By Steve “The Doctor” Meek | Talk To Th3 Doc Podcast | The Fulcrum Group, Inc.
Doctor’s Diagnosis: A Podcast Doc-umentary — Technology Risk Visibility in Municipal Leadership
I sat down with Ryan Young, one of our Fractional CIOs at Fulcrum as a guest, to get his input on something most leaders feel but struggle to name: technology risks that don’t announce themselves until it’s too late. Imagine the common iceberg image of a little ice above the surface but large mass hidden under water.
As I write this blog post, I started thinking about a Mark Twain-esque truth, or at least one he should have said:
“Most problems don’t arrive loudly. They slip in quietly and send the bill later.”
NOTE: I sometimes comment to myself out loud when writing these blogs, so imagine me doing my best Twain voice. I can’t quite say my impression was Hal Holbrook, but I’d like to think at least Richard Thomas level.
Anyways, this idea stuck with me, because I feel it shows up regularly in municipal IT and in growing SMB organizations alike. We usually term the difference between things an organization should do versus what the actually do an organization’s “technical debt”. Few firms can do all the improvements they should and have to pick and choose their battles, but if those missed items could turn into performance issues, cyber risk increases, usability problems, financial landmines or other less than obvious impacts.
Introduction: Why This Matters to Fulcrum
At Fulcrum, our purpose isn’t to talk about technology for technology’s sake. It’s to help leaders make better decisions with confidence, clarity, and fewer surprises. Municipal organizations and SMBs are sculpted by the choices their leaders make, especially when it comes to technology alignment. Tools don’t create momentum, vision, guidance, leadership and long range technology plans do.
The Problem: Risks Hiding in Plain Sight
Many city managers, department heads, and executives are doing the best they can with limited budgets, legacy systems, and public scrutiny. What Ryan and I discussed on the podcast was simple but uncomfortable: most IT risk doesn’t come from hackers first. It comes from deferred decisions, unclear ownership, and “we’ve always done it this way.”
A helpful way to understand why these risks stay hidden comes from the book The Phoenix Project, which outlines four types of work happening in every IT environment: business projects, internal IT projects, unplanned work (reactive), and operational or “run-the-business” work. In well-aligned organizations, leaders intentionally prioritize the first two—projects that move the mission forward and improve capability.
But that may not happen in other organizations. In some municipalities and SMB firms, holding off on projects creates a result of unplanned work and day-to-day firefighting quietly consuming the majority of time and budget. That imbalance masks risk. When teams are stuck reacting, there’s no capacity left to innovate, modernize systems, clarify ownership, or reduce exposure. Over time, unplanned work becomes the norm, deferred decisions pile up, and leadership mistakes limited improvements for “saving money”—until an outage, audit, or incident forces the issue into the open. As a fake doctor, I think of it as “emergency room” health care. Not eating healthy, seeing your PCP regularly or working on yourself, just going to the ER when bad things happen, which they do.
The Fulcrum Way: STARPower™ and Alignment
This is where Ryan and team use our STARPower, our proprietary planning and innovation framework, to earn its keep. STARPower is built on the same core principles you see in ITIL v4 continuous improvement, value co-creation, and disciplined execution.
We start with alignment. What is the organization trying to accomplish? Then we assess the current state against our large evolving checklist of best practices and current capability maturity. Then, we define a target state, and prioritize the top two or three initiatives that matter most. Not ten, not everything, just what moves the needle for ROI.
Our SPOT Managed IT Services and SPOT Managed Security Services exist to help remove randomness from IT. No random acts of improvement based on frameworks like ITL for technology management and CIS v8.1 for prioritized cybersecurity hygiene. Structured, strategic and predictable as opposed to “why didn’t anyone tell me this was coming?”
Real-World Insight: What Ryan Sees in the Field
One of the most telling moments in the episode came when Ryan talked about municipalities that had no formal IT budget. Zero. They only bought technology when it broke. That works about as well as any adult playing a sport without warming up. Trust me, I’ve tried. My knees send me angry emails if I don’t stay adhered to what I know is the well established right way to do things.
The data backs this up. Organizations without standardized governance and lifecycle planning experience longer outages, higher audit stress, and slower recovery times. The risk isn’t theoretical, it’s operational, it’s practical and impactful.
Key Takeaways / FAQ
Are technology risks only technical?
No. They’re leadership and planning risks first. It can turn into outages when least expected, organizational risk, poor performance of systems and generally poorly support the corporate mission.
Can innovation coexist with tight budgets?
Yes, when priorities are aligned to outcomes, not shiny tools. The secret is impactful things first, which help fund the next, and then next challenges.
Why does STARPower focus on iteration?
Because small, measurable improvements compound over time. No firm has unlimited budget or time, so prioritization drives ROI.
Is AI part of this conversation?
Absolutely. Organizations should strive to be “frontier firms”, embracing AI and at every level in every way. But only when governance and human oversight come first.
What role should executives play?
They must lead technology strategy, not outsource accountability. Top executives know their business, understand opportunity areas best and can seize success that others may not see.
Call to Action
If this episode sparked a few uncomfortable but necessary thoughts, that’s a good sign. I invite you to listen or watch the full conversation, subscribe to Talk To Th3 Doc, and connect with us when you’re ready to make technology a strategic advantage, not a liability.
👉 Visit: https://www.fulcrumgroup.net/talk-to-th3-doc-podcast/
📺 Watch on YouTube: https://youtu.be/7-XoGXj8NU8
🎧 Listen on your favorite platform: https://pod.link/1807560282
About the Author — Steve “The Doctor” Meek, CISSP
Steve “The Doctor” Meek is a DFW-based IT strategist, cybersecurity leader, podcast host, and co-founder of a 24-year technology legacy in North Texas. A recipient of the 2024 MSP Titan of Industry Award for Community Impact, Steve brings decades of experience helping CEOs, city managers, and healthcare and manufacturing leaders navigate cybersecurity, AI readiness, and operational resilience. As host of Talk To Th3 Doc, he explores leadership and ownership topics to find practical insights for SMB decision-makers.
Founded in Keller, TX, The Fulcrum Group, Inc. delivers relationship-centered DFW Managed IT Services through its flagship SPOT Managed IT Services and SPOT Managed Security Services platforms. Using its proprietary STARPower™ Framework, Fulcrum helps businesses strengthen security, modernize operations, and plan technology with clarity and confidence. With a 100% Texas-based team and a “No IT Jerks” philosophy, Fulcrum has earned repeated national recognition on the MSP 501 and CRN Top 500, serving SMBs, local governments, and mission-driven organizations across North Texas.
