EDITOR’S NOTE: The DRJ Career Development Committee is supporting this series of articles featuring the career paths of industry professionals. Throughout this series of candid interviews, we hope to provide career advice to our readers by highlighting lessons learned, highs and lows, opportunities and challenges. The DRJ Career Development Committee promotes education, opportunity, inclusion, and excellence surrounding the exploration and evolution of career paths in all aspects of business continuity and risk management. Key elements of our mission include promoting open and candid discussions of career opportunities, providing mentorship, resources, and guidance to equip our membership with the necessary knowledge, best practices, and tools to succeed in their chosen career path.
Mark Kern’s first job out of college was assistant manager at Roy Rogers fast-food restaurant in Philadelphia. He was up at 5 a.m. and cleaning out grease traps in a suit by 6 p.m. He worked at this job for eight months.
A vice president for Continental Bank came into the restaurant almost daily. Occasionally, Kern gave him a free meal. They became acquaintances. One day he asked Kern, “Do you have your college degree?” When Kern told him he did, the man then asked, “Why don’t you come work for the bank?”
Kern inquired what the position would be, to which the man responded by saying they had just created a new position called contingency planning specialist. When Kern was unsure what that position was, the man told him not to worry. “Nobody knows what it is, but we will send you for training.” The rest is history.
Now, Kern is business continuity manager at Booz Allen Hamilton. He leads and directs the organization’s formal business continuity program designed to enable the firm to sustain critical business operations in the event of a business disruption, so they can continue to service their clients.
Some of Kern’s responsibilities include managing internal emergency or crisis management activities. He also designs and conducts business impact analyses and maps critical business processes to interdependencies. He provides the tools, training, methodology, and framework to internal corporate departments to enable for the development, maintenance, and continuous improvement of comprehensive business continuity plans. He also develops and manages corporate business continuity testing, training, and exercise programs and works with internal offices and teams globally to respond to and manage disasters, crises, and disruptive incidents affecting Booz Allen staff or operations.
Kern has overcome many challenges over the years. In 1996, he was the director of business continuity at GMAC Mortgage. He had just completed an enterprise-wide BIA. After confirming the results with the business leaders, process owners, and the IT DR team, they defined the appropriate recovery strategies.
Because Kern and his team did identify some single points of failure, the BIA results led the group to select some vendor provided recovery services. Kern presented the findings, recovery strategy selections, and necessary budget in a face-to-face meeting. The budget was estimated at $125,000 per month for the data center hotsite and work area recovery solutions. The BIA findings and selected recovery strategies were agreed upon. However, a budget of only $75,000 was provided per month.
“I was not going to turn the budget down,” says Kern. “I procured as many of the recovery services I could get for the money, knowing we would be undersubscribed, but at least we would be recoverable, just not within our established recovery time or recovery point objectives.”
Six months later the corporate headquarters and data center were literally under water due to the worst flood in the history of Horsham, Pa.
At that point the same leadership that gave him a $75,000 budget all met in the crisis management command center. They began recovery efforts, but it was not fast enough. They were losing hundreds of thousands of dollars in servicing fees per hour.
“The good thing is that leadership knew we were at risk due to all the hard work our BC team did with performing a thorough BIA,” says Kern. “So, here I am, 34 years old being asked to get our organization’s most critical business processes recovered within the next 24 hours.”
Knowing this would be impossible with the current level of recovery services, Kern had to make more than 20 phone calls to recovery vendors to ask for at-time-of-disaster upgrades. “I had to make all those calls because that’s how long it took me to get through to decisionmakers.”
After some maneuvering, the upgrades were granted because of the existing relationship they had with vendors.
“To make a long story short, we got the ATOD upgrades we needed and we were fully recovered within 16 hours following the disaster declaration,” says Kern. Those ATOD upgrades took their current three-year term to a five-year term at $200,000 per month. On top of that, they had to agree to purchase the vendors’ equipment as they restored their facilities and data center at market price, not market value. All in all, if they had not agreed to those terms, there was a very good chance that GMAC Mortgage would have went out of business in 1996. Following that year, they went on to have their most profitable year ever between 1997-2001.
Kern says being nominated for GMAC Mortgage Leader of the Quarter and being told by the CEO that he would never be underfunded again are only a couple highlights in his career.
He has learned a few lessons he still leverages today:
- You get what you pay for.
- Testing, training, and exercising is probably the most important phase of the BC lifecycle.
- Get a BC policy in place if your organization does not have one.
- View internal audit as your partner.
- Hire great people (not the easiest thing) and procure great tools to make BC planning activities as easy as possible for your business areas.
- Mature your BC program to the point where the business areas understand that they own their BC plans (just like they own their homes), not the BC SME or the BC team.
- Develop, use, and distribute BC performance metrics to your plan owners and leadership teams so that there is no misunderstanding between perceived recovery capabilities and reality.
- Try as hard as you can to do things right the first time.
- Don’t sit behind your computer all day; get out and form those relationships.
- Reward people as much as possible and treat custodians just as well as you treat your boss, CEO, or your parents.
Kern also offers advice to those who are embarking on new careers in the industry. “Don’t be a jerk,” he says. “If you were always told ‘yes’ growing up – and were given a brand-new BMW when you graduated high school, then complained about the color – this industry is probably not the right fit for you.”
He says forming strong and trusted relationships is key to success, so work very hard on interpersonal skills. “Be somebody people want to be around and always be approachable.”
Continued learning to be the best at one’s craft is also key to success. He suggests professionals purchase and read the ISO 22301 standard 27 times and to work hard to seek out learning opportunities. “When you do become a BC subject matter expert, don’t act all superior when you are trying to implement BC best practices with any organization you choose to work for. That won’t work. Be willing to roll up your sleeves. If you are lucky enough to have a full-time staff, don’t ever ask them to do something you are not willing to do yourself. Lead by example!”
“This is noble work, so you need to have tough skin,” says Kern. “No matter how important BC is to any business – and as a BC pro, you should truly believe in its importance – there will always be some people who will just not get it. It is up to you to show them ‘what’s in it for them’ (and you need to do that gracefully, don’t shove it down their throats.”
For more information on the DRJ Career Development Committee, contact Tracey Forbes Rice. Rice is a member of the Disaster Recovery Journal Editorial Advisory Board (EAB) and chairperson of the Career Development Committee. Rice has 20 years of experience in business continuity and risk management. As vice president of customer engagement at Fusion Risk Management, Rice brings customers together, partnering with them to develop innovative solutions and to achieve new levels of program success. Rice welcomes your feedback at [email protected].