DevSecOps and the new age of application security testing

Are your operations and security functions automated? Have you eliminated manual processes as you start to tighten up your security and controls?

Hi, I’m Peter Nichol, Data Science CIO.

Today we’re going to talk about DevSecOps. DevSecOps is a simplification of the phrase development, security, and operations.

What is DevSecOps?

Let’s begin with a brief explanation of what DevOps is to ensure we’re clear on the difference between DevOps and DevSecOps. DevOps is focused on development and operations. The development part hones in on automation, building or development, testing, and releasing the functionality into your environment. When we add “Sec” in between “Dev” and “Ops,” that reflects considerations of security—for example, ensuring that security is a part of every role. This means that when we make development and operational automation decisions, we have the potential to make similar decisions about the orchestration and automation of security through the DevOps process.

How do DevOps and DevSecOps differ?

DevSecOps adds security to the DevOps process. Previously, your team may have had one or maybe two big releases per year, so security wasn’t such a big concern. The team had lots of time to tighten those security controls and ensure that security procedures and policies were adhered to prior to deployment. With continuous integration, continuous delivery, and continuous deployment—also known as CI/CD pipelines—the team now has monthly, weekly, or even daily releases. In this new environment of constantly releasing customer features, it becomes much more important to evaluate and measure the security footprint on a more consistent basis. This brings forward the concept of DevSecOps to bring security into the development, operations, and release lifecycle.

Where did DevSecOps start?

The idea of continual security goes back to Dr. Joseph Duran, one of the founders of the quality management movement. He introduced the concept of quality by design (QbD). Duran believed that quality wasn’t an aspect of an output of a product or widget. Quality didn’t just happen, and it wasn’t something that needed to be done once a product was created (or features were developed and completed, in our case). Instead, quality was designed into the product, and quality assurance was performed throughout the entire process. It wasn’t a one-off step at the end of the process. By building quality into products, manufacturing companies started to produce higher-quality products with fewer defects.

DevSecOps is as simple as, “design security into the process” or embracing a “security by design” mindset.

We’re able to leverage the same quality-by-design principles that Duran applied so many years ago into how we plan, design, and deploy features that are wrapped, tightened, or hardened by security procedures. We have to design security into our ecosystem. It’s no longer productive to conduct an assessment after features are deployed to determine if code complies with our security standards and procedures.

What does DevSecOps look like in practice?

DevSecOps integrates security into normal development and operations that, in today’s infrastructures, are largely automated. DevSecOps works, in practice, because security workflows apply the development standards and architecture definitions for the organization. This could be things like validating that there are no security gaps in code before it moves into a region. Another example might be validating that the right infrastructure cloud policies prevent unnecessary exposure to sensitive infrastructure, networks, or parts of the security footprint. Ultimately, DevSecOps established many different elements to make sure that security can be streamlined and orchestrated effectively. The result is that rapid security assessments become a regular part of our development and operational environments.

It’s common for a collection of products to be used for DevSecOps orchestration. Here are some of the most popular.

  • Commit code to repository: JFrog, snyk, Skim dev, Tallisman, git-secrets, HOUND, Vault, AES Secrets Manager
  • Build: Checkmarx, ECG, DerScanner, GitHub, Black Duck
  • Deploy: RAPID, acunetix, VERACODE, clair, anchore, DOCKSCAN, KitchenCI, CHEFINSPEC, Signal Sciences, imperva, walarm, Cloudflare, Nagios, Datadog, Gremlin, ChaosToolkit.

What are the benefits?

We’re looking to remove the manual security processes that occur during the deployment or testing of a release. However, just the introduction of DevSecOps introduces new organizational benefits such as:

  1. The ability to audit
  2. The ability to be compliant
  3. The ability to identify issues right away and take immediate action
  4. Accelerating report compliance
  5. Formalizing documentation of triggers and decisions made by automation agents

There are many software benefits from having a repeatable and durable security approach that’s streamlined to the degree that the process is mainly automated. While seemingly obvious, the removal of the human factor can significantly reduce variance and production issues. For example, many deployments are performed at odd hours, and, during these hours—whether they’re deployed at 9 pm or 2 am—the team is often not at the top of their game. By adding intelligence automation agents, we remove manual steps that can be defined and repeated with overwhelming precision.

How to get started

After leaders hear about DevSecOps, they’re excited. Their next logical question is, “Now what? How do we start?”

First, define the roles and responsibilities. Consider who’s involved or the roles they play.

Second, establish policies. This answers the general question of, “Why is this new process being introduced, and what’s the desired benefit?” Evaluate which standards are mandatory. Take time to define guidelines and elaborate and expand on best practices. Also, be sure to establish procedures that articulate the step-by-step instructions for compliance.

Third, turn up the automations. You’ve defined the processes, procedures, and implementation standards. Now it’s time to reduce human intervention and narrow the pipeline-error variance through automation.

Fourth, collect evidence. Start making a hit list of what’s working and what’s not.

Fifth, design a constant feedback loop to validate that you’re received timely information or decision making. The feedback loop provides you with a method to discuss lessons learned and introduce positive changes into your environment.

As your week begins, consider whether your DevSecOps pipeline is automated and working in your best interest. Evaluate your operational teams. Ask yourself, “How can the team be a little bit more effective by exploring DevSecOps?” Taking time to automate your DevSecOps environment helps you reach your next organizational win!

If you found this article helpful, that’s great! Also, check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Detect anomalies faster with AIOps

Have you ever been trying to use an application and it went down? Is your organization challenged with keeping applications up? Maybe it’s not just Outlook, but other essential business applications aren’t stable.

Hi, I’m Peter Nichol, Data Science CIO.

Today we’re going to get into some of the benefits of AIOps, also known as artificial information operations. The mean time to fix a production outage is 4.5 hours. Extended outage periods negatively impact your staff productivity and efficiency. Benchmark studies estimate that $21.8 million per company is lost annually due to unexpected downtime.

What is AIOps?

AIOps applies the concepts of machine learning and data science to solve IT operational problems. Often, these problems are solved through the introduction of automation.

One of the fascinating examples of applying AIOps is leveraging this technology to identify network failure points. Operations—or, more specifically, artificial intelligence operations—use predictive technologies to identify the root cause of failures within software-defined networking in vast area networks (SD-WANs). SD-WANs carry mission-critical traffic (transactional, customer, member). These intelligent networks can dynamically partition and protect the network against vulnerabilities in other parts of the technical enterprise topology. These intelligent and predictive network tools are triggered by irregular patterns of behavior and near-instantly change the network’s topology.

AIOps offers benefits in many areas

When technology leaders have challenges with utilization or bandwidth, AI operations can immediately identify when threshold limits have been reached.

Amazingly, through the integration of other technologies, environments can provide auto-scale. Autoscaling is the act of dynamically increasing bandwidth for peak load and then contracting bandwidth when it’s no longer required. This process of ideal usage helps create a highly efficient infrastructure, saving dollars when we least expect it. Automating these processes using thresholds can generate significant benefits when monitored and implemented by experts.

There are numerous areas where AIOps can offer benefits:

  1. IT incidents
  2. Intelligent IT automation
  3. IT service management
  4. Alert management
  5. Automatic anomaly detection
  6. Ability to predict outages
  7. Freeing up expensive human capital
  8. Availability and performance monitoring
  9. Event correlation and analysis
  10. Cloud spend optimization
  11. Identifying the health of customer-facing issues

The growing market for AIOps

AIOps is erupting with potential. It’s forecasted that, by 2023, the market for artificial intelligence for IT operations will blow up to about $11.2 billion. This marks enormous growth in an industry that’s fascinating but relatively unknown.

When we look at the players in this space, the predictive capabilities they can provide are almost unbelievable:

  • Data agnostic tools: Anodot, FixStream, and OpsRamp
  • Legacy platforms: bms, ca technologies, and Micro Focus
  • Logging: elastic, OverOps, and splunk
  • Monitoring: Dynatrace, SignalFx, and ScienceLogic
  • Alerting: pagerduty, OpsRamp, and LogicMonitor

Again, AIOps focuses on taking action based on events that can be predicted through pattern analysis. Taking action based on failures or when things go wrong are typical applications of AIOps.

What applications do you use the most during the day? Which applications, when unavailable, most significantly impact your team’s performance? It’s not just Microsoft Outlook and other core applications that prevent individual users from performing their daily duties when they’re not available. To send that email, you might have to check a report in Tableau. You might have to download SQL Server Management Studio data or ask a team member to pull the data for you. Rarely does the primary business application meet 80% of the business needs.

Autoscaling is likely the most common AIOps application where bandwidth scales up or threat-based events trigger the auto partitioning. These are both examples of AIOps at work.

Has your organization fully leveraged the power of AIOps? For example, has your company defined standard operating procedures for auto-scaling? Are you in agreement with your business partners about those procedures? After all, when those services aren’t available, guess who they’ll affect the most?

The ability to introduce self-healing, self-monitoring, and self-management tools through the design of AIOps environments can transform outcomes for technology leaders.

AIOps offers a great ecosystem of platforms, services, and products when you have information overflow.

If you found this article helpful, that’s great! Also, check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Keep pace with your business partners by introducing advanced Smartsheet features

Are you enabling your business users? Is your team providing business owners the functionality they need to perform business-as-usual operations? Unfortunately, a lot of times, we aren’t.

Hi, I’m Peter Nichol, Data Science CIO.

Today we’re going to get into the specifics of how to enable those business teams. In my prior article, The disruptive idea of low-code platforms, we covered the benefits of low-code, no-code, and full-code platforms. We also expanded on why no-code solutions are powerful for business users.

Today we’ll explore Smartsheet, a no-code platform, and dig into its advanced functionality. This complex functionality holds enormous potential to empower your business users. I’m also going to introduce you to the more complex integration features of Smartsheet that allow you to educate your business users without enabling shadow IT.

Advanced notifications

Let’s begin with advanced notifications. There are a lot of excellent use cases to be made for utilizing notifications within Smartsheet.

Notifications can be triggered based on events or even by entering specific pieces of data into a sheet. For example, if a sheet’s value is updated, notifications can be automatically generated. Here are a few examples of how notifications can be used in Smartsheet:

  • The completion of development can trigger a notification to QA to begin testing.
  • The failure of an issue can trigger a notification for the development team to retest the issue.
  • Adding a record to the business issues list can trigger notification to the business owner.
  • The completion of a release can trigger notification to the leadership of the accomplishment.
  • Entering value realized can be summarized by a value meter to capture value realized across the department.
  • The entry of a new request can trigger the start of a triage process.
  • Users interested in sensitive issues can be added to watch lists to monitor critical pieces of work.

There are tons of ways to add alerts and notifications into existing Smartsheet functionality by designing new workflows.

For example, emails could be triggered to be sent if a test script failed. The QA tester could be immediately notified that a UAT tester failed a test case. This workflow reduces cycle-time delays, a common occurrence in ineffective business lifecycles. The immediate notification encourages resources to be involved more quickly instead of waiting for a status update that might come hours or even days later.

Powerful analytics

There are also powerful analytics and built-in visualizations that can be provided from the data nested in sheets and reports.

By leveraging sheets and reports and rolling the summary data into dashboards, users can access near-real-time data linked to insights. For example, if the team sets up sheets to capture business issues and has tagged them by category, dashboards can ingest this information and build dynamic charts and graphs based on categorization of the data.

Additionally, it’s possible to generate meeting minutes automatically using Ogilvy. The report builder also enables dynamic and customized reporting.

Workflow and process automation

Next, we have workflows. There are many repeatable business activities that we consider business-as-usual. These processes are often repeatable and consume large amounts of our business users’ time to aggregate data, and it takes hours for business owners to review the summarized information.

Many of these processes are manual and, frankly, inefficient. While these processes are generally technically repeatable, repeating the activity requires a significant amount of institutional knowledge.

To make these processes more efficient, we can introduce automation in the form of dynamic workflows. There are several benefits of automating processes with workflows:

  • More efficient execution of business processes
  • Reduction in repetitive tasks
  • Increased customer engagement
  • Minimized errors

How do you onboard or off-board staff? Your team might have a checklist. Many teams have even documented some parts of the process on Confluence or SharePoint. However, it’s unlikely that it’s fully documented.

These processes are primarily manual and require significant effort to hand-hold resources through the onboarding and off-boarding processes. What if the process was automated? Who from your team would be freed up to work on more value-added activities?

From service-ticket oversight to managing change controls, Smartsheet workflows can help streamline work and make processes repeatable and less prone to omitting critical steps.

There are loads of great uses for process automation that leverage the capabilities of Smartsheet. Here are a few areas in which we can introduce automation into business activities:

  • Collecting invoices and sending them to the appropriate processors
  • Monitoring the payment status of each account
  • Maintaining a general ledger
  • Submitting requests for service
  • Setting up new accounts
  • Issuing change requests
  • Onboarding

RPA flow connects Smartsheet data in UiPath Studio

Smartsheet also has integration with more complex pieces of functionality including robotic process automation (RPA).

UiPath Studio has tightly coupled its core capabilities for automation integration. RPA enables low-code application platforms (LCAPs) to engage individuals who aren’t developers and otherwise wouldn’t help build out the functionality. The new paradigm of low-code opens access for employees (non-developers) to build capabilities that previously would only have been accessible to hard-core developers. Moreover, the simplistic drag-and-drop type interfaces allow non-developers to create powerful capabilities for companies. Imagine if your business users could solve 30% of their challenges independently, allowing developers to focus on building more strategic value-added organizational capabilities?

While the integration of RPA can be on the complex side, once integration is achieved, the upside is enormous. Here are some benefits of using agents to automate processes leveraging Smartsheet functionality:

  • UiPath, an RPA platform, offers an easy-to-use platform
  • RPA enables non-developers to create process automation
  • Building an RPA program is just like drawing a diagram
  • With the CData ODBC Driver for Smartsheet, users can embed Smartsheet data into their workflow
  • Dynamically configure connections
  • Connect RPA utilities to Smartsheet data for automation
  • Create, run, and execute RPA functions (queries)

Future areas to explore

Lastly, I want to introduce three features that are more complicated and will require additional research but are great to add to your tool kit!

The first is Data Uploader. This utility helps centralize disparate data and integrate complicated data sets. Providing visibility requires gaining access to multiple systems to drive collaboration. Enabling efficient work execution is where Data Uploader shines.

The second is DataMesh. This utility provides more advanced lookups across sheets and integrates multi-sets of data. When multiple data sets are being combined, it’s essential to have data consistency. DataMesh helps identify and remove duplicates and supports the creation of links between sheets.

This functionality can be further expanded by creating links based on specific lookup values. If you’ve ever tried to replace values or swap values in blank fields, DataMesh will be a time saver. For example, suppose you have a user’s email address in one sheet and want that data displayed in another report. DataMesh can help populate that information into other sheets while maintaining a single source of truth over the data set.

Third, Control Center is a nice add-on to the core functionality of Smartsheet. This is a portfolio- and project-management solution that offers data consistency with better visibility across projects at scale.

A product you might already own

You might be thinking Smartsheet has potential, but what does it cost? Typically, organizations purchase enterprise licenses that cover their entire company. As a bonus, if your company purchases an enterprise license, the Smartsheet Product Certification is FREE for all enterprise users. This is a great offering, and many business users don’t even know they have free access they can leverage. It’s worth exploring if your company already has an enterprise license, because citizen developers may be interested in being product certified on Smartsheet.

Looking toward the week ahead, ask yourself, “How can I be a better business partner?” Begin by introducing technologies to automate existing manual business processes. Ask the questions others aren’t asking. Stop asking for help and start finding solutions.

If you found this article helpful, that’s great! Also, check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Fund innovation with new techniques to harden your existing contracts

Are you responsible for hiring? Do you hire contractors and consultants? Are you trying to determine how to eke out the best discounts and deals as you bring in new contractors while still maintaining a team of high-quality staff? You’re not alone.

Hi, I’m Peter Nichol, Data Science CIO.

Today we’re going to talk about some techniques for contracting more effectively with your partners and your strategic vendors.

You’ve likely heard about server hardening. This is a set of disciplines and techniques that improves the security of an “off the shelf” product, system or device. Here we’re also talking about hardening, but applying it to contracts. Contract hardening is the process of tightening existing contracts to distribute risk more evenly across all parties in the contract versus an uneven distribution of risk.

I’ll walk through several examples of how to specifically modify contracts to provide a more significant advantage to the organization as you start to grow and expand. I’ll also share some contract-hardening techniques that I’ve recently applied to organizational contracts. You might find them useful as your organization expands.

Rebates or discounts

The rebate is a discount based on net spend. This concept is founded on the principle that as the net volume—or value of executed contracts—increases, the client should receive a discount.

This might initially be a small amount; for example, 1% or 5% of the total contract value. The actual percentage will depend on the vendor’s markup and margins. However, essentially, if you, as a client, spend $1 million versus $5 million versus $10 million, you should get back some percentage of that net spend. Over time, it will add up. At first, 2% might only be $100,000, but it will increase with net spend to $400,000 quickly. When multiplying the rebate percentage times a dozen or more vendors, the rebates add up to millions of dollars avoided.

In addition, this rebate clause allows you to have dollars to reinvest in critical business operations; i.e., innovation or pursuing other enabling technologies that were previously unfunded.

Boomerang clause

The boomerang clause prevents contractors from rejoining the organization at a higher bill rate. Often contractors will be engaged for short durations—six or nine months. On occasion, these contractors will leave the organization for new opportunities. When a new opportunity at your organization looks better than their existing engagement, they’ll be rehired six or nine months later at a higher rate. For example, a contractor might have initially joined the team at $150/hour and was later rehired at $180/hour, or they joined at $100/hour and were rehired at $125/hour. In both cases, the company is paying more for the same resource with the same skills and capabilities.

The intent behind the boomerang clause isn’t to prevent rehiring good staff. The objective is to ensure that just because a new consulting or staffing company represents the consultant, we, as the client, aren’t overpaying for services rendered.

This clause prevents consultants from being rehired within six months at a higher rate. It doesn’t matter who’s representing the consultant or contractor; the rate can’t be increased if it’s within those six months. As a client, we don’t care what the margin or markup on the consultant was or will be with the new vendor. This clause prevents the client from increasing budget forecasting for similar resourcing; e.g., to prevent overbilling a contract.

90-day turnover

The 90-day turnover clause ensures that recruiting companies always place the best candidates at the client site. The idea behind this clause is to incentivize strategic partners to provide the best talent possible.

It’s not uncommon for vendors to feel pressure to place candidates and maintain billing tables. As a result, these vendors suggest and eventually place contractors at client sites that aren’t a great fit. Vendors, of course, want those contractors to bill forever. However, because of executive pressure and how contracts are written, they’re indirectly encouraged to place contractors into organizations where they know the fit isn’t ideal. This results in high turnover in those hard-to-place positions.

Who suffers when contracts don’t last more than six to 12 weeks? We, as the client, do.

There’s usually no negative impact or financial penalties for a recruiting or staffing company placing resources that turn over or leave the company. However, as clients, we’re required to pay for new training and the business impact resulting from gaps in resource coverage.

This clause shifts the burden onto the recruiting company to ensure they place resources they believe are the best fit for the organization. This contract states that if a contractor turns over (leaves for any reason) within the first 90 days, the recruiting company must pay for the transition costs. This transition could be two weeks or four weeks. The client is paid in credit for transition-services penalties. This is commonly a credit for total contractor billing (less expenses) through the first 90 days of service. This clause incentivizes recruiting companies and vendors to provide candidates that meet the qualifications and will be a good fit with the organization—not just a temporary fit.


The right-to-hire clause removes unnecessary fees when converting contractors to employees. Typically, contracts have clauses specifying that the client will pay either a one-time payment or a percentage of the annual salary for any contractors hired. That one-time fee might be equal to one year’s salary.

Alternatively, the fee can be a percentage—25% to 40% of base salary is standard industry practice. Generally, this is a reasonable vendor ask. However, when companies are experiencing a period of high growth, these fees become excessive.

With this clause unmodified, every time the client converts a contractor to an employee, the client pays a 25% fee. This fee is typically between $25,000 and $75,000 depending on the base salary of the incoming contractor. The occasional conversion fee is high but digestible. However, once you’re converting 10 to 15 resources a year, these fees become ridiculous. Imagine converting 15 resources and paying $600k in fees.

This clause places a cliff on the right to hire. The amended clause states that any resource engaged for longer than six months will have no conversion fee. If the contract is converted between one month and six months, there’s a declining percentage specified by a rate table. For example, if a resource is converted within one month of engagement, the client pays a 15% conversion fee; however, if the resource is converted after five months of engagement, that fee is 5%. Then, of course, after six months, there’s no conversion fee.

Recovery of assets

The recovery-of-assets clause shifts the responsibility for recovery risk from the client to the vendor. The contractor, at the end of the engagement, will have a laptop and additional peripheral devices such as mice or keyboards that must be returned to the client. As a client, it’s challenging to be responsible for chasing down these individuals to recover our assets. So, who’s in the best position to recover those assets? Of course, the vendor is in the best position because they hold the contractor’s last paycheck.

This clause shifts the burden of responsibility to recover borrowed assets from the client to the vendor. If, by some chance, assets aren’t recovered within 15 or 30 days, there’s a penalty assessed to the vendor.

Contract hardening

To capitalize on the growing purchasing power of expanding organizations, leaders must harden their staff-augmentation contracts and strengthen their contracting language. I’ve identified additional examples—which I’ve implemented across organizations—to decrease liability, reduce risk, and lower the total cost of services.

  1. Client rebates: This provides a rebate of 1% to 5% based on annual services billed less tax and travel.
  2. Boomerang rehire programs: This clause prevents resources from leaving the company and being rehired at elevated rates within six months.
  3. 90-day turnover: This clause transfers vendor financial risk for hired resources that leave before 90 days. In this case, the vendor would pay for the markup over the direct rate to the resource and the cost of transition or a new resource.
  4. Rolling off: This clause provides the company with the right to remove resources without cause. This ensures we have the best and brightest at all times.
  5. Right to hire (temp to perm): Previously, companies paid 25% of the base salary to convert a given resource. This starts the conversation at 15% and moves quickly to a cliff at six months, at which time conversion is free. Additionally, I normally cap the max conversion fee at $30k from a previously unlimited value based on salary.
  6. Insurance requirements expanded: Often master service agreements don’t specify insurance terms. However, terms should be specifically articulated to include dollars of coverage for  general liability, professional liability, umbrella policy, worker’s compensation, and a crime policy shifting risk from the company to the agency.
  7. Recovery of assets: This clause transfers risk to the recruiting agency to recover company assets (laptops, mice, keyboards, etc.) because they’re in a better position given that they hold the final paycheck for the resource.
  8. New rate card: This clause shifts rates from blend or average to a rate card to specifically call out service standards and expectations based on rate tiers. For example, if resources are from Eastern Europe, they’ll have different rates than resources sourced from South America.
  9. Contract structure: This is a general cleaning and removal of duplicate references to the final contract not-to-exceed amounts. Duplications of the contract value create the additional risk of signing an error-ridden contract.
  10. Reporting: This is a clause to add mandatory reporting of resource progress to ensure accountability and delivery of services as expected; i.e., reporting out on SLA, BLA, or quantified objectives.
  11. Public announcements of contract: This clause protects the company’s right to privacy by not publicly announcing the granting of staffing contracts while requiring written permission to use the company brand.
  12. Simplified schedules: This combines the billing schedules for multiple resources; i.e., project manager and business analyst. This unified schedule allows greater flexibility to simplify contract invoice processing.
  13. Fixed hours: Normally, contracts include annual hours estimates; e.g., 2,080 hours and the possibility of allowing for overtime. Alternatively, this clause starts with working hours in the year and then removes holidays and two weeks of forced vacation for contractors to recover and recharge during the year. The result is a much more reasonable number of hours estimated to be billed for the current year.

Take time before you recontract to consider how risk is distributed within your contracts.

  • Are you taking on too much risk?
  • Do vendors have the right incentives to perform?
  • Is there an impact if those performance measures aren’t achieved?
  • Do both parties benefit when growth occurs, and are both vulnerable to a negative impact when contractions occur?
  • Is there reasonable coverage in the event actors work the system?

Consider revisiting existing contracts before blindly resigning to existing terms. By putting in place these contract adjustments, you’ll start to optimize your contracts and change the risk to be weighted in your favor.

Then, as your organization grows, make sure your contracts reflect that additional buying power.

If you found this article helpful, that’s great! Also, check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

A handy leader’s tool for identifying and developing talent

Are you clear who you’re going to invest more time in this year? Are the top performers evident within your team or department?

Hi, I’m Peter Nichol, Data Science CIO.

If you haven’t already subscribed to my newsletter, please check out it at This is where I provide custom content to subscribers for FREE.

Are you a business leader trying to figure out how to define your role? You’re in luck. I’ve just designed a course titled, Define Your Role for BRM Success! In this course, you’ll learn how to define your role in the organization and maximize your effectiveness as a BRM.

Why use the 9 blocker model?

Today, we’re going to get a better understanding of how to evaluate members of your team quickly. You might have heard of the Nine Box Talent Review Model, commonly referred to as “9 blocker” (because the model has nine core blocks) or “9 box matrix.” McKinsey created this model in the 1970s to help GE prioritize investments across its nearly 200 business units. They centered the model around industry attractiveness and competitive strength as their two primary dimensions. Our model is an extension of the McKinsey model with a twist. In our model, we’ll use job potential and job behaviors as our two major dimensions.

So, why is this model helpful? First, it provides a simple framework by which to evaluate team members quickly. Whether they’re high-potential or need some additional help, this model offers an efficient classification. Second, it’s a consistent way to quickly assess how an individual is doing and if you should be investing time in them.

Illustration 1.0 Nine Box Talent Review Model Template

How is the 9 blocker interpreted?

So, how does it work? On the x-axis, we evaluate the team member’s job potential, and on the y-axis, we assess the team member’s job behaviors. In the lower-left quadrant, we classify team members with low potential and poor performance. In the upper right quadrant, we have high-potential and excellent performance. And, of course, the quadrants in between have a myriad of different combinations of those two.

Illustration 2.0 Nine Box Talent Review Model Interpreted

How is this model applied in practice?

Many approaches and techniques leverage the 9-blocker model to evaluate staff. I’ll share my process and the steps behind it.

  1. Identify all employees you want to assess.
  2. Choose two dimensions that best represent your environment.
  3. Classify each team member into one of the nine blocks.
  4. Review to assure that team members are actually in the correct box.
  5. Confirm that the categorization aligns with the preferred investment for each team member.

Identify captures a list of all the team members that you believe are in scope for the assessment. For example, if a new team member joined the team just a week prior, it’s too early to evaluate that individual. You’ll have an opportunity to assess their performance during the next round of performance reviews. Choose is one of the most critical steps. It’s essential to think through what dimensions will best represent your initiative. For example, if you’re targeting talent development, focus on “Talent Development” and “Performance.” There are a lot of dimension permutations when applying this model:

  • Ability and performance
  • Employee potential and performance
  • Leadership potential and performance
  • Engagement and performance

Classify simply slots each team member into one of the blocks based on the two dimensions selected. Review asks the assessor to take another look. Oftentimes, single events tend to cloud judgment or introduce confirmation bias. This step ensures that the complete picture of the team member is considered. Confirm is similar to the Review step. However, in the confirm step, it’s vital to look at your categorization based not only on performance but also on how much you want to invest financially in a team member’s growth.

Illustration 3.0 Nine Box Talent Review Model Example

This model can also be leveraged to classify team members into three main buckets:

  1. Lower left – correct or manage out
  2. Middle – core performers
  3. Upper right – ready for the next-level job

Additionally, it’s easier to see the blocks in three main sections using this model. This approach helps quickly classify a team member as performing or not and then narrows down that individual’s performance within that column:

  1. Far-left column – below performance standards
  2. Middle column – meets performance standards
  3. Far-right column – exceeds performance standards

How to manage training budgets using the 9 box matrix?

You ranked your team. You now have a good idea of how each individual performs and how they perform in comparison to other team members.

We’re already at mid-year. Have you even put a dent in your annual training budget? It gets better. We can use this model and start to evaluate how we’ll invest our annual training dollars. It’s easier than you think to use the 9-blocker model to help predict how training and dollars should be allocated. We spend 90% of our time managing the problems, and 10% of our time managing “the good” as leaders. It’s just the nature of the business that those problems consume the majority of our time, leaving little room for investing in those high-potential employees. Budgets should be divided by the number of members on the team. Why force someone to go to training who has zero interest? Additionally, if you reward that individual with paid training, it reinforces the right behaviors.

Illustration 4.0 Nine Box Talent Review Model For Training Investments

I’d like to share a training guide on how to budget for employee training if you have only $100 to spend. I use $100 because it can be easily converted into a percent. Here’s how it works. Let’s assume that you budget $10,000 for each individual on the team. You have 10 team members, which makes up an annual training budget of $100,000. Do you distribute this evenly, irrespective of performance? No.

The upper-right performance (high potential and excellent behaviors) would earn 100% of that budget—in this case, $10,000. However, a team member that’s in lower-left performance (low potential and poor behaviors) would only earn 5% of that budget or $500. This model aligns with a merit-based performance system for training and investment dollars.

As you move through this year and think about distributing your training budget, consider using a 9 blocker to make that job more manageable. Who are your top performers? Are you taking the time today to invest in those resources?

Leaders often get dragged into the weeds and ultimately spend a lot of time with individuals that, unfortunately, need a lot of help or are underperforming. It’s natural to focus on the problems, as that’s required to keep things running smoothly. However, those high performers need to be coached and guided as well. For example, suppose you want to decrease attrition and increase retention. In that case, you need to have a plan to improve training and provide additional opportunities to people who need to be brought up to average as well as to people who are trying to get to that excellent level.

Here are the images in higher quality for download.

If you found this article helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

How to lead a passive-aggressive employee

How do you encourage good performance and dissuade bad? Are leaders going through the motions but not embracing the heart of the mission? Are you being misled?

Hi, I’m Peter Nichol, Data Science CIO.

If you haven’t already subscribed to my newsletter, please check it out at This is where I provide custom content to subscribers for FREE.

Are you a business leader trying to figure out how to define your role? You’re in luck. I’ve just designed a course titled, Define Your Role for BRM Success! In this course, you’ll learn how to define your role in the organization and maximize your effectiveness as a BRM.

Today we’re going to talk about managing behaviors on your team—specifically, passive-aggressive behavior. Rarely do we, as leaders, have challenges we can’t see or face. If the market is shifting, we can feel small tremors and position our organization ahead of the next rumble. If any individual doesn’t please a key stakeholder, we can offer suggestions to mend that social divide. The challenge with managing passive-aggressive behavior is that it’s primarily intangible. You can’t find it. It’s hard to wrestle. It isn’t easy to nail down the source.

Whether you’ve been around for 30 years or you’re new to the leadership or BRM scene, passive-aggressive behaviors are something we all can brush up on.

Passive-aggressive behavior: the definition

What is passive-aggressive behavior? Passive-aggressive behavior is behavior that’s essentially aggressive behind the scenes. Passive-aggressive behaviors are indirectly aggressive rather than directly aggressive. Individuals that display passive-aggressive behavior obey authority in its presence but are positioned to turn their backs at the first chance.

It wasn’t until 1952, in the first edition of the American Psychiatric Association’s Diagnostic and Statistical Manual of Mental Disorders (DSM), that passive-aggressive behavior was explained in detail. The term was coined by an Army psychiatrist named William Menninger. Following the Second World War, Menninger published a document called Medical 203. This was a major overhaul of the existing US classification of mental disorders, and it was within this document that Menninger spelled out passive-aggressive behavior. It originated from a disturbing pattern among soldiers. These soldiers technically obeyed orders but executed them with subtle disobedience. For example, in some cases, they’d execute the orders to the letter but ignore the spirit of the command entirely.

There’s a good quote that sums up passive-aggressive individuals nicely: “Some people are like clouds—when they’re gone, it’s like a beautiful day!”

Why is diagnosis hard?

The greatest challenge is quiet aggression. Many times, you feel something, but you can’t specify what’s actually occurring that disrupts achieving results.

Complex actions

Often, the actions of passive-aggressive individuals are complicated. Their actions might even appear confusing, as they’re mixed with stress, anxiety, or insecurity in the individual.

Mask behavior

Another reason these behaviors go undetected is that they’re hidden from view. These individuals’ behavior is a way to veil their discontent, hostility, or anger. Because they mask their true feelings, detecting and interpreting the emotions of these individuals can prove challenging for leaders. If you’re not familiar with identifying micro-expressions, you’ll enjoy my article titled, Micro Expressions: The Art of a Lie. This article helps you to determine what to look for in mixed-emotion responses.

Quiet Disobedience

A passive-aggressive individual isn’t going to say they disagree with your strategy. They’ll do the very opposite. Their genuine emotions are suppressed. However, they’ll disagree with you offline by sharing their opinion powerfully with other team members, creating a manufactured situation where you, as a leader, can’t defend and justify your rationale for the given course of action.


People who engage in passive-aggressive behavior won’t admit anything’s wrong. Have you ever wrapped up a discussion and said, “Does anyone have concerns or questions about what we covered?” Passive-aggressive individuals usually won’t speak up against your strategy. However, once that meeting has wrapped, they’ll relive that discussion and talk to others about how your system doesn’t make sense and why the approaches won’t work. You might think, “I want people to challenge the direction.” That’s a good gut feeling to have. However, in this case, you can’t explain any of those decisions because the individual or individuals are exhibiting this passive-aggressive behavior in the organizational shadows.

Resistance to change

Typically, these folks don’t like any change that might pivot them from being an expert. Often these individuals will blanketly disagree with change—any change—presented to them. This resistance is rooted in an inability to communicate effectively.

How do you spot passive-aggressive behavior in action?

Passive-aggressive behavior slowly erodes team unity and cohesion. These are actions and behaviors that take place quietly when most leaders are unaware. To mitigate or stop passive-aggressive behavior, we first need to be able to identify it.

Exclusion from emails

The act of being left off an email seems innocent enough. On occasion, it’s a simple oversight in judgment that’s never repeated. However, it’s also a prevalent example of someone being passive-aggressive. There was a critical communication that a member of your team sent out, and it wasn’t sent to you. Maybe it’s just an omission. Be a good leader and assume good intent. However, if this happens two or three times, it’s not a simple lapse in judgment. It’s deliberate.

Pushing back on reasonable change

Let’s get real. Almost no one loves to change. So, when you’re getting resistance to change, that makes sense. For example, a new executive was hired to mature departmental processes, and the individual doesn’t feel documentation adds value. This is a classic example of passive-aggressive behavior.

Here are some additional signs to look for that may appear to be omissions but, when they occur together, are more likely deliberate:

  1. Intentional procrastination: pushing off tasks because of other “priority” work that’s never initially identified
  2. Disruptive behavior: voicing their opinion at the wrong time
  3. Blaming others: never accepting their communication could be the source of the issue
  4. Gossiping behind colleagues’ backs: oversharing information
  5. Pushing the demands of others: not communicating to them but rather on behalf of others
  6. Intentional mistakes: scheduling a critical stakeholder meeting before your team meeting
  7. Hostile attitude: isolating from other people because of impatience or stubbornness
  8. Disguising criticism with compliments: offering negative opinions wrapped in positivity
  9. Silent treatment: building a culture of disengagement
  10. Sullen attitude: always finding fault in others for delays
  11. Stubborn: lack of interest in change
  12. Leaving things undone: not finishing assignments before taking a vacation (even if one day)
  13. The indirect request: executing the letter but not the intent of a direction or assignment
  14. Sabotage: rarely overt and often designed to make someone go crazy

The good news is that, over time, passive-aggressive behavior makes its way into the light. I enjoy the following quote from Haruki Murakami: “Sometimes, it’s not the people who change, it’s the mask that falls off.” Eventually, all truth is told.

The delay in recognizing passive-aggressive behavior is what makes it challenging to address. Usually, there are soft signs such as childlike behavior designed to keep you, as a leader, submerged.

How do we get ahead of this behavior?

There are three basic approaches for dealing with passive-aggressive behavior:

  1. Establish team norms
  2. Set standard team principles
  3. Define the standard for good

First, establish team norms that set the behavior guidelines for your team. If you need to, brush up on my article, Why team norms transform team dynamics. It provides a great start. Team norms help the team define what’s acceptable behavior and what isn’t. A few good examples of team norms include:

  • Avoid hidden agendas
  • Listen to understand
  • Provide assurance that issues discussed will be kept in confidence
  • Give your colleagues the benefit of the doubt
  • Respect the time and convenience of others

By defining good behaviors, you help to identify unwelcome behaviors. In essence, you’ve clarified how a high-performing team should be operating.

Second, set standard team principles. These principles establish the guiding framework for the team or department. Sometimes, these principles are defined by the organization or company; you need to generate them other times. Good examples of team principles might include a few of the following:

  • An excellent approach to conflict management
  • Effective allocation of resources
  • Stepping in to help before asked
  • Mutual respect for team members
  • Identifying what unites us
  • Respecting the opinions of others
  • Acting as one team

Third, define the standard for good. How do team members know how to perform if performance standards haven’t been established? Short version: they don’t. There are a lot of ways to tackle defining “good.” Here are a few ideas:

  • Define roles and responsibilities for the team
  • Use a rubric based on job function
  • Develop a standard operating procedure (SOP) for the team
  • Establish objective and critical results incorporated into annual performance

How you define the standard isn’t crucial, but making it clear is vital. Team members must know what behavior and associative performance are encouraged and what performance isn’t. If you have an individual who’s not performing, it’s essential to have a standard to measure their actions, behaviors, and outcomes against.

Taking corrective action

What happens if you find yourself in the position of dealing with a passive-aggressive team member?

You might feel the team is starting to gel. Yet, there are undertones indicating that people disagree with the strategy. However, when you inquire individually, you can’t tell where all the noise originated. The excellent news is that usually this intangible noise is being driven by one or two people creating and reinforcing the negative culture. Make no mistake—they’re sabotaging your strategy and how you’re executing that strategy. Where do you start in taking corrective action?

There’s a three-step process that’s failproof:

  1. Clarify the performance standard
  2. Identify the behavior gaps
  3. Explore corrective action

First, you need to sit down with that individual and have a conversation. Discuss what you expect and what good performance looks like. Second, you need to identify behaviors that don’t align with the team norms, principles, (maybe) competencies, or the standard for good. It needs to be made clear which team norm they violated and what behavior was unacceptable. Third, if, at this point, you’ve not seen significant performance gains, or you’ve been made aware of another occurrence of this behavior, it’s time for corrective action. This means the behavior needs to be formally documented. It doesn’t matter if this is shared with the individual or not. However, the documentation must exist in case this situation continues to surface.

It’s challenging to identify the emergence of negative team aspects when they’re not directly presented to you. For example, if somebody doesn’t attend a meeting on time, the performance gap is apparent. If a team member shows up at 10 am—two hours late for work—that’s obviously a performance gap. When a deliverable is delivered two days late, we can immediately explain the performance expected and what was achieved. In each of these examples, it’s obvious what happened. How to correct that behavior is also straightforward.

With leadership, situations are rarely just black and white. What do you do when the team just isn’t working well together? Where do you look when your approach isn’t realizing its goals? Passive-aggressive behavior is subtle. Acts of sabotage or quietly challenging authority don’t occur in the daylight.

Hopefully, this article provides some practical tips on how to get ahead of managing passive-aggressive employees. Here are a few templates to help document your conversation with team members exhibiting passive-aggressive behavior.

If you found this article helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They were published in early 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Remove the middleman with a business partner survey

Are your business relationship managers performing as expected? Do your leaders meet business partner expectations? Are you sure?

Hi, I’m Peter Nichol, Data Science CIO.

If you haven’t already subscribed to my newsletter, please check it out at This is where I provide custom content to subscribers for FREE.

Are you a business relationship manager trying to figure out how to define your role? You’re in luck. I’ve just designed a course titled, Define Your Role for BRM Success! In this course, you’ll learn how to define your role in the organization and maximize your effectiveness as a BRM.

So, into our topic we go.

How to manage expectations

Today, we’ll explore how to ensure you have an accurate pulse on your business partners’ expectations. We all know that building relationships and maintaining those relationships is paramount in being successful within any environment.

The success of your relationships largely depends on the amount of time you invest in developing them. Unfortunately, we all know that hard work alone doesn’t equal success. We must measure and validate that we’re meeting or exceeding expectations. It’s imperative to manage expectations and get direct feedback on how the team’s performing, and, more specifically, how individuals on your team are being perceived. Perception is reality. To do this effectively and fairly, we need to evaluate the team externally.

I’ve found the introduction of a business-partner survey to be invaluable. Maybe you’ve just joined a new team. If so, this is a great tool. Maybe you’ve been on the team for years. If that’s the case, this is a great tool to refresh your understanding of what’s working and better clarify what’s not. Don’t assume. Validate your understanding with a survey.

Why the business-partner survey is a game-changer

Years ago, these surveys were referred to as “360-degree Surveys” or “360 Leadership Assessments” or simply “360s.” Speaking from the experience of having gone through a full 360-degree leadership assessment, this is a tool that confirms individual and organizational biases.

However, the business-partner survey is framed differently and is applied in a new context. First, the goal of the business-partner survey isn’t to jam up your team. It’s designed to amplify the good and get ahead of the bad. The business-partner survey allows you, as a leader, to get direct feedback from your business partners about individuals on your team in an unfiltered format. The benefit here is that you’re receiving direct input. No middleman is filtering the message to make it softer. There’s no relay of leaders to distort the original form of the message. You’re hearing raw, unedited feedback about your leaders.

Have you ever been in a situation where you received inaccurate feedback on your performance? How frustrating was that? You knew how you performed, and yet the narrative you received didn’t reflect reality. It’s not a great feeling.

As a leader, we must ensure this doesn’t happen to our team on our watch. It’s not your boss’s responsibility. It’s not the duty of the leader on your team. It’s your responsibility. Own it.

Are you removing your team’s roadblocks? When was the last time you accelerated their performance to make them more effective? How have you amplified the strength of a team member this month? By applying a business-partner survey, you’re also able to take action.

Are you providing timely information?

Did you ever sit down for a performance review discussion only to find you’re talking about an incident that occurred months ago? It’s an uncomfortable place to be. It’s also strangely curious that this is the first time you’re hearing about the situation. Don’t let that happen to your team. Have those one-minute updates frequently. Using a business-partner survey allows you to provide timely and actionable feedback to your leaders on how to bring their game to the next level.

Rarely do I receive business-partner surveys that have disastrous results. Of course, the feedback is biased by the individual’s role in providing the feedback. However, it’s also the reality of how they perceive the world. Guess what. This is a perception they’re already sharing with others. Whether you agree or not, you must have that information to make future decisions.

Less favorable information allows those leaders to course-correct before situations spiral into a place where options are limited due to executive frustrations. This is the exception. For the most part, favorable feedback has benefits for your team.

The survey DNA

The ultimate power of this survey is to elevate your team’s image. Using a business-partner survey can help get your team promoted.

To administer the survey correctly, it’s essential to understand how the template is laid out. The business-partner survey has four sections:

  1. Introduction
  2. Who’s being evaluated
  3. Specific questions
  4. Additional comments

The first section, the introduction, talks about why the business-partner survey is being conducted. Mainly, the goal in this section is to stress that this survey isn’t a corporate mandate. It’s being used as a measure to improve and elevate your team’s performance to the next level.

The second section, who’s being evaluated, deals with who’s in scope for the survey. This section covers the business departments units covered within the survey.

The third section outlines the specific questions being asked of the respondent. These questions are all in the form of yes/no. Intentionally, there’s no middle. There’s no scale from 1 to 10, with 10 being exceptional performance. The process uses a forced-choice methodology. Forced choice requires the respondent to answer (e.g., yes or no), which causes them to make clear decisions about each response option. (There’s an option of “N/A” if the leader is new or the question doesn’t apply to that individual.)

The fourth and last section covers additional comments. This is a free-form section to allow respondents to provide a narrative in their own words. This section is extremely powerful. Here’s where the respondent can offer up kudos for the leader’s hard work.

Survey question examples

You’re likely wondering what questions I include when I send out a business-partner survey. The focus isn’t on measuring net value but rather the behaviors of that individual leader that contribute to team, department, or organizational value.

Here are examples of questions about leaders with delivery accountability. Does the leader:

  1. Have a sense of urgency?
  2. Use good judgment when making decisions?
  3. Demonstrate respect for peers and colleagues?
  4. Welcome suggestions from team members when appropriate?

When you create your questions, make sure they relate to your leaders while being generic enough to identify general behaviors.

For example, you may have already identified many of the behaviors as team norms. If you haven’t identified team norms, check out my previous article, “Why team norms transform team dynamics.”

The power of words over metrics

Consider for a minute the following two situations. In the first situation, the leader achieved $5 million in costs avoided by implementing a complex, data-analytics, cross-functional initiative. The initiative was a wild success. In the second situation, the CEO heard about this accomplishment from multiple team executives and said the following during a departmental meeting: “Paul’s ability to unify the company was amazing. Through his leadership, his team saved the company $5 million. Please thank Paul during our ‘Bits, Bytes, and Beers’ social hour this Friday. The hard work of his team paid for our event!”

Both statements reflect on the same accomplishment. However, somehow, the spoken words of the CEO are far more powerful. This is the impact of kudos—expressing verbal praise for an achievement.

The additional-comments section allows respondents to offer feedback in their own words. There are five to eight blank lines. However, respondents usually either write a book or only provide a brief phrase.

The beauty of this design is that even if you don’t receive additional comments, you can leverage the questions as a statement. For example, “works with a sense of urgency”—referring to the Senior Director of IT Operations—would be an accurate and helpful quote taken directly from the canned questions.

The benefit of the business-partner survey is to empower your team. Of course, if corrective action is necessary, you also have a great tool to facilitate that conversation. You can provide context-specific examples of behavior heading in the right director or behavior that needs some adjustment.

If you’re leading a rock-star team, this single tool might be your best friend. The business-partner survey is an excellent method to document performance to build a business case for employee promotions.

Start today by taking simple steps to gather the information necessary to conduct a business-partner survey to empower your team. Give your team direct and timely feedback so they can soar!

Download the template

If you found this article helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They were published in early in 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Validate your mid-year goals to lock in success

Do you have a plan to validate that you’ve met your mid-year objectives? Does your team have a plan to confirm that end-of-year objectives are on track for completion?

Hi, I’m Peter Nichol, Data Science CIO.

If you haven’t already subscribed to my newsletter, please check it out at This is where I provide custom content to subscribers for FREE.

Are you a business relationship manager trying to figure out how to define your role? You’re in luck. I’ve just designed a course titled, Define Your Role for BRM Success! In this course, you’ll learn how to define your role in the organization and maximize your effectiveness as a BRM.

The guideline for goal achievement

Today I’m going to get into how to make sure you align your mid-year objectives and have an approach to validate that you achieved those objectives.

Let’s start with a hierarchy of how these different parts relate and explore the relationship between objectives and goals. I want to introduce a new pneumonic:

Victory Means Giving Others Credit and Keeping Mild Manners

  1. V = Vision
  2. M = Mission
  3. G = Goals
  4. O = Objectives
  5. C = Critical success factors
  6. K = KPIs
  7. M = Metrics
  8. M = Measurements

I often recall this pneumonic, but I rarely remember the details if I don’t write it down. However, when I do write out, “Victory means giving others credit and keeping mild manners,” I find it’s much easier to remember the details.

Additionally, these concepts build on each other and are quasi sequential. It’s not that they can’t be performed in parallel, but each is usually envisioned as an output of the prior group.

Let’s explore briefly what each term means in more detail. Vision is a statement that describes the future position of a team, department, or company. Mission defines a team, department, or company’s purpose in reaching their goals. The goals are general guidelines that explain what your team, department, or company intends to achieve. Objectives are more specific and define strategies or the implementable steps required to attain the identified goals. Critical success factors are goals that are crucial for a team, department, or company to meet. KPIs (key performance indicators) is a method to measure value and evaluate how a team, department, or company is achieving key business objectives. Metrics differ from KPIs because metrics track the status of a specific business event, process, or outcome, and often calculate multiple measures. Measures or measurements are data points for a particular point in time and in context.

Using a pneumonic is helpful in recalling the details and understanding how these elements of performance fit together.

Validating that you achieved your goals

Think for a minute about what you achieved year to date. What products did your team introduce? How did your department grow and mature over the last quarter? As you recall the accomplishments within the previous six months, you’ll find your team probably achieved some excellent outcomes.

Now ask yourself if what your team achieved is genuinely connected to your objectives. How can you prove this? This is where things start to go off track with most leaders. They know they achieved solid results. However, they’re unclear on how to connect the results they achieved to objectives—and, more specifically, how to prove—beyond all doubt—that those objectives were successfully met.

As a result of coaching many leaders over the years, I developed what I call, “The Goal Plate.” This is a combination of five key elements that confirm that your goals were achieved beyond all doubt.

Elements of The Goal Plate:

  1. Objectives
  2. Goals
  3. Strategies
  4. Action plans and measures
  5. Validation of completion

This is a simple model that’s easy to communicate to leaders.

How does it work?

The process starts with the objectives you were given at the start of the year. However, often in many immature organizations, those goals are either nonexistent or incomplete. If you’re in that situation, take time to elaborate and define the objectives that align with your role. It might be helpful to reference my article on objectives and key results (OKRs) titled, “The system adopted by Intel for goals.”

Next, we add on our goals. These are usually a bulleted list of approaches or guidelines that you’ll use to achieve your objectives. These could be general behaviors that get your team, department, or company closer to achieving the objectives.

After we have our objectives defined and our goals established, we begin to document our strategies. During this step, we identify the specific methods for how we’ll enable our goals. These could be, for example, new initiatives to drive a particular outcome.

Action plans and measures define the specific steps we plan to take to realize our strategies. These are prescriptive and specific activities that we’ll perform to achieve the desired objective outcomes.

Lastly, we identify the validation of completion. In this step, we define yes/no questions that, if affirmed, validate that our activity was completed, links to our strategy, connects to our goals, and directly affects our objective being achieved.

The Goal Plate example

  • Objective
    • Continue to develop leaders that can drive and have accountability for delivery across the organization
  • Goals
    • Develop and mentor the team to become subject matter experts (SMEs) on the issues, defects, and project challenges for the business units that team members represent.
  • Strategies
    • Build a culture of PPM excellence, where portfolio, program, and project management are viewed as a business accelerator
    • Quantifiably improve the PPM maturity for the analytics and agile delivery team
    • Implement quarterly PM-demonstrated competency checks or maturity measures.
    • Develop a training approach to increase domain and channel knowledge systematically
    • Develop and communicate a transparent escalation model
    • Institute a model to collect and aggregate project status for empowered executive decision making
    • Provide new training opportunities for PMs; e.g., Smartsheet
  • Action plans and measures
    • Conduct quarterly demonstrated competency checks to evaluate the team using competencies and maturity measurements
    • Design and communicate resource backup coverage plan
    • Forecast and model program-manager utilization through year-end
    • Design and generate a weekly project-summaries document for leadership awareness
  • Validation of completion
    • “In progress” or “complete” (aligned with each action)

Download the templates here

Hopefully, this article provided some insights into how you can confirm and validate that you have achieved your mid-year goals.

If you found this video helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They just came out early in 2021 and are available on Amazon and at for author signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Navigating the BRM role in a world of squad, chapters, and tribe leaders

Is your organization racing toward agile? Are you a BRM that’s confused about what your role is?

Hi, I’m Peter Nichol, Data Science CIO.

I’m going to help clarify why you don’t have a role today and how to get one for tomorrow.

Let’s begin by discussing each of the different leadership roles for squads, chapters, and tribes. First, we’re going to talk about a squad leader, a chapter leader, and a tribe leader. And then we’ll briefly get into where the business relationship manager (BRM) role fits in.

If you haven’t already subscribed to my newsletter, please check it out at This is where I provide custom content to subscribers for FREE.

Are you a business leader trying to figure out how to define your role? You’re in luck. I’ve just designed a course titled, Define Your Role for BRM Success! In this course, you’ll learn how to define your role in the organization and maximize your effectiveness as a BRM.

The squad leader

Let’s get into the role of the squad leader. This role is primarily tactical. These leaders typically have six to 12 members in their squad. They aren’t a line manager. Therefore, squad leaders don’t have direct reports. There are no resources that hard-line into the role of squad leader.

However, this role is accountable for coaching, maturity, and mentoring the squad.

The squad leader is accountable for ensuring the squad achieves its desired goals. This role frequently deals with management reporting. This may include publishing weekly or monthly reports to improve transparency around squad performance.

What does the squad leader do?

  • Team leader
  • Unit leader
  • Not a boss for the team
  • Plans work
  • Focuses on tactical elements
  • Collaborates with product owners
  • An orchestrator of work execution
  • Builds and designs cohesive teams
  • Isn’t a functional line manager
  • Works to have the squad function as a single productive unit
  • Coaches and mentors the team
  • Reports progress to tribe leaders
  • Provides input on team members to chapter leaders
  • Leads without pushing controlling behaviors
  • Great for developing a leader

The chapter leader

The chapter leader is a similar role to that of a traditional line manager. However, this role combines both a tactical focus and a strategic element.

This role does have direct reporting hard-lined into it. A chapter leader is an expert in both a domain area and in the management of people. For example, a chapter of architects would be led by the architecture chapter leader. This leader would have years of experience performing the architecture role and multiple years as a leader or architect manager in traditional organizations. Likewise, a project management chapter leader may lead project managers and business analysts. Again, this leader would have prior experience as an analyst or project manager in addition to conventional resource management (managing directs) experience.

The chapter leader manages less than seven directs with typically less than 30 people under them, including all organizational layers.

What does the chapter leader do?

  • Line leader
  • Not day-to-day oversights (squads do that)
  • Focuses on building the right capabilities of the squad
  • Enables the right tools
  • Makes sure the squad has the skills required
  • Focuses on building value-creation opportunities
  • Reports on multiple squads to the tribe leader
  • Focuses on tactical and strategic elements
  • Gathers feedback from tribe members to evaluates performance
  • Assigns the right resources to agile squads
  • Designed around specific competencies; e.g., testing, project management, or sales
  • Assigns the right people to the squads
  • Ensures squads have balanced competencies
  • Drives near-term priorities and objectives

The tribe leader

The tribe leader’s role is strategic.

Typically, the tribe leader has less than 100 people in their area of responsibility. Their focus is on being a mini CEO or mini CIO for that area. They’re trying to optimize value creation and understand what outcomes the business partners are expecting. Tribe leaders help to ensure that business partners’ needs are being met. They’re looking at a longer-term horizon, a strategic vision.

What does the tribe leader do?

  • Acts as a mini CEO or mini CIO
  • Think general manager type of role
  • Focuses on value creation
  • Concentrates on driving growth
  • Consistently considers how to serve their business partners better
  • Requires leadership and strategic understanding
  • Requires a cross-functional mindset
  • Necessitates a profit-and-loss viewpoint
  • Doesn’t own people
  • Accountable for squad and tribe performance
  • Makes informed business decisions
  • Manages to goals and objectives
  • Sets priorities

Where does the BRM role fit?

With the mental framework of squad, chapter, and tribe leaders defined, we now can get into the meat of where the BRM role fits into accelerating agile methodologies.

Squad leader (tactical)

The squad leader is a tactical role. This role aligns with a tactical BRM. Typically, this is an associate director role. This role is also viewed as consultative.

Chapter leader (connector)

The chapter leader is a tactical and strategic role. This role aligns with a connector BRM. Typically, this is a director-level role. This role is considered a key advisor.

Tribe leader (orchestrator)

The tribe leader is a strategic role. This role aligns with a strategic BRM role or an orchestrator type of role. Often, this is a senior director role. This role is valued as a strategic advisor.

As a BRM, by default, you don’t have a seat at an agile leadership table. That’s unfortunate. It’s also the reality. Anyone that says different simply isn’t living these concepts in a corporate environment.

However, this also presents a massive opportunity for BRMs. First, you must define your role. You also must define your role before an agile leader defines you as redundant. Second, you have to take control. How does your role integrate with agile? Where do you add value? As a BRM, it’s imperative that you address these critical questions.

Unsure where to start? Begin with my course titled, Define Your Role for BRM Success! This course gives you the tools to define your BRM role in terms that organizations understand and allows them to play nice with agile. Stop wasting time guessing. Start listening to answers that you can apply to your organization tomorrow!

How do I start?

Begin by identifying principles that the methodology promotes. Don’t just copy another organization’s process. The “lift-and-shift” method rarely works when introducing an existing methodology into a new company. In almost all cases, some elements can be reused, but rarely in the exact form. So instead, identify core principles (autonomy, trust, community, transparency, self-management, etc.) and think through the process to discover what’s best for your organization.

Hopefully, you’ve gained insights into how squad leadership, chapter leadership, and tribe leadership align with conventional BRM roles!

If you found this article helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They were published in early in 2021 and are available on Amazon and at for author-signed copies!

Hi, I’m Peter Nichol, Data Science CIO. Have a great day!

Scaling agile with squads, chapters, tribes and guilds

Are your teams starting to double down with agile? Are they focusing on new concepts like squad, tribe, chapter, and guild? Is it a little bit confusing trying to understand how those concepts relate to conventional frameworks like Scrum and SAFe when these methodologies don’t use those types of terminology, especially in their training?

Hi, I’m Peter Nichol, Data Science CIO.

Today, we’re going to dive into those specifics and provide some answers. But first, let’s get a better understanding of why agile teams evolved as the focus of higher performance and improved quality.

Smaller teams generate better throughput

If we look at Francis Bacon in the 1620s and his invention of the scientific method, his focus was on identifying opportunities and trying to capitalize on what works and discard what doesn’t. He embraced the simple idea of “fail fast” or “fail quickly.” If it worked, he leveraged it; if it didn’t, he discarded it and quickly moved on.

Fast forward to the 1930s. Walter Shewhart, a physicist and statistician, developed the Plan-Do-Check-Act while working at Bell Labs. He designed this model after hyper-focusing on lean optimization and continuous improvement concentrated in the manufacturing space. His approach, in concept, was similar to Bacon’s. Shewhart was experimenting with what worked and optimizing the model by removing the waste activities that weren’t value-added.

In 1986, Hirotaka Takeuchi and his coauthor, Ikujiro Nonaka, published an HBR article titled, “The New Product Development Game.” The article bought attention to the fact that smaller teams were producing better results than larger teams. Fuji-Xerox applied these techniques in its copier production lines. Cannon took a similar approach to produce cameras. Even Honda implemented these techniques in manufacturing when designing and building engines.

Takeuchi discovered that smaller teams had more effective output. They had higher throughput and more consistent throughput levels than their counterparts running larger groups in competing organizations. In contrast to conventional thinking at the time, more control and greater top-down authority decreased productivity.

Give me the short version

A squad is a group of cross-functional team members. Multiple squads roll into a tribe. Chapters are groups with similar competencies. All squad members are part of a chapter. Guilds represent themes or communities of interest that anyone can freely join.

What’s a squad?

So, what’s a squad? A squad is similar to a Scrum or an Agile Team in SAFe.

The squad is made up of between six to 12 members. Each member is an expert in their field. They work autonomously, and they’re self-motivated. No one’s telling the squad what to do. They already know. They’re working to burn down a backlog list and leveraging Kanban principles to manage work-in-progress (WIP). The team has a product owner, squad leader, and agile coach assigned. But remember, there’s no official management oversight of this squad (no one identifies as a boss).

Facts about squads:

  • Primary working unit
  • Self-organizing and autonomous
  • End-to-end accountability for delivery
  • Sit together
  • Six to 12 members
  • Similar to a mini startup

What’s a chapter?

Chapters are focused on the individual group and the development of that group with team members that share similar competencies.

Chapters ensure that squads are made up of the right people. In addition, they address missing or weak competencies and identify the abilities necessary to optimize squad productivity.

The line manager is part of the chapter. Typically, the line manager is also the chapter leader. So, for example, if a team member wants Friday off, they don’t go to their squad leader. Instead, the team member would ask their chapter leader.

Usually, team members are farmed out to squads from Monday through Thursday. On Friday, the team members return to their chapters. Within the chapter team, members share practices and lessons learned. Frequently, chapters are designed with similar functions. As a result, there might be a chapter of architects or a branch of business analysts.

Additionally, because chapter team members have similar roles and expertise, we find centers of excellence within the chapter. So, for example, we might have a Business Analyst Center of Excellence within a chapter, or there could be a Project Management Center of Excellence.

Facts about chapters:

  • A group of members with similar competencies
  • Where personnel development and training take place
  • Talent is assessed
  • Centers of excellence live here
  • Usually, team member performance is assessed by a combination of the chapter leader and the product owner
  • Team members work here on Fridays

What’s a tribe?

This brings up the concept of a tribe. Typically, multiple squads roll into a single tribe. Usually, eight to 14 squads make up a tribe. A tribe usually has less than 100 members. Tribes are also grouped around logical or similar areas; e.g., business domains or product domains. For example, if Squad A was focused on back-end development, and Squad B was focused on front-end development, there could be a tribe that made up a holistic view of that product ecosystem (front-end and back-end delivery).

Facts about tribes:

  • Tribes support squads
  • A collection of squads that work on related areas to solve a specific business problem
  • Team members work here Monday through Thursday
  • Made up of less than 100 members
  • Built by combining eight to 14 squads
  • Tribe leader provides the right environment

What’s a guild?

Guilds are cross-functional common areas or communities of interest. Unlike centers of excellence, guilds don’t bring together only team members with the same competencies. For example, they’re not all architects. Maybe somebody is a developer, business leader, or even a sales representative. Instead, guilds are a cross-pollination of different roles with a similar interest; e.g., customer enablement, data transformation, or agile delivery.

Facts about guilds:

  • An interest group that anyone can join
  • Purpose of sharing knowledge, code, or practices
  • Guilds can be formed any time when there are enough people
  • Frequently, a coordinator is assigned to the guild to improve efficiency
  • Often led by a strong domain expert

How do you get there?

By now, you’re likely thinking, how do I get involved in building the capabilities of squads, tribes, chapters, and guilds today?

First, you need to develop a flat hierarchy. The way this works is you must empower those squad teams to make decisions. They also must have authority to make decisions. This requires leaders to delegate authority, at some point, or those decisions will be revisited wasting precious time.

Second, make sure you allow team members enough room to operate. Your job as a leader is to remove the bureaucratic obstacles that slow squad efficiency. For example, if you still require weekly status reports (on top of Sprint summaries), you haven’t allowed your teams to make their own decisions and work autonomously.

Lastly, the organization needs to support this type of methodology. It’s great to promote concepts of grandeur or idealism. Still, the reality is, if the organization doesn’t have a cultural mindset to work independently and autonomously, you’re ultimately not going to be effective.

Empower your teams. Give them the authority to make decisions and allow them to work autonomously. Make these simple changes, and you’ll start building a productive squad, tribe, chapter, and guild.

If you found this article helpful, that’s great! Check out my books, Think Lead Disrupt and Leading with Value. They were published early in 2021 and are available on Amazon and at for author-signed copies! Hi, I’m Peter Nichol, Data Science CIO. Have a great day!