Mentoring in Business

Mentorimage courtesy of

I have always valued the act of mentoring and believed it has an important role in business, particularly in the business of technology. Recently I was listening to a business podcast on the subject and it inspired me to write about it. I have always used mentors and I currently have three in my life; in addition, I also am a mentor. (see Mentoring is not binary, I believe you can and should be both a teacher and a student in this process. I also believe that a common practice can be developed across all of IT that will benefit the industry and its customers.

I remember the impact of my first business mentor. Early in my sales career, I was insecure and concerned that I didn’t know everything about the technical product I was selling. When I told my boss and mentor about how I felt he responded with the simple affirmation, “you know much more about the technology than your prospect does.” It reassured me, and it has helped me throughout my career as I have had similar insecurities. I think this anecdote is relevant to the act of mentorship, you don’t have to be an expert, just know something of what you teach. However, mentoring is business is more than teaching about technology. It needs to be a defined process that the student understands from the beginning. It should include not only instruction on technology but additionally information of the culture and the politics of the organization where they work. Instructions on how to act and work within the bureaucracy and processes of the company are vital. This type of information can’t be taught in school and eliminates hours of wasted time for the new employee to figure out these details for themselves.

Many believe that a large part of today’s IT careers is a trade rather than a science, not requiring a college education. IT jobs often depend on certifications (certs) that are developed and maintained primarily by the largest IT vendors like Microsoft and Cisco. These certs are developed around new and developing technologies, ignoring some of the more fundamental technologies. Many newcomers to the technology workforce want careers in software development, creating applications such as those that run on their smartphones. IT infrastructure, my focus of expertise, and a far less sexy technology is still required to support these applications. Infrastructure is an example of a technology that may be best passed down through mentorship.

If an (IT) community-based mentorship program can be developed in technology, it could eliminate the challenges of the large vendors running the IT education process. Ideally, a system could be developed such as was utilized for centuries, the concept of a master and an apprentice. Masters, or experts in a trade, were paid to pass their knowledge on to the younger apprentice. For this process to succeed it needs to be started and supported by the hiring companies within IT. Established employees should be compensated for mentoring and expected to teach new employees the many aspects of their job. As these programs become more widespread, an education process for the trade of IT can be developed and maintained where it should be, the IT community.

Mentorship is an art that has been looked over because of today’s requirements and expectations of a college education. I believe mentoring has tremendous benefits and will produce a better and more rounded education for new entrants to the field of IT.




In this time of IT security breaches, businesses of all sizes have become aware of the consequences of not having a solid IT framework and security policy. What previously was a concern for only large enterprises has now become a challenge all businesses share. Government regulation, such as the Health Insurance Portability and Accountability Act (HIPAA), have mandated compliance for the security of Protected Health Information (PHI) for any size of enterprise that stores PHI. A recent trend has been for large enterprise to relay their compliance and security requirements downstream to their suppliers which may be smaller businesses. One of the initial causes for this was the Target breach. Target, who was fully compliant with their regulatory environment,[1] (PCI DSS), was breached through an HVAC vendor. This Target business partner was primarily responsible for compromising credit card information for millions of its customers and causing large scale damage to Target’s finances and reputation. To learn more about the total cost of a data breach please see my previous article: .

In addition to government regulation, industry associations have aligned to create a compliance standard for their data. One primary example of this is the PCI DSS previously mentioned above in regard to Target. PCI DSS develops a robust payment card data security process — including prevention, detection and appropriate reaction to security incidents. The PCI Security Standards Council originates the standards for compliance to all credit card information as well as an approved list of assessors who audit and validate an entity’s adherence to PCI DSS.

Businesses are not completely on their own to navigate through this complex regulatory and IT security environment. There have been a series of IT frameworks developed that an organization can use to reach their goals. These frameworks describe IT “best practices” which are written in general terms. Typically, businesses use them as a reference to achieve regulatory or security compliance. Below are some examples of the most common IT frameworks available today:

  • COBIT– A framework designed by Information Systems Audit and Control Association (ISACA) to provide management and business process owners with an IT governance model that aids in delivering value from IT and understanding the management of risk associated with IT.
  • ISO 27002– An IT security standard originated and maintained by the International Organization for Standardization (ISO) and the International Electro Technical Commission. (IEC)
  • ISO 38500– Similar framework to ISO 27002 for IT used by management and originated and maintained by the International Organization for Standardization (ISO) and the International Electro Technical Commission. (IEC)

IT security best practices at the highest level can be classified in 3 categories; physical safeguards, administrative safeguards and technical safeguards. Below is a brief description of each.

Physical Safeguards are tools such as alarm systems (video), key card systems, secure locks for offices and drawers where laptops and phones are stored, a guard or receptionist always at the front door and a secure IT server room.

Administrative Safeguards are processes that include creating a security officer and/or department, creating training programs to make all employees aware of what data needs to be protected and how it is protected, a company policy for storing and archiving of protected data and business continuity policies.

Technical Safeguards are IT tools such as Unified Threat Management (UTM) and Next-Gen firewalls, malware and virus protection software on servers and workstations, encryption of data in transit and at rest and a strong Business Continuity and Disaster Recovery (BCDR) plan that is tested on a regular basis.

Following these principles and best practices not only help to achieve a business mitigate risk  but also make good business sense.


Contact us so that we may learn more about the IT challenges within your organization. We will provide an initial consult at no cost! We can provide best in class IT Project Management in Cincinnati or remotely.

Jim Conwell (513) 227-4131

[1] PCI DSS is an acronym for Payment Card Industry Data Security Standard. PCI DSS is an industry based regulatory authority for the credit card industry.

above image courtesy of RF IDeas

Death of the Salesman?


Lately I’ve been thinking about the beginning of my sales career and how different things are for today’s salesperson. I don’t believe salespeople have exclusivity to the story “How the Internet has changed Business”, but it is the business story I know the best.

I was fortunate my beginnings in telecom in the 1980’s was in project management (PM), not in sales. This allowed me to work closely with sales people, as well as learn the technical side of the business first. The company I worked for, InfiNET, sold and installed phone systems of 100 users or more. After a few customer meetings of discovery, we would typically “cutover” the phone system after 5 pm on a Friday evening.  Our customers had no tolerance for phones to be down for even a moment during business hours, at that time it was their most critical application.

Inevitably, there would be unplanned problems we would resolve on site. This allowed me to create a close relationship with my best technician, a bi-polar genius named David. David knew more about the phone company network, and the equipment we installed, than anyone I’ve ever known. It was on these working weekends, watching David systematically troubleshoot issues, that I sharpened my technical expertise.

The owner of that company, as I was just getting comfortable in PM, asked me if I would like to try sales. I laughed out loud, and gave an emphatic “NO!” Soon I realized that it really wasn’t a question, and my sales journey began. My technical and application knowledge was deep, and my customers trusted me already, so my sales career began with huge success. It wasn’t long before I needed to sharpen my sales skills to keep my funnel growing.

At this time I discovered at the time that the salesperson was a trusted counselor, educator and guide through the process of acquiring goods and services. When I would first meet my prospects for large phone system they had no idea how these systems worked, the components and how to make the right purchase. Business Telecom was still young and businesses were used to paying rent to the monopolistic phone companies for their phone systems. For that reason, the decision makers were primarily financial leaders, not the IT managers that handle the process today.

Fast forward to today, the technology has matured and the advent of the internet has affected the purchase process greatly. Cold calling has become very rare with voicemail and email. Telecommunication has integrated with IT and the primary decision maker is the IT manager. The IT manager, as with most buyers today, has a completely different process for purchasing. The trusted counselor, educator, and guide is dead. The internet has eliminated the role of intermediary for the salesperson. I recently read that 90% of B2B purchases start with a web search, a complete turnaround from when I started.

Where does sales go from here?

Contrary to the messages above, sales is not dead, it’s not even sick. It’s changed, so we need to change. My examples above are about the businesses of technology, but the internet has affected all business. Just ask your travel agent or taxi driver the next time you can find one. The salesperson plays a vital role in business and always will. So how can the salesperson still provide value in today’s environment?

  1. Bridging the Gap– As much as the buyer thinks he knows from his research, the salesperson knows more about the product and service he represents. I’ve seen a gap between what the buyer believes he’s getting and what he’s actually going to get. Once he knows the buyers perspective the salesperson can then see that gap. At that point he can help the purchaser by eliminating mistakes and confusion he has seen others make.
  2. Connecting People– With the demise of traditional prospecting methods, new ones must be developed. Networking is a huge part of this; the salesperson of today spends hours every week building his network. He can share these valuable resources through referrals. It can be a risky exercise to introduce a prospect to others that could offer value independently. Ultimately, he should trust the process of helping decision makers and organizations in this way.
  3. Provide and Display Expertise– Another technique to be developed is sharing knowledge and expertise. Today this is through blogging and social media. The information should be given away in hopes that when the prospects need help they will come to the expert. I’ve see this process work, you need to trust the

These are some of the ways I’ve found, if you have feedback or know of other ways of providing value please share them with me at or call me at (513) 227-4131