Digital Transformation Starts with Trust

Photo Credit: krakenimages on Unsplash

Author: Trac Bannon

We are navigating an unprecedented era of continuous change and transformation, especially in the realms of technology and organizational structures. This constant evolution challenges us to adapt swiftly, yet it often clashes with the entrenched habits and practices deeply rooted in our personal and organizational “muscle memory”.

Across my career as a software architect and DevSecOps expert, especially in my tenure with MITRE, I have observed how this muscle memory can provide stability and efficiency in certain contexts. Unfortunately, it can also act as a formidable barrier to embracing new methodologies, technologies, and mindsets; even the most energetic and experienced Change Agent can be stifled.

There are many different approaches to enable transformative behaviors and to empower an organization. The essence of most digital transformation approaches and frameworks share these core elements:

• Shared Vision is the concise, robust picture of the future, painted in broad, unambiguous strokes. It is direct, unambiguous, and compelling in its simplicity. Everyone in the organization and the effort must support and believe the vision. The vision frames strategic decisions at the macro level and individual daily actions at the micro level.
• Blended Teams bring a range of skills and experiences, crucial for tackling diverse challenges. This variety fosters strategic strength, collaboration, and empathetic understanding, driving innovation and adaptation. Their collective knowledge and perspectives build organization resiliency and agility in the face of change.
• Common Language means everyone has the same frame of reference, a common set of definitions, the rationale, and the impacts. No one is left behind or lost in jargon. It’s the simplicity in communication that breeds clarity in execution.
• Trust is the fundamental element that is unseen yet vital. Trust binds individuals, teams, and organizations together. Trust enables an organization to navigate the uncertainties of change and embrace new challenges confidently.

Each of these elements intersects with the other elements and, often, will amplify them. For example, having a Common Language can help to bind together the Blended Teams whose members bring the diverse backgrounds and viewpoints to achieve a Shared Vision given the shared Trust across the organization.

At MITRE, these elements encapsulate the broader ethos required for effective change in the Digital Age, but none of them rely on a particular tool or technology. Each of these four elements is critical in its own right and they’re built on human interactions. All four must exist if an organization is to achieve sustainable continuous improvement. Unfortunately, many organizations are challenged to tame three of the four elements: Blended Teams, Common Language, and Shared Vision. The fourth, Trust, is often elusive.

Institutional Mistrust

While implementing the core elements of Shared Vision, Blended Teams, Common Language, and Trust are essential, a significant roadblock often emerges: Institutional Mistrust. Described in “Antipatterns: Managing Software Organizations and People¹” by Dr. Philip Laplante and others, Institutional Mistrust is an antipattern. An antipattern is a repeated practice that initially appears beneficial but ultimately makes things more difficult. The Institutional Mistrust antipattern refers to a deep-rooted lack of Trust within an organization.

The Institutional Mistrust antipattern is classified as an Environmental antipattern that has its roots in communication, culture, and honesty. Institutional Mistrust emerges when there’s a consistent skepticism or disbelief in the actions or decisions of others. It often leads to duplicated efforts, reluctance to share information, and a general breakdown in effective communication and collaboration.

Symptoms of this antipattern include:

• Tasks that are duplicated because the results from one group are not trusted by another group. The possible rationalizations are myriad. Instinctively, if you don’t trust someone, you don’t trust their ability to do the job well.
• Energy and morale are lost with the pointing of fingers. It is not simply about wasted time; it is about the human aspect and the toll it takes.
• Good staff leave.

Overcoming this antipattern requires intentional and deliberate focus on fostering open communication, transparency, and a culture of mutual respect, understanding, and Trust.

Where to Start If You Are a Change Agent?

Kickstarting change requires a mix of strategy and empathy. Always start with a shared vision that resonates across the organization. It may already exist; if one has been written down already, revisit that existing vision statement as a team. If one doesn’t exist, consider using MITRE’s Mission and Vision Canvas to quickly answer, “Who are we and what do we do?” Whether new or revised, make sure to calendar recurring time to revisit and refine so that the vision aligns with current goals and challenges.

Language is your next frontier. As an organization, develop a common language that everyone understands. Break down complex technical jargon into clear, concise terms. Where helpful, identify a few generally-agreed-on metaphors to help internal and external understanding. Shared language fosters better communication, understanding, and expectation setting. Like the shared vision, organizations that continuously revisit their shared terms and definitions proactively break down barriers before they arise. There can be unintentional definition drift or even a need to update definitions with new facts or changes in team members.

Productivity, collaboration, and empathy all improve with blended teams. This is one of the more difficult challenges. Organizational constructs are often tied to lines of business, corporate directives, and funding. For example, in organizations that design and deliver software, the concept of DevSecOps is common when beginning digital transformation. DevSecOps involves having security, operations, and delivery teams collaborating early and frequently as a single team focused on delivering a valuable end product. DevSecOps can greatly reduce friction and waste, and improve the speed and quality of software.

The inverse of blended teams is a phenomenon identified in Conway’s law, as described in 1968 by Melvin Conway:

“Any organization that designs a system (defined broadly) will produce a design whose structure is a copy of the organization’s communication structure.”²

In this very common situation, pre-existing organizational structure dictates processes based on handoffs and silos. It has even been demonstrated to be reflected in software design, codifying an organization’s structure in the processes and the resulting software. The most effective alternative is to define the problem then build a team with a breadth, depth of skills, and experiences.

Foundation of Foundations: Trust

Lastly, and most critically, prioritize building Trust. This is often the most difficult and some would say, the “fluffiest”. Trust is about building and maintaining relationships based on mutual respect, integrity, and transparency. The challenge has often been figuring out how! I’ve watched folks hope to build Trust by having complementary personalities or by being exceptionally communicative.

There is a qualitative formula called the Trust equation published in 2000 by Charles Green, et al.³ It is predicated on the concept that Trust cannot be demanded but, rather, Trust is a choice that results from someone evaluating the trustworthiness of another. Green’s logical approach helps individuals to deliberately improve their trustworthiness value by making honest yet strategic changes to variables like Perception of Credibility and Intimacy.

Developing Trust is not a static achievement. Cultivating and maintaining Trust is a dynamic, ongoing process. It demands continuous effort, reflection, and adjustment, especially in response to the rapid changes characterizing today’s technological and corporate landscapes.All of the other three digital transformation elements (Shared Vision, Blended Teams, and Common Language) are needed to improve the likelihood of success in developing the fourth element, Trust. Trust is, by far, the hardest and most deliberate element.

Trust is about building and sustaining relationships that can withstand the pressures and uncertainties of change. In parallel, we must recognize that Trust is not automatic, nor can it be demanded. Trust is transactional: it requires the demonstration of trustworthiness and the subsequent decision to extend Trust.

Green’s Trust equation⁴ provides a valuable framework for understanding the elements required to build Trust. The Trust equation underscores qualities essential for anyone leading or facilitating change. The premise is simple: for someone to extend Trust to you, they must evaluate your trustworthiness and decide whether they will trust you.

The three attributes in the numerator of the Trust equation are force multipliers that build upon each other’s strengths:

• Credibility is more than just technical expertise. Credibility combines your knowledge with a deep understanding of the specific contexts and challenges your clients, your teams, or your projects face. It’s demonstrated and reflected in how you express your ideas and insights, ensuring they resonate authentically with your audience.
• Reliability is demonstrated through consistent actions and keeping promises. Reliability in a professional setting means not just completing tasks but understanding and respecting the unique contexts of your colleagues. It’s about being a dependable figure in both deeds and understanding.
• Intimacy involves building personal connections and creating an environment of psychological safety. It’s about ensuring open communication, where team members feel their concerns and aspirations are heard and confidences are maintained. Intimacy in the Trust Equation relates to the sense of security and understanding within relationships.

The fourth attribute, in the denominator, is Self-Orientation, the degree to which a person focuses on themselves versus others.

A high degree of Self-Orientation indicates a focus on personal gains, motives, or interests. A low degree of Self-Orientation signals selflessness, suggesting a greater focus on the needs, interests, and well-being of others over one’s own personal agenda. The Trust equation shows an inverse relationship between Self-Orientation and Trustworthiness. Lower Self-Orientation increases the perceived Trustworthiness and, by extension, is more likely to result in a decision to extend Trust.

The Challenge of Access to Scanning Tools

One of my roles was as the chief enterprise architect (EA) leading all EA efforts for a large state agency. In leading the digital transformation, I worked with other leaders and began to blend our teams including integration of security, development, and quality assurance and to adopt some DevSecOps principles. Fundamentally we all agreed that software defects needed to be surfaced as quickly as possible to give developers context to rapidly address issues. This would require giving developers tools to uncover defects and flaws, including security defects.

Traditionally, these tools were exclusively for the security team, creating dependencies and handoffs that slowed down the development process. This surfaced four challenges:

• We needed to make these tools self-service.
• We needed to remove dependencies on others.
• We needed to remove handoffs.
• We needed to make the process as effective and as timely as possible.

I took a two-step approach, ever conscious of the variables of the Trust equation.

Step 1: Show how rapid feedback speeds delivery of secure, quality code.

Multiple delivery teams had been toying with Test-Driven Development (TDD) and adopting automated testing.

We selected a product team to use as our shared experiment. I asked that unit test code be subjected to code reviews until developers and team leads cut their teeth on creating quality and appropriate unit tests. Others viewed me as being too controlling. To address that perception, I made a point to be consistently open and honest, demonstrating repeatedly that my self-orientation was negligible. My complete focus was on the success of the humans in the mix, the teams, and the organization. That consistency also highlighted my reliability.

I mentored the architects and engineering leads to jump in to take on a user story and code unit tests as well. My point was that they’ll have ineffective code reviews if they’ve never written code. We used the opportunity to execute some pair programming as a type of “trading places” game. This allowed our security pros to demonstrate they could do more than push out security coding manuals.

By actively participating like a developer in code development and pair programming, I not only showcased my credibility but also built intimacy with the team. The shared lesson proved that the faster the delivery team had feedback on quality and defects, the more effectively and quickly issues could be addressed by the delivery team.

Step 2: Demonstrate accelerated feedback with self-service tooling.

After demonstrating value on rapid code reviews, the next step was to rally for self-service scanning for the developers. Like self-checkout at a grocery, self-scanning enables developers to run security scans on their code to highlight problems to fix. While we made headway tearing down team silos, the overall organization and funding were organized so that only the security team could be allowed licenses to the security scanning tools.

Truth be told, there were some lightweight territorial attitudes and fears that people would no longer be necessary. The security team had a similar fear of not being needed if developers could run scans themselves. The reality is the opposite! When Operations or Security folks are freed up by automation or shared execution by others, they can dive into the more difficult challenges.

Everyone began to work more predictable hours when they were freed up by automations and shared tools removing unnecessary handoffs and burdensome historic processes.

This experience underscored the importance of the Trust Equation in practice. By reducing self-orientation and enhancing credibility and intimacy, we were able to foster a more collaborative, efficient, and Trust-based environment, ultimately leading to more effective and timely project outcomes.

Measuring

I hope my experience story with our DevSecOps team shows how the Trust Equation can help a manager drive real improvement and positive results. I’m well aware, however, that “You can’t manage what you don’t measure.” When business management expert Peter Drucker offered this observation, his thrust was that without measuring, you’re just guessing. Measuring improvement is core to demonstrating the impact of actions. Measures should be qualitative and quantitative.

On the qualitative side, it’s crucial to understand the team’s pain points, worries, and what excites them. This insight often comes from open conversations and, at times, anonymous surveys, ensuring candid feedback without the fear of repercussions.

Quantitatively, we rely on concrete data – hours worked, types of defects, scan results, and number of hand-offs in specific processes. These metrics are vital in surfacing ‘Human Debt’ – the often-hidden costs of inefficient practices and strained human resources.

This dual approach not only helped in measuring progress but also in chipping away at the institutional mistrust that sometimes hinders collaborative efforts. By showcasing tangible improvements and actively addressing concerns, you can reinforce a culture of Trust and continuous improvement.

Connecting Personal Trustworthiness to Organizational Change

I’ve learned that the influence of an individual’s Trustworthiness extends far beyond personal interactions. It’s a ripple effect – when a leader or key team member exhibits Trustworthiness, it sets a precedent. This behavior fosters a culture where Trust is valued and replicated.

In my experiences, demonstrating Trustworthiness through consistent actions, empathetic leadership, and prioritizing the collective good has proven essential in driving successful change. It’s about setting an example that encourages others to follow, thereby creating an environment where change is not just accepted but embraced as a pathway to improvement and innovation.

¹Laplante, Philip, et al. Antipatterns. Taylor and Francis Group, 2011.
²—. “Conway’s Law.” Learning Loop, 20 Mar. 2023
³Maister, David H., Robert Galford, and Charles Green. The Trusted Advisor: 20th Anniversary Edition. Free Press, 2021.
⁴“—.” Trusted Advisor Associates – Training, Workshops, Trust Education, 27 Apr. 2020.

An innovative Software Architect, Engineer and Researcher, Tracy (“Trac”) Bannon specializes in applying AI/ML and Generative AI within the software development lifecycle, significantly enhancing efficiency and innovation for both commercial and government sectors. Her dedication extends beyond technology, actively fostering diversity in tech through mentoring and community engagement. With a notable position at The MITRE Corporation’s Advanced Software Innovation Center and numerous industry certifications, Trac’s work is at the intersection of pioneering software practices and transformative leadership in technology.

© 2024 The MITRE Corporation. All rights reserved. Approved for public release.  Distribution unlimited. Case number 23-04336-2

MITRE’s mission-driven team is dedicated to solving problems for a safer world. Learn more about MITRE.

See also:

Building Resilient Teams and Cross-Collaboration Between Different Organizations, with Renee Rookwood | KDE (mitre.org)

Dimensions of Collaborative Innovation | KDE (mitre.org)

Emotional Resilience in Professional Life | KDE (mitre.org)

Supporting sponsors to solve their own challenges: Moving from exulted expert to guide | KDE (mitre.org)

Mistakes and Transcendent Paradoxes: Dr. Peter Senge Talks on Cultivating Learning Organizations | KDE (mitre.org)

International Cyber Capacity Building

Strategic Foresight And Immersive Displays with Mark Phillips and Jillian Humphreys

Boundary Spanning Working In Europe While Contributing To Mitres Support For Us Operations In Africa