BC BUSINESS
Saved by @jacobhtml

Compliance is fundamentally at odds with innovation and continuous improvement

Compliance tends to constrain operations to narrow sets of approved sequences of tasks as the means to assure the secure attainment of certain business outcomes. But at what cost ?

🧵

 Operational practices have an emergent nature to them. They’re affected by people, their expertise, their relationships, their team goals, role perceptions and also member needs as humans and professionals.
In this entangled mess of variables, aspects practice-as-done are
Constantly morphed as a response to economic pressures (deadlines, business demands), workload demands (as people tend to automate or agree patterns to reduce cognitive load of tasks and become more efficient) and understanding of safety and security related barriers.
All of these tend to be fluid and non fixed. In this continuous interaction with the environment and different pressures acting on it, there are numerous opportunities for improvements which have local relevance and emerge out of local needs and interactions of elements. However
In order to do so, and to support innovation and continuous improvement the practices need to have a requisite level of variability so practitioners exercise their Fingerspitzengefühl (fingertip feel) for what works and what doesn’t, within their constraints and pressures
Adaptive cognitive work requires the ability to experiment and experience the results of that experimentation (observability) into how practices are support the attainment of local goals
The problem with Compliance approaches, is they tend to overconstrain the processes they wish to assure making it impossible to accommodate this requisite variability that could lead to huge heaps of business benefits and innovation. But doing so, would imply a non-compliance
Now some could argue that Compliance processes themselves can be the target of continuous improvement, but you’d be missing the point. Innovation and insight happens at the practice level, not on the Compliance office. In Safety, this is often referred to as the Blunt end
The governance structure affecting the system but divorced from what it takes to get the job done or actually how the daily variability of work is responsible for the success of the operation. Using analogy, this Compliance improvement would be akin to aiming for improvements
By shouting “hot tips” from the stands on a football match. The real world doesn’t work like that.

But is there an alternative ? I think there is, but requires re-thinking the problem. Here’s my suggestion:
Instead of Compliance based on “expectedly thorough” procedures, let’s help teams document broad guidelines and task sequences which govern their actions. Let’s write down in our procedures we don’t have the expectation of them being followed to the “letter” and that we expect
Some variability to deal with local pressure demands.
Let’s talk with experienced practitioners to help us determine where they believe boundaries of security exist, in their own context.
- what are indicators that warn you should really pay attention ? How can we help in
Helping you identify what those boundaries can look like and establish effective feedback loops on when it’s time to move that boundary, based on open communication ? How can we establish resilient constraints which are permeable (allowing for context optimisation) as opposed
To rigid constraints which expect an ideal operation free of outside pressures which increase the likelihood of emergence of covert work systems which hide “work as done” from Compliance teams because teams have “work to be done”?
Considering these when developing policies and procedures and expecting deviation decreases the likelihood of creation of policies and procedures as “business liabilities” which you find yourself in when you don’t consider “work as done”
Innovation and continuous improvements requires being free from “too rigid” constraints so this room for innovation exists. It’s about time our policies and procedures do what they’ve been promising for 30 years. Be supportive of business goals, not hindrances to evolution
@threadreaderapp unroll

More from Business

George Yury Revutsky
George Yury Revutsky
@george_revutsky
1/An interesting thing happened tonight. I was scrolling through clubhouse and found WileyCEO, Godfather of Grime (kicked off Twitter in July for antisemitic tweets) speaking. So I tweeted this (and included a screen shot, later deleted as I found out TOS don't allow it ...


2/ ... and several folks also asked me to remove it which I promptly did afterwards).... Coming into the CH room, I fully intended to confront him about how hurtful his comments in July were. But as I listened to the folks in the room, I decided to go a different direction ....

3/ the conversation jumped around, covered many topics and there were between 8-14 people up on stage. But a recurring thread was discussion of racism, bigotry, comparison of it in the US vs UK vs elsewhere.

4/ when I got a chance to speak, I had 5 bullets written down: a) we should harness technology and capitalism to make reparations for what America did to Black people. I gave https://t.co/SlrW8zCd58 (a project a couple friends co-started) as an example) ...

5/ b) capitalism and product know-how and technology can be harnessed for social justice c) historically oppressed minorities need to stick together and lastly, d) "Wiley, how could you say such hurtful things about Jews as a people?" That's what I had ready to say, anyway.
BUSINESS
Ramin
Ramin
@MalwareRE
As part of our commitment to keeping our customers/community protected & informed, we are releasing a blog that shines light on transition between Stage 1 and 2 of #Solorigate/#SUNBURST campaign, custom Cobalt Strike loaders, post-exploit. artifacts, IOCs: https://t.co/b0ReHMa63u


Here are some highlights:
The missing link between the Solorigate backdoor and the custom #CobaltStrike loaders observed during the #Solorigate is an Image File Execution Options (IFEO) Debugger registry value created for the legitimate process dllhost.exe (ATT&CK ID: T1546.012).

Once the registry value is created, the attackers wait for the occasional execution of dllhost.exe, which might happen naturally on a system. This execution triggers a process launch of wscript.exe configured to run the VBScript file dropped by the SolarWinds backdoor (Stage 1).


The VBScript in turn runs rundll32.exe, activating the Cobalt Strike loader DLL using a clean parent/child process tree completely disconnected from the SolarWinds process. Finally, the VBScript removes the previously created IFEO value to clean up any traces of execution.

On the custom Cobalt Strike Loaders: we identified several second-stage malware, including TEARDROP, Raindrop, and other custom loaders for the Cobalt Strike beacon. During the lateral movement phase, the custom loader DLLs are dropped mostly in existing Windows sub-directories.
BUSINESS
Advertisement
Didi Kuo
Didi Kuo
@didikuo1
The American business community is speaking with a unified voice - NAM called to invoke the 25th Amendment; the Business Roundtable and Chambers of Commerce urge a peaceful transition of power; all have denounced last week's violence. What might this mean? A few implications:
1/

This isn't just PR - bad politics is bad for business. Here, the Harvard Business Review makes the business case for democracy (leading essay by

Historically, business has been a crucial ally for democracy. Mark Mizruchi shows how business helped secure democracy after WII, through organizations like the Committee for Economic Development (see also his @NiskanenCenter paper: https://t.co/xoqUUN1nCD)

3/

My book examines how business groups formed to lobby against patronage and corruption, and in favor of institutional reform, in the 19th c. (https://t.co/FnNhZUupBG)

For a summary of business’s role in American democracy over the 20th century, see

Today, corporations are cutting off PAC $$ — Wall St banks (JPMorgan Chase, Goldman Sachs, CitiGroup), big tech (Microsoft, Facebook). Many more corps have suspended donations to members of Congress who contested the certification of election results last week
5/
BUSINESS
Charlie Mungerilal
Charlie Mungerilal
@CMungerilal
Diff between Bajaj Finance and HDFC bank customer experience

My friend who got loan from both says BAF charged him 4% higher interest rate than HDFC bank. But process of disbursement was so fast and simple that he got amount in his account in 2 days. While HDFC bank took 2 weeks

It’s all about cost saving against convenience/urgency. I think Bajaj Finance has a very good value proposition.
BUSINESS
Shreyas Doshi
Shreyas Doshi
@shreyas
If you’re a Startup trying to compete with a Megacorp—the 800-pound Gorilla in the space—you need to understand the tax inherent to being a Gorilla

And then you need to make that tax work against the Gorilla—with your product's positioning & features

A thread on Gorilla taxes👇🏾


1/
Collaboration Tax

Getting two or more product groups at a megacorp to collaborate on creating a seamless end user experience is the hardest problem in computer science.

(I am not joking)

Examples of Collaboration Tax:

Calendly exists because the Gmail team & Calendar team haven’t worked together on creating a more seamless experience for that use case.

Loom might succeed because the Gmail, Video, Meet teams at Google are probably too busy with their own goals.

The takeaway for startups:

If you can create meaningful value by seamlessly integrating features of two or more distinct Gorilla products, you will typically have a lot of runway before the Gorilla can get its act together and eliminate its Collaboration Tax.

2/
Denominator Tax

Once a Gorilla’s product reaches massive scale (i.e. the denominator for its metrics gets very large), the pressure of OKRs & incentives will often force the Gorilla’s product teams to prioritize breadth of usage more than depth of usage.
BUSINESS

You May Also Like

Suhas S. Hardutt
Suhas S. Hardutt
@HarduttSuhas
THE BATTLE OF PRATAPGARH (10 Nov, 1659)

Chhatrapati Shivaji Maharaj's impeccable military genius and matchless courage humbled the Adil Shahi Sultanate.

The beginning of what was to come later for the M0ghuls from one of the most indefatigable defenders of Dharma!

(Thread)


Shivaji’s growing influence in Maval region, made him a threat to the Adil Shahi ruler of Bijapur who sought to restrain him. The man who was given the responsibility of this mission, was their commander, Afzal Khan. Afzal was a formidable warrior known for his ruthlessness.(1)

His strategy was to bring Shivaji out into the plains, where he held an advantage, compared to the rocky Deccan terrain. Afzal attacked the holy town of Pandharpur, and later demolished the temple of Bhavani at Tuljapur to instigate Shivaji in a bid to bring him out.(2)

Shivaji was angry but remained patient. Knowing that he could not defeat Bijapuri Sultanate in an open battle, Shivaji moved to Pratapgarh fort, located on rocky heights, surrounded by thick forests of Jawali.(3)

This set the pattern for future Maratha attacks, using guerrilla warfare against larger invading armies rendering them ineffective in unfavorable terrain.(4)
HISTORY
Aditya Todmal
Aditya Todmal
@AdityaTodmal
A Thread on the Boss himself @Mitesh_Engr

Mitesh Sir's Positional Option Selling 101:

• How to find direction
• Which options to sell
• How to deploy capital
• Exit criteria
• What ROI he targets weekly
• What % risk he takes

Done with the help of @niki_poojary


How @Mitesh_Engr Sir finds the direction?

• Daily charts S/R
• 75 min charts S/R
• Intraday trend
• Always play directional
• Never trades in strategies


Which options to sell in weekly expiry according to @Mitesh_Engr?

• Weekly candle High/Low
• Sell 1% away options from those
• Exit when levels breached


Position Sizing by @Mitesh_Engr Sir.

How to deploy your capital?

• First sell 20%
• Pyramid the next day
• When to exit
• What to do when view goes wrong
• What to do with idle capital


Some important tweets of @Mitesh_Engr Sir

• What Data to look at
• ROI for safe players per month
• Max risk per day
• Gather knowledge and play directional
• Never play strategies
OPTIONS LEARNING , ALL , MPLEARNINGS
Advertisement
Anumah, Abdulraheem Okehi \U0001f468\u200d\U0001f52c\U0001f1f3\U0001f1ec \U0001f1eb\U0001f1f7 \U0001f1f5\U0001f1f9 \U0001f1ea\U0001f1f8
Anumah, Abdulraheem Ok...
@AnumahABD
Department List of UCAS-China PROFESSORs for ANSO, CSC and UCAS (fully or partial) Scholarship Acceptance
1) UCAS School of physical sciences Professor
https://t.co/9X8OheIvRw
2) UCAS School of mathematical sciences Professor

3) UCAS School of nuclear sciences and technology
https://t.co/nQH8JnewcJ
4) UCAS School of astronomy and space sciences
https://t.co/7Ikc6CuKHZ
5) UCAS School of engineering

6) Geotechnical Engineering Teaching and Research Office
https://t.co/jBCJW7UKlQ
7) Multi-scale Mechanics Teaching and Research Section
https://t.co/eqfQnX1LEQ
😎 Microgravity Science Teaching and Research

9) High temperature gas dynamics teaching and research section
https://t.co/tVIdKgTPl3
10) Department of Biomechanics and Medical Engineering
https://t.co/ubW4xhZY2R
11) Ocean Engineering Teaching and Research

12) Department of Dynamics and Advanced Manufacturing
https://t.co/42BKXEugGv
13) Refrigeration and Cryogenic Engineering Teaching and Research Office
https://t.co/pZdUXFTvw3
14) Power Machinery and Engineering Teaching and Research
EDUCATION
Kevin Murphy
Kevin Murphy
@kwmurphy
Okay look - I didn’t grow up with comic books. But I read stacks of science fiction digests and I kit-bashed model cars into fantasy rods, and just tried to maintain a low profile until I could get out of the house. So you could say I’m a distant cousin of the comic book fan. /1

And sometimes one’s childhood passion follows them into adulthood, sometimes not, sometimes as an adult one finds a passion they never had as a child and embraces it. For me, that must include getting involved with a puppet show at the age of thirty. /2

So who’s to say whose passion’s legitimate and whose is bogus? Nobody. Someone might indict your passion but they have no ground to stand on and should be dismissed out of hand. /3

Maybe they’re envious that you have a passion, maybe they think that their passion is cooler than yours, or maybe they’re just insecure, who knows. Doesn’t matter. /4

What matters is that if something gives you joy, and in the process doesn’t hurt others, then by all means follow it. It’s how we explore our secret hopes, our shadow sides, our inner character. /5
CULTURE
Novid Houellebecq (That's Hollaback)
Novid Houellebecq (Tha...
@GarouGothic
Ok, here is a thread for you.
What happens when you have:
Netflix
Apple
Amazon
WarnerMedia +
Disney+
SonyCrackle (Reboot)
Verizon All Access (after they buy CBS/Viacom)
UniversalSkyMedia
By 2021
Answer? Internet Slows To A Craw and Dies.
Why?
Bandwidth.

Netflix's gets 35% of all internet traffic.
Now we all know Apple Coming to Netflix Corner.
We know that WarnerMedia Planning One
We Know about Disney+
Now how will the net handle 8 Streaming Platforms all at once?
Answer - IT CANT.

But Novid, the speed, the 4K the all everything?
NOOOOO BUDDY.
Even if you could do it and even if AWS ran six million clouds, The Net Will still slow to a crawl. 35%, goes to nearly 90% if any of the 8 or all of the 8 eat at netflix's numbers.

Oh, they wouldn't be running at once.
FOOL. You forget how bad things were when game of thrones season premieres came around. HBO SERVERS FALL DOWN GO BOOM!

Now see if a season like 2021 come around and they air shows on a same day. It gets crazy. AT&T and others gonna realize they cant build out forever. Something will give and it might be your entertainment consumption big time.
TECH