My boss asked, "Why?"
"Because ... Yada, yada, yada..."
(Note: For a variety of reasons, I don't feel the need to go into the details of Aorato's products/services or state government security needs in this public blog. Needless to say, several key people saw benefits to this particular vendor solution. More important, those details are not required to make the point of this particular piece.)
"OK, go for a pilot," David replied.
With that support, I set off in February to build the necessary coalition within the technology department to kick-start a successful proof-of-concept and security infrastructure pilot with Aorato.
(Note: Michigan government has a very centralized technology function with centralized authority and an ample security budget. The good news right off the bat was that initial funding and authority were not significant hurdles in this particular case. However, these can be major issues in other governments or situations. The budget would even have been a major issue a decade ago in Michigan with major cuts all around.)
So here's what we did:
STEP 1: Get my own security team onboard -- I pulled my direct reports into my office and told them about the trip to Israel, along with some details on a few cyber companies that I liked. After answering a few questions, the team left -- looking forward to the upcoming WebEx meetings.
STEP 2: Scheduled the online demo -- My excellent executive assistant coordinated a WebEx demo, but the first available date was 3-4 weeks out due to very busy schedules.
STEP 3: Scheduled another demo for those who didn't make itthe first time -- The first demo went great, but several people could not make it because of last minute "mini-emergencies." This best date for the next meeting was another 2-3 weeks out due to very busy schedules and other higher priorities like Windows XP migration and other "hot" deadlines.
STEP 4: Corral the troops -- I asked: "Isn't implementing this a good idea? Let's make the business case." After a second round of demos that included some of our key onsite vendor partners, the reaction was only lukewarm.
Typical comments were:
"Sounds ok, but we're too busy."
"What can you take off our plates to do this soon?"
"Are you sure this is such a hot security issue for us?"
"I like it, but can we even buy from a foreign start-up company? Do we really trust these guys?"
"I don't see what this will replace in our current security architecture? We use Office 365 in the cloud. How can do this without new staff or, yada, yada..."
STEP 5: Get in Line - I decided to make a few phone calls to key directors, managers and other leaders and push the issue harder. I even told a few people to get it done. They said Ok, but pushed back harder. What could they stop doing if we do this? They finally agreed to develop a pilot project charter.
Sign up for CIO Asia eNewsletters.