IT Leadership | Sten Vesterli's Blog

Backup Communication Channels

January 30, 2026January 30, 2026IT Leadershipbackup, Communication, Planning, resilience, Risk

What is the difference between 30 individual soldiers and a platoon? Leadership and the ability to communicate.

The first step in your resilience planning is to ensure that you can still communicate, even when faced with an onslaught of Russian hackers or American government officials.

That could mean an on-premise open source mail server and a basic web server. Every workstation and company smartphone could have a separate open source mail client and web browser preconfigured for those servers.

There are many other options – the paranoid and those with high threat levels might have spare phones running GrapheneOS and Briar, or even establish their own Meshtastic mesh network.

If you don’t have a backup communication channel, you urgently need to establish one. Especially if you are outside the U.S. and depend on U.S. services.

Rational Decision-making

January 26, 2026January 26, 2026IT LeadershipDecisions, Leadership, Risk

As an individual, you are free to make emotional decisions. You can decide to evict some software product from your laptop because you don’t like the vendor’s nationality or stance on today’s hot-button social issue. As an IT professional, you can even set up an open source solution that does almost the same (though invariably with worse UX) in a few days.

But as an IT leader, you are expected to make rational decisions. That’s why you don’t throw out all your Amazon, Microsoft, or Google Cloud on a whim because you are unhappy with U.S. policy. The rational choice is to minimize your risk. That means building new systems outside U.S. clouds so you don’t add to your problems. And migrating away from disfavoured platforms in an orderly, cost-effective manner.

Measuring Productivity

January 23, 2026January 23, 2026IT LeadershipAI, Measurement

How do you measure productivity? The research suggests that, with AI tools, perceived programmer productivity increases, while objective productivity decreases. In addition, maintainability decreases as more of your code base has never been seen by the human sent in to clean up the AI-generated messes.

That should indicate that we need to prove a massive increase in productivity to justify the use of AI tools. But how to measure it?

Lines of Code (LoC) was already a bad measurement. In the days of AI, it is a totally random measure, and a higher LoC might just as well indicate a decrease in functionality as an increase.

If you’re in the big enterprise/government world, you might use Function Points or Use Case Points. If you are running Agile, you can use team velocity (within each team). Ideally, you would measure business value. Unfortunately, few organizations can articulate and calculate the business value of their IT.

If you want to argue that AI tools increase productivity, you need to put a number on the productivity you claim to increase.

Sovereign Cloud

January 21, 2026January 21, 2026IT LeadershipCloud, Leadership, Risk, Sovereignty

You need to create a delay between a foreign government ordering your cloud provider to cut you off and the actual cutoff. The longer you can make this period, the better. The new AWS European Sovereign Cloud (ESC) is Amazon’s way of offering this. That is a cloud solution running on hardware in Europe, staffed by Europeans, organized under a European daughter company.

That does not protect you against Amazon being compelled by the U.S. government to hand over your data, but all important data should be protected with keys you hold, outside your cloud provider, anyway. But it does make it likely that AWS Europe would contest an order to shut down the service, and that AWS Europe employees would not cut you off at the whim of a foreign dictator.

Because the probability of this happening is still “Rare” (edging towards “Unlikely”), you do not need to act on this risk now. But it is prudent to ensure you have time to react if it should happen.

Risk Evaluation

January 19, 2026January 19, 2026IT LeadershipContingency plans, Leadership, Risk

Do you have a paper map in your car? No, why would I need that?

If you are a Verizon customer in the U.S., you were just reminded. A large chunk of their network was down for half a day, leaving frustrated customers depending on their atrophied geographical memory. Verizon says the culprit was the usual botched network upgrade, not evil hackers. Some Europeans are better prepared, having routinely been subjected to Russian jamming of GPS and Galileo navigation.

When was the last time you revisited the risk evaluation of your critical systems? The threats are changing and increasing, and your risk evaluation from one year ago no longer applies.

Downside Thinking

January 16, 2026January 16, 2026IT LeadershipDecisions, Red Team, Risk

What is the downside? That is the critical question for any kind of decision. Someone has an idea, and they will present the upside. We can save so much money, develop faster, offer better customer service, etc., etc. It is your job as a leader and decision-maker to ferret out the downside.

Lack of downside consideration is behind many questionable business decisions. Twitter seems to offer a new example of Elon’s lack of downside thinking every week. Like “Let’s offer a feature that changes any photo to show the person in a bikini.” Normal people, doing even the most minimal downside consideration, would kill that idea in seconds. But Twitter/X rolled it out – and obviously had to roll it back.

You can do the downside thinking yourself for many decisions. For more complicated scenarios, you might need a dedicated Red Team or outside help to identify the downside. But before any decision, ask yourself: Have we considered the downside?

Find a Network

January 14, 2026January 14, 2026IT LeadershipKnowledge, Network

Let 2026 be a year where you expand your network and learn something new. If you are based in Denmark, work with IT architecture and is a member of Finansforbundet, a good option is to join the IT architecture network group. Participation is free, and we meet four times in 2026. First time is February 26th, where the topic is the role of the IT architect today and in the future.

The world of IT has never moved faster. Find someone to exchange knowledge with.

AI is not Coming for Your Job

January 12, 2026January 12, 2026IT LeadershipAI, Work

In a real-world test, the best AI completed 1 in 40 full tasks satisfactorily. Researchers put together the Remote Labor Index, a set of 100 typical remote working tasks – data visualization, architecture drawing, game development, etc. These are the kind of tasks you would normally give to remote gig workers through an online task platform.

The results are sobering. The best AI was Manus, delivering 2.5% acceptable results. Gemini 2.5 Pro managed only 0.8% task completion.

Don’t be blinded by the fact that AI can solve a few very specific tasks well. In the real world, AI is very, very far from taking anybody’s job.

Excel Addiction

January 9, 2026January 9, 2026IT LeadershipGuidelines, Leadership

It’s not your data, it’s the company’s data. That’s why it belongs in a database or some other kind of managed data store, not in your personal Excel files. But it turns out to be very difficult to break a 40-year habit of circumventing Central IT and hacking something together with a few macros.

There is any number of well-documented disasters caused by excessive Excel use, including during the Coronavirus pandemic, where the UK health authorities used an old version to track infections. It took days before anybody noticed that the number of cases was stuck at exactly 65,536.

Everybody is talking about having an AI policy. You need that. But you also need a data policy. And part of that policy is going to be placing limits on Excel.

Digital Sovereignty

January 7, 2026January 7, 2026IT LeadershipCloud, Leadership, Risk

You need to think about Digital Sovereignty. Unless you are in the U.S., of course. For everybody else, this is a very salient topic. Especially for us in Denmark these days.

This doesn’t mean that you have to free yourself from every American cloud provider. But it does mean there is a new item in your risk evaluation: Ending up on the Office of Foreign Assets Control (OFAC) blocklist.

Likelihood is Rare (1) for almost everybody. But if Impact is Catastrophic (5), you end up with a medium risk: Mitigate if cost-effective.

Switching costs almost always make it not cost-effective to transition a running system. But when you are building anything new, you don’t have switching costs. And an effective mitigation is to avoid using U.S. providers.