Canadian Information Processing Society (CIPS)
 
 

CIPS CONNECTIONS

INTERVIEWS by STEPHEN IBARAKI, I.S.P.

World leading expert on disaster recovery, business continuity planning and security

This week, Stephen Ibaraki, I.S.P., has an exclusive interview with Dexada Jorgensen, a world leading expert on disaster recovery, business continuity planning and security.

For Telus [formerly BCTEL], Dexada has worked extensively in data communications design; as a course designer and instructor; a manager in disaster recovery programs, data warehousing, and information management; and in corporate business continuity and emergency preparedness.

Due to Dexada’s international reputation and extensive experience, she has provided her valuable services to telcos, governments, utilities, agencies and organizations including the UN and NATO.

In the past, she was on-loan to the UN ITU-T Study Group 2. Her involvement has included creating presentations, web and workshop materials; and doing the presentations, giving and participating in workshops internationally. Some of these were held in London, England; Geneva, Switzerland; Brisbane (the Gold Coast) in Australia, and Amman, Jordan. She also did a workshop in Miami for Verizon (then GTE) for their international business units and consulting team. There was a G8 meeting in Berlin that she participated in, and an International Energy Agency workshop in Prague where she presented.

Recently, Dexada attended (presented and was on a discussion panel) for the inaugural conference for ETR2A in Newcastle Upon Tyne in the UK in June.  The ETR2A is the European Telecommunications Resilience and Recovery Association.

Discussion:

Q: Dexada, thank you for spending time with us and sharing your wealth of knowledge.

A: You are welcome.  The value in any knowledge is in the sharing of it, so thank you for this opportunity.

Q: Your list of accomplishments and executive roles are impressive indeed! Which ones standout foremost in your mind and what lessons can you share with our audience?

A: Thank you for the compliments.  It is not so much the accomplishments and executives roles that stand out but the people that I have met and the lessons I have learned ‘the hard way’.   There are a number of people that I could list that I have learned from, but space doesn’t permit to list all of them; there have been some exemplary ones.  Of the lessons, the first that stands out in memory was when I was a university student taking my first computing science course.  It was three months into the course before I had made a coding mistake.   As I was endeavouring to be ‘perfect’, I didn’t know how to find, then fix the mistake.  I discovered that I learned more from my mistakes than from trying to be ‘perfect’.  (I did find and correct the coding problem).

Another key learning was when I first started to work with BC TEL.  It was great working with the other MIS types, I was in my element, but we had to talk to the ‘user’.   I quickly realized that it wasn’t good enough to be knowledgeable; you had to be able to communicate effectively.  This isn’t taught in the math and pure science courses in school.  So the people and communications skills are vital.  I find that really brilliant people are able to explain complex ideas in simple terms.

Q: What drives you to do what you do?

A: From a personal perspective it is and has been curiosity, from a family perspective it was always being able to provide for my family.

Q: Can you share your experiences from your recent conference for ETR2A? We appreciate the details, and solutions!

A: The ETR2A inaugural conference was a great opportunity to exchange information at an international level with people from both business and academic sectors.  It was, as with most conferences of this type, attended by people who have knowledge and interest in emergency telecommunications.  The issues and questions were not that much different from conferences that I have attended in other countries.   What I did find different was the level of academic involvement; it was much greater than at most other conferences that I have attended.  One discussion that stands out was around the idea of a common lexicon for use in the BCP environment; this lead to a lively exchange of ideas between business and academic types but not to a common lexicon result.  What did result was that the conference ended with action items.  So often we attend seminars, and conferences and we do take back knowledge to our businesses, but in the whole what do we do, as a group of knowledgeable people, is to further either the education of those who are not attending these events or to make some progress on a global level with regard to issues in our business.  We will see by the next ETR2A conference, if the objectives have been achieved.

Q: You have held various leadership positions. Please provide your top tips on effective leadership.

A:  Tips:  1) Learn from those leaders whom you admire and would follow.  Learn also from those who have the position but whom you do not admire and would not follow – what not to do.  2)  Have compassion and recognize achievements of team members.  Do not abuse the position, with leadership, comes responsibility.   3) Build a great team – if you look at the magnificent buildings and monuments that have been created by man – they have been achieved not through one person but through teams of people.  4)  Listen to your team members.  5)  Believe in what you are doing.  There is nothing quite so motivating as a firm belief in self and objectives.  6) If you make a mistake admit it, correct it and get on with it.  7) Know when to step aside and let others take the lead – you should be assisting others to become leaders.

Q: What current and future advice can you provide to businesses concerning security, disaster recovery, and business continuity planning? In addition, what are the major challenges facing businesses two and five years from now? What are your solutions?

A: Current and future advice?

Ensure that you have an enterprise wide model for risk management – this includes all facets of the company with functions such as security, disaster recovery, business continuity planning, safety, environment, audit, insurance, legal at the core.   In this risk management model, ensure that roles and responsibilities are well defined and that responsible risk management is part of the corporate culture.  This model would require top down support with measurable objectives and companies should be putting their best people on it.

A major challenge right now is ‘Who is responsible?’ from an industry perspective.  This was a key discussion at the ETR2A conference.    For example:  if there is a virus (or other computer ‘threat’), who is responsible for ensuring that is it addressed?  Is it the manufacturer (hardware company – whose firmware may have a vulnerability), the software company (whose software may have a vulnerability), the telecommunications provider, the ISP (Internet Service Provider), the user?  While this discussion is going on – companies should do the best they can to protect themselves and their clients.    I think that this discussion will be going on both in two years and in five years – it is a huge issue that I don’t think will be solved in the short term.

Solutions?

There are different groups of people working on different aspects of the problems and challenges facing the industry.  Some are industry based; others government based and some have combined the talents of both.  There are international groups that have talented and informed individuals studying the problems and have produced papers addressing some of the issues.  I say some as, as soon as one issue is addressed a new one forms – that is the nature of the wonderful world of computing.

Specific to telecommunications, since Sept. 11, Industry Canada has been working with various sectors about congestion.  It was recently  announced (early Oct., 2003) that “Industry Canada plans emergency calling card to beat telephone congestion”.   This will take some time to implement but first responders and those entities who are part of response plans will certainly be tracking the progress of this new calling scheme.

Q: In advising CIOs and CEOs, where is the industry heading in the short, medium and long-term in the areas involving your areas of expertise?

A: With the changes in the telecommunications environment – where competition is now a major corporate concern – company executives and senior management have one eye on the bottom line and the other on the competition.  This focus sometimes may mean that anything that is outside of those lines-of-site may not be managed properly e.g. risks.  The other problem as I see it is that there have been so many recent events – that many BCP teams have only been able to be reactive rather than proactive.  This can be very stressful for personnel and CIOs and CEOs need to ensure that their teams are adequately staffed and all departments are engaged.

Q: Where would our readership find the best resources in your areas of expertise? Can you provide specifics?

A: There is no one-stop shop (yet) for BCP, Security or Disaster Recovery.  Conferences, academic courses, seminars and people who are recognized in their field are great resources.

Remember though that what you learn is the basis for more learning – learn how to formulate the questions to ask, and then how to answer them.  Also know that people whom you learn from are knowledgeable based on their experience.  As an example in the mid ’90’s I spoke with a fire fighter from San Francisco.  He had experienced the Loma Prieta earthquake, Oct. 17 1989.  He had great stories to tell, but he was years later, telling others that the only communication that would work after an earthquake was cellular phones.  In 1989, cell phone technology was new and phones expensive.  Not many people had them – so there was no congestion then.   We know now that with some of the major snowfalls that we have had in the Vancouver area, people driving home on the #1 Highway have had have a difficult time getting through on their cell phones to call home to say they are delayed.

Q: Considering recent news events, the state of global affairs, and our current economic situation, if you were doing this interview, what three to five questions would you ask of someone in your position and what would be your answers?

A: Recent events – the Afghanistan ‘war’, the Iraqi war, the terrorist problems, the power outage in the east, the heat wave in Europe, the fires in Alberta and BC....it has been an eventful year.  The wars and issues around wars are outside the scope of this interview as it is such a large topic and I feel could be better answered by someone closer to those events.  Regarding the other domestic issues:  the common questions after any such event are “How could we have foreseen this?”, “How could we have better prepared?”, and “How better could have we responded?”  These questions have been asked as recorded by the media where people are asking about the deployment of firefighters and equipment for the Kelowna fire.

What are the answers?  It is important to remember that not all people have the answers unless and until an event occurs and even then we can learn more with the next event.  This is unfortunate but true.  These questions are basic to Business Continuity Planning and Disaster Recovery – and can generate much discussion.

Don’t ignore these events just because your company wasn’t or you personally were not directly impacted.  For companies and individuals – “What would you have done in any of these events?”

This last question is probably ‘THE ONE’ that I as an interviewer would ask. The long answer would be ‘Depends on the event’ and then listing a number of things that one could do.  The short answer is that these events remind us that we should be prepared individually.   In the past, for my family and home, I have focused on being prepared for an earthquake but not a wildland fire as a threat to my home.  So among other things, I’ve reviewed our home plan, checked our supplies and talked with my family about all those things that they don’t really want to talk about.  For businesses, it is an important reminder to review their BCP and response plans.

Q: Thank you for taking time out of your demanding schedule to spend time with us sharing your valuable insights.

A: You are welcome, Stephen.  The next ETR2A conference will be held June  2004 in Newcastle Upon Tyne, UK and for those interested check out the website for One NorthEast, The Development Agency for the North East of England  http://www.onenortheast.co.uk/  the will be posting information closer to the conference date.