Lisa Morgan's Official Site

Strategic Insights and Clickworthy Content Development

Month: December 2017

How to Get Educated About Analytics

Analytics education is anything but static. It’s so hot now that lots of education-focused organizations are offering traditional degree programs, online degree programs, certifications and courses.

As we well know, analytics capabilities and best practices are evolving, as is the application of analytics to business problems. In addition, there’s still a shortage of data-savvy people. All of that is creating demand for analytics-oriented education which is and has paved the way for so many new offerings. The question is, which option is best for you?

There are a number of ways to answer that question, some of which are more productive than others.

If you go online, you may find yourself overwhelmed by the choices. If you contact someone from any one of those organizations and ask their advice, they’ll probably tell you their program is the best.

In my view, there is no one best option. The answer depends on several factors which include the amount of time you have to dedicate to the program, the focus of the program and the cost (assuming your employer won’t cover the cost).

Probably the most frustrating approach is to look at the growing haystack using a Google search and start clicking on the endless stream of links. If you do that, you’ll probably be more confused than when you started your search. Lists of “top schools” may help narrow the focus as may a few suggestions below.

Degree or Certificate?

Data analytics degree programs didn’t exist until recently. So, if you lack an analytics degree, you’re in good company. Many universities offer formal BA/BS and/or MA/MS programs now, and they may have online degrees or certifications as well. For example, the W.P. Carey School of Business at Arizona State University offers MA and BA degrees in Analytics which can be earned online or as a full-time student. MIT Sloane School of Managementoffers a one-year Master’s degree program, an undergraduate degree, and a certification program, albeit for graduate students. However, MITx (an online MIT entity) has an online data science certificate program, which I can vouch for personally.

Degrees and certificates don’t carry the same weight, especially if you lack prior relevant work experience. A degree represents a level of mastery and years of dedication. However, employers are also well-aware that analytics degrees are new. Even if the degrees weren’t new, deep experience and a certificate or no certificate might be more valuable, depending on the candidate and position. A certificate also suggests a level of mastery, albeit the kind that can be earned in weeks or months versus years. If you have a some kind of degree, such as a business or information systems degree, analytics-related certification tends to indicate a dedication to continuous learning, which is a good thing.

There are a few other points to consider such as the school’s pedigree, how long they’ve had programs, what students and former students think of them, the companies that work with them, and the companies that hire from them. If you’re using education as a means to a promotion, find out what matters most to your employer.

Also realize that two programs with the same title can differ greatly in terms or course material, focus, faculty competency and how well faculty members communicate. Some professors or instructors are very articulate and easy to understand, even when they’re presenting highly technical material. Some are not.

In addition, understand your limitations because certification courses tend not to list prerequisites, like degree programs. For example, (and not surprisingly), a course may require students to use Microsoft Excel Professional Edition at a minimum. That’s may not a problem if you have access to the program at work, but if you don’t already have the software, be prepared to invest more than you anticipated in your certification. Similarly, some courses require a deeper background in math than others.

Self-study

Online courses tend to emphasize that the coursework can be accomplished on a “flexible” schedule but you may be required to repeat the course in a particular time frame to earn the certificate. You may think that’s not a problem because you’re psyched! Then life happens. If you suspend your study of such a program, you may be required to start from the beginning when the next class begins.

Part of the reason some self-study programs work within a given time frame is that it gives the “class” the ability to interact with the faculty and other students. EdX has many such programs, some from top universities, including MIT.

One of the cool things about EdX is you can take courses for free and only pay if you want the certificate associated with the class. The class may still start and stop at particular dates, but hey, the classes are free so you can get the syllabus, go through a module or two and see whether the course is suited to you. Right now, EdX has 122 online courses available that focus on analytics. Some of them are broad, such as the ColumbiaX Statistical Thinking for Data Science and Analytics. Others are narrow including the UC BerkeleyX https://www.edx.org/micromasters/berkeleyx-marketing-analytics course in Marketing Analytics.

It’s Your Choice

If you ask 10 people about which degree, certificate or course you should pursue, you’ll probably get 10 different answers. Ultimately, your path should align with your interests and career goals.

That said, if your choice requires a heavy investment in time, money or both, don’t make the decision in a vacuum. Consider some of the points above, talk to people and do some research so you have a better idea of what’s really right for you.

One Point the Equifax Breach Drives Home

oday’s developers use more third-party and open-source components, libraries and frameworks than ever to deliver and update products in ever-shrinking delivery cycles. In the race to get to market, it’s easy to overlook or ignore details that can lead to a security breach.

For example, Equifax blamed its recent security breach on an Apache Struts vulnerability (CVE-2017-9805) and later admitted it failed to install a patch. That patch had been available for six months, according to The Apache Foundation.

“The Equifax hack is so interesting, mostly because their response to the hack has been so poor. Blaming a hack on any sort of software issue – open source or proprietary – is simply part of their inadequate response. It’s a ‘the dog ate my paper’ excuse,” said James Stanger, chief technology evangelist at CompTIA. “That’s not much of an explanation, especially considering that Equifax disclosed this problem on September 7 after knowing about it since July 29. ”

What if the software you built was compromised and you discovered that the root cause was a third-party building block you used? You didn’t build that piece of software, after all, so perhaps that party should be liable for any damages that piece of software caused.

Practically speaking, good luck with that argument.

Little or No Third-Party Liability

If you’re using third-party building blocks in your software, which you likely are, the buck stops with you. Sure, someone else’s code may have caused a catastrophic failure, but did you read the fine print in the license agreement?  Third-party developers have several ways of dealing with the matter contractually.

“There may be disclaimers, especially in the open source community, that say, ‘This component is [provided] as-is’ and you as the licensee are responsible for its testing and usage in another system,” said Roy Hadley, Jr., co-chair of the Privacy & Cybersecurity team at law firm Thompson Hine “If you choose to use it in a nuclear facility or the space shuttle, that’s on you.”

“This WAS a different cybersecurity conference experience, and I really enjoyed all of the interaction and honest discussions.” (2017 Attendee) LEARN MORE

Those who use third-party software in their products are ultimately responsible because the provider can’t foresee how its software will be used or configured by others. So, the licensor protects itself using an “as-is” clause or a limitation of liability. Alternatively, the licensor may require indemnity from the licensee, which means if you use third-party software, something goes wrong and the provider of the component you use gets sued, you’re liable.

What Software Developers Should Do

Test, test, test. Ideally, developers should take the time to understand every piece of third-party software they’re using to make sure it does what it’s supposed to do and that it’s been tested for security vulnerabilities. They should also have a mechanism to ensure that the associated updates and patches are up-to-date.

“I think you have an absolute responsibility to make sure that third-party components work, work together and work the way they’re supposed to,” said Jason Wacha, an attorney and founder of  WS Law Offices which specializes in software licensing. “One of the things about the open source community is you hear [about a software vulnerability], they announce it and everybody jumps on it and tries to fix it. Certainly this was true for the Struts project. One of the things about proprietary software is if someone discovers a vulnerability, it’s not going to get out there and people aren’t going to talk about it.”

The obvious constraint is time. There just isn’t enough time to test everything.

“The issues we keep confronting or not confronting in the IT industry are ignoring or omitting key steps of the Software Development Lifecycle (SDLC) and then mismanaging how that resulting software is deployed,” said CompTIA’s Stanger. “One of the primary reasons why software issues get missed by the good guys and exploited by the bad guys is because companies, individuals and groups that develop software tend to rush software to market.”

There are also challenges with the way software is configured and deployed.

“Many IT pros and even security pros still tend to think, ‘If I obtain the code from a secure source and run the hash tag, I’ll be fine. I’ll just update the code as necessary.’ Plus, relatively few companies actually test the software properly in a production environment by “throwing rocks” at the code and doing proper threat hunting,” said CompTIA’s Stanger. “Fewer still are able to update software adequately, because updates often break custom code. Imagine how security issues can propagate when you combine installed and cloud solutions.”

While developers should verify that the third-party software they use has been adequately tested by whomever built it, they need to retest it in the context of their own product.

Rob Rosenzweig, Risk Strategies Co.

Rob Rosenzweig, Risk Strategies Co.

“The reality of the current world we live in is that any business must undertake extreme caution and implement a thorough due diligence process when vetting any vendor that impacts their supply chain or is processing or storing any information on its behalf,” said Rob Rosenzweig, vice president and national cyber practice leader for insurance brokerage Risk Strategies Company. “While there is significant upside to the utilization of outsourced vendors in managing expense, obtaining a higher level of security and realizing operational efficiencies; the flipside is that organizations lose control and still retain all of the risk.”

Lesson Learned

The Equifax breach underscores the need for vigilance because hackers are constantly experimenting to find and exploit vulnerabilities, particularly when sensitive information is involved. When a vulnerability is found, it needs to be addressed in a timely fashion, unlike the Equifax breach. Due to the confluence of events, the Federal Trade Commission (FTC) is now investigating Equifax.

As is evident, the failure to implement one patch can have devastating consequences.

You’re Doing Analytics Wrong. Here’s Why.

Businesses across industries want to compete on insights, and yet many of them aren’t getting the ROI they expect. Somewhere between raw data and actionable insights, processes break down or they don’t exist. It’s not just a tool problem. Organizations need to change the way they think and behave.

Data is data

Every company has data, but not all organizations treat data as a valuable corporate asset.  If they did, they probably wouldn’t have multiple copies of customer records, none of which is “the golden record.”

“There’s no documentation so there’s no traceability,” said Ivan Chen, director of Enterprise Business Analytics at GPU manufacturer NVIDIA. “If you really want to get value out of your data, you have to put structure around it. We realized that, so we’re putting plans in place to provide a foundation for analytics.”

Chen is wrapping up the first month of a three-month pilot that will enable self-service analytics.  As a first step, his team is inventorying all of NVIDIA’s data assets, documenting them and putting them in a central repository.

“We’re codifying all the business logic in the repository so that people can see how the transformation that was done,” said Chen. “That way, there’s a baseline for discussion.”

In the next phase, analysts will get access to self-service analytics.

“The fundamental reason analytics is not successful is because different functions have different goals,” said Chen. “Business professionals are trying to answer questions about the market, but the market conditions keep changing so you have to keep enhancing the data in reports. IT is supposed to make those changes, but IT has other priorities, so the whole thing breaks down.”

NVIDIA dedicated three IT professionals to the pilot who are supporting Chen and his team. Before the pilot began, it took IT six months enhance the data in a report. Now it takes two or three days.

Analytics and outcomes aren’t aligned

When analytics and business outcomes aren’t linked, it’s impossible to understand the ROI. All too often, people believe analytics is the outcome, rather than a means to an outcome.

“Analytics are viewed as how many tools or dashboards you have, or how many reports you generate, ” said Isher Kaila, CEO of management consulting firm Sapphire Nine Consulting.  “No one is anchoring that to the amount of insights you are delivering, and by extension, what those insights translate to in terms of business outcomes.”

Visualizing data in different ways can help clarify what the data says. However, it’s also possible to visualize data over and over without producing any insights.

“You have to understand which insights are necessary for you to deliver an outcome, which people are attached to generating those insights, and who you will hold accountable for optimizing the insights linked to your outcomes,” said Kaila. “Most organizations do a pretty good job of managing their reporting tool environment, but someone needs to be accountable for transforming insights into outcomes.”

You’re stuck in the past

More companies are using predictive analytics to accomplish something proactively, although a lot of companies are still doing business through the rear-view mirror.

“If you’re just showing me the same data in a new way, how will that show me what I should be thinking about going forward? Is it challenging me to think about how I can optimize my business model? Are there processes I need to tweak? How much money am I leaving on the table? Are we cannibalizing our own revenue? Those are the kinds of questions you should be able to ask of your data,” said Kaila.

Some organizations have hired a chief analytics officer or a chief data officer to ensure that data can be used as a strategic asset. That person is responsible for bridging the gap between business and IT, orchestrating resources, and driving value from analytics.

“Leaders need to ensure accountability for insights,” said Kaila.  “If you do that, you’ll be able to align the definitions, the processes and ultimately how you operationalize predictive insights.”

[Analytics and advanced use of data in AI and machine learning will once again be featured during Interop ITX in 2018. The Interop team has issued a Call for Speakers. Practitioners and independent experts are invited to submit.]

Analytics work best when they’re executed as repeatable, sustainable processes that transcend any particular role. In many organizations, analytics are executed as a set of discrete functions and tasks, negatively impacting the potential value analytics can provide.

“Executives should be aware that they’re likely not even harnessing the value of their analytics spend today. There’s an analytics value chain in which outcomes are generated by insights, insights are generated by accountable business owners, and the accountable business owners have a strong partnership with their technical partners,” said Kaila. “Too often we see a lack of alignment around metrics and insights.”