In Ohio’s evolving tech landscape, organizations face a common and growing challenge: finding and retaining skilled STEM talent. STEM represents fields in Science, Technology, Engineering and Mathematics. Disciplines within these fields are varied and may include jobs in management information systems (MIS), artificial intelligence (AI), cybersecurity, analytics, supply chain management (SCM), economics, computer science, and engineering.

Ohio employers can overcome this talent-gap hurdle by critically considering a rich and readily available talent pool among international students from local universities with STEM degrees. Employers’ hesitation usually emanates from concerns about visa limitations or perceived short-term employment windows. However, as someone who works closely with these students, I’ll dispel these myths and explain their long-term value.

The Facts: Nearly Four Years of Work Eligibility Without H-1B Sponsorship

At Wright State University for instance, we graduate several international students each year from our STEM-designated programs and currently have over 1,000 graduates on Optional Practical Training (OPT). These students are not just academically strong; they are fluent in global business practices, technologically skilled, and eager to contribute to the state’s economy.

More importantly, they are legally eligible to work in the U.S. for nearly four years after enrollment without needing an H-1B visa initially. Here’s how:

• Curricular Practical Training (CPT) allows students to intern with local businesses in the Miami Valley region prior to graduation for up to 12 months.
• Optional Practical Training (OPT) provides 12 months of full-time work authorization post-graduation.
• STEM OPT Extension grants an additional 24 months to graduates of STEM-designated programs like MIS.

That adds up to three years of full-time post-graduation work, plus internship time during their degree. All of this can be managed without H-1B sponsorship, a key point many employers overlook.

Local Talent, Global Perspective

These students are already here in Ohio and live in our communities. They study and work under the guidance of faculty and staff committed to equipping them with cutting-edge, career-ready skills. I’ve watched these students excel in hands-on analytics projects, design complex systems, and solve real-world problems through internships and capstones with local companies.

Also, they bring onboard a global mindset, linguistic diversity, and cross-cultural competency. These are qualities that are increasingly vital as Ohio’s businesses expand into new markets and serve increasingly diverse customer bases.

Myth-Busting 1: “Are there jobs in Southwest Ohio for International Students”?

A common misconception in southwest Ohio is that job opportunities, especially for international students are limited to government-related work at the Wright-Patterson Air Force Base, which typically requires only U.S. citizenship. However, this region is home to a growing number of private sector employers in IT, biotech, manufacturing, logistics, and healthcare, many of whom actively seek skilled talent regardless of nationality. Startups, mid-sized companies, and global firms across the Miami Valley region could benefit from international graduates’ talents. International students on STEM OPT are eligible to work for most private sector employers, provided the role is related to their field of study.

Myth-Busting 2: "But They’ll Leave Soon, Right?"

This is perhaps the most common misconception I encounter in conversations with Ohio business leaders: the belief that international students are only a temporary solution because of visa expiration or immigration hurdles.

Here’s the reality: most young professionals regardless of nationality change jobs every 2 to 4 years. According to the U.S. Bureau of Labor Statistics, the median tenure for employees aged 25 to 34 is under three years. Hence, even if an international graduate works for your organization during their full OPT period and then moves on, you are still receiving a better-than-average, return on investment. Furthermore, international students often demonstrate greater loyalty to companies that give them their first professional opportunity, especially in regions like Ohio, where the tech community is tight-knit and supportive.

Myth Busting 3: “Should I Sponsor visa immediately after hiring”

Many small and medium-sized organizations worry that hiring international graduates means immediately navigating the complexities of visa sponsorship. This is not the case. With up to three years of STEM OPT, you have ample time to assess an employee’s fit and performance. During that period, if you decide that the individual is indispensable, you can choose to sponsor them for an H-1B visa or green card. The most important insight is that that decision does not need to be made on day one or soon after hiring.

This “hire first, sponsor later if needed” approach gives Ohio companies flexibility and minimizes risk.

Why This Matters for Ohio’s Economic Growth

As Ohio continues to attract major investments in manufacturing, semiconductors, IT services, and logistics, the demand for specialized talent will only intensify. Companies like Intel are already transforming the employment landscape, and that ripple effect will be felt across the state.

Hiring international graduates from local institutions offers a homegrown solution to national workforce shortages. These students are trained here, adapted to Ohio work and social culture, and eager to stay and contribute. They represent a ready-to-deploy workforce that understands both global dynamics and local needs.

Practical Steps for Employers

• Contact University Career Centers: Ohio universities have dedicated units such as Wright State’s Career Hub that assists employers with hiring students and understanding CPT/OPT processes.
• Launch Internships via CPT: Hosting a student during their academic program gives you a no-pressure trial run and introduces your organization to emerging talent.
• Educate Your HR Teams: Ensure recruiters and hiring managers are familiar with the work authorization options available to STEM students through CPT and OPT.

Final Thoughts: It’s a win-win for Ohio

Your company’s next data scientist, AI expert, or cybersecurity specialist, may already be in a classroom at your local university, learning, contributing, and ready to prove themselves.

Ohio educates thousands of brilliant international students each year, yet many leave the state after graduation for opportunities in tech hubs like California, North Carolina, and Texas. If we want to grow Ohio’s economy and compete nationally, we must work to retain this talent.

Hiring international graduates isn’t about replacing domestic workers. It’s about complementing the workforce and filling urgent skill gaps. These students bring innovation, drive, and a global mindset to local companies. Let’s give them a chance to help build Ohio!

About the author: Dr. Daniel Asamoah is the Chair and Professor of the School of Finance, Accountancy, MIS, and Economics at Wright State University. An expert in business analytics, big data applications, decision support systems in healthcare, and operations management, Dr. Asamoah has spoken at numerous conferences, including the annual meetings of the Decision Sciences Institute. His research has been featured in various prestigious journals, such as Decision Support Systems and Simulation.

As we step into summer, I’ve been reflecting on a simple, yet powerful truth: community is everything. Especially in technology—an industry that moves fast and transforms faster—being part of something bigger than ourselves is what keeps us not just informed but inspired.

Who are we?
We’re Technology First. A collective of professionals, innovators, educators, and leaders who believe that tech is not just about tools—it’s about people. We are the minds behind the solutions, the hands that build systems, and the hearts that understand how deeply technology shapes lives.

What do we do?
We connect. We share. We learn. Whether it's through our events, professional development programs, peer groups, or just the everyday conversations that happen between members, we create a space where ideas thrive, and careers grow. We support each other, we celebrate each other, and yes—we challenge each other to lead with courage and curiosity.

We're proud to play a part in moving the Dayton region’s technology community forward—helping organizations and individuals alike navigate change, spark innovation, and build a more connected future.

Why does it matter?
Because in this digital age, no one should have to navigate the complexities of technology alone. Whether you're a seasoned leader or just starting out, there is a place for you here. A place to ask bold questions. A place to find answers. A place to belong.

So, if you've ever found yourself wondering—How do I get more involved? How do I find my people in tech? —you're in the right place. Come to an event. Join a peer group. Volunteer. Reach out. There’s room at the table, and your voice matters.

In the energetic and ever-evolving world of technology, the importance of community cannot be overstated. As a professional in the tech industry, I have always believed in the power of collaboration and support. This belief has driven my commitment to volunteer with Technology First, an organization dedicated to connecting, strengthening, and championing the tech community in the Dayton region.

Over past few years, I have had the honor of participating and volunteering at several conferences hosted by Technology First, including:

Ohio Information Security Conference (OISC) – A gathering of security professionals, analysts, and IT leaders discuss emerging threats, risk mitigation and compliance. A community that addresses security urgency head on.

Taste of IT – An energetic conference highlighting tech trends, innovations, and strategic insights. With multiple sessions that span everything from cloud computing to leadership development, it’s a place where innovation meets opportunity.

Dayton AI Day – Launched in 2025, Dayton AI Day looks into the future: artificial intelligence, machine learning, and data-driven transformation.

Volunteering at these events gave me the opportunity to explore sessions I might never attend otherwise. It’s been an experience that strengthens my technical insight and interpersonal communication.

The sense of belonging I’ve found through Technology First has provided me with a profound sense of empowerment. As tech professionals, we often find ourselves focused on our specific roles and department. But through this organization, I’ve connected with a diverse network of individuals who share a common goal: to advance technology. This commitment to education and access aligns with my belief that knowledge is power.

Networking and Collaboration Networking is a vital aspect of professional development, and Technology First excels in building these connections. It is a platform for attendees to engage in meaningful conversations, share their experiences, and explore potential partnerships. As a volunteer, I had the chance to facilitate introductions and witness latest ideas and collaborations. Connections that often lead to mentorship and career opportunities.

Continuous Learning and Growth Volunteering is not just about giving back; it’s also about personal and professional growth. Each event offers me a chance to learn about the latest innovations and challenges shaping the tech industry today. I continue to broaden my perspective and deepen my commitment to staying informed and adaptable.

Diversity and Inclusion are more than buzzwords; they are essential for innovation and resilience in technology. Technology First actively promotes these values, and my participation in events hosted by Technology First’s Women 4 Technology Peer Group has deepened my understanding of their importance. By volunteering, I help foster a more inclusive environment where everyone, regardless of gender, background, or identity, has the opportunity to thrive in technology.

My journey as a volunteer with Technology First has been deeply fulfilling. It has reinforced my belief in the power of community, education, and collaboration. By investing my time in this organization, I am not only supporting the growth of the technology in Dayton, but also helping others recognize their potential. I encourage my fellow tech professionals to consider volunteering. Together, we can create a vibrant and inclusive technology community that champions innovation and success.

Zhali Mejia is a GRC Analyst at CareSource with extensive experience in cyber risk management. Passionate about technology and community engagement, Zhali blends technical insight with a people-first approach to strengthen the organization's security posture. With a commitment to fostering collaboration and understanding among stakeholders, Zhali ensures that security measures are effectively communicated and implemented across all levels of the organization.

Over the past two decades in the IT world, holding various positions from programmer to IT leader, one constant has been the unrelenting pace of change. According to McKinsey, over 50% of organizations have now adopted AI in at least one business unit, and that number continues to climb each year. The recent resurgence of AI in the past few years has only accelerated this trend, bringing both promise and confusion.  Amid the noise it can be difficult to know where to start and easy to get distracted by the latest “shiny object”.   This is why taking an outcomes-based approach to AI and technology adoption is more important than ever. Aligning your investments with clear business objectives not only drives meaningful value but also ensures you’re working with the right partners and tools to protect your long-term technology investment.

Ramifications of Poorly Planned Tech Investments

Most organizations fixate on upfront costs such as licensing and implementation but also try to force solutions using tools they’ve already invested in, even when those tools are likely not the right fit. This mindset often leads to misalignment with business strategy, low user adoption and growing technical debt.  According to a Boston Consulting Group study, 70% of digital transformation efforts fail to meet their stated objectives, often due to poor planning, lack of alignment, or underestimating the complexity of integrating new capabilities into outdated environments. We’ve seen platforms deployed without clear ownership, analytics tools that go unused because no one trusts the data, and entire initiatives stalled due to poor change management. These hidden costs don’t show up on day on, however they compound quickly. Protecting your investment means thinking beyond delivery day and building with the end in mind and ensuring your teams are equipped to evolve with the tools that they use.

Data Analytics – Harnessing the Power

Data Analytics and subsequent AI enablement is both a foundational capability and a force multiplier for any technology investment.  Yet too often, it’s treated as an afterthought, something to “get to later” once systems are live. That approach leaves organizations with fragmented insights and missed opportunities. In my experiences, companies that emphasize that data must be intentionally designed around business outcomes from the start are always the most successful.  This includes things like building scalable pipelines, establishing clear ownership, creating a culture of data literacy and fluency, and ensuring that the data is usable by those who need it.  A mature analytics approach doesn’t just support reporting, it fuels agility, drives innovation and turns platforms like AI or cloud infrastructure into truly strategic assets. Protecting your investment means ensuring that your data strategy is built to deliver value now and evolve over time.

Case Studies – Current Client Examples

We are currently working with several companies in various capacities to help them navigate these rapidly increasing technology changes.  In one example, there is a new CFO who quickly surfaced deep frustrations with a lack of reporting flexibility causing inaccurate financial reporting. This was mainly triggered by inaccurate data, with internal teams struggling to deliver timely and trusted insights.  As a result, they are consolidating and modernizing their data architecture and ingestion standards to accommodate better internal and external reporting as well as centralize on a platform for future AI usage.  This protected investment will enable them to also reduce technical debt, saving crucial dollars as they pivot to an outcomes-based model. We partnered with the office of the CFO to implement a new “Ways of Working” framework to increase the time to market, increasing reporting cycle times with more accuracy, and with alignment of the needs of executive leadership. More importantly, the organization is building a foundation for ongoing agility, one where data and delivery practices move in lockstep to support informed decision-making.

Myths that Commonly Undermine Technology ROI

Even with the best intentions, many organizations fall victim to myths that tend to erode the anticipated value of their technology investments.  Three of these common myths are outlined below:

• If we build it, they will come…

Launching a new platform or dashboard does not always guarantee adoption. Without clear communications, planning, user training and ongoing engagement, even the most well-designed solutions can sit unused. Adoption must be a part of the delivery plan from Day One!

• Our data is so messy, we have no choice but to manipulate it…

This mindset stops progress before it even begins. The reality is: messy data is normal, and waiting for it to be perfect is a losing game. The real opportunity lies in embracing the mess, by putting the right strategy, standards, and tools in place to transform raw data into trusted, business-ready insights. Progress starts with what you have and engaging with your current data, however imperfect, is what drives maturity, trust and value. Every successful data journey begins with taking inventory, finding out what is actually useful and committing to iterative improvement.

• We’ll add analytics in later, this project is too large

Deferring analytics to the end of a large initiative is one of the fastest ways to lose momentum and miss early wins. Embedding analytics from the beginning helps guide decisions, demonstrate progress, and ensure the final product delivers actionable insights, not just functionality.

Conclusion – Build with Purpose, Protect with Discipline

By: Brian Henn – Sr. VP of Solutions Delivery and Data Practice Director at Vaco by Highspring 

While Artificial Intelligence (AI) has been a hot topic for some time now, AI Agentics, an innovative new type of AI, is shaking up both the business and technology community. Harvard Business Review’s recent article What is Agentic IU and How Will it Chat Work?, said “From the early days of mechanical automatons to more recent conversational bots, scientists and engineers have dreamed of a future where AI systems can work and act intelligently and independently. Recent advances in agentic AI bring that autonomous future a step closer to reality.” Let’s dive into what it is, how it can be used and the pros and cons of Agentic AI.

What Is AI Agentics?

According to IBM, “Agentic AI is an artificial intelligence system that can accomplish a specific goal with limited supervision. It consists of AI agents—machine learning models that mimic human decision-making to solve problems in real time.”  In short, AI Agentics are autonomous AI agents that can make decisions and take actions to achieve goals without human oversight. Think of them as super powered digital assistants, instead of just fetching your calendar or drafting an email, they can manage workflows, troubleshoot systems, or even negotiate deals.

These agents are built on advanced Machine Learning (ML) models, often leveraging Large Language Models (LLMs) like those powering ChatGPT, Grok or Copilot. The key differentiator from traditional AI is their agency, they’re not just reactive; they’re proactive. They can operate autonomously in complex, dynamic environments and can adapt based on feedback.

At Intrust IT, we’ve built Marissa, an AI agent that answers, analyzes and routes inbound phone calls to the proper place, freeing up our team to focus on higher value tasks for our clients. Marissa currently manages about 40 percent of all inbound phone calls each week and gets a little better week after week. Marissa is a tireless assistant that handles grunt work, allowing our team to provide more responsive advice and support for our clients. Marissa is a real-world example of Agentic AI at work providing significant business value for our company and our clients.

Marissa is just one example; the applications of AI Agentics are vast and growing for both business and IT operations. Here are some other examples:

• A wholesaler uses an AI agent to negotiate with buyers, analyzing past deals, current inventory, and the buyer’s budget to propose optimized terms.
• An e-commerce company uses an AI agent to analyze competitor prices, customer demand, and market trends in real-time, adjusting product prices to move more product or maximize profit.
• A subscription service employs an AI agent to watch user behavior to predict cancellations then offer personalized incentives to reduce cancellations.
• A healthcare provider uses an AI agent to scrub patient records and flag outliers.
• A software company uses an AI agent to review code to find bugs and vulnerabilities and to suggest code optimizations.

The Pros of Agentic AI

AI Agentics bring a lot to the table including:

• Efficiency: Tasks that once took hours—like debugging a distributed system or analyzing logs—can be done in minutes. Agents work 24/7/365 without rest or burnout.
• Scalability: One agent can manage something that might need a team of humans, making it easier to manage growing workloads without growing headcount.
• Proactivity: Unlike traditional automation, agents anticipate problems and act proactively.
• Cost Savings: By reducing manual work, agents can lower operational costs.
• Adaptability: With continuous learning, agents improve over time.

The Cons of Agentics AI

While there are many benefits, Agentic AI comes with serious challenges that must be addressed:

• Complexity: Building and managing AI agents requires expertise in AI, technology and business. Debugging an agent that’s not working correctly can be difficult due to the “black box” like nature of AI.
• Control: If an agent misinterprets its objectives, like aggressively cutting prices to drive revenue, it can cause big problems. Agents must be tested rigorously and thoroughly and rolled out slowly.
• Security Risks: Agents with access to sensitive systems and data are potential attack vectors. A compromised agent could wreak havoc much faster than a human hacker and may fly under the radar.
• Ethics and Accountability: Who can be held to account when an agent goes astray? The developer? The business? The agent itself? This evolving gray area can be tricky to navigate.
• Upfront Cost: Developing or licensing advanced agents can be expensive and may bust the budget of small organizations.

Striking A Balance

The meteoric rise of AI Agentics is an opportunity as well as a challenge. For now, the key is augmenting, not replacing, human expertise. Start small. Deploy an agent for a low-risk task, then scale up as you refine its behavior and grow your knowledge and expertise. Pair agents with robust oversight tools—kill switches, audit logs, and human-in-the-loop checks—to mitigate your risk.

Why all the Fuss?

So, what’s all the fuss about AI Agentics? Agentic AI promises a future where costs go down and productivity goes up as repetitive tasks fade away. A future where professionals focus on innovation and strategy. These agents promise to transform how we manage organizations due to systems that are smarter, faster, and more resilient. But they also demand reimagining skills, processes, security, and accountability.

The bottom line? AI Agentics isn’t just a trend—they’re a powerful and rapidly growing toolset. Embrace them thoughtfully, and they’ll amplify and extend your capabilities. Ignore them, and you and your organization risk being left behind in a world where autonomy is the new normal. The fuss isn’t just hype; it’s a wake-up call. It’s time to learn what AI Agentics can do for your organization.

Dave Hatter – CISSP, CISA, CISM, CCSP, CSSLP, PMP, ITIL, is a cybersecurity consultant and employee owner at Intrust IT. Dave has more than 30 years’ experience in technology as a software engineer and cybersecurity consultant and has served as an adjunct professor at Cincinnati State for over 20 years. He is a privacy advocate and an Advisory Board member of the Plunk Foundation. Follow Dave on X (@DaveHatter) for timely and helpful technology news and tips.

The role of a technology leader is a balancing act of innovation, resource management, and strategic foresight. Yet, no matter how experienced or forward-thinking a leader may be, adhering to dated approaches and failing to adapt quickly can hinder an organization’s growth. Here’s what every tech leader should stop doing to ensure their organization thrives in an increasingly competitive technology landscape.

1. Sticking with Legacy

Legacy systems may feel reliable, but they carry hidden costs that can weigh heavily on an organization’s operations. Maintenance expenses, inefficiencies, and incompatibility with newer technologies can obstruct scalability and growth, creating short- and long-term competitive disadvantages.

Additionally, staying dependent on outdated systems can frustrate both employees and customers. Slow interfaces, limited functionality, and inefficiency in responding to demands affect productivity and satisfaction.

One key responsibility of a tech leader is to foster an environment of progress. This means phasing out legacy systems in favor of modern, scalable solutions. Migrating to the cloud, for example, offers enhanced agility and cost optimization compared to on-premise systems. Though transitions take effort and there is some inherent risk, the benefits far surpass the short-term inconvenience.

2. Under-Resourcing Cybersecurity

Cybersecurity is not a corner to cut, it’s a foundation to uphold. However, many organizations still fail to allocate adequate resources, often viewing it as an expense rather than insurance or, better yet, an investment. This approach can have catastrophic effects.

Powered by AI, cyber threats are more sophisticated than ever, ranging from ransomware attacks to end-user and insider breaches. Underfunding your cybersecurity initiatives creates vulnerabilities that bad actors will exploit. Not fully protecting your environment could mean loss of proprietary data, damage to your company’s reputation, and heavy financial penalties due to non-compliance with data protection regulations.

3. Delaying Adoption

It’s natural to fall into the trap of waiting until a technology trend “matures” or becomes “accepted” before exploring its potential, but technology does not wait. Delaying the adoption of emerging technologies, platforms, and services often places organizations at a competitive disadvantage. Companies that hesitate risk losing market share to faster-moving rivals who leverage innovation to streamline processes, reduce costs, or enhance customer experiences.

Take cloud communications, for example. Despite its widespread adoption across industries, some organizations continue to rely entirely on premise–based phone systems that long ago lost the modernization race with Unified Communications as a Service (UCaaS).

Early adopters of next-gen technologies have reaped the benefits of efficiency, scalability, and data-driven decision-making. Meanwhile, organizations that delay implementation often find themselves playing an expensive game of catch-up. Instead of assuming these advancements are “not ready yet,” adopt an agile approach that allows small-scale testing before rolling out.

4. DIYing Everything

“DIY” is a Midwestern staple, but the “DIY everything” approach is not scalable, or even sustainable in today’s technology landscape. When managing complex IT ecosystems dependent upon rapidly changing technologies, DIY is a recipe for bottlenecks and oversights. Tech leaders who insist on building proprietary solutions or choose to “go it alone”—out of budget-consciousness or a desire for control—often discover that the results can be less than desired and can be more challenging to scale, maintain, or integrate.

Outsourcing, leveraging third-party expertise, and collaborating with skilled IT partners can be an efficient and sustainable way to scale your team. These partners bring specialized expertise, allowing your in-house team to be more strategic with a focus on core business objectives. By stopping the impulse to “DIY everything,” tech leaders can increase internal bandwidth and resources, ensuring strategic priorities receive the attention they deserve. And, the IT team gets the attention it deserves!

5. Undervaluing Soft Skills

Traditionally, IT leadership has focused on technical expertise, certifications, and project-specific skills. While these are undeniably essential, overlooking the value of soft skills like communication, collaboration, emotional intelligence, and leadership can undermine overall effectiveness.

Tech leaders frequently engage with diverse stakeholders—from executive teams to end-users—requiring the ability to translate complex concepts across a broad spectrum of personas. Soft skills help bridge this gap, promote collaboration, and build trust. IT organizations led by individuals who emphasize both soft skills and technical expertise are far more likely to achieve cohesion and alignment across functions. Stopping the undervaluation of soft skills is a simple yet powerful move toward becoming a C-level, IT rock star.

Final Take

Louie Hollmeyer is a seasoned B2B tech marketer with over 25 years of experience. With Advanced Technology Consulting (ATC), Hollmeyer serves as a hybrid marketer, business development executive and consultant, specializing in voice, data, cloud, cybersecurity, and data & AI services. ATC, located in Liberty Township, OH, is an independent IT consulting and professional services firm with access to an extensive portfolio of over 700 technology providers.

Tech leaders today, knowingly or unknowingly, are facing a critical choice: embrace artificial intelligence now or wait and risk falling behind. A.I. isn’t just a trendy buzzword; it's a transformative technology already reshaping industries. While 2023 is widely recognized as the breakout year for generative A.I. (thanks largely to tools like ChatGPT becoming widely accessible, the launch of Microsoft Copilot, and Google's Gemini/Bard integration into Google Search), major companies have been leveraging A.I. internally for years, refining the very systems and solutions we're seeing unveiled almost daily.

And with that comes exploration. Employees across sectors are independently exploring A.I. solutions, often without structured leadership support. This fragmented approach risks overlooking critical considerations like data hygiene, workflow integration, data privacy, and collaborative strategy development. Meanwhile, companies that have proactively adopted A.I. are already seeing strategic advantages.

Global A.I. spending is expected to exceed $300 billion by 2026, as highlighted bykeynote speaker Mike Menke at Technology First’s AI Day. Rapid advancements from GPT-1 to GPT-4 and upcoming technologies like Gemini Ultra illustrate that the AI landscape is evolving faster than ever. Leaders can no longer afford to observe from the sidelines.

For hesitant leaders, now is the time to start evaluating A.I.'s impact on competition, customer expectations, and internal processes. Conducting detailed assessments can help identify operational disruptions, data gaps, and competitive risks associated with delaying A.I. adoption.

Organizations already adopting A.I. should consider their actions a validation of their strategic foresight, positioning them for sustained relevance and agility. To maintain long-term success, continued refinement, transparent communication, and ongoing stakeholder engagement are crucial, alongside proactive adaptation to rapid technological advancements and associated risks.

For organizations currently adapting to these changes, successful A.I. implementation requires more than technological solutions. Tech modernization efforts demand effective organizational change management strategies. Employees may fear job displacement, making transparency and open dialogue essential. Clear communication about how A.I. will enhance, rather than replace, human work, combined with inclusive training programs, can alleviate concerns and foster a collaborative environment.

Clinging to traditional methods presents a significant risk. Even sectors once seen as insulated, such as retail and manufacturing, must embrace A.I.-driven improvements to stay competitive. Companies like Meta, Apple, Google, OpenAI, and Amazon have integrated A.I. deeply into their operations, setting new standards for industry expectations.

The term "A.I." may soon fade into routine usage, but its transformative impacts will persist. Leaders resisting A.I. adoption risk appearing stagnant, while proactive competitors shape the future of trustworthy A.I. use.

Companies slow to integrate A.I. strategically face long-term disadvantages. Leaders should begin by defining clear objectives, investing in employee education, performing impact assessments, and adopting robust change management strategies.

Practical steps for leaders to adapt to A.I. include:

• Conducting impact assessments to identify A.I. opportunities and risks.
• Forming internal working groups to explore A.I. systematically.
• Implementing targeted employee training for A.I. literacy.
• Encouraging transparent communication to secure employee buy-in.
• Launching pilot projects to test A.I. effectiveness.
• Ensuring data hygiene and adapting management practices accordingly.
• Promoting cross-departmental collaboration for maximum insight.

Ultimately, success in A.I. adoption depends on effective organizational change management:

• Clearly articulate how A.I. aligns with organizational goals.
• Engage senior leaders early as champions of A.I. initiatives.
• Maintain transparent and consistent communication.
• Provide continuous resources and support for employee transitions.
• Regularly monitor progress, measure impact, and adjust strategies as needed.

Hailey M. Clark is the Creative Marketing Specialist at The Greentree Group & Back To Business I.T. With over 20 years of marketing experience, she is passionate about supporting small businesses through digital innovation and strategic marketing initiatives.

Whether you’re handling customer information, financial records, or proprietary product details, safeguarding that data isn’t just a compliance requirement; it’s critical to maintaining customer trust, brand reputation, and the overall health of your business. However, small and midsized businesses (SMBs) often face unique challenges, such as limited IT resources and tighter budgets, making data security all the more challenging.

Why Data Security Is Critical for SMBs

1. Brand Reputation and Customer Trust
   A single data breach can undermine years of hard-earned trust. Small and midsized businesses often rely on close customer relationships and community reputation. Maintaining robust data security measures ensures customers feel safe doing business with you.
2. Regulatory Compliance
   Various regulations like PCI and HIPAA require strict data protection. Non-compliance can result in hefty fines and legal trouble, creating significant financial strain for SMBs.
3. Preventing Operational Disruptions
   Cyber attacks can cause severe downtime, impacting your ability to serve customers. Considering SMBs typically have leaner teams, recovering from a security incident can take more time, causing a ripple effect of lost revenue and productivity.
4. Competitive Advantage
   In many industries, security assurances are becoming a key differentiator. Demonstrating rigorous data protection can help win new clients, particularly those who handle sensitive information.

Common Security Risks Facing SMBs

1. Phishing Attacks
   Cybercriminals often use deceptive emails or messages to trick employees into divulging login credentials, credit card numbers, or other sensitive information. SMBs can be especially vulnerable because they may lack formalized security protocols or employee training programs.
2. Ransomware
   Ransomware is a type of malicious software that encrypts your data, rendering it unusable until a ransom is paid. Smaller businesses might feel pressured to pay due to limited resources and backup systems, making them prime targets.
3. Insider Threats
   Employees, contractors, or partners with legitimate access can inadvertently (or intentionally) expose or misuse data. SMBs often have flat hierarchies and broad access privileges, which can increase the risk of insider threats.
4. Unsecured Network and Devices
   SMBs may rely on a mix of personal and company-owned devices, and employees might connect from unsecured networks. This creates multiple potential entry points for hackers to exploit.

Essential Data Security Best Practices

1. Implement Strong Authentication
   • Use Multi-Factor Authentication (MFA): Adding a second verification step—such as a text message code, biometric scan, or app-based token.
   • Limit Logins to Company-Owned IP Addresses: Configure access controls to allow remote access only from whitelisted IP addresses owned by the organization. This approach minimizes unauthorized login attempts by ensuring that only connections originating from your internal network or approved gateways can reach critical systems.
2. Encrypt Sensitive Data
   • Data at Rest: Store files in encrypted formats, whether on-premises or in the cloud. Modern operating systems offer built-in disk encryption such as Bitlocker, and many cloud services include encryption features.
   • Data in Transit: Use secure protocols (HTTPS, SSL/TLS) for data transfer, ensuring information is protected as it moves between internal systems or over the internet.
3. Regular Software Updates and Patch Management
   • Automated Updates: Whenever possible, enable automatic updates to keep operating systems, antivirus software, and applications current.
   • Patch Management Tools: If you have multiple devices or servers, consider a patch management solution that lets you schedule and track updates from a central console.
4. Frequent Data Backups
   • Off-Site or Cloud Backups: Keep copies of critical data in multiple locations—ideally in encrypted, secure cloud storage.
   • Test Recovery Processes: A backup is only as good as your ability to restore it. Run periodic recovery drills to ensure backups are functioning properly.
5. Network Segmentation
   • Limit Lateral Movement: If a hacker gains access to one part of your network, you want to prevent them from moving freely to other systems. Segment your network to create isolated environments for sensitive information.
   • Access Control Lists (ACLs) and Firewalls: Restrict network traffic between segments using firewalls and ACLs.
6. Employee Training and Awareness
   • Phishing Simulations: Conduct regular phishing tests to help employees recognize suspicious emails.
   • Clear Security Policies: Provide guidelines on handling data, using personal devices for work, and reporting potential threats. Clear policies help your team make secure decisions daily.
7. Endpoint and Anti-Malware Protection
   • Robust Antivirus/Anti-Malware Solutions: Deploy reputable security software to monitor and block known threats.
   • Device Management: Use Mobile Device Management (MDM) or endpoint management tools to enforce security policies on company- or employee-owned devices.

Getting Started with a Data Security Strategy

1. Conduct a Risk Assessment
   Identify the most critical systems, data assets, and vulnerabilities. This will help you prioritize your security investments where they can make the biggest impact.
2. Create an Incident Response Plan
   Plan out step-by-step procedures for handling security breaches or suspicious activity. Clearly define roles and responsibilities for your team and detail how you’ll communicate with customers, partners, and authorities.
3. Allocate a Security Budget
   Assess how much you can realistically invest in data security tools, training, and personnel. Even modest budgets can fund essential solutions—like antivirus software, firewalls, and backup systems.
4. Train Your Staff
   A security system is only as strong as its weakest link—often human error. Regular training sessions and easy-to-understand policies can turn employees into your first line of defense.

Conclusion

Data security is no longer a “nice to have”—it’s a critical component of running a successful and trusted small or midsized business. Cyber threats evolve daily, and SMBs must remain vigilant to protect sensitive information, maintain compliance, and keep operations running smoothly. By implementing strong security practices—like multi-factor authentication, encryption, network segmentation, and ongoing employee training—you can significantly reduce your risk profile and safeguard your business.

Remember: cybersecurity is a journey, not a destination. Stay informed about evolving threats and emerging best practices and continually refine your security measures. With a proactive and well-rounded approach, your SMB can secure its valuable data, build customer trust, and thrive in an increasingly digital marketplace.

Josh Barrett is the Co-founder of BlueHat, a technology success partner specializing in cyber security and IT services for the mid and small business markets.  Josh graduated from UC with a degree in cybersecurity, has been a practicing professional for more than 12 years, Josh is CISSP certified.

The technology industry is evolving rapidly, with cybersecurity and IT roles in high demand. Businesses across all sectors struggle to find skilled professionals to fill critical positions. Despite the abundance of opportunities, many talented individuals find themselves shut out—not due to a lack of qualifications but because of barriers unrelated to their technical abilities. Among the most overlooked are professionals with disabilities, who, despite meeting or exceeding job requirements, often face challenges securing interviews and job offers.

The Hidden Barrier: When Qualifications Aren’t Enough

At Phishbuster Academy, we frequently hear from students who have put in the effort to obtain the right credentials but still struggle to break into the field. There is one such student who recently came to Phishbuster Academy who truly stood out. This aspiring professional earned an associate’s degree in IT and even acquired CompTIA’s triple crown of entry-level certifications—A+, Network+, and Security+. By all accounts, this individual should be an ideal candidate for an entry-level IT or cybersecurity role. Yet, despite applying to numerous positions, he could not even secure an interview.

Unfortunately, his story is not unique.

Although this young man is fully capable and qualified for an entry-level IT position, he does have a disability. In a field that can be difficult to break into, for professionals with disabilities, they face additional barriers to employment often stemming from:

• Employer misconceptions about their capabilities.
• Rigid job requirements that do not accommodate remote or adaptive work setups.
• A lack of focus on skills-based hiring, leading to missed opportunities.

These obstacles prevent companies from accessing a talented pool of candidates who are fully capable of succeeding in IT and cybersecurity roles.

The Role of Remote & Adaptive Work Environments

One of the biggest misconceptions in hiring is that IT and cybersecurity positions require a traditional office setting. In reality, many roles in these fields are well-suited for remote work and can be adapted to accommodate a variety of needs. With the right tools and policies in place, professionals with disabilities can thrive in:

• Remote work environments, which allow for flexible scheduling and accessible setups.
• Adaptive technologies when needed, such as screen readers, voice-to-text software, and specialized hardware.
• Results-driven roles, where success is measured by skills and problem-solving ability rather than physical presence.

Despite these advantages, many companies remain hesitant to implement these hiring practices or invest in the necessary accommodations.

Consider the student mentioned earlier: He possesses the education, certifications, and motivation needed to excel in IT, yet he struggles to even get past the initial hiring stage. His experience reflects a broader industry issue that creates difficult barriers of entry. This highlights a crucial gap: while education and certifications lay the foundation, hands-on experience often serves as the missing piece.

How Employers Can Close the Gap

The IT and cybersecurity industries face a talent shortage, yet many capable professionals remain overlooked due to outdated hiring practices and misconceptions about disabilities. Companies that embrace adaptive hiring practices, flexible work environments, and skills-based evaluation will not only tap into a wealth of underutilized talent but also foster a more diverse and innovative workforce. It’s time for the industry to break these barriers and open doors—because talent should be recognized, not overlooked.

To bridge this divide and create more opportunities, companies can consider:

• Adopt skills-based hiring: Focus on an applicant’s actual technical abilities.
• Implement flexible and remote work policies: Make accommodations that enable all employees to perform at their best.
• Support internship and job simulation programs: Provide structured, hands-on opportunities that allow these professionals to gain real-world experience.

When faced with a candidate who has the education and certifications that highlight his intellectual abilities and foundational understanding of key concepts, the only thing left to do is prove that they have the technical abilities to do the job. But how can this develop if no entry-level positions are offered? That’s where job-simulated programs become a game changer.

The Path Forward

That brings us to the next steps…where do we go from here? It’s not overly complicated, the path forward is essentially giving these candidates an opportunity to complete hands-on projects that simulate real-world job responsibilities. Adding in that last piece of the puzzle, projects that can highlight their technical experience and abilities. Especially in a state like Ohio, where programs like Tech Cred can make this type of training a reality by eliminating what is often a big concern – cost.

Justin LeBrun is the VP of Operations at Phishbuster Academy, an organization dedicated to providing hands-on cybersecurity training and real-world experience through job-simulated labs. With a passion for bridging the skills gap, he works to ensure aspiring professionals have the opportunity to build successful careers in IT and cybersecurity.

The Cybersecurity Maturity Model Certification (CMMC) program, designed by the Department of Defense (DoD) to safeguard Controlled Unclassified Information (CUI) and Federal Contract Information (FCI), has undergone significant updates between its proposed rule in December 2023 and its final rule in October 2024. These changes reflect the DoD’s effort to balance cybersecurity requirements with practical considerations for contractors. With the final rule taking effect on December 16, 2024, understanding these changes is critical for contractors preparing for assessment.

One of the most important changes in the final rule is the introduction of a clearly defined phased implementation plan. The proposed rule hinted at a gradual rollout but lacked specific milestones or timelines. The final rule addresses this by implementing a four-phase plan. Phase 1 introduces mandatory self-assessments for contractors handling FCI. Phase 2 brings in Level 2 certifications for select contracts involving CUI. Phase 3 extends certification requirements to high-priority programs through Level 3 assessments. Finally, Phase 4 marks the full implementation of CMMC requirements across all applicable DoD contracts. This structured approach ensures contractors have the time to adapt while the DoD scales its assessment capabilities. Initial estimates state that approx. 80,000 defense contractors require Level 2 Certification, so with the implementation of a phased rollout, the accreditation body and ecosystem should be able to stretch with the initial demand of assessments.

Flexibility for Level 2 compliance has also been enhanced in the final rule through the introduction of conditional certification. Under the proposed rule, contractors were required to fully implement all 110 NIST SP 800-171 Rev 2 controls before achieving certification. The final rule now allows for conditional certification if contractors meet at least 80% of these requirements, provided they address gaps through a Plan of Action and Milestones (POA&M). This conditional status enables contractors to bid on contracts while granting them 180 days to close security gaps. However, failure to meet this deadline results in certification expiration, demonstrating that while the rule allows flexibility, it does not compromise accountability.

The role of POA&Ms has been significantly refined. The proposed rule permitted their use but lacked clear guidelines on timelines and follow-ups. The final rule establishes firm deadlines, requiring all security gaps documented in POA&Ms to be resolved within 180 days. A POA&M closeout assessment is then mandated to verify compliance before final certification is granted. This change ensures that contractors address vulnerabilities promptly, mitigating the risks of long-standing cybersecurity weaknesses.

The certification levels themselves have been clarified in the final rule. While the proposed rule outlined the three levels of CMMC, the final rule provides greater detail on the assessment processes and their frequency. Level 1 now mandates annual self-assessments for contractors handling FCI, with results reported in the Supplier Performance Risk System (SPRS). Level 2 introduces a distinction between self-assessments and third-party assessments conducted by CMMC Third-Party Assessment Organizations (C3PAOs). For Level 3, which is required for contractors handling critical CUI, assessments will be conducted by the Defense Industrial Base Cybersecurity Assessment Center (DIBCAC), with Level 2 certification as a prerequisite.

Another area of improvement is the tracking and affirmation of compliance. The proposed rule required annual affirmations from senior officials but did not elaborate on enforcement or tracking mechanisms. The final rule enforces these affirmations across all certification levels, with contractors required to submit them annually through SPRS. Failure to affirm compliance results in the automatic lapse of certification, reinforcing the need for continuous cybersecurity maintenance rather than viewing CMMC as a one-time achievement.

The integration of SPRS and the CMMC Enterprise Mission Assurance Support Service (eMASS) is another key update. While the proposed rule primarily relied on SPRS for self-assessment score submissions, the final rule expands this functionality. SPRS is now used for Levels 1 and 2 (Self) assessments, while eMASS is designated for third-party assessments at Level 2 (C3PAO) and Level 3. Assessment results are automatically transmitted to SPRS from eMASS, creating a seamless and centralized compliance tracking system.

Scoping requirements have also been expanded and clarified in the final rule. The proposed rule provided limited guidance on defining in-scope systems and the role of External Service Providers (ESPs). In contrast, the final rule introduces clear scoping categories, including Contractor Risk Managed Assets, Security Protection Assets, and Specialized Assets. It also requires ESPs to meet equivalent CMMC security requirements when processing CUI but does not stipulate ESPs obtain the same level CMMC certification of their clients. These changes enhance clarity and ensure that contractors appropriately define the scope of their cybersecurity efforts.

As the CMMC program evolves, contractors must prepare to align their cybersecurity programs with these updated requirements. The final rule reinforces the DoD’s commitment to safeguarding national security through a robust, scalable, and enforceable cybersecurity framework. For contractors, the path to compliance is not only a contractual obligation but a critical step in strengthening their resilience against cyber threats. Now is the time to act, ensuring readiness for the challenges and opportunities that the CMMC program brings.

Eric Parsley is a cybersecurity executive specializing in Governance, Risk, and Compliance (GRC). He is a vCISO for Expedient Technology Solutions offering cybersecurity focused MSP/MSSP Services. Eric holds a Master’s degree in Cybersecurity & Information Assurance and is a CMMC Certified Assessor.