Heavy Strategy

How should you shape your IT strategy around the possibility–or is it probability–that the AI economy is a true bubble and will burst soon? John Burke and Johna Johnson revisit the signs indicating that an AI bubble is in full swing and pointing to the potential for collapse in the near term. Doomsaying having been... Read more »

The best strategy in the world won’t succeed if a team falters operationally. But what is operational excellence, and what does it take to acquire it? Cal Poly faculty member (and former Intel strategist) John Miranda shares his thinking with our Heavy Strategy listeners. He discusses concepts like the theory of constraints, root-cause analysis, and... Read more »

Mav Turner, Chief Product Officer at Kentik, joins John Burke and Drew Conry-Murray for an in-depth conversation on the importance of deep visibility into enterprise networks. As networks grow more complex and stretch from on-prem and WAN to multi-cloud and edge locations, this sponsored discussion explores how good visibility supports everything from daily operations to... Read more »

At CES in January, NVIDIA, AMD, Siemens and others spun elaborate tales of a world suffused with AI: AI in the cloud, AI at the desktop, AI in the factory, AI underneath enterprise software and as the UI for enterprise software and agentically accomplishing anything and everything in a world of embodied, physical AI. Johna... Read more »

Every employer knows to conduct background checks. However, conducting background checks on IT professionals requires an extra layer of verification, given the privileged access they typically have to IT systems and tools. Moreover, in this AI era, background checks need to be deeper and more effective than before–in the past we didn’t need to verify... Read more »

The recent U.S. Executive Order 14365, Ensuring a National Policy Framework for Artificial Intelligence, is the administration’s latest attempt to prevent the enforcement of most of the AI laws passed in individual US states. Because it is only an executive order (EO), it cannot directly nullify, supersede, forestall, or put a pause on state-level laws.... Read more »

Are there some things that can come off your strategic planning radar for IT and cybersecurity in 2026? If you ask AI, you’ll get some surprising answers. Johna and John take a critical look at this AI-generated list to see which ones may or may not be “solved enough” to fall off the strategic planning... Read more »

Leaders may shy away from thinking about insider threats because it means assuming the worst about colleagues and friends. But technology executives do need to confront this problem because insider attacks are prevalent—a recent study claims that in 2024, 83% of organizations experienced at least one—and on the rise. Moreover, AI and deepfakes vastly enhance... Read more »

Your next security teammate might not be a traditional hire — it could be a Digital Security Teammate (DST),” says Secure.com CEO Uzair Gadit. In this sponsored episode, Uzair explains the concept of a DST and how it differs from an AI SOC. He highlights the operational and business benefits of deploying DST, including improved... Read more »

As you wind down 2025, what should you be planning to do for 2026? The Heavy Strategy team breaks it down for you with eight resolutions for the new year. From setting an AI strategy to cloud optimization, Johna and John can help you enter the new year prepared for what’s next. Other resolutions include... Read more »

Anand Oswal, Executive Vice President at Palo Alto Networks, joins Johna Johnson and John Burke for a wide-ranging exploration of two emerging focal points of enterprise risk: cryptographically relevant quantum computing, and browser-mediated agentic AI. The looming arrival of quantum computers that can break legacy encryption has already created the threat of “harvest now, decrypt... Read more »

AI and other technologies are increasingly capable of delivering company-ending events. How do you have “the conversation” with senior leadership–the one about the existential risks your organization faces, and the steps needed for remediation–in a way that ensures that your company is maximally protected, and that you get the resources you need? AdSpot Sponsor: Meter ... Read more »

Environmental, Social, Governance (ESG) initiatives aren’t just “the right thing to do”, they can also save companies real dollars, particularly if they’re investing in data centers and other infrastructure. Join Jonathan Ciccio, Continuous Improvement Manager for The Siemon Company, as we discuss The Siemon Company’s ESG initiatives. The Siemon Company has been in business for... Read more »

The evolution of the modern, Internet-driven economy has created the conditions for essentially unbounded Nth-party risks (that is, risks from your suppliers, and risks from your suppliers’ suppliers, and risks from your suppliers’ suppliers’ suppliers, ad infinitum). Nth party risks exist in public clouds, SaaS, software and hardware supply chains, and now in the form... Read more »

To understand how much to spend on cybersecurity, you have to accurately assess or quantify your risks. Too many people still peg their cybersecurity spend to their IT budget; that is, they’ll look at what they’re spending on IT, and then allocate a percentage of that to cybersecurity. That may have made some sense when... Read more »

In times of major change–whether in IT or the economy–organizations should take a fresh look at their sourcing strategy. Companies outsourcing key functions need to re-examine the reasoning and scrutinize the results. The same goes for in-house functions. IT leaders need to ask: is our sourcing strategy in line with our current corporate and IT... Read more »

Sure, some days you hate your job. But how do you know when an IT position has gone from being run-of-the-mill annoying to truly toxic? And what do you do about it? Johna Johnson and John Burke are joined by Sandy Miller, a pseudonym for a CIO at a major global company who talks about... Read more »

Network-as-a-Service (NaaS) promises enterprises the ability to set up and configure connectivity and network security with a couple of clicks. But for NaaS to truly transform enterprise networking, one thing has been missing: standards. Enter Mplify (formerly the Metro Ethernet Forum), a non-profit focused on standardizing NaaS service definitions. Mplify’s CTO, Pascal Menezes, joins Johna... Read more »

The modern enterprise is built on cloud, with most organizations using SaaS for their “horizontal” work horse layers, such as communications, conferencing, HR, and payroll. That makes the enterprise entirely dependent on the good-faith execution and good-will delivery of the cloud providers. Those providers have a huge economic incentive to reliably deliver software – but... Read more »

Google now estimates that the specs for a Cryptographically Relevant Quantum Computer (CRQC), which can break conventional public key encryption in a useful amount of time, are lower than they had previously estimated…by 95%. Given the breadth and pace of advancement in quantum computing, this makes the advent of the CRQC likely to happen years... Read more »

Is adding AI to your environment a software purchase? Or is it more like hiring an employee? Heavy Strategy’s John Burke and Johna Johnson debate whether AI should be treated as just another application you buy and use, or be handled like an employee you’re bringing on staff (complete with background and reference checks, training... Read more »

Whether it’s CNAME records pointing to dead endpoints or abandoned cloud storage buckets still mentioned in the makefile or Chef recipe, seemingly innocuous bits of infrastructure that don’t get cleaned up can turn into serious security threats. (Both of these examples are taken from real-life attacks, BTW). When and how and who within IT should... Read more »

Here we are, a bit more than halfway through the year. How’s your execution against your strategy going? Roiled by the economy? Disrupted by tariffs? Thrown off by staff retirements? If you built a proper technology strategy in the first place, driven by the business strategy, then no matter what is happening don’t ignore it,... Read more »

IT teams deal with technology lifecycle issues all the time–including Y2K, which enterprises across the world grappled with for years. The Epochalypse, or Year 2038 Problem, is similar. Specifically, some Linux systems’ date-time counters will go from positive to negative at a specific date in 2038, potentially wreaking havoc on embedded systems and any other... Read more »

You need someone to design your operations processes–or perhaps redesign them. That’s an Ops Architect. Should you take an ops person and train them up in architecture? Or an architect and train them up in operations? Do you even have that ops/engineer/architect organizational structure – and should you? Johna and John dive into this discussion... Read more »

How far ahead should you plan, and what things belong in your strategic plan? Conventional wisdom holds that a 3-year planning horizon is “about right”–but in a period of rapid technical and geopolitical change (such as we’re arguably in right now) does that go too far out, particularly when agile methodologies recommend shorter action plans... Read more »

It’s all well and good to develop a technology strategy, articulate and document the strategy, and agree (supposedly) on that strategy. But what do you do when one or more of the tech teams act in apparent opposition to the strategy? John and Johna discuss why this happens and what questions you need to ask... Read more »

AI can impact an enterprise in several ways: making individuals more productive, making products and services more effective, and making it easier for customers and partners to do business. IT plays a critical role in enabling AI to have these impacts. On today’s sponsored Heavy Strategy, Cisco CIO Fletcher Previn explains how to locate AI use... Read more »

Most organizations have a long list of security holes in the form of unpatched systems and other known but unresolved vulnerabilities. Is it time to hit the big PAUSE button and fix, patch, or mitigate all of that before we resume deploying new systems (and their accompanying risks)? Join us as we tear into whether... Read more »

Is it actually possible to run a team without lying? Steven Gaffney, author of the book, “Just Be Honest”, joins Johna and John to talk about why being honest is harder than it sounds–and how (and why) to do it anyway. Steven spends his career advising science and technology leaders about how to be more... Read more »

IT and network leaders need more than uptime—they need to know what their networks cost, what they deliver, and how future changes will impact the business. That’s where Netos comes in. CEO and founder Richard Foster joins Johna and John in a lively discussion to explore how Netos turns complex operational data into clear financial... Read more »

What do you do when your colleagues or senior leaders ask you to do something illegal? It’s hardly hypothetical; recent years have seen high-profile firings and convictions of CIOs and CISOs who’ve been ordered to break the law. John and Johna discuss steps that tech leaders can take if they’re put on the spot. Episode... Read more »

IT teams too often wrap a strategy statement around a basket of projects already in progress or known to be coming, rather than defining a strategy and then letting it spawn, guide, or absorb projects. On today’s Heavy Strategy we discuss whether IT teams have any alternative to this approach, given how much gets “thrown... Read more »

Someone needs to be scanning the horizon for the threats and opportunities that are distant for now–and they need to be able to turn that foresight into action. We welcome John Miranda of Intel for a lively discussion of how to look ahead, how to get folks to pay attention to the alerts you raise,... Read more »

Can AI and automation create a truly autonomous network, one that’s self-diagnosing and self-healing? Join Vitria CTO and Founder Dale Skeen and industry analyst Charlotte Patrick in this sponsored episode of Heavy Strategy to discuss the challenges–and limitations–of using AI to create autonomous networking. This discussion covers the “intelligence architecture” required to implement automation, and ... Read more »

AI Large Language Models (LLMs) can be used to generate output that the creators and users of those models didn’t intend; for example, harassment, instructions on how to make a bomb, or facilitating cybercrime. Researchers have created the HarmBench framework to measure how easily an AI can be weaponized. Recently these researchers trumpeted the finding... Read more »

Billy Joel had it right: It’s a matter of trust. Too often Operations, Engineering, and Architecture teams don’t trust one another–and nobody trusts leadership (and vice versa!). Special guest (and PacketPushers host) Scott Robohn joins us to talk about how to build trust, and the special role of an Operations Architect. Episode Guest: Scott Robohn, ... Read more »

It’s better to plan for your IT strategy than not. But sometimes circumstances arise such that the plan, no matter how well conceived, just doesn’t work any more. On today’s Heavy Strategy, we explore how and why you should change a plan in the context of IT and business objectives. Sometimes this means small changes... Read more »

Recent events have driven home a simple fact: neither your devices nor your network services can be trusted totally, and they could all be turned against you, possibly fatally. Join us as we discuss the harsh realities of the evolving cybersecurity space, and how enterprise leaders in and out of IT need to change their... Read more »

This has been a big year for AI regulation, from the EU AI Act to the much hyped California SB1047, currently in limbo. With things bubbling along across the country, and at the federal level, and internationally, there’s a lot going on and IT folks should be keeping current and planning to meet a changing... Read more »

​​Some high-profile companies like Amazon are mandating all employees return to the office, full time. Justifications, when given, mostly revolve around productivity and innovation. We say, whoa there! The data don’t back up the idea that hybrid and remote work hurt productivity (kind of the opposite) or innovation, and the real justifications likely lie elsewhere.... Read more »

Analysis paralysis is a huge problem in IT – we “study” and “evaluate” and “keep on our radar” but then all too often have a choice and a need to act thrust upon us, and need to switch modes fast. How do we try to get more mileage out of the studying to get leverage... Read more »

Startup Alkira has built a Network as a Service (NaaS) offering that extends from on prem to public cloud and multi-cloud. Today’s sponsored episode of Heavy Strategy digs in to Alkira’s capabilities in multi-cloud networking, security, automation, and cost transparency. Guest Manan Shah, SVP of Product at Alkira, explains how Alkira simplifies network management, enhances... Read more »

In this episode, John and Johna share the findings from the recent [Next] conference that most inspired them: How to project-manage an 18-year effort to put a drone on Titan, why AI algorithms need to consider the factor of time, how to train robots, and why effective storytelling is an essential tool in a technology... Read more »

Don’t let the perfect be the enemy of the good… it’s a challenge that architects and strategists often face. They may design a “perfect” architecture or strategy, only to see it overwhelmed by the realities of implementation. John Burke and Johna Johnson discuss the questions to ask to ensure that devotion to the perfect doesn’t... Read more »