussiness needshunni123
 
ITSM Toolset Selection
ITSM Toolset SelectionITSM Toolset Selection
ITSM Toolset Selectionrajanam
 
Technology Planning and Implementation
Technology Planning and ImplementationTechnology Planning and Implementation
Technology Planning and ImplementationSteve Heye
 
Chapter 2 analyzing the business case
Chapter 2 analyzing the business caseChapter 2 analyzing the business case
Chapter 2 analyzing the business caseRaquel Miranda
 

Recommended

CIO 101 for Entrepreneurs (2016)
CIO 101 for Entrepreneurs (2016)CIO 101 for Entrepreneurs (2016)
CIO 101 for Entrepreneurs (2016)Michael King
 
Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Enterprise Architecture - An Introduction
Enterprise Architecture - An Introduction Daljit Banger
 
Week8 Topic1 Translate Business Needs Into Technical Requirements
Week8 Topic1 Translate Business Needs Into Technical RequirementsWeek8 Topic1 Translate Business Needs Into Technical Requirements
Week8 Topic1 Translate Business Needs Into Technical Requirementshapy
 
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18Fldn resource -_impact_of_the_use_of_it_on_business_systems_18
Fldn resource -_impact_of_the_use_of_it_on_business_systems_18Natasha Ali
 
Bussiness needs
Bussiness needsBussiness needs
Bussiness needshunni123
 
ITSM Toolset Selection
ITSM Toolset SelectionITSM Toolset Selection
ITSM Toolset Selectionrajanam
 
Technology Planning and Implementation
Technology Planning and ImplementationTechnology Planning and Implementation
Technology Planning and ImplementationSteve Heye
 
Chapter 2 analyzing the business case
Chapter 2 analyzing the business caseChapter 2 analyzing the business case
Chapter 2 analyzing the business caseRaquel Miranda
 
Building a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetBuilding a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetDaljit Banger
 
Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017Daljit Banger
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and designRobinsonObura
 
CS 414 (IT Project Management)
CS 414 (IT Project Management)CS 414 (IT Project Management)
CS 414 (IT Project Management)raszky
 
Formal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing CompanyFormal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing CompanyFarrokh Poorooshasb
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architectureUNSW Canberra
 
A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture Daljit Banger
 
Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World Daljit Banger
 
PTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdfPTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdfTmTri
 
Resume John Tzanetakis
Resume John TzanetakisResume John Tzanetakis
Resume John TzanetakisJohn Tzanetakis
 
Business analyst
Business analystBusiness analyst
Business analystSantosh Pattanshetty
 
Management Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docxManagement Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docxcroysierkathey
 
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...wepc2016
 
Visualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and SecurityVisualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and SecurityBiZZdesign
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool MeetupPaul McCormack
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool MeetupPaul McCormack
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool MeetupAmbition Group
 
Pm Tool Meetup
Pm Tool MeetupPm Tool Meetup
Pm Tool MeetupAmbition Group
 
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseIBM z Systems Software - IT Service Management
 
How to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity RecognitionHow to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity RecognitionSkyl.ai
 
How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)Michael King
 
VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)Michael King
 

More Related Content

Similar to Technology Strategy for Early Stage Companies

Building a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetBuilding a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetDaljit Banger
 
Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017Daljit Banger
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and designRobinsonObura
 
CS 414 (IT Project Management)
CS 414 (IT Project Management)CS 414 (IT Project Management)
CS 414 (IT Project Management)raszky
 
Formal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing CompanyFormal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing CompanyFarrokh Poorooshasb
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architectureUNSW Canberra
 
A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture Daljit Banger
 
Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World Daljit Banger
 
PTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdfPTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdfTmTri
 
Management Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docxManagement Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docxcroysierkathey
 
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...wepc2016
 
Visualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and SecurityVisualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and SecurityBiZZdesign
 
How to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity RecognitionHow to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity RecognitionSkyl.ai
 

Similar to Technology Strategy for Early Stage Companies (20)

Building a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture MindsetBuilding a ICT Strategy with an Enterprise Architecture Mindset
Building a ICT Strategy with an Enterprise Architecture Mindset
 
Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017Supporting material for my Webinar to the ACS - June2017
Supporting material for my Webinar to the ACS - June2017
 
System analysis and design
System analysis and designSystem analysis and design
System analysis and design
 
CS 414 (IT Project Management)
CS 414 (IT Project Management)CS 414 (IT Project Management)
CS 414 (IT Project Management)
 
Formal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing CompanyFormal Information Technology in a Small, Growing Company
Formal Information Technology in a Small, Growing Company
 
Bus2.0 - IT architecture
Bus2.0 - IT architectureBus2.0 - IT architecture
Bus2.0 - IT architecture
 
A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture A Brief Introduction to Enterprise Architecture
A Brief Introduction to Enterprise Architecture
 
Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World Enterprise Architecture - An Introduction from the Real World
Enterprise Architecture - An Introduction from the Real World
 
PTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdfPTTKHTTT_part 1.pdf
PTTKHTTT_part 1.pdf
 
Resume John Tzanetakis
Resume John TzanetakisResume John Tzanetakis
Resume John Tzanetakis
 
Business analyst
Business analystBusiness analyst
Business analyst
 
Management Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docxManagement Information Systems – Week 7 Lecture 2Developme.docx
Management Information Systems – Week 7 Lecture 2Developme.docx
 
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
Day 1: ICT Strategic Planning, Mr. Soufiane Ben Moussa, CTO, House of Commons...
 
Visualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and SecurityVisualizing BI technical cyber risks. Enterprise Risk and Security
Visualizing BI technical cyber risks. Enterprise Risk and Security
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
PM Tool Meetup
PM Tool MeetupPM Tool Meetup
PM Tool Meetup
 
Pm Tool Meetup
Pm Tool MeetupPm Tool Meetup
Pm Tool Meetup
 
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the EnterpriseNZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
NZS-4555 - IT Analytics Keynote - IT Analytics for the Enterprise
 
How to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity RecognitionHow to analyze text data for AI and ML with Named Entity Recognition
How to analyze text data for AI and ML with Named Entity Recognition
 

More from Michael King

How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)Michael King
 
VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)Michael King
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnedMichael King
 
Enforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesEnforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesMichael King
 
Using an Engineering Maturity Model to drive Self-Improvement
Using an Engineering Maturity Model to drive Self-ImprovementUsing an Engineering Maturity Model to drive Self-Improvement
Using an Engineering Maturity Model to drive Self-ImprovementMichael King
 
Serving Federal Government Customers with Scaled Agile Framework (SAFe)
Serving Federal Government Customers with Scaled Agile Framework (SAFe)Serving Federal Government Customers with Scaled Agile Framework (SAFe)
Serving Federal Government Customers with Scaled Agile Framework (SAFe)Michael King
 
Using JIRA to Scale your Business
Using JIRA to Scale your BusinessUsing JIRA to Scale your Business
Using JIRA to Scale your BusinessMichael King
 
Technology Strategy Template
Technology Strategy TemplateTechnology Strategy Template
Technology Strategy TemplateMichael King
 
From Chaos to Order: Building a Business Architecture
From Chaos to Order: Building a Business ArchitectureFrom Chaos to Order: Building a Business Architecture
From Chaos to Order: Building a Business ArchitectureMichael King
 
Halfaker CMMI Capability Challenge Presentation
Halfaker CMMI Capability Challenge PresentationHalfaker CMMI Capability Challenge Presentation
Halfaker CMMI Capability Challenge PresentationMichael King
 
Technology Strategy Template
Technology Strategy TemplateTechnology Strategy Template
Technology Strategy TemplateMichael King
 
IT 101 for Entrepreneurs
IT 101 for EntrepreneursIT 101 for Entrepreneurs
IT 101 for EntrepreneursMichael King
 

More from Michael King (12)

How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)How to Grow Business Value (VIP ADVANCE, April 2024)
How to Grow Business Value (VIP ADVANCE, April 2024)
 
VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)VIP Anatomy of a Decision to Sell Your Biz (May 2023)
VIP Anatomy of a Decision to Sell Your Biz (May 2023)
 
iDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons LearnediDEAFest Enteprise InfoSec Program Lessons Learned
iDEAFest Enteprise InfoSec Program Lessons Learned
 
Enforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline GatesEnforcing Quality with DevOps Pipeline Gates
Enforcing Quality with DevOps Pipeline Gates
 
Using an Engineering Maturity Model to drive Self-Improvement
Using an Engineering Maturity Model to drive Self-ImprovementUsing an Engineering Maturity Model to drive Self-Improvement
Using an Engineering Maturity Model to drive Self-Improvement
 
Serving Federal Government Customers with Scaled Agile Framework (SAFe)
Serving Federal Government Customers with Scaled Agile Framework (SAFe)Serving Federal Government Customers with Scaled Agile Framework (SAFe)
Serving Federal Government Customers with Scaled Agile Framework (SAFe)
 
Using JIRA to Scale your Business
Using JIRA to Scale your BusinessUsing JIRA to Scale your Business
Using JIRA to Scale your Business
 
Technology Strategy Template
Technology Strategy TemplateTechnology Strategy Template
Technology Strategy Template
 
From Chaos to Order: Building a Business Architecture
From Chaos to Order: Building a Business ArchitectureFrom Chaos to Order: Building a Business Architecture
From Chaos to Order: Building a Business Architecture
 
Halfaker CMMI Capability Challenge Presentation
Halfaker CMMI Capability Challenge PresentationHalfaker CMMI Capability Challenge Presentation
Halfaker CMMI Capability Challenge Presentation
 
Technology Strategy Template
Technology Strategy TemplateTechnology Strategy Template
Technology Strategy Template
 
IT 101 for Entrepreneurs
IT 101 for EntrepreneursIT 101 for Entrepreneurs
IT 101 for Entrepreneurs
 

Recently uploaded

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 

Recently uploaded (20)

Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 

Technology Strategy for Early Stage Companies

  • 1. Technology Strategy for Early-Stage Companies Mike King (mikehking.com) Octber 5, 2023
  • 2. Agenda • About Mike • Part 1: Principles • Start with Business Strategy • Define Your IT Priorities • Cybersecurity Fundamentals • Consider Sustainability, Outsourcing, and Tech Debt • How to Research Technology Product Categories and Vendors • Part 2: Tools • Starter Pack • Non-IT Technology Recommendations • IT Management Tools • Cybersecurity Tools (Core) • Cybersecurity Tools (Life Without MSSP) • Tactical Force Multiplier Tools and Culture Hacks • Questions? What’s not in today’s scope? • Covering every category of technology solution • Detailed discussion about specific technology product categories or vendors
  • 3. About Mike • Investor and Advisor • Former technology executive (COO to CTO to CIO/CISO) at Halfaker and Associates from 2008 through its sale to SAIC in 2021 • Started my career at Lockheed Martin doing systems and security engineering • https://mikehking.com
  • 5. Start with your Business Strategy 1. Don’t let IT or other things be a “tail wagging the dog” 2. Don’t throw technology at people or process problems -- develop holistic solutions 3. Realize entrepreneurship is continuous problems and opportunities – you’ll never finish all the things, so you need to prioritize what’s important instead of just trying to “catch up” Sept - Assess Assess current strategic issues and opportunities (SWOT, Strategic Retrospective) Oct - Collect Strategic Input Begin bottoms-up (crowdsourcing) brainstorming possible strategic goals for next year Nov -Draft Strategy Draft new 1- and 3-year strategic plans Dec - Finalize Strategy Refine strategy package, with clear, specific measures of success (e.g., OKRs) Jan - Launch Launch new strategy, ensuring priorities are clear across the organization Ongoing - Monitor and Adjust Establish recurring cadence to monitor strategic progress and issues (e.g. weekly, monthly, and quarterly reviews) Example Annual Strategy Cadence
  • 6. Define Your IT Priorities 1. Don’t be overwhelmed by all the IT stuff you could work on – focus on identifying what’s the most important and attack the list in order (e.g., Quarterly Strategic Themes) 2. Align IT priorities with your business strategy 3. Align IT priorities with your company culture – don’t prioritize systems that won’t get used! 4. Be intentional with how fast you’ll complete IT priorities -- balance building corporate infrastructure (IT, cyber security, processes) with focusing on growth – avoid building a house of cards or rock-solid IT without revenue Business Strategic Goal Category IT Goal IT Measures Customer Satisfaction Deploy Customer Survey System >= 75% Customer Response Rate by Feb 28 Deploy Project Health Dashboard to show Customer-Facing Project Health (Revenue, Profit, Deliverable Compliance, Customer Experience, and Employee Experience) Version 1 deployed by Jun 30 Financial Performance Reduce Cyber Risk by Deploying new Endpoint Protection Tool Fully deployed by May 31 Process Maturity Establish new Quarterly Improvement Meeting for leaders to discuss how to improve company processes and technology Complete first meeting by Jan 31 Improve employee experience related to approval requests Define Forms technology approach/platform and deploy 3+ New Employee Self-Service Forms to Improve Tedious Processes by Aug 31 Talent Development Select new Payroll vendor and associated HR Information System, and build launch plan Complete by Aug 31
  • 7. Cybersecurity Fundamentals 1. Don’t be overwhelmed by cybersecurity – take a breath and think about the next step to make your company a little more secure 2. Focus on the fundamentals – don’t consider any complex cyber tools until you have a solid foundation 3. Pick a simple framework to measure yourself against, such as CIS Controls and then NIST Cyber Security Framework (CSF), and go in order making your company more secure 4. See Expel.io’s CSF assessment spreadsheet template
  • 8. Consider Sustainability, Outsourcing, and Tech Debt 1. Flee from complexity – use SaaS when you can, and avoid complex systems and processes 2. Use what you have – keep your infrastructure simple by using existing functionality instead of investing in other tools, which make things more complex to maintain and for employees to navigate (e.g., Consider using Microsoft Planner or Google Keep before investing in a tool like Trello) 3. Consider outsourcing functions where it makes sense (e.g., cyber monitoring (Managed Security Service Provider (MSSP), graphic design services) 4. Consider Technical Debt, the idea of taking shortcuts now will cost you more complexity/headaches/bad options later 5. Invest in consistency and clarity – do your employees know which technologies they should use for what?
  • 9. What to Consider for a Big System Rollout 1. Define, before selecting a technology, a System Charter for the project (Business Owner, IT Lead, Administration/Sustainment Owner, Problem Being Solved, Project Scope, Project Objectives, Target Timeline) 2. Define RACI chart of who will do what on the project to select, configure, and launch the system 3. Define system requirements and the source for each one (including functional, security, and compliance requirements) 4. Capture assumptions throughout the project 5. Define selection and launch project plans (timeline, milestones, collaboration tools) 6. Define information architecture (how the system will be configured/navigated) 7. Iteratively create and validate design package: User interface design, System workflow, System notification approach, Permissions model, SLAs and reporting approach, Testing Approach 8. Define Communication and Change Management Plan, including rigorous acceptance testing (is this ready to launch?), communication (multiple messages in multiple channels!), go-live activities, and post- launch triage (help me get to fully launched)
  • 10. How to Research Technology Product Categories and Vendors 1. Google for Gartner Magic Quadrants by category to find free versions of their analysis of competitors 2. Look on websites like YouTube, Reddit, and Quora for technology solutions 3. Engage with your local startup community (e.g., https://www.dcstartupweek.org) 4. Look at early-stage company-focused technology offerings, like https://appsumo.com
  • 11. Part 2: Tools • The following slides show categories of technology products and suggestions by levels • The levels are not prescriptive – each organization should mature at different rates, based on business model, organizational culture, industry, etc.
  • 12. Starter Pack Category Notes Level 1 (Startup) Level 2 Core Collaboration Platform (Email, Chat, Video, Calendar, Docs/Drive, Planning, App Building) Consider enabling legal/litigation hold, for future legal discovery needs. Look here before investing in any other systems! Microsoft 365 or Google Workspace Microsoft 365 or Google Workspace Accounting System Don’t rush into a big system until you really need it QuickBooks Online or Xero NetSuite, Microsoft, or industry- specific (e.g., Unanet, Deltek) Sales Keep this lean – you can go a long way on simple spreadsheets instead of paying for pricey systems Spreadsheet, CRM/Pipeline Management (e.g., HubSpot, Pipedrive) Consider Salesforce Laptop Type Consistency is valuable BYOD (Employees use their own) Managed Windows or Mac endpoints Smartphones You may need to control data on endpoints as you grow, depending on your culture and compliance needs BYOD (Employees use their own) Consider Mobile Device Management container (e.g., Microsoft Intune) Forms/Approval Platform Get approvals out of email chains and into a system Email [Consider building with M365 or Google Workspace] Social Media Publishing Able to schedule posts across platforms HootSuite or Buffer HootSuite or Buffer Email Newsletter Pick what’s easy for your team to use MailChimp or ConvertKit MailChimp or ConvertKit Web Hosting Focus on attractive UI and simple administration (no patching!) Wordpress.com or Wix Wordpress.com or Wix Managed Service Provider (MSP) Outsourced IT operations/administration Not a Priority (N/P) XPERTECHS, DP Solutions, DesignData, RedRiver Fractional CIO Service Pay for a sliver of CIO time (e.g., 2 hours/week) Not a Priority (N/P) Hartman Exec. Advisors Note: No recommendations for Service Delivery (Ops), Contracts, or Legal, as they are industry-specific
  • 13. Non-IT Technology Recommendations • For these non-IT categories, refer to the great SignalFire Back Office Guide
  • 14. IT Management Tools Category Notes Level 1 (Startup) Level 2 IT Asset Tracker • Track equipment (laptops, phones), software assets (licenses, SaaS subscriptions), etc. • Also known as Configuration Management Database (CMDB) Excel spreadsheet on Teams, SharePoint List, or Google Sheet Custom app (e.g., MS Power Apps or Google App Builder) or a system that aligns well with your IT ticketing system (e.g., ManageEngine) Data Backup Determine where your critical data is and how you’ll protect it, shaping the culture around it (e.g., Do employees keep critical info on their laptops? Or on cloud collaboration tools?) None (Remind employees to keep files/data on cloud services) Consider SaaS backup services for relevant platforms (e.g., Veeam) Availability Monitoring Relevant to monitor any websites/web apps you run, even if it’s just your company website StatusCake (Free plan) Site24x7, Pingdom, or NewRelic
  • 15. Cybersecurity Tools (Core) Category Notes Level 1 (Startup) Level 2 MSSP / MDR (Managed Security Service Provider / Managed Detection & Response / SOC as a Service) Cyber Monitoring as a Service Not a Priority (N/P) Arctic Wolf, CrowdStrike, Sophos, RedZone Technologies Security Training Teach/remind your employees not to get hacked KnowBe4 (Free phishing assessment) KnowBe4 Password Vault Password vaults increase security and make employee separations easier to coordinate 1Password or KeePass 1Password or KeePass Identity Management and Single Sign On (SSO) Consolidate identity to make onboarding and offboarding easier and more secure None (Leverage Password Vault) Azure Entra, Okta SSO, Cisco Duo Endpoint Management (EDR, XDR) Protect laptops and smartphone devices Not a Priority (N/P) Microsoft Intune, CrowdStrike Governance, Risk, and Compliance (GRC) or Regulation Operations (RegOps) Track relevant compliance requirements (e.g., GDPR, CCPA, HIPAA, CMMC), your compliance approach, and relevant evidence Compliance spreadsheet in cloud collaboration platform Spreadsheet or RegOps tool like RegScale or AuditBoard
  • 16. Cybersecurity Tools (Life Without MSSP) Category Notes Level 1 (Startup) Level 2 Secure Email Gateway Provides security layer for incoming and outgoing emails, to increase security (e.g., phishing, credential attacks) N/P M365 E5 or Proofpoint Vulnerability Management Identifies vulnerabilities on devices (patches not applied) for computers and servers N/P Tenable or Rapid7 SIEM Collects alerts from systems to analyze possible attacks N/P ManageEngine, Rapid7, or Splunk (expensive) Data Loss Prevention (DLP) Monitor and control data moving into and out of company systems N/P Code42, Google Cloud DLP, Microsoft Information Protection, Netskope Note: See the CIS Top 18 Controls list for how to prioritize Cyber investments – start at the top and go in order. Note: At Level 2, start evaluating against NIST Cyber Security Framework.
  • 17. Tactical Force Multiplier Tools and Culture Hacks • In addition to core tools, consider where you could use focused tools to make dramatic improvements in your business capabilities, such as: • Loom video recorder (capture and share) • Fathom AI Notetaker • X Mind mind-mapping tool • Calendly for scheduling acceleration • (AppSumo.com to see startup tech tool trends) • Several years ago, Gartner popularized the idea of “culture hacks” – consider things like “office hours” or Amazon 6-pager docs as you shape your organizational culture Note: Shoutout to Ashlee Berghoff of https://asquaredonline.com for some great tool recommendations!