Lessons in Leadership from Terry Francona

I recently had the opportunity to see Terry Francona speak to a small group of IT professionals. Terry geared a lot of his conversation towards his approach to leadership. One of the key concepts that initially jumped out to me was the fact that he focuses a lot on creating a culture where the team “wants to come to the ballpark every day and do the right thing”.

When I first became a hiring manager, I focused too much on technical aptitude during the interview process. I asked detailed questions about a particular system or network but didn’t spend much time talking about how they approached situations or problems. While we ended up hiring folks that were experienced, in some cases, they lacked a genuine passion for technology. In more extreme instances, they didn’t work well with other team members. I obviously needed to make some sort of adjustment.

Fortunately, I heard Terry Francona speak at the right time in my career. I’ve focused more on hiring the qualities that can’t be easily coached or developed since that event. This has led me to work on finding individuals that are curious to find out how technology works as opposed to just technicians that have obtained massive amounts of knowledge. I also try to gauge whether or not the candidate operates with a level of integrity. These adjustment have helped create a culture where all of our team members that want to come to work every day and do the right thing for our customers.

Another lesson that I learned during this talk was to learn by observation. Terry Francona mentioned all of the managers that he coached with and played for during his career. He said that he learned a lot about how to be a great coach by playing for great coaches. You might not ever get the chance to sit down and have a career-focused conversation with someone that you admire. Fortunately, there is ample opportunity to learn from the example that they set and how they approach a particular situation.

Through observation, you can also learn valuable lessons about what not to do. This part of the conversation reminded me of times in my career where I worked for less than stellar bosses. I took the time to think about what they did in particular that I found demoralizing. It made me realize that I need to keep in mind not only what motivates a team but what could demotivate them as well.

I had hoped to just shake the hand of a future hall of famer but I walked away with some lessons in leadership that will hopefully serve me well for the rest of my career.

Lessons in Leadership from Jim Williams

I can definitively say that I would not be where I am today without Jim Williams. I first met Jim in 2008 when I accepted an entry-level role in Jim’s IT organization at American Health Holding. Despite the fact that my initial responsibilities centered around technology support, I was encouraged by Jim to assume responsibility for Systems Administration and Information Security. Jim’s encouragement enabled me to expand my skill set which ultimately allowed for continued advancement in my career.

2 years after I joined American Health Holding, I was promoted to oversee the entire Infrastructure team. Jim made the decision to promote me despite the fact that I did not have any formal leadership experience and had just graduated college a few years prior. Looking back, I’m confident that Jim saw something in me that I didn’t see in myself. Shortly after my promotion was announced, Jim pulled me aside and told me, “I am going to teach you more about leadership in the next 5 minutes than you learned in any management course you took in college.” Sure enough, Jim explained several management fundamentals that not only enabled me to be successful at American Health Holding but in all of my future roles.

One of Jim’s key lessons was to “praise in public but don’t be afraid to reprimand in private”. Throughout your career, you are going to run into situations where you must take full responsibility for one of your team member’s mistakes despite the fact that the situation was beyond your control. By not reprimanding the individual in public, you will allow them to save face and quickly rebuild their reputation. That doesn’t mean that they can avoid accountability but that discussion should remain private.

Another lesson shared during that initial meeting was to “share the credit but accept all blame”. There are few things more demoralizing than when your boss steals credit for your idea or hard work. I had it happen a few times during my career and I really struggled with it. That being said, few things made me work harder than recognizing that my boss fell on the sword for one of my mistakes.

I don’t think I’ll be able to ever pay back Jim for all the help and guidance he gave me throughout my career. However, I will absolutely try to pay it forward.

Recommended Reading For IT Leaders

A co-worker of mine (Rick Kierner) challenged me to read 24 books this past year. I completed the challenge with just a few days to spare in 2018. I ended up reading some great books that offered valuable perspective. Here’s a brief list of some of the books that I think other IT leaders might find interesting…

  • The Goal by Eliyahu M. Goldratt, Jeff Cox – The Goal came highly recommended by a coworker of mine. It chronicles a fictional character’s struggle to save a factory in his home town. I found myself fully vested in the book’s main character as he looked to find balance in both his personal and professional lives. Despite the fact that the book focused on a manufacturing plant, a lot of the lessons learned applied to leading technology teams.
  • 5 Dysfunctions of a Team by Patrick Lencioni – This book is a fictional account of a CEO that takes over a struggling technology company. The main character quickly finds out that they need to work through some core personnel issues if they are going to succeed. The book offers lots of practical advice on how to overcome dysfunction and build a high-performing team.
  • Phoenix Project by Gene Kim – I can’t say that everyone would be enthralled by a novel about an IT Operations leader struggling to stabilize his company’s core systems. However, I really enjoyed this book and found that it outlined a lot of great methodologies for streamlining and optimizing IT Infrastructure.
  • How to Win Friends and Influence People by Dale Carnegie – I’ve read this book several times and always manage to learn something new. Despite being written in 1936, Dale Carnegie’s lessons still offer a lot of value today.

FedEx Days at IGS Energy

Google is known for allowing their employees to devote a certain amount of time to work on projects that might not pertain to their day-to-day responsibilities. This practice gives Google team members an opportunity to flex their creative muscles while providing them with the freedom to work without limits. It has lead to the creation of several successful products (including Gmail). Following this same model, FedEx days (also referred to as ShipIt days) are typically a 24 or 48-hour period where employees are allowed to create and innovate with very little parameters or instructions.

Several months ago, it was decided that the IT department at IGS Energy would hold their own FedEx days. The idea was announced to our entire team at a department meeting. In the days and weeks leading up to the event, additional details were shared with the group. These details included a few rules.

IGS FedEx Days Rules…

  • We could work on anything we wanted as long as it’s not part of our regular job.
  • We could work in our system or work area, but not on items in our current backlog
  • The official clock started on a Thursday @ 2pm
  • We couldn’t start creating prior to 2pm but we could research
  • We had to show what we created or learned by Friday @ 4pm by creating a 2-minute video highlighting our work and outcome
  • Not everything will be a success, but often failure teaches us the most.

I wasn’t sure if I was going to participate at first. I had a lot of work to catch up on and could have used some time to focus on a few tasks. Fortunately, I was encouraged by a few co-workers to participate in the event. That left me with a  very important decision…what should I create?

About 10 months ago, I found myself in a situation where we needed all hands on deck to help solve a production issue. Since the issue occurred on a Sunday afternoon, it took me roughly 45-60 minutes to call everyone and explain the situation while discussing our next steps. I decided to spend my time calling instead of sending emails and text messages because texts/emails can be easily overlooked on a weekend. Afterward, I thought about ways that I could automate that process but I never really had time to devote to solving that particular problem. I decided this would be my challenge for FedEx days.

Before joining IGS, I wrote Python apps and lengthy PowerShell scripts but it had been about 2.5-3 years since I had even touched a piece of code. The idea of writing and deploying an app in 36 hours was really exciting. However, I wondered if I could actually get the work done in that short of a time-frame. I ended up partnering up with one of our Directors of Application Development (Matt). It had been about 10-15 years since Matt had written a line of code as well. We knew we had our work cut out for us but figured we would start by identifying our application’s requirements.

The requirements were really pretty straightforward…

  • The program should automatically call a list of people and play a brief message for them
  • The message should notify them there is a critical issue and that they would receive a follow-up communication with further details
  • The program should send out a text message & email with information about how to dial-in to a conference bridge
  • The program should be easy and quick to execute
  • The program should send out a Tweet when executed…because…why not?

Over the last few months, I had seen blogs about how people have creatively used Amazon Dash buttons to automate tasks. In fact, Amazon now sells AWS IoT Buttons that can be easily connected to AWS. This seemed like a fun way to kick off our process. Matt was responsible for connecting the button to AWS and ensuring that it could execute my python script.

A FedEx days project should celebrate failures. I would have been perfectly content if I gave this a shot and didn’t produce a working product. I was happy to just spend some time writing code and solving a problem with technology. Fortunately, thanks to some extremely helpful Python libraries and technical blog posts, we had a working script in just a few hours. After a few additional hours of tweaks, we even had the script executing from AWS after pressing our IoT button! We knew that there were potential improvements to make but we had solved our initial goal!

When it was all said and done, we had the following components in our solution…

  • AWS IoT Button – used to kick off our process
  • AWS Lambda – used to host and execute Python script
  • Python Script
    • Trello – used to make a phone call and send a text message
    • Tweepy – used to post a Tweet to my personal account
    • SendGrid  – used to send an email
  • Digital Ocean Web Server running Apache – used to host XML configuration file that was leveraged by Trello

We didn’t end up filming a video. This is mostly because Matt and I had to fit in a few meetings leading up to the final presentation. It also was a result of us making code changes up until 15 minutes before the projects were due. The lack of a video left us with a much more exciting yet nerve-wracking opportunity…a live demo.

We hadn’t tested the IoT button outside of Matt’s office and were a bit nervous about the recent code changes that we had made. We ended up configuring the script to call 16 people that we knew would be in the room during the presentations. When Matt pressed the button, I braced myself for the fact that the indicator light might turn red and the script wouldn’t execute. Sure enough, the light turned green and phones around the room started to ring. My Twitter account even sent out a test message (below). It was awesome.


There were a bunch of other great projects ranging from mobile applications to unique experiments involving spare laptop batteries. I was really proud of everyone that participated, particularly those that I work closely with on the Infrastructure team. Overall, I had a great time, learned a lot and I’m really looking forward to our next FedEx Days.

Kanban for Infrastructure & Security Teams

I work at IGS Energy in Dublin, Ohio. My team and I are responsible for Information Security, Network Engineering, Systems Administration, Telecommunications and Technology Support. We work in a fast-paced environment with frequently changing priorities and deadlines. A few weeks ago, I set a goal to improve and streamline our project communication/collaboration.

We work in a department comprised of several agile development teams. From the moment I started at IGS, I was very impressed with the open and transparent communication involved with running an agile team. In the back of my mind, I always wondered if I could make that work for the Infrastructure & Security teams at IGS. Our team already held daily stand up meetings and worked very closely with the development groups. Could we take it a step further?

We ended up attempting to leverage agile for an Infrastructure-related project. The goal of the project was to replace the portion of our network that is leveraged by our end-users. Unfortunately, we struggled to leverage agile for this project. We found that the work didn’t always fit into standard delivery time slots and often had to be delivered continuously due to inconsistent maintenance windows, etc. We also found that we had to frequently change the schedule to allow us to occasionally focus on daily maintenance and keeping the lights on. Finally, we noticed that attempting iterative delivery of this specific infrastructure project was actually hindering the user experience and negatively impacting the goals of the project.

We ended up trying other methods of project delivery and communication. Everything from sending email status updates to holding individual project meetings. We even tried using Microsoft Teams to document status updates. These solutions were good but we wanted something great.

We really just needed a few things:

  • Open/transparent communication
  • Continuous delivery
  • Clearly articulated priorities

I ended up asking friends and colleagues for advice. I reached out to App Dev Managers, Business Analysts, Infrastructure Leaders and even our VP of IT. I ended up getting some great advice that lead me to the Kanban Methodology. I ended up doing some research and found that several Infrastructure & Operations teams had successfully implemented this form of project flow.

I ended up deciding that it’s worthwhile for us to test out Kanban and see if it works for us. At that point, we had to make a few decisions. Should we have a physical or virtual Kanban board? It made a lot of sense for us to use a virtual board but we still had to decide what product to use. Our organization already had subscriptions to Jira and Office 365 which both offered tools for virtual Kanban boards. However, a member of the team was already using Meistertask and after exploring the UI, we decided to give that a shot.

We ended up starting out with 5 categories:

  • Backlog – Tasks that haven’t been assigned. I was given some great advice to purge items from this category if they remain dormant for an extended period of time. If they’re dormant for that long, clearly they aren’t a priority. An extended backlog of tasks that are never prioritized could turn the board into a source of anxiety.
  • Hold/Blocked – Tasks that have been assigned but can’t be completed at this time. This could be as simple as a task being contingent on the completion of another task.
  • Work In Process (WIP) – Active tasks. Our goal is to limit the amount of WIP to items that can be focused on at that point in time.
  • Validate – Tasks that are being tested.
  • Complete – Completed tasks. It’s important that we take time to recognize these items and celebrate success.

After discussing this with the team, there were a few questions that ended up causing us to make a few adjustments to the process. For example, he team already receives a high volume of requests/tasks through ServiceNow. Should all of those flow through Kanban as well? We made the decision that only items that will take more than 3 business days will be added to the Kanban board.

The team also discussed who could actually create items for the Kanban board. It’s important that we had a clear sense of priorities and didn’t introduce too many cooks in the kitchen. We decided to add an extra category for “brainstorming”. This is an area that anyone on the team can add an item to. During our weekly project review meeting, we will discuss all open brainstorming tasks and decide whether or not they are added to the backlog.

We plan on communicating the status of our tasks during Daily Stand Up Meetings, Weekly Status Meetings, and a Monthly Retro. During our retro, we will review what went well, what we could have done better and what our next steps are. We will also hold retros for any unplanned downtime.

I’m looking forward to seeing how this works out. Have you implemented Kanban for an Infrastructure or Operations team? If so, let me know how it went!

Why I believe in i.c.stars

After finishing grad school in 2015, I had a strong urge to volunteer. I wanted to make an impact. Unfortunately, I didn’t quite know how to devote my time. Should I go to a soup kitchen? Meals on wheels? I reached out to Jen Bowden (Director of Community Investment at IGS) and she gave me some wonderful advice. She told me to find a problem that I was passionate about fixing.

The more and more I thought about it, I was frustrated by the unnecessary barrier that was preventing talented individuals from entering the IT workforce. I was fortunate enough to have an opportunity to invest time and money into receiving a formal education at Ohio University. My formal education served as a great way to demonstrate my work ethic and desire to learn. It ultimately got my foot in the door of a great company and helped kick-start my career. In my mind, there had to be a way to help less fortunate individuals demonstrate those same capabilities while gaining some practical experience. After all, I learned more about business working at our family-owned shoe store in High School than I did receiving a Minor in Business Administration.

Rather than sit back and complain, I decided to try and fix the problem from the inside. I started teaching classes at Franklin University. As much as I loved helping the students, it wasn’t enough. I wanted to do more to remove the barrier preventing talented individuals from entering the IT workforce.

Fast forward a few months and the aforementioned Director of Community Investment at IGS introduced me to Ryan Frederick. Ryan spoke to us about a program that had started in Chicago called i.c.stars. The program identifies, trains and jump-starts technology careers for low-income young adults who, although lacking access to education and employment, demonstrate extraordinary potential for success in the business world and for impact in their communities. Candidates that enroll in the i.c.stars immerse themselves in the program. They go through a 4 month training cycle and spend 60+ hours a week working on a real project for organizations.

The numbers from the original office in Chicago speak for themselves…

  • 300+ total alumni
  • 95% initial placement rate
  • $9,915 average annual earnings before the program
  • $57,240 average annual earnings 30 months after program completion

Honestly, even after seeing those statistics, I was skeptical. I didn’t think that i.c.stars could prepare individuals with little-to-no technical experience for a career as a Business Analyst, Project Manager, QA Analyst or Developer in 4 short months while also managing to deliver a working product. The team at IGS decided to serve as the first project sponsor for i.c.stars Columbus. We saw a partnership with i.c.stars as an opportunity to give back to our community and change lives for the better.

The i.c.stars group was split into several teams that worked to build IGS a dashboard to display information about our EDI transactions. I can definitively say after serving as the organization’s first project sponsor that I had no reason to be skeptical. I am still amazed by the growth that I witnessed during the initial 4 month program.

If you’re interested in learning more about i.c.stars, contact me and I will introduce you to some of their awesome team members. In fact, along with Josh Miller (Training Manager at i.c.stars), I’m establishing a Mentorship Committee at i.c.stars in an effort to help recruit candidates around Columbus to help mentor future classes. We’re looking for folks with experience in Software Development, Database Administration, Business Intelligence, Engineering, Project Management, Leadership, Information Security, IT Infrastructure, QA Testing or Technical Support. The time commitment to mentor could be as much or as little as someone is willing to contribute. If you’re interested in joining the committee and helping recruit mentors for the organization, please let me know. Also, click here if you’re able to spend some time serving as a mentor.

Protecting Yourself From WannaCry Ransomware

Over the last few weeks, I’ve had a few friends ask me for advice related to the recent WannaCry Ransomware attacks. For those of you not familiar with Ransomware, it is a type of a computer virus that restricts access to a system until a sum of money is paid to the attacker. WannaCry is a dangerous variant of Ransomware because it is designed to spread very quickly throughout corporate and private networks. At the height of the WannaCry Ransomware infection, it crippled organizations ranging from auto manufacturers to hospitals.

Unfortunately, this virus has affected consumers as well. People all over the world have lost access to their most prized digital assets including family photos and videos. My advice to the average consumer about Ransomware really boils down to three basic concepts. You need to take steps to make sure that you’re able to prevent, detect and respond to Ransomware. Fortunately, you can take the necessary steps without a ton of effort or financial investment.

Obviously, it would be ideal if you could just prevent Ransomware from infecting your computers. Preventing a computer virus starts with being vigilant. Most infections of WannaCry began with a simple phishing email. It’s very important that you exercise caution when opening emails from unknown senders. Also, be sure to look for the signs of a phishing attempt.

I’m sure at some point you’ve had to respond to an annoying message asking whether or not you want to install a software update. I’ll be the first to admit these tend to happen at the most inconvenient time. Most of the time you don’t even notice a difference after these updates are installed. However, these updates often contain important security fixes and should be installed on a regular basis. In fact, installing one of these updates for Microsoft Windows would have drastically reduced the likelihood that your computer would have been infected with the WannaCry Ransomware.

Another way of preventing a Ransomware attack is to leverage Antivirus. It’s important to note that installing Antivirus won’t guarantee that you’ll be protected from malware. However, it will likely protect you from a majority of potential Ransomware infections. Also, with effective and free Antivirus solutions from companies like Sophos, there’s no excuse not to have Antivirus installed on your PC/Mac.

Normally, you need to take special steps to ensure that you’re able to detect that your computer has a virus. The main difference with Ransomware is you’re almost always aware when it happens. This is because attackers typically display a large message on your computer screen indicating that your files have been locked along with instructions for payment. However, behavior-based Antivirus software can be effective in notifying you that it has detected a Ransomware infection before a majority of your files have been locked/encrypted.

It’s important to prepare yourself for the likelihood that all of your methods of detection and prevention will fail. Even if you have Antivirus installed and are extremely cautions when opening emails, you can still end up with a Ransomware infection. There are a few steps you can take to make sure that you’ll be able to recover from the attack. The most step is implementing automated cloud-based backups.

As I mentioned previously, even the best defenses can eventually fail. Despite the best efforts and intentions, you might discover that your most important files have been encrypted. This is why it’s important to have some form of automated cloud computer backups. By using a backup service like Carbonite, you will be able to recover your files from the backup provider without paying a ransom to the attacker that encrypted them. Also, cloud-based storage providers such as Dropbox provide easy mechanisms to recover your files in the event they become encrypted by Ransomware.

If you find out that one of your computers has been infected by Ransomware, do everything you can to avoid making the payment. Making the payment will likely just put a bigger target on your back and it will become that much more likely that you’ll be targeted again. If you find yourself in a situation where your files are encrypted without a backup, you can attempt to leverage a 3rd party tool to decrypt/unlock the data. However, there is no guarantee that a decryption tool will exist for the particular Ransomware variant that you have.

  • Just to summarize…
    • Exercise caution when opening emails from unknown senders
    • Make sure that you have automated cloud backups using a service such as Carbonite
    • Verify that an updated version of Antivirus is installed on your computers
    • Install security updates on a regular basis
    • Do everything you can to avoid making the Ransomware payment

Why you should secure your accounts with 2FA

Two factor authentication (aka multi factor authentication, login approvals, login verification or two step verification) is a way to prove your identity to a service provider by providing two different authentication methods. Enabling two factor authentication (2FA) is one of the most effective ways of preventing your accounts from being hijacked or stolen. 2FA is not only effective but it’s typically provided at no cost. In fact, you are likely already leveraging two factor authentication without even realizing it.
There are three common ways to prove your identity:
  • Something you have – typically a mobile phone or keyfob
  • Something you know – usually a password or PIN
  • Something you are – frequently is a fingerprint


One of the most typical forms of two factor authentication is the requirement to use a PIN code when using your debit card to make a transaction at an ATM. You’re providing something you have (debit card) as well as a PIN (something you know) to prove to the bank that you are who you claim to be. The addition of a PIN adds a significant amount of security to your debit card transactions. This same concept is often applied to logging into websites.
Most websites only require that you to provide a password to authenticate yourself. You’re simply sharing something that you know to demonstrate that you are who you actually say you are. Ideally, your password is a complete secret to anyone but yourself. Unfortunately, this isn’t always the case.
You will have a password stolen. It’s not a matter of if or when but how often it will occur. Passwords are commonly stolen in phishing attacks, corporate data breaches and through eavesdropping. By adding a second layer of authentication, an attacker can no longer login to your accounts with just your password.
Typically a website will allow you to use your mobile phone (something you have) as a second form of authentication. When you provide your username and password (something you know) to the website, the site will send you a text message with a temporary code. You’ll then provide this code to the website as a second form of authentication. While this method isn’t perfect, it will go a long way to helping secure your accounts and identity.
In my opinion, the biggest drawback to leveraging 2FA is the slight inconvenience. However, the inconvenience is a small price to pay for the significant increase in security. A majority of the websites you use on a daily basis offer this additional security measure. For a list of websites that support 2FA and instructions for enabling this feature, please visit www.turnon2fa.com.

3 Recommended Entry-level IT Certifications

I’ve spent a lot on a formal education at Ohio University. However, it seems to be my industry certifications from Microsoft and VMware that get noticed by recruiters and hiring managers. My certifications were obtained for just a few hundred dollars in examination fees. I was able to prepare for these exams using free materials from the vendor.

It’s always a great thing to have a respected vendor’s logo on your resume/LinkedIn profile. If you’re looking to kick-start your IT career, I highly recommend checking out the certifications that I’ve listed below. I selected each of them based on their low-exam cost and availability of free training materials.



5 Recomended Information Security Tools/Services

I recently had a coworker ask me for some advice about protecting their personal computers. After our conversation, I realized that the information was worth sharing with others so I decided to consolidate it and post it to my blog.

Here’s a list of 5 recommended information security tools/services that I recommend using to protect yourself and your family…

  • Password Manager – I’ll be the first to admit that memorizing passwords can be very frustrating. It seems like each site has their own unique set of requirements. It’s almost impossible to memorize dozens of unique/secure passwords. There’s no need to attempt the impossible when there are really great/free password vaults available. While there are a lot of options to choose from, my favorite is LastPass.
  • Antivirus – It’s entirely possible that you can still fall victim to a virus or ransomware infection while using an antivirus program. Even if the traditional antivirus program only blocks 8/10 malicious attacks, it’s worthwhile to catch the low hanging fruit. It’s important to note that you should leverage an antivirus even if you have a Mac. With great and free programs like Sophos, there’s no excuse why you should have a PC/Mac without antivirus.
  • Cloud Backup – I can’t stress enough the need to have a copy of your data stored off-site. With threats ranging from house fires to ransomware, you’re always a split second away from loosing access to all of your data. This could include everything from your tax documents to your photos. The best offense is a good defense. It’s important to have a plan in place in the event that everything else fails. Automated cloud-based backup services like Carbonite are a huge part of that plan.
  • VPN – Ever get nervous while connecting to a hotel’s WiFi? Installing Freedome VPN on your phone, tablet and laptop can help prevent your Internet traffic from being intercepted while you’re connected to public WiFi.
  • Credit Monitoring – You’re going to be a victim of a data breach. It’s not a matter of if or when but how often. Even if you have all the best tools/services to ensure that you’re able to prevent identity theft, it’s worthwhile to invest in credit monitoring to make sure that you’re able to detect identify theft.