Tag Archives: Business Practice

What role does empathy play in the OST culture?

27 Apr

And now, for a Lesson in the Greek… Empatheia!

Empathy. Say it a couple of times… heck, say it out loud twenty times in a row. Say it until it has no meaning for you anymore then back off, wait a minute and write it down on a piece of paper in front of you – then study it for a bit. Think on it. What does it mean to you?


Here is a word we hear all the time. But what does it really mean and why is it important? Why is it a valuable trait in our work and home lives? What does it truly mean to be “empathetic”? How can we increase our empathy and be thoughtful about employing it?


The etymology of the word empathy is from the Greek word “em” which in English translates to “in” and “pathos” which translates to “feeling”. Put it all together and the actual entire Greek word is “empatheia”.


So the ancient Greeks had a word which roughly translates to “in feeling” and which we use to describe an ability to understand and share the feelings of another. Or, in other words, to “put ourselves in someone else’s shoes.” Our usage of the word indicates that it is outside of ourselves and focused upon an external agency. I can “see it from his side”. I can “walk a mile in her shoes”. I can “feel your pain”. So, clearly the word and the idea has a strong place in our interpersonal relationships – as supported by the use in our popular vernacular. But is that the extent of it? Is that all there is to this? And how does it relate to our OST world?

Here are some thoughts I have around empathy in our world.

First off, from the perspective of our OST employees and teammates, empathy is the core foundation of our first belief, “honor our people and their families first”. We internalize the needs of individuals and their families and make them our own. We recognize when we need to put them first, ahead of ourselves and ahead of the needs of OST. We are constantly on the lookout for the opportunity to recognize a need and make sure it is met. We sacrifice our time and efforts to make sure that others get what they need, and we have expectations that others will reciprocate when we need. The reason we can do this is because we are actively “in feeling” with our OST family members and that allows us to care for them and their needs in a way which is not reflected in society as a whole – especially in the context of a corporation.

Empathy is a strong player in our second core foundation as well, “we will delight our clients”. How can we delight our clients if we are not “in feeling” with them? In other words, if we do not understand the true needs of our client how will we ever be successful in delighting them? There are those who believe that simply completing a task or project “on time and on budget” is the definition of delighting our client but I know it goes much deeper than that. To truly delight a client, it is not enough to just do what they ask, we need to understand what they really need and help them to get there! We need to be “in feeling” with them and taking our knowledge and skills and leveraging that understanding to build solutions that give them what they absolutely require, which is often quite different from what they have asked.

Look at our next guiding creed, “we serve with humility”. There are many definitions of service, but in this case  we mean that we provide “acts of helpful activity or aid”. Disregarding the obviously redundant nature of that definition (thanks for that dictionary.com!) it is clear to see that without an understanding of the need, without being “in feeling” with the one we are serving it will be very difficult to provide service which is of value. And how about that last little bit… “with humility”. What does that mean if not serving the individual in such a way that they feel (“in feeling!”) that the servitude is motivated by caring and compassion – not from a self-centered or selfish desire, but truly for the benefit of the one being served. As one being served you cannot feel that servitude is of pure motivation (which I believe is required in order to really feel good about it) unless it is delivered with humility.

Back to our usage of empathy as supported by our popular vernacular. Focused on others and aligned to interpersonal relationships, but is that the full extent? What about being “in feeling” with ourselves? What about giving ourselves the benefit of the doubt from time to time? What about recognizing the flawed humanity we all are and giving ourselves a break occasionally? We all need to remain aware of the fact that we need to serve ourselves too, and in order to do so we need to understand our own feelings and motivations. This blog post is not a suitable forum for a full exploration of this topic, but I know that some amongst us work on ourselves through therapy and coaching, while others meditate and journal. (Some of us stand thigh deep in freezing rivers in rubber pants waiving a stick too… there are many ways to explore yourself!) I’m sure though that many of us are not working on this enough, and that is something we should all spend more time on, time thinking about and taking thoughtful action to be more empathetic to others and ourselves!

We say it all the time, and we live it as well; we are a family at OST. We care for one another, we serve one another and we honor one another. At work and outside of work. And you know what else? We bicker and we argue and we dishonor one another as well, just like a real family! And just like at OST, the tenant of empathy is important at home with our own friends and families. Some of us are better at it than others… and some of us need to work on it a bit – both at work and at home. Safe to say that none of us are as good at it as we could be though!

As I close these thoughts today, the last thing I am thinking about is the role of empathy in design and design thinking. If you examine the approach and focus of human centered design, it is all about empathy. Empathy in understanding the user’s feeling towards a product or a service. Being “in feeling” with the user such that decisions and directions become more clear, and results are demonstrably better. If I had to point out one thing that I have found personally valuable from our close partnership with Visualhero as we have worked to merge our teams, it is the constant examples of empathy as it relates to our clients, each other and ourselves. Probably because of the design ethos which values empathy so greatly, the team at Visualhero practically oozes empathy in every single thing they do or say.

So… I am currently “in feeling” with you, kind reader, and see clearly and understand without question that you have had enough… so I will thank you from the bottom of my heart for reading this far and bid you “Avtio” for now!


Director of Professional Services

Director of Professional Services

John Vancil is a twenty-eight year veteran of the Information Technology field, currently holding the position of Director of Professional Services for Open Systems Technologies (OST) in Grand Rapids Michigan. During his career, John has held numerous development, support, management and staff level positions with companies ranging from enterprise (Electronic Data Systems, Baan) to the SMB space (Nucraft Furniture, OST). Today John is responsible for a $29 million dollar services operation which encompasses Data Center Solutions, Application Development, Data Analytics, Design, ERP and Advisory Services, Security, and Managed Services. John shares his life with wife Amy, daughter Catherine and Lambeau the world’s most exuberant Golden Retriever. When he is not serving the OST team, John likes to golf, fly-fish, compose and perform music and hang out with the family.

How to embrace the principles of Agile software development

13 Apr

Those who know me well know that I am obsessed with Alexander Hamilton. He’s the founding father you didn’t learn about in US History, mostly because he never became President. You probably know he was killed in a duel with Aaron Burr, you might even recognize him as the dude currently gracing your ten-dollar bill, but you probably don’t know that he was an orphan, an immigrant, and the guy who single-handedly created America’s financial system. (You should also thank him for the Constitution’s ratification – he wrote 51 of the 85 essays that make up the Federalist Papers.)

My obsession with Alexander Hamilton has taught me a number of things – about myself, about my work, and about how to simultaneously serve with humility and fight for what you believe in. More surprising, though, he’s also taught me something about embracing the principles of Agile software development.


“A well adjusted person is one who makes the same mistake twice without getting nervous.”


Think about that for a minute. It seems to run contrary to everything you were taught in school, doesn’t it? Making a mistake is bad enough, but making the same mistake twice, that’s unforgivable! We think of a mistake as the opposite of a success. We’re wrong.

Our software development delivery process at OST is based on the Agile Manifesto (www.agilemanifesto.org). The Agile Manifesto, and Agile software development in general exposes to us a core concept that iteration is a key to success. Responding to change wins out over following a plan every time.

In software development, this makes sense. Try something. If it doesn’t work, try something else. Do something. If it doesn’t match the user’s expectations, learn from it and do something else. Build something. If it doesn’t satisfy all of your needs, build more. This is how we do what we do. We start somewhere, and then we iterate. We test out ideas and approaches. We validate concepts and database constructs. We build, tear down, and build again. We iterate, iterate, iterate; each generation an improvement on the last.

It’s great! It’s a process that makes great solutions, and a framework that sets projects up to continually improve. At its core, continuous improvement requires that you have room to improve; embraces the notion that there is always opportunity to improve.

In life, though, that’s a hard concept to wrap our heads around. We don’t provide ourselves with a lot of grace to make mistakes. We tend not to look fondly on things that need improvement. And our lexicon is full of really awful words that we toss around at ourselves (and others) when things don’t go as well as we hoped. You failed. You blew it. You screwed up. You made a mess of things. You got it all wrong. You lost sight of the big picture. They’re terrible, soul-crushing words. Defeat. Collapse. Crash. Bomb. Die. They’re all words and phrases we employ to remind ourselves just how awful it is to fail.

Enough already!

Here’s what Alexander Hamilton taught me. It’s not awful to make a mistake. It’s essential. Let me say that again – it’s that important.

Failure is required for success.

It’s a foundational principle in practical Agile software development, and a foundational principle in life.

Fail. Make mistakes.

Then learn from them.


Andrew J. Powell Principal- Application Development

Andrew Powell serves the Application Development practice at OST , providing guidance, strategic support, and candy to more than fifty developers and consultants. Andrew has been a technology consultant for more than twenty years. In addition to consulting, Andrew is a frequent public speaker in technology circles, and loves to talk about the coming Robot Apocalypse and how application developers are positioned to defend the world against our future robot overlords. When not cowering in fear, Andrew makes his home in Grand Rapids, Michigan.

Protected: Time to Value

23 Apr

This content is password protected. To view it please enter your password below:

The Rise of Spearphishing (Pt. 2)

18 Dec

Spearphishing: Protecting Yourself and Your Company

(Continued from Part 1: The Rise of Spearphishing)

The human element is often the easiest attack surface for malicious hackers. Networks can be hardened and secured, but this only goes so far if an organization neglects to train employees about the ways in which they personally can be used and manipulated in an attack. In the previous entry, we discussed the threat of spearphishing and its prevalence. In this entry, we will discuss ways to minimize the risk of this threat. There are four key elements to protecting yourself and your company from spearphishing attacks:

Employee vigilance and email link inspection

Far and away, the most effective way to minimize the likelihood of a successful spearphishing attack is employee awareness training and education. A qualified third-party security firm should conduct awareness training. Alongside this, we recommend company-wide phishing tests be performed to simulate a real attack and to help discover those individuals that may need further training.

In a spearphishing attack, a URL link is often provided which the victim is encouraged to click on. Two critical tips can help reduce risk here:

  1. If you are sent an email containing a link, mouse over the link. A small box should pop up displaying the destination URL if you were to click on the link. Say for example you receive an email from a friend asking if you’re attending a particular Facebook event, with a link to the event provided. When you place your cursor over the link, you see the destination URL is actually to “http://face-book159.com/login.html”. The destination URL is likely a fraudulent copy of Facebook’s site where the attacker will steal your password. Do not click the link and forward the email to your IT administrator.
  2. Any time you receive an email from a popular institution that requires you to login, never click any links in the email – even if the links appear legitimate (have a valid destination URL). Instead, manually type the URL in your web browser’s address bar. So for example, if you receive an email from Amazon.com saying that a password reset is required, do not click any links in the email and only navigate to Amazon by typing http://www.amazon.com in your address bar.

These should be the first line of defense used to protect you and your company from spearphishing attacks. Without the utilization of the above strategies, the remainder of this article is not very helpful – so make sure you have your priorities set correctly!

Limiting information available about you on the web

The spearphishing methodology requires than an attacker performs research on a victim in order to make fraudulent communications with the victim appear to be from a trusted source and to increase authenticity. The first place an attacker will look is Google. If you Google your name, what comes up?

For most people, the answer is social media accounts, web forum memberships, and perhaps other sites that reflect your interests. This information can all be used to create a spearphishing attack that appears genuine. For example, if a Google search of your name shows your Twitter account, an attacker may research this account: see who you tweet to, what their names are, what your conversations are about.

Minimizing this threat is simple. Wherever you can, disable public display of your profile on these sites. Require that requests be sent to you, that your profiles are not included in search engines, and that all of your personal information and pictures are restricted.

Furthermore, if someone you don’t know sends you, for example, a friend request on Facebook – don’t accept! Be conscientious of what information about you is out there and who can see it.

Avoiding reuse of the same password

This is an extremely common problem. Many people use the same password for all of their online accounts: social media, banking, email, PayPal and everything in between. Well guess what … bad guys know that!

If you do fall victim to a spearphishing attack, the extent of access in which you give a hacker can be limited by having dissimilar passwords across different services and accounts. In other words, don’t use the same password for everything! During a penetration test, when OST discovers a password, the first thing we do is try it in as many other places as we can. It almost always provides us further access.

Not to mention, there’s a big difference between losing control of your Facebook account and losing control of your bank account!

Proper patching, email/web filtering, and antivirus

The primary target in a spearphishing attack is a human. Spearphishing risk mitigation occurs most effectively through awareness, training, and pattern change as described above. However, a strong second line of defense can be added via technology. Regular patching, active filtering and antivirus are also critical elements to protecting yourself. Spearphishers may use infected files as part of their phishing attack (i.e. your “boss” sending you a PDF report on your performance). Though it may not catch all, filters are designed to prevent delivery of these types of infected messages; antivirus is designed to prevent infected files from running.

Everyone knows that computers and networks need to be protected from hackers. Lack of awareness regarding the human element to IT security is the reason that spearphishing is as prevalent and successful as it is. While it is impossible to be perfectly safe, making use of the tips outlined above will dramatically reduce the risk of you or your organization falling victim to a spearphishing attack.


Jeff Serini

Jeffery Serini, IT Security Consultant at OST

Jeffery Serini’s IT security obsession dates back to his teenage years, when he began pen-testing on their home computer. Serini is presently an IT Security Consultant at OST. After joining the Security Team in 2011 under W. Scott Montgomery, he has performed over 250 Security Assessments and consulted with a wide variety of clients, including those in the financial, manufacturing, healthcare, gaming sectors and more. Leveraging a unique approach, the OST Security Team is capable of providing a practical and relevant assessment designed to help administrators and executives alike understand their InfoSec posture.