[{"data":1,"prerenderedAt":612},["ShallowReactive",2],{"reference-\u002Freferences\u002Fstrategy-regional-security-programme":3,"related-ref-\u002Freferences\u002Fstrategy-regional-security-programme":305},{"_path":4,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":8,"description":9,"date":10,"period":11,"sector":12,"scale":13,"role":14,"mandate":15,"category":16,"tags":17,"body":23,"_type":298,"_id":299,"_source":300,"_file":301,"_stem":302,"_extension":303,"sitemap":304},"\u002Freferences\u002Fstrategy-regional-security-programme","references",false,"","Regional security strategy for a standalone CEE infrastructure group","Designing and driving a multi-year security strategy for a newly independent CEE neutral-host infrastructure group: standardization across markets, regional SOC build, security as an external service, and a regional organization redesign.","2021-01-01","2021 – 2023","Telecommunications, CEE","Multi-country CEE neutral-host infrastructure group","Regional Security Director, CEE","Design and drive a multi-year regional security strategy for the newly independent infrastructure group, across all markets, while keeping day-to-day security running.","Strategy",[18,19,20,21,22],"security leadership","CEE","telecoms","SOC","strategy",{"type":24,"children":25,"toc":287},"root",[26,35,41,47,52,57,63,68,73,79,84,89,94,99,104,109,115,150,156,161,166,171,176,181,186,192,197,202,207,212,217,221,230],{"type":27,"tag":28,"props":29,"children":31},"element","h2",{"id":30},"context",[32],{"type":33,"value":34},"text","Context",{"type":27,"tag":36,"props":37,"children":38},"p",{},[39],{"type":33,"value":40},"After the separation closed, the infrastructure side of a CEE telecoms group stood up as an independent neutral-host operator. Regional footprint, multi-country, its own board, its own regulators to talk to. Security had been split and rebuilt through the carve-out. Now it had to become a strategy: a function that belonged to the new company, not a shared-services legacy.",{"type":27,"tag":28,"props":42,"children":44},{"id":43},"mandate",[45],{"type":33,"value":46},"Mandate",{"type":27,"tag":36,"props":48,"children":49},{},[50],{"type":33,"value":51},"Design a multi-year regional security strategy for the newly independent infrastructure group, aligned with the parent group's security direction, and drive the execution across every market.",{"type":27,"tag":36,"props":53,"children":54},{},[55],{"type":33,"value":56},"Three ambitions to land. Security as a condition of growth and resilient operation, the defensive baseline. An agile and efficient operating model, fit for a lean post-carve-out company. And an ambition with no internal template: security offered to external customers as a service, a revenue line on top of the internal cost centre.",{"type":27,"tag":28,"props":58,"children":60},{"id":59},"role",[61],{"type":33,"value":62},"Role",{"type":27,"tag":36,"props":64,"children":65},{},[66],{"type":33,"value":67},"I was Regional Security Director for CEE, continuing the mandate I had carried through the separation, now inside the standalone infrastructure group. Reporting into the group Chief Security Officer layer. Remit covered every operating company across the region and the regional coordination layer above them.",{"type":27,"tag":36,"props":69,"children":70},{},[71],{"type":33,"value":72},"I designed the strategy myself. I wrote it up. I carried it through the approval chain. And then I drove the execution: standardization, SOC, service portfolio, reorganization. All of it while keeping day-to-day security running.",{"type":27,"tag":28,"props":74,"children":76},{"id":75},"approach",[77],{"type":33,"value":78},"Approach",{"type":27,"tag":36,"props":80,"children":81},{},[82],{"type":33,"value":83},"Three strategic ambitions, one five-year roadmap. Designed and executed in parallel.",{"type":27,"tag":36,"props":85,"children":86},{},[87],{"type":33,"value":88},"On the baseline, I ran a regional standardization programme. I went capability by capability: monitoring, identity, endpoint, privileged access, data leakage, vulnerability management, firewall management, web application protection, DNS, PKI. For each one I set criticality tiers and drove the markets to the same floor. A mandatory baseline for every operating company; higher tiers where the risk or the revenue case justified it. Delivered as infrastructure-as-code where the target technology allowed, so deployments scaled across countries rather than being repeated per market.",{"type":27,"tag":36,"props":90,"children":91},{},[92],{"type":33,"value":93},"The SOC came up in iterations. The first one was a pilot, to learn on live problems: borrowed people, ad-hoc infrastructure, a minimum set of playbooks. The second formalized it, with dedicated analysts, defined procedures, signed commercials, proper governance. The third automated it, with orchestration, standard playbooks, and scope widened by the efficiency gains. Three iterations over roughly two years. Each one closed a real capability gap and produced enough operational proof to justify the next.",{"type":27,"tag":36,"props":95,"children":96},{},[97],{"type":33,"value":98},"The service side was the outlier. I designed a security service portfolio for external customers: consultancy, enterprise services, SOC services. A shared-delivery model behind it, so one team and one knowledge base served every customer off a multi-tenant platform. Positioning: specialized service provider for the SME and mid-market segments that the big integrators do not fight over. Sales went through the retail-side B2B channels and a few partner agreements. Unusual angle for a tower-and-fibre operator: security as a product to sell, not only a line in the operating budget.",{"type":27,"tag":36,"props":100,"children":101},{},[102],{"type":33,"value":103},"Organization design came alongside all of this, pulling in two directions on purpose. Engineering and O&M decentralized to local security teams, for local adaptation, local language, and presence in the moments that matter. Monitoring and analysis went the other way, centralized, with local analysts kept for language and context. A regional architect pool sitting horizontally across markets. Working groups for the cross-country projects.",{"type":27,"tag":36,"props":105,"children":106},{},[107],{"type":33,"value":108},"I designed each track and drove it to delivery. Nothing handed off.",{"type":27,"tag":28,"props":110,"children":112},{"id":111},"deliverables",[113],{"type":33,"value":114},"Deliverables",{"type":27,"tag":116,"props":117,"children":118},"ul",{},[119,125,130,135,140,145],{"type":27,"tag":120,"props":121,"children":122},"li",{},[123],{"type":33,"value":124},"The regional security strategy itself. One document tying the three ambitions, the enablers, the initiatives, and the five-year roadmap into a coherent plan.",{"type":27,"tag":120,"props":126,"children":127},{},[128],{"type":33,"value":129},"A regional standardization programme with defined capability tiers and a rolling delivery plan per market.",{"type":27,"tag":120,"props":131,"children":132},{},[133],{"type":33,"value":134},"A regional SOC, progressed from pilot to operational service, with commercial annexes signed, SLA and KPI framework formalized, and a dedicated analyst pool in place.",{"type":27,"tag":120,"props":136,"children":137},{},[138],{"type":33,"value":139},"A security service portfolio and commercial framework for external customers, under a shared-delivery model.",{"type":27,"tag":120,"props":141,"children":142},{},[143],{"type":33,"value":144},"A redesigned regional security organization: decentralized engineering, centralized monitoring, a regional architect pool, and formal governance.",{"type":27,"tag":120,"props":146,"children":147},{},[148],{"type":33,"value":149},"A regional security governance baseline aligned with ISO 27001 and with the parent group's security governance.",{"type":27,"tag":28,"props":151,"children":153},{"id":152},"what-made-it-hard",[154],{"type":33,"value":155},"What made it hard",{"type":27,"tag":36,"props":157,"children":158},{},[159],{"type":33,"value":160},"The company was still finding its feet. The separation had closed, but the commercial model, the contracts, and the operating rhythm of the new entity were all stabilizing at the same time I was trying to commit it to a five-year security strategy. Every decision I asked the business to make was competing with ten other decisions the business had to make.",{"type":27,"tag":36,"props":162,"children":163},{},[164],{"type":33,"value":165},"The service-provider ambition cut against the culture. Tower and fibre operators do not think of themselves as commercial security vendors. Getting the organization to treat security as something to sell was more organizational change than technical design. Pricing, delivery model, sales channel, commercial terms, service management: none of that machinery existed, and all of it had to be built from zero by people who were also doing their day jobs.",{"type":27,"tag":36,"props":167,"children":168},{},[169],{"type":33,"value":170},"Multi-country execution meant the standardization programme had to respect local regulators, local hiring markets, and local language. I kept the target state common and let the delivery path localize. Per-market strategies would have been faster to sell and impossible to run.",{"type":27,"tag":36,"props":172,"children":173},{},[174],{"type":33,"value":175},"Standardization also had a political face the technical plan didn't capture. Each market came with inheritance: technology choices made earlier by people who were no longer there, or, more awkwardly, by people who still were. And real skills and experience the local teams had built up around those choices. Every market also had its own agenda, its own priorities, its own politics. And because security was now a service provider to those markets, the relationship was commercial: local businesses were customers of the regional security function, not subordinates of it. Pushing a standard was never a purely technical call. Stakeholder management became part of the standardization job, not a side effect.",{"type":27,"tag":36,"props":177,"children":178},{},[179],{"type":33,"value":180},"The org redesign asked for two different motions at once. Decentralizing engineering and O&M meant giving local teams more authority. Centralizing monitoring meant taking authority back in the other direction. Both were right for different reasons, and both had to be sold on their own merit to the same people.",{"type":27,"tag":36,"props":182,"children":183},{},[184],{"type":33,"value":185},"And running all of this on top of business as usual was the constant pressure. Security for the network and IT of an infrastructure group cannot pause while the strategy is being built. Every change to monitoring, access, or endpoint controls had to carry the day-to-day through the transition.",{"type":27,"tag":28,"props":187,"children":189},{"id":188},"what-i-took-from-it",[190],{"type":33,"value":191},"What I took from it",{"type":27,"tag":36,"props":193,"children":194},{},[195],{"type":33,"value":196},"After the separation, I expected the hard part to be behind me. It wasn't. Just different. The separation work rewarded fast, right-now decisions. The strategy work rewarded patience and sequence. The two gears do not come naturally together, and switching between them is a skill in itself.",{"type":27,"tag":36,"props":198,"children":199},{},[200],{"type":33,"value":201},"Two things stuck.",{"type":27,"tag":36,"props":203,"children":204},{},[205],{"type":33,"value":206},"One: a multi-year strategy only works if the first year is visibly delivering. I backloaded nothing. Every one of the three ambitions had something real standing by the end of year one: the standardization baseline moving, the SOC taking live cases, the first external service contracts in place. Strategy that only shows up in year three does not survive the boards and budget cycles that happen in year two.",{"type":27,"tag":36,"props":208,"children":209},{},[210],{"type":33,"value":211},"Two: the service-provider ambition was the test. It was the one most likely to fail, the one with no internal template, the one the organization instinctively resisted. Getting it to actually work, with real customers, real revenue, and real SLA, taught me more about what it takes to change an organization than the other two ambitions combined. Security as a cost line is easy to run. Security as a product forces every other capability to sharpen up.",{"type":27,"tag":36,"props":213,"children":214},{},[215],{"type":33,"value":216},"And the residue. Running a multi-year strategy inside a company still stabilizing its own model taught me how to keep a long horizon visible while staying useful on short-horizon problems. A different muscle from the programme-delivery one I built through the separation, and both of them shape how I think about this kind of work now.",{"type":27,"tag":218,"props":219,"children":220},"hr",{},[],{"type":27,"tag":36,"props":222,"children":223},{},[224],{"type":27,"tag":225,"props":226,"children":227},"em",{},[228],{"type":33,"value":229},"Sources (public record on the group and its post-separation operation):",{"type":27,"tag":116,"props":231,"children":232},{},[233,248,261,274],{"type":27,"tag":120,"props":234,"children":235},{},[236],{"type":27,"tag":225,"props":237,"children":238},{},[239],{"type":27,"tag":240,"props":241,"children":245},"a",{"href":242,"rel":243},"https:\u002F\u002Fwww.cetinbg.bg\u002Fw\u002Fppf-group-separates-commercial-infrastructure-business-of-telenor-branded-operators-establishes-cetin-group",[244],"nofollow",[246],{"type":33,"value":247},"CETIN Group — retail \u002F infrastructure separation across Bulgaria, Hungary, Serbia",{"type":27,"tag":120,"props":249,"children":250},{},[251],{"type":27,"tag":225,"props":252,"children":253},{},[254],{"type":27,"tag":240,"props":255,"children":258},{"href":256,"rel":257},"https:\u002F\u002Fwww.cetin.hu\u002Fw\u002Fhungary-telco-market-sees-launch-of-new-telenor-spin-off-infrastructure-company-named-cetin",[244],[259],{"type":33,"value":260},"Launch of CETIN Hungary as infrastructure spin-off, 1 July 2020",{"type":27,"tag":120,"props":262,"children":263},{},[264],{"type":27,"tag":225,"props":265,"children":266},{},[267],{"type":27,"tag":240,"props":268,"children":271},{"href":269,"rel":270},"https:\u002F\u002Fwww.cetin.eu\u002Fdocuments\u002Fd\u002Fguest\u002F1679582471ut77x-cetin-group-annual-accounts-2022-public-pdf",[244],[272],{"type":33,"value":273},"CETIN Group N.V. — public annual accounts",{"type":27,"tag":120,"props":275,"children":276},{},[277],{"type":27,"tag":225,"props":278,"children":279},{},[280],{"type":27,"tag":240,"props":281,"children":284},{"href":282,"rel":283},"https:\u002F\u002Fwww.cetin.hu\u002Fwhat-we-do\u002Fservices",[244],[285],{"type":33,"value":286},"CETIN Hungary — current service portfolio, including security consultancy, SOC functions, and managed enterprise security services",{"title":7,"searchDepth":288,"depth":288,"links":289},4,[290,292,293,294,295,296,297],{"id":30,"depth":291,"text":34},2,{"id":43,"depth":291,"text":46},{"id":59,"depth":291,"text":62},{"id":75,"depth":291,"text":78},{"id":111,"depth":291,"text":114},{"id":152,"depth":291,"text":155},{"id":188,"depth":291,"text":191},"markdown","content:references:strategy-regional-security-programme.md","content","references\u002Fstrategy-regional-security-programme.md","references\u002Fstrategy-regional-security-programme","md",{"loc":4},[306],{"_path":307,"_dir":5,"_draft":6,"_partial":6,"_locale":7,"title":308,"description":309,"date":310,"period":311,"sector":12,"scale":312,"role":313,"mandate":314,"category":16,"tags":315,"body":318,"_type":298,"_id":608,"_source":300,"_file":609,"_stem":610,"_extension":303,"sitemap":611},"\u002Freferences\u002Fstrategy-corporate-programme","Security stream of a CEE telecoms group separation","Designing and executing the target operating model of the regional security organization through a multi-country CEE telecoms retail\u002Finfrastructure separation. Technical split, financial model, organization setup, legal inputs, all while keeping day-to-day security running.","2019-01-01","2019 – 2021","Multi-country CEE mobile operator group, carved out into a regional neutral-host infrastructure company","Regional Director, group shared-services entity; security workstream lead","Design and deliver the future target operating model of the regional security organization through the separation, across multiple markets, without disrupting day-to-day operations.",[316,317,18,19,20],"M&A","separation",{"type":24,"children":319,"toc":599},[320,324,329,334,338,343,348,352,357,362,367,371,376,381,386,391,396,401,406,411,416,421,426,430,463,467,472,477,482,487,492,496,501,506,511,516,521,526,529,537],{"type":27,"tag":28,"props":321,"children":322},{"id":30},[323],{"type":33,"value":34},{"type":27,"tag":36,"props":325,"children":326},{},[327],{"type":33,"value":328},"A CEE mobile operator group had just changed hands. The new owner wanted to separate network infrastructure from retail, the same carve-out it had done in another market five years earlier. The infrastructure side became a large regional neutral-host tower and fibre operator.",{"type":27,"tag":36,"props":330,"children":331},{},[332],{"type":33,"value":333},"Several operating companies had to be separated at the same time. Every corporate function had to land on one side of the new boundary, or on both under a transitional arrangement.",{"type":27,"tag":28,"props":335,"children":336},{"id":43},[337],{"type":33,"value":46},{"type":27,"tag":36,"props":339,"children":340},{},[341],{"type":33,"value":342},"Design and deliver the target operating model for the regional security organization through the separation. Multiple countries, multiple legal entities per country. Every capability had to be allocated: identity, network, SOC, incident response, GRC, physical. The transition had to be smooth, and both sides had to stand on their own on day one.",{"type":27,"tag":36,"props":344,"children":345},{},[346],{"type":33,"value":347},"Four dimensions, designed and executed in parallel: the technical split, the financial model, the organization setup, and the legal inputs into the inter-company contracts.",{"type":27,"tag":28,"props":349,"children":350},{"id":59},[351],{"type":33,"value":62},{"type":27,"tag":36,"props":353,"children":354},{},[355],{"type":33,"value":356},"I was Regional Director at the group's regional shared-services entity, reporting to its CEO. That entity was restructured at the end of the separation, and I continued afterwards as Regional Security Director for CEE inside the new infrastructure group.",{"type":27,"tag":36,"props":358,"children":359},{},[360],{"type":33,"value":361},"I owned the security stream end to end. I designed the target operating model myself, across all four dimensions, and I drove it to go-live: resourcing it, running the workstream, and carrying the regional security function as a day-to-day service while everything underneath it was being rebuilt.",{"type":27,"tag":36,"props":363,"children":364},{},[365],{"type":33,"value":366},"The remit spanned several countries. In each country, multiple legal entities: the local NetCo, the local ComCo, and the regional shared-services entity above them. The remit didn't own the commercial negotiation between the retail and infrastructure sides, but every decision with a security angle fed into it.",{"type":27,"tag":28,"props":368,"children":369},{"id":75},[370],{"type":33,"value":78},{"type":27,"tag":36,"props":372,"children":373},{},[374],{"type":33,"value":375},"The programme had a hard go-live date. My method was to get to a clean, defensible split first and accept some transitional inefficiency, then schedule optimization for the year after. The first test for any decision was \"does this work on day one.\" The second was \"does this scale.\"",{"type":27,"tag":36,"props":377,"children":378},{},[379],{"type":33,"value":380},"I designed each dimension and drove it to delivery at the same time. The four dimensions ran in parallel and had to reconcile with each other every week.",{"type":27,"tag":36,"props":382,"children":383},{},[384],{"type":33,"value":385},"On the technical side, I went capability by capability: identity, network segmentation, security monitoring, endpoint, vulnerability management, cryptography and key material, physical, OT, network management. For each one I decided whether it duplicated, migrated, or stayed shared under a transitional arrangement. Each one got a target state and a transition path.",{"type":27,"tag":36,"props":387,"children":388},{},[389],{"type":33,"value":390},"Financially, I priced the steady-state cost of every capability on each side, the cost of duplicating it, and the price of any transitional service the shared-services entity would keep delivering. The model had to line up with the group's financial case for the whole separation.",{"type":27,"tag":36,"props":392,"children":393},{},[394],{"type":33,"value":395},"Organization design came next. Target security organizations on both sides, down to roles, headcount, seniority mix, reporting lines, critical skills, and hiring sequence. For every role I decided whether an existing person could fill it and on which side they should land, or whether we had to hire.",{"type":27,"tag":36,"props":397,"children":398},{},[399],{"type":33,"value":400},"Legal pulled it all into contract language. Security schedules, SLAs, liability, data-sharing, incident-cooperation clauses in the inter-company contracts and transitional services agreements. Of the four tracks, legal was the one that forced every decision to become explicit and signed.",{"type":27,"tag":36,"props":402,"children":403},{},[404],{"type":33,"value":405},"Each market had its own operating company, its own regulator, and its own legacy. I designed one target model centrally and localized it per market with a variance register, rather than running per-market redesigns.",{"type":27,"tag":36,"props":407,"children":408},{},[409],{"type":33,"value":410},"Then there was the entity structure. Each country had its own local NetCo and its own local ComCo, each a separate legal entity. A regional security function had to sit across all of them. The operating model had to carry through several contract layers: inter-NetCo agreements across the region, because the security team stayed regional while the NetCos were country-level, and commercial contracts between each NetCo and its local ComCo.",{"type":27,"tag":36,"props":412,"children":413},{},[414],{"type":33,"value":415},"Regional security had to get paid under this structure. The cost allocation followed a provided-versus-consumed logic that had to reconcile across every pair of legal entities and sign off consistently against the local commercial contracts. That part was as much engineering as negotiation.",{"type":27,"tag":36,"props":417,"children":418},{},[419],{"type":33,"value":420},"Security also had two roles inside the new architecture: securing the services delivered under the inter-company contracts, and providing security services directly to the retail side for the business applications that stayed with them. Both roles had to be priced, contracted, and run.",{"type":27,"tag":36,"props":422,"children":423},{},[424],{"type":33,"value":425},"All of this had to land, not just look good on paper. Go-live was one date, across every market, with the security function still running.",{"type":27,"tag":28,"props":427,"children":428},{"id":111},[429],{"type":33,"value":114},{"type":27,"tag":116,"props":431,"children":432},{},[433,438,443,448,453,458],{"type":27,"tag":120,"props":434,"children":435},{},[436],{"type":33,"value":437},"The TOM itself. One document tying the technical, financial, organizational, and legal work into an end state and a transition path.",{"type":27,"tag":120,"props":439,"children":440},{},[441],{"type":33,"value":442},"A capability-level security separation blueprint, with a target state and transition path for every in-scope domain.",{"type":27,"tag":120,"props":444,"children":445},{},[446],{"type":33,"value":447},"A regional security cost-allocation model that reconciled across every legal-entity pair.",{"type":27,"tag":120,"props":449,"children":450},{},[451],{"type":33,"value":452},"Target organization designs for both sides of the split, down to role definitions, headcount, seniority mix, and hiring sequence.",{"type":27,"tag":120,"props":454,"children":455},{},[456],{"type":33,"value":457},"Security schedules and annexes for the inter-NetCo and NetCo-to-ComCo contracts.",{"type":27,"tag":120,"props":459,"children":460},{},[461],{"type":33,"value":462},"A programme risk register for the security-specific risks through to go-live.",{"type":27,"tag":28,"props":464,"children":465},{"id":152},[466],{"type":33,"value":155},{"type":27,"tag":36,"props":468,"children":469},{},[470],{"type":33,"value":471},"The commercial track moved faster than the technical facts. The boundary between retail and infrastructure kept shifting, and every shift reopened decisions already documented, modelled, and drafted into contracts. Every artefact had to be a living document, with one source of truth that the legal, financial, and technical tracks all pulled from.",{"type":27,"tag":36,"props":473,"children":474},{},[475],{"type":33,"value":476},"The legal-entity structure multiplied the number of documents. A regional security function sitting across several country-level NetCos, each with its own ComCo and its own commercial agreements, meant every document had to be consistent with every other. Getting alignment was an engineering job on top of a negotiation: the cost allocation, the service scope, and the security schedules had to close at the same time.",{"type":27,"tag":36,"props":478,"children":479},{},[480],{"type":33,"value":481},"The stakeholder map was wide. Every legal entity brought its own people, each of them with their own interests, their own culture, their own expectations. The upstream programme execution sat above the security stream with its own tempo and its own agenda. Alongside, my own team and my own line management needed a different kind of conversation again. Different interests, different cultures, different communication approach for each. Carrying the TOM through all of them, and then delivering against it, was as much a communications job as a design job.",{"type":27,"tag":36,"props":483,"children":484},{},[485],{"type":33,"value":486},"Running in parallel with business as usual meant nothing could be interrupted for the separation. Changes to identity, monitoring, or network controls had to work for the pre-separation group and the post-separation entities at once.",{"type":27,"tag":36,"props":488,"children":489},{},[490],{"type":33,"value":491},"Multi-country regulatory variance, inside and outside the EU, meant \"one target model, several localizations\" was the only affordable path. Per-market redesigns would not have finished on time.",{"type":27,"tag":28,"props":493,"children":494},{"id":188},[495],{"type":33,"value":191},{"type":27,"tag":36,"props":497,"children":498},{},[499],{"type":33,"value":500},"Running both the design and the delivery of a transformation this broad is a rare experience. Business, technical, organizational, financial, all at once. A lot of how I think about this kind of work now comes from having been in the middle of it.",{"type":27,"tag":36,"props":502,"children":503},{},[504],{"type":33,"value":505},"Three things stuck.",{"type":27,"tag":36,"props":507,"children":508},{},[509],{"type":33,"value":510},"One: designing and executing in the same head is where the learning is. Reality corrects your design in time to fix it, and you learn things about the model no hand-off could teach you. I don't take strategy seriously when it's separated from delivery anymore.",{"type":27,"tag":36,"props":512,"children":513},{},[514],{"type":33,"value":515},"Two: a transformation at this shape is as much a communications job as a design job. Every legal entity, every level of line management, the upstream programme execution, and my own team each needed a different kind of conversation. The TOM moves only as fast as the slowest conversation, and the conversations are not interchangeable. I budget communication effort on that basis now.",{"type":27,"tag":36,"props":517,"children":518},{},[519],{"type":33,"value":520},"Three: the four dimensions only work if they reconcile, and the reconciliation is the hard part. Technical decisions break the financial model. Financial decisions break the organization design. Legal forces every technical and organizational decision to become specific. Holding all four at the same time, not sequentially, was what required the hardest thinking, the most flexibility, and the fastest switching between contexts.",{"type":27,"tag":36,"props":522,"children":523},{},[524],{"type":33,"value":525},"And the residue. I came out of it sharper at the practical habits a programme of that density demands. Focusing hard while changing context constantly. Telling important from less important. Deciding fast. Carrying the stress without it leaking into the work.",{"type":27,"tag":218,"props":527,"children":528},{},[],{"type":27,"tag":36,"props":530,"children":531},{},[532],{"type":27,"tag":225,"props":533,"children":534},{},[535],{"type":33,"value":536},"Sources (public record on the transaction and the resulting infrastructure group):",{"type":27,"tag":116,"props":538,"children":539},{},[540,553,566,577,588],{"type":27,"tag":120,"props":541,"children":542},{},[543],{"type":27,"tag":225,"props":544,"children":545},{},[546],{"type":27,"tag":240,"props":547,"children":550},{"href":548,"rel":549},"https:\u002F\u002Fwww.ppf.eu\u002Fen\u002Fpress-release\u002Fppf-group-completes-its-acquisition-of-telenors-telecommunications-assets-in-cee-countries",[244],[551],{"type":33,"value":552},"PPF Group completes its €2.8bn acquisition of Telenor's CEE operations, 31 July 2018",{"type":27,"tag":120,"props":554,"children":555},{},[556],{"type":27,"tag":225,"props":557,"children":558},{},[559],{"type":27,"tag":240,"props":560,"children":563},{"href":561,"rel":562},"https:\u002F\u002Fec.europa.eu\u002Fcompetition\u002Fmergers\u002Fcases\u002Fdecisions\u002Fm8883_299_3.pdf",[244],[564],{"type":33,"value":565},"European Commission merger clearance, Case M.8883 — PPF Group \u002F Telenor Target",{"type":27,"tag":120,"props":567,"children":568},{},[569],{"type":27,"tag":225,"props":570,"children":571},{},[572],{"type":27,"tag":240,"props":573,"children":575},{"href":256,"rel":574},[244],[576],{"type":33,"value":260},{"type":27,"tag":120,"props":578,"children":579},{},[580],{"type":27,"tag":225,"props":581,"children":582},{},[583],{"type":27,"tag":240,"props":584,"children":586},{"href":242,"rel":585},[244],[587],{"type":33,"value":247},{"type":27,"tag":120,"props":589,"children":590},{},[591],{"type":27,"tag":225,"props":592,"children":593},{},[594],{"type":27,"tag":240,"props":595,"children":597},{"href":269,"rel":596},[244],[598],{"type":33,"value":273},{"title":7,"searchDepth":288,"depth":288,"links":600},[601,602,603,604,605,606,607],{"id":30,"depth":291,"text":34},{"id":43,"depth":291,"text":46},{"id":59,"depth":291,"text":62},{"id":75,"depth":291,"text":78},{"id":111,"depth":291,"text":114},{"id":152,"depth":291,"text":155},{"id":188,"depth":291,"text":191},"content:references:strategy-corporate-programme.md","references\u002Fstrategy-corporate-programme.md","references\u002Fstrategy-corporate-programme",{"loc":307},1777227384553]