Building Resilient Digital Operations Through Training

Building Resilient Digital Operations Through Training

Rick Lemieux – Co-Founder and Chief Product Officer of the DVMS Institute

Introduction: The Crossroads of Digital Transformation

Today’s organizations face unprecedented pressures as they modernize their IT service management (ITSM), governance, risk, compliance (GRC), and cybersecurity programs and platforms. The stakes are high: digital transformation initiatives must deliver value, maintain trust, and ensure resilience against ever-evolving threats.

At this crossroads, leaders must decide how to allocate resources to guide their next-generation programs. Many still rely heavily on industry analysts for guidance, but this approach is limited as it typically does not come with prescriptive guidance designed to deliver measurable outcomes. Investing in staff training programs provides greater long-term value, adaptability, and resilience than outsourcing thought leadership to analysts.

The Limits of Analyst-Driven Guidance

Industry analysts built their reputations by publishing reports, vendor comparisons, and market forecasts. Their insights can sometimes be helpful at a high level, but they remain broadly generalized and non-prescriptive. Analysts aggregate survey data and vendor inputs to create snapshots of the marketplace. These artifacts may help executives understand broad trends but rarely provide the operational “how” required to implement change.

Analysts also struggle to account for the dynamic, fast-moving nature of digital ecosystems, where yesterday’s recommendations may already be obsolete. Training, by contrast, embeds knowledge, skills, and practice into the organization itself, ensuring that the workforce—not external commentators—becomes the driver of transformation.

Training Builds Capability, Not Dependency

One of the most significant risks of relying on analysts is the creation of external dependency. Organizations pay for reports and consultations, but never internalize the knowledge required to execute effectively. Training flips this model by investing directly in people.

On the technical front, ITSM professionals learn how to adapt service management practices to digital supply chains, GRC staff understand how to operationalize compliance as part of value delivery, and Cybersecurity practitioners gain hands-on expertise in aligning with frameworks like the NIST Cybersecurity Framework (CSF) or overlay systems like the Digital Value Management System® (DVMS).

On the business front, the general employee population learns the fundamentals of digital business, its risks, and their role in creating, protecting, and delivering resilient digital business value.

This investment builds durable capability within the organization, reducing reliance on outsiders while creating a workforce culture prepared to transform systemic cyber risks into operational resilience.

Contextualization: Training Fits, Analysts Generalize

Every organization operates in a unique context, shaped by its culture, regulatory environment, customer expectations, and digital footprint. Analyst reports tend to generalize, producing one-size-fits-all models. Training, however, equips professionals to interpret frameworks, standards, and best practices in the context of their specific organization. For example, the NIST CSF emphasizes flexibility and tailoring of outcomes to mission needs. Training programs teach staff how to tailor high-level guidance into actionable plans that fit the enterprise. By contrast, analysts can only point to “leaders” and “laggards” in broad quadrants, leaving the hard work of adaptation up to leadership, practitioners, and the general employee population.

Training Supports Cultural Transformation

A critical success factor for next-generation ITSM, GRC, and cybersecurity programs is culture. Analysts may write about the importance of leadership and culture, but training brings it to life. Through structured learning, simulations, and certification programs, employees internalize new mental models. They begin to see governance as enabling rather than obstructive, cybersecurity as a means of value protection rather than a cost, and ITSM as a means of innovation rather than bureaucracy. The DVMS, for example, emphasizes that resilience is not a technical objective, but an organizational outcome built on leadership, accountability, and culture. Training actively shapes this culture in ways reports cannot.

Training Produces Practitioners, Not Observers

When organizations rely on analysts, they consume information produced by observers who rarely implement solutions themselves. Training, on the other hand, produces practitioners who can apply frameworks and methods in real-world scenarios. For example, a professional who completes NIST Cybersecurity Framework training learns how to operationalize CSF 2.0 outcomes and align them with business strategy. Similarly, ITSM professionals trained in adaptive practices can integrate resilience and value delivery into service design. Analysts remain outsiders; trained practitioners become insiders who act, adapt, and lead.

Cost Efficiency and Return on Investment

For large organizations, analyst subscriptions, briefings, and advisory services can consume millions annually. Yet these expenditures often yield little more than slide decks and directional insights. Training, by comparison, offers a higher return on investment. Employees who receive training can immediately apply their learning, improving efficiency, reducing risks, and innovating processes. Furthermore, training scales across the workforce. Rather than funneling money into annual analyst subscriptions, organizations can empower hundreds or thousands of employees with certifications, skill-building, and ongoing professional development. The long-term payoff far exceeds the short-term insights of analyst reports.

Training Enables Continuous Adaptation

Digital risk environments evolve continuously. Cyber attackers develop new tactics, regulators release updated mandates, and technologies like artificial intelligence create novel risks. Analyst reports, often published on an annual or quarterly basis, cannot keep pace. Training, especially when linked to frameworks and overlays such as the CSF and DVMS, instills a mindset of continuous learning and adaptation. Professionals trained in systems thinking, risk-informed governance, and iterative improvement can adapt their organizations in real time. This agility is essential for next-generation ITSM, GRC, and cybersecurity programs that must thrive on the edge of digital chaos.

Reducing Bias and Increasing Trust

Industry analysts frequently face conflicts of interest because their revenue models depend on vendors they evaluate. This dynamic creates distrust among executives who question whether “leaders” in analyst reports truly earned that status or simply paid for it. Training eliminates this bias. Programs grounded in open frameworks, such as the NIST CSF, or overlay models, like DVMS, are vendor-neutral, ensuring that staff gain objective knowledge. By investing in training, organizations place trust in their people and in neutral frameworks rather than in commercial interests. This reduces bias and strengthens stakeholder confidence in the organization’s governance and risk practices.

Training Strengthens Cross-Functional Integration

Next-generation ITSM, GRC, and cybersecurity programs cannot remain siloed. They must converge into integrated overlays that collectively manage digital value. Analysts typically cover these areas separately—publishing ITSM reports distinct from GRC or cybersecurity analyses. Training, however, teaches professionals to see the whole. For example, the DVMS overlay illustrates how governance, assurance, planning, design, execution, change, and innovation collaborate to create and protect digital value. Training programs reinforce these cross-functional perspectives, ensuring that different departments collaborate rather than compete.

Analysts Provide Maps, Training Builds Navigators

Perhaps the most fundamental distinction is this: analysts provide maps, while training builds navigators. A map may show potential paths, but organizations cannot move forward without skilled navigators. Analysts may highlight market trends, but only trained professionals can steer the organization through complexity, uncertainty, and risk. As NIST emphasizes, the CSF is not a prescriptive checklist but a flexible outcomes taxonomy. Training equips practitioners to interpret those outcomes, apply them to their context, and continually refine their practices. In this way, training creates organizational navigators who chart the course, rather than leaving leadership stranded with static maps.

Conclusion: Building the Future from Within

As organizations build their next-generation ITSM, GRC, and cybersecurity programs, they must invest in external analysts or internal capability through training. The evidence overwhelmingly favors training. Analysts often provide generalized, static, and biased reports that offer little help in implementing meaningful change. Training, by contrast, embeds knowledge, skills, and adaptive mindsets into the workforce. It builds practitioners, strengthens culture, reduces dependency, and ensures resilience in an unpredictable digital landscape. Organizations are not just buying information by choosing training over analysts; they are also building the future from within.

About the Author

Rick Lemieux
Co-Founder and Chief Product Officer of the DVMS Institute

Rick has 40+ years of passion and experience creating solutions to give organizations a competitive edge in their service markets. In 2015, Rick was identified as one of the top five IT Entrepreneurs in the State of Rhode Island by the TECH 10 awards for developing innovative training and mentoring solutions for boards, senior executives, and operational stakeholders.

Traditional best-practice approaches to IT Service Management (ITSM), Governance, Risk and Compliance (GRC), and Cybersecurity are insufficient to manage today’s complex digital ecosystems’ resilience, compliance, and trust requirements.

The DVMS Institute Certified Training programs and publications provide detailed guidance on evolving any best-practice program into an integrated, Digital Value Management System® (DVMS) capable of transforming systemic cyber risk into operational resilience.

The DVMS seamlessly aligns organizational Strategy, Governance, Operations, and Culture into an integrated, adaptive, and culture-driven governance and assurance system capable of ensuring resilient, compliant, and trusted digital outcomes.

By adopting a DVMS, organizations are positioned to:

• Maintain Operational Stability Amidst Constant Digital Disruption
• Deliver Digital Value and Trust Across A Digital Ecosystem
• Satisfy Critical Regulatory and Certification Requirements
• Leverage Cyber Resilience as a Competitive Advantage

DVMS Explainer Videos

• Architecture Video: David Moskowitz explains the DVMS System
• Case Study Video: Dr. Joseph Baugh Shares His DVMS Story.
• Overlay Model – What is an Overlay Model
• MVC ZX Model – Powers the CPD
• CPD Model – Powers  DVMS Operations
• 3D Knowledge Model – Powers the DVMS Culture
• FastTrack Model – Enables A Phased DVMS Adoption

Digital Value Management System® is a registered trademark of the DVMS Institute LLC.

® DVMS Institute 2025 All Rights Reserved