Building an innovative firm can be challenging if you're not using project management that properly fits your organization. Industry leaders David Capece and Doug Pace created the Agile Management System (AMS) as a tool to help professional service executives manage and scale their growth. The AMS is a five-phase framework that maps out the natural progression of team-building, and includes the necessary tools and strategies to ensure long-term success.


Before diving into the AMS, it is important to consider what stage of growth your company is in.The size of your team dictates your organizational priorities and is the root of the challenges you are facing, which stem from either people, profit, or process. Keep in mind that no two paths to success are the same, but all companies can benefit from using the right project management sys
tem.


Unify

The first phase of the AMS starts with defining a purpose. Before you can grow, you need to define your mission and set goals for your organization so you know what you are aiming for. You will also need to identify opportunities and create a plan for how you will reach your goals, complete with individual steps and checkpoints for the entire operation. And like any beginning phase, you need to have a clearly defined strategy to ensure that everything is aligned with these goals.


If this step looks easy, think again. While this phase may seem unnecessary for organizations who are further in their growth, it is important to continue unifying your team as you bring on more employees. Creating the perfect culture in your organization cannot happen overnight; instead, it has to be nurtured over time to be sustainable. This is often overlooked by larger companies who are too focused on profit, and is the reason they are unable to reach their full potential.


Create

Building the future you envision for your company requires that you go through the process of organizing your resources. Clients should have clear expectations of the services you offer, how they are delivered, and how responsibilities are divided up amongst all stakeholders. Once you have established a successful design of processes and timelines, it should be replicated so that new team members can be trained to produce similar outcomes.


By activating the strategy map created in your initial phases of growth, you will begin to create your sales pipeline and repeatable models. This is how you will scale your business and track the way work is distributed to your team. In this phase you should also evaluate how roles and responsibilities are implemented as new employees join your organization and you continue to grow.


Operate

The daily operations of your organization will be proof of how strong your strategy and system are. In this phase, you will submit deliverables based on the standards you created, and begin to develop a model for managing your organization. Ideally, there will be weekly scorecard reviews to align day-to-day operations with strategic objectives. You should also make sure your success is sustainable over a long period of time, rather than shooting for a short term profit or a quick rise to popularity.


Though it will be challenging, resist the urge to change or start over if you do not immediately see results. Instead, continue to analyze reports and give the process time so that you have meaningful insights to work with. One day’s data cannot speak for an entire year of performance, and the same can be said for new operation techniques.


Automate

Work smarter, not harder. If you want to build a lasting framework for automation in your organization, start with standardizing your process. Having tools like project templates, style guides, and a standardized delivery system will set you up for continued success and efficiency. Not only will this make life as a project manager easier, but it will also allow you to take on more clients and expand your capabilities. Keep in mind that not all processes can be simplified down to a few steps, so establishing automation may require some trial and error.


This is also where you will assess which technology will allow your team to succeed. Creating a centralized location for tools like project templates, style guides, and delivery instructions will set your entire team up for continued success and efficiency. Streamline your processes so you can stand out from the competition.


Accelerate

The last phase of the AMS is all about evaluating and optimizing for growth. Now you have all the tools you need to succeed, and everything in your organization is set up efficiently. At this point your priority should be to strategize for the future and what your next steps toward growth will be. Take the time to recognize where you have been successful, and determine where you want to improve as a company. As your industry evolves, strategize ways you can innovate as a team to become a group of leaders who are able to trend ahead of the curve. Growth always involves risk, but with the right tools and planning you can master the art of pivoting.


David Capece is an innovative leader who founded the award-winning digital agency Sparxoo. He is the founder and CEO of CROOW, a platform designed to help companies unify teams, automate processes, and deliver profitable work.

Doug Pace is a transformative leader who is the founder and CEO of the nationally ranked strategy consultancy Stonehill. His work has provided process and structure to small organizations allowing them to accelerate their growth.

Their combined business expertise led them to publishing their project management and growth tips. If you want to learn more about the Agile Management System, download their free ebook, Level Up.

While leading our projects we like to make sure we are doing so to the best of our abilities, helping our project team gain responsibility and experience, and keeping our project customer engaged. Sticking to overall project management best practices is what we strive for – or at least should be striving for – every time out.


So as we go through our project engagements, let’s consider a few “best practices” litmus tests to perform (if only in our heads) to make sure that we are properly delivering on our projects. If we don’t do this, in my opinion, it can become too easy to fall into a rut of going through the motions on everything and “just running the project.” And by that I mean, doing what you’re “supposed to do” but not necessarily what the project needs or the customer needs or wants and providing that extra WOW factor that customers like to see…it’s what they keep coming back for, right?


There are many things we can do that meet this criteria and what they are and how we do them can depend on the customer, the project, the industry, etc…. but there are a few that you can consistently inject into your projects to make a difference. Here’s my list of five….


Formally kick the project off. Make the project kickoff a formal occasion and make sure all the important people are there. I don’t care if it’s a $50,000 project or a $50 million project. Do this. The $50k project may kickoff over the phone if budget doesn’t allow for a face to face gathering, but still do it…you aren’t limited by technology in this area so make it nice and make it formal. It will set a certain expectation for the project and your customer will appreciate the dog and pony show….trust me.


Document the project well. This is broad, I know. But be thorough and purposeful with your documentation. Create some formal plans that mean something – communication plans on how project discussions will happen, requirements documents putting project scope in perspective for everyone to see, and design documents that help developers move forward with coding and testing the solution they are working on. And get signoff from the customer on these…make them official. Don’t go overboard on the $50k project, and – likewise – don’t just phone it in on the $50 million project. Let the formality and effort match the budget and visibility/importance of the project. But documentation is important so do it right. And peer review all documentation before giving it to the customer. The worst thing you can do for customer confidence is hand over error-filled documentation and plans. Ouch. I’ve been there and it is a very hard hole to dig yourself out of.


Conduct regular status calls with the client. I have to admit that – while I do this for every project - I don’t do this for every consulting engagement. I probably should. I let the size of the engagement and the customer’s wants and needs dictate how that goes – and with frequent contact via email, skype and irregular phone calls everything is usually well covered on consulting gigs. But with projects it’s a different story. Always conduct regular weekly calls with your team and your customer. Always.


Help your customer with testing. I’ve said this before, don’t do the testing for them…and don’t help them too much. Basically, help them be well prepared for it. Help them with test planning and test cases and be there on hand to help when they run into issues (and they will).


Put together a solid closeout checklist. Finally, do a very thorough job with project close out. Don’t just wing it when making sure everything is in proper order for deployment or rollout or implementation of whatever your proper terminology happens to be for the handing off of the final solution. Make sure all deliverables are done and signed off, all tasks are complete, all training is in place, all testing has been done, etc. A good checklist that is put together early on and revised as needed, will do the trick.


Summary


The bottom line here is add value and show value. You are running important projects and you need to show that they matter. You need to put the proper effort into making sure that things are done right. And you can do that by doing more than the absolute minimum effort needed on the project. Look for ways to make your customer happy. Look for ways to get your team fully involved and take ownership of tasks and deliverables. Look for ways to ensure that what you are supposed to deliver is what you are actually delivering. And by following these and other best practices, in the long run, you will actually make your job as project manager easier…not harder. Work smarter, not harder…that’s what my wife always tells me…and I try to listen to her most of the time. It’s a healthy situation.

What ransomware negotiations look likeFear can overwhelm the decision of whether to pay a ransom. But in negotiations, companies have to take a backseat.

Negotiating a ransom down to $0 is possible.

When COVID-19 began to put serious pressure on healthcare organizations, cybercriminals took advantage, especially ransomware gangs. But in at least one instance, a victim healthcare organization was able to level with their attackers.

"The threat actor basically said, 'Hey, we're actually really sorry about that. We're not trying to hit healthcare organizations, we're just going to give you a decrypter," said Drew Schmitt, principal threat intelligence analyst at GuidePoint Security, who has been partnering with third parties since 2019 to negotiate ransom payment.

"One of the most notable experiences I've had is having that free issuing of the decryptor."
 
Drew Schmitt
Principal threat intelligence analyst at GuidePoint Security

Some ransomware groups are "not necessarily just doing what they're doing to watch the world burn. There are varying levels of how some groups feel about their operations," he said. "One of the most notable experiences I've had is having that free issuing of the decryptor."
Not all organizations are as lucky and not all cybercriminals have a moral compass.

Fear lies at the root of the decision of whether to pay a ransom. When considering whether to pay, companies want to know how quickly operations can resume while uncovering the hole that allowed the ransomware in. As for the negotiation, companies have to take a backseat.
"The victim organization is involved very little in the direct negotiations. You don't want the emotions coming through in the negotiations and involving the client directly almost always results in that," said Jake Williams, co-founder and CTO at BreachQuest.

The ransom negotiator business took off in tandem with the rise of ransomware, starting around 2018. As negotiations become a more routine component of incident response, "I don't think it will be its own business for long," said Williams.

Tick tock

When a company onboards negotiators, they hand the reins to professionals with ransomware group experience. There is a sense of familiarity and anecdotes that allow negotiators to adapt to who they're talking to.

The first thing ransomware negotiators do is ensure a secondary backup to communication with the criminals as the actors might disable their email accounts, said Williams.

Historically, ransomware actors would provide the email address for their victims to contact. Now, ransomware actors share a link with instructions on how to interact with them. Once initial contact has been made, negotiations can start.

"Once you reach out and engage the threat actor, that's going to be kind of when your proverbial clock starts," said Schmitt. "That's when they know that you're aware of the situation, you've reached out to them, and they're going to kind of have this timeline in their head of how long this negotiation process should take."

If a company is able to determine what was encrypted or breached during an attack, the negotiator will ask the actor for sample data or screenshots to get a sense of the depth of the infection.

This is the most important role the victim company will play in the negotiation process because "there is no reason to pay if recovering encrypted data has no value. Only the victim company can forecast or ascribe what the value is," said Bill Siegel, co-founder and CEO of Coveware.

Negotiators, at the end of the day, do not make decisions on behalf of the company, Schmitt said. They are there to provide guidance to the victim company, insurance provider, or counsel based on previous interactions with the threat group.

Threat group relations

If a company determines the value of the hacked data could cause harm to the business and there are no effective solutions, fear can return. Payment will feel like the only option, so negotiations proceed.

This is where "we get a temperature check for how amenable the threat actor is to negotiating down the price. We have threat intelligence on groups and know the typical ransom demand movement and timelines for that," said Williams.

Negotiations are seldom linear, though negotiators try to keep the process within a few days of when a ransom note goes live. If a company is tempted to take longer or be more specific in their counteroffers, "it's our experience that that's when a threat actor starts to get a little bit more annoyed with the processor," and even aggressive, said Schmitt. The actors might retaliate and call the whole deal off, revoke the decryption keys, or publish the stolen data.

"Another reason we try to keep it shorter is because we want their attention during that time," especially when the interactions are based on a real-time chat platform, he said. Ransomware actors might lose interest in negotiations lasting longer than a few days and become less communicative.

"At this point, everybody's aware of how busy a lot of these groups are," said Schmitt. "I mean, they have a lot of victims that they're hitting on on a very consistent basis."

The Conti ransomware group, for example, will usually have multiple negotiations going simultaneously. "They're interacting with the client, and not necessarily us. So there's still a little bit more of that veil or obfuscation as to who they're actually talking to," he said.

When the final amount is agreed upon by both parties, they involve a certified money services business (MSB) for the logistics of the payment. The MSB must confirm the group is not sanctioned by the Treasury Department's Office of Foreign Assets Control (OFAC), to secure cryptocurrency and complete the transaction.

Insurance companies become involved when the negotiation and payment processes are complete. "They just process claims when the entire process is over," said Siegel.

Customer service check

Ransomware groups pride themselves on their reputation and customer service, relationships between criminal gangs and negotiators do develop. "We have worked with the same ransomware groups on multiple occasions and we rely on our MSB payment partners to ensure their due diligence negates the chance of paying a sanctioned group," said Williams.

However, ransomware groups that employ affiliates can complicate the negotiator-threat group relationship. Affiliates can go rogue, which gangs would have to answer to. Ransomware group SunCrypt claims healthcare organizations are not one of its preferred targets. But last year SunCrypt operators had to clarify a hack on University Hospital in New Jersey was due to a new affiliate.

Though ransomware groups' customer service tends to be accommodating, trusting criminals is not a perfect science. Industry has seen ransomware groups make false promises before — like when Maze operators claimed its ransomware stopped short of "socially significant services," including "hospitals, cancer centers, maternity hospitals and other socially vital objects" in December 2016, but the group proceeded to target healthcare organizations involved in COVID-19 response in 2020.

A similar empty promise was made by the DarkSide gang. In October, DarkSide operators claimed to donate $10,000 in bitcoin to charities. "No matter how bad you think our work is, we are pleased to know that we helped change someone's life," DarkSide operators said, according to Emsisoft research. It's illegal for charities to collect funds illegally obtained anyway, Emsisoft clarified. DarkSide also has a blacklist of targets; affiliates cannot target hospitals, nursing homes, morgues, funeral homes, schools, non-profits, and so forth.

Regardless of who targeted who and why, affiliates are typically not involved in the actual negotiations, according to Schmitt.

Negotiators have profiles of known threat actors, which includes how those actors prefer to negotiate. These profiles can dictate which negotiation strategies are effective when using anecdotal evidence they're based on.

Read More in Strategy

InfoSec teams under pressure to compromise security for productivity: report
Sep 09, 2021

Behind the Firewall: What to do if your vendor has a security incident
Sep 03, 2021

IT-OT crossover relitigates who is responsible for ICS security
Sep 02, 2021

What cyber insurance CEOs want to see from customers
Aug 31, 2021

Why a ban on ransom payments will not work
Aug 27, 2021

Companies are investing in security operations but limited by talent gaps
Aug 25, 2021

Why most companies don't understand speed is vital to cybersecurity
Aug 24, 2021

In the event of a cyber incident, think like a lawyer
Aug 17, 2021

Want to see more stories in Strategy?

When negotiators work with groups using affiliates, they might ask the gang if it was one individual working out of line that caused the attack. But even if the group claims it was an individual act, "we of course can't confirm any of that," said Williams. "If we don't have reputational data on the group, it's hard to send significant sums of cryptocurrency with no means to recover it if you don't know you're getting a decryption key.">

Negotiators have to build trust with cybercriminals, unreliable as that sounds. Trust goes beyond a company's chances of receiving a decryption key because the key may not work as promised.

If we don't have reputational data on the group, it's hard to send significant sums of cryptocurrency with no means to recover it if you don't know you're getting a decryption key."
 
Jake Williams
Co-founder and CTO at BreachQuest

"I've seen [encryption programs] encrypt entire file systems — 100 gigabyte file systems — in about five minutes. The decryption of that same file system took about 36 hours," with some files still missing, said Tyler Hudak, practice lead of incident response at TrustedSec, during a July webcast hosted by NinjaRMM. Costs will accrue despite paying a ransom.

Almost half of organizations that paid a ransom regained access to their data, however, at least some of it was returned corrupted, according to a Cybereason survey of more than 1,200 information security professionals conducted in April. Fifteen percent of respondents said they had no issue with their returned data.

Williams tests the decryption program in a "safe environment" prior to paying, though it's an optional step, he said. "Most malware developers are not software engineers, so there's always a risk that sloppy encryption was performed because the software is buggy."

Recommended Reading:
CYBERSECURITY DIVE: What to consider before paying a ransom
Published Sept. 9, 2021 in Cybersecurity Dive
Samantha Schwartz - Reporter

Project Management. All Project Managers have to start somewhere from some beginning. So moving ahead, it’s what you do with that leadership role that makes you a good or great project manager. At some point in time, all of us are new to project management. There are a few different ways we can choose, move into and even fall into the role of project manager. Sometimes we choose our path into project management and sometimes the career choice is forced upon us out of organizational need.


For me, the key tips for PM success that new Project Managers should rely on as they take on this new uncharted territory...


Rely on the tools. Good project management tools are there to lean on, to depend on, to help you manage a project. Admittedly, every once In awhile there are those projects that you could manage on a piece of handwritten paper. But that is rare. If you’re an inexperienced PM, rely on the good tools you are surrounded with. They will help you with the current project and the project timelines and information you put into them and get out of them will get better and more detailed and more fine-tuned with each project and you can take each of those morsels with you to the next project… using the same tool or tools each time.


Shadow a good one. Mentoring. Not everyone has time to do it and not everyone is good at it, but if you’re starting out as a PM and you’re involved with a group of some experienced project managers you are likely to find one who is willing to help you along the way. It isn’t about PMP certification. It is more about experience and success.


Conduct great meetings. Learning how to conduct great project meetings and to get – and keep – people in their seats at your meetings can be a huge key to project success. So how do you make that happen? Make sure you plan for the meeting and send out materials – including a status report – in advance. Only invite the key players but make sure those key players know what they are assigned to and why they are there. If they know they are expected to contribute, they are less likely to just consider it another meeting to skip. Conduct the meetings for the project on a regular basis – usually weekly – and try to never cancel project meetings. Even if there isn’t much to cover in a given week, still conduct the meeting because the minute you start to cancel project meetings is the moment that those attendees start to consider your project meeting optional. Even if all you do on those slow weeks is go around the room and get a brief update from each attendee, it is worth it. It keeps them involved, keeps them coming, and keeps anything from falling through the cracks that could be very important to the project. Finally, take good notes and send out those notes to all attendees to review and revise and send back to you in order to make sure everyone is on the same page at all times.


Status reporting drives the projects. Put together a good, detailed status report and let it drive the project meetings. Take notes and then revise the status report post-meeting and send it out to all participants to verify everyone understands what went on and that everyone is still on the same page.


The budget is the hardest part. You’re managing – for the most part – someone else’s money. Manage the budget closely. Get new actual charges against the project every week from accounting, revise the project budget forecast and analyze what the budget health looks like every week. A 10% budget overrun can be corrected fairly easily. A 50% or 60% overrun can not…and may not ever be corrected. If you’re managing the budget closely every week, it’s highly unlikely that you’ll ever go past about 10% over and you can quickly plan with your team – and possibly even your project customer – on what corrective action you may need to take. Your customer wants you to succeed. They are there to help. Trust me.


Summary / call for input


At one time or another we are all new to project management. If you are now new to project management, I hope this list helps. If you’re experienced, tell us all what you would change or add to this list.


Some of us wanted to be project managers and do great things and lead great teams while others had greatness thrust upon them – at least initially – unwillingly. What's your story? How did you initially become a project manager? Looking back, do you consider that it was a good career move? Please share your story.

As project managers, it seems that everything we do is measured by time or timeframes. We live and die by them. Our projects fail or succeed by them. Our raises and pay incentives are usually based on them. Our whole careers are one big master project schedule. It almost seems like we should run our lives using a project management software tool. Ok, maybe I’m going a little overboard now – I tried that one time years ago on my home computer with one of the first tools that came out and I thought my wife was going to kill me.


Missing the mark on project deployment


First, let’s consider project success factors. In most people’s books, there are three key success determiners for projects…and ultimately project managers. On budget delivery, on time delivery, and customer satisfaction. And of course that last one is often based heavily on the first two. So, there’s that on time delivery measure. That’s on time delivery of the project as a whole. As we know, there are many, many factors that can play into missing the mark in terms of on time delivery. Several that come to mind are:

• Scope creep
  
• Error filled deliverables
  
• Outstanding software bugs
  
• Loss of key project personnel
  
• Funding issues
  
• Unplanned risks arising as real issues
  
• Problems with a third party vendor
  

The list could go on and on in terms of what could affect the overall delivery date of the end solution. The key for the project manager is to document the issues and any reasons why the project is delayed and keep it as part of the knowledge base of information for the project – sort of what we used to refer to as the project notebook. When a two-year project comes in two months late it’s nice to have that documentation showing that in month ten of the project work stopped due to customer funding. Any information that documents anomalies to successful delivery of the solution is good to have when it comes time to get final project approval and when you sit down with the customer and project team to conduct a lessons learned session. And be sure to have the schedule affects documented in your online project management software for these same purposes.


Delayed deliverable delivery


Delayed deliverable delivery may seem like a catchy phrase, but it’s painful if you’re a project manager. Some of the same things that affect overall project delivery can affect the timely delivery of deliverables throughout the project. I once had official approval and signoff of a functional design document deliverable delayed because my team kept delivering an error-filled version of the document. First the PDF creation software was altering the format of the document which caused the customer to reject it. Next, once we finally got past the formatting issues, the customer noticed many typos. After I picked myself off the floor and realized that my highly paid technical team was not proofing documents before sending them to the client, I incorporated a ‘peer review everything’ practice on the project and we got past that issue. But we lost valuable time trying to move to the development phase and we lost valuable customer confidence trying to deliver an error-free document.


Summary


The bottom line is, the project manager essentially promises the customer that he will be overseeing a successful project for them. One that promises to provide on time deliverables, hold weekly meetings according to a planned schedule, deliver status reports and revised project schedules on a regular basis, and deploy an end solution on the date that was planned in our web-based project management software tool with the customer. Every time you have to apologize and miss one of those dates, you’re taking a hit to your reputation as a project manager, your project is incurring unnecessary expenses, your customer is losing confidence in you, and your company may be suffering as well. Quality control is not just something we need to worry about in our software system, it’s something we need to implement in the overall way we run projects.

You know the feeling when life is flying by you and you’re not aware of where things stand? Maybe you are so busy that you aren’t budgeting your money well. Or you have so many clients or potential clients that you’re missing scheduled calls or needing to postpone meetings at the last minute. My freshman year in college I don’t think I dated anyone. Sophomore year in college was a different story…many dates and several different girlfriends all stuffed into the first two months of the new school year. Thankfully, three months in I meant the love of my life – my future and current wife – and my life, and my grades, stabilized. But for those first two months it was chaos and I honestly didn’t even have my class schedule memorized – though yes, I was going to class…I think.


This can be so true of our projects, too, when we get overloaded. It can be our project workload – maybe multiple projects took off at high speed all at once. Or maybe something came up in our personal lives – good or bad - that is occupying our train of thought. Whatever the cause or the problem, it can wreak havoc on one or more of our projects. If you’re in this situation, you may not be aware of it. But I’m going to give you five signs (and I’m sure there are many more) that you may be losing control of one or more of your projects due to distraction, work overload, or maybe you’re just in over your head technically speaking or can’t handle your team chemistry. Whatever the issue, look for these signs and then wake up and take some corrective action before you find yourself out of a project or out of a job.


You keep canceling or postponing client meetings


It’s never good to cancel or postpone your client meetings. I don’t care how busy you are or how slow the project is. Even if you just have a five-minute phone call to say, “Nothing has changed,” you still need to hold them. If you find that you’re often canceling meetings with your client then you need to re-assess what’s important. Your customer won’t stand for that lack of contact long before they start to become dissatisfied and lose confidence in your ability to deliver in your PM role. And you will likely find out that they’ve lost that confidence from someone higher than you in the organization – see one of my next points.


You’re not meeting with your team on a weekly basis


I moved from the Midwest to Las Vegas to be the corporate application development manager for the second largest casino/gaming organization in the world. I was in a new environment, in a considerably different position – going from strictly project management and consulting to managing a group of developers in an industry that I had never worked in before – and I was also busy looking for a house for my family 1500 miles from where we previously lived. To say life was chaotic would be an understatement. If found it easier to cancel my development team meetings than to conduct them if I was busy or if nothing major was happening. But that was wrong…I was new to my team and they were new to me and they needed guidance…they needed a manager after all the changes they had recently been through. I woke up, forced myself to stay on track, hold those meetings no matter what, and it wasn’t long before I had a much more confident and cohesive team. The same is true on our projects. Conduct those weekly meetings no matter what. Maybe there won’t be anything new to cover. But it still builds cohesion among your team members and being a consistent leader is half the battle of getting your team to follow you and respect you.


Your CEO gets a call from the client about the project


In a larger organization this could be anyone in your senior management, and in smaller organizations, this very well could be your CEO. Whoever it is, if they’re above you and your client is calling them with concern and you didn’t expect it, then you don’t have a firm grip on your project and something needs to change. You must be on top of issues or your customer will sense that you aren’t and will quickly lose confidence. If this goes on for too long, these calls will happen.


You don’t have the major tasks in the project committed to memory


Like my example above of not knowing my class schedule that first month of the school year, if you don’t wake up in the middle of the night able to recite the key milestones in your project schedule, then there is something wrong. If you don’t have most of the schedule – especially what’s currently going on and what’s coming up – committed to memory, then you need to take a step back and re-assess what’s going on and what you need to do right now to get a firm grip on what you’re managing.


You have no idea where the project budget stands


If you aren’t managing and forecasting the budget weekly, then you’re not doing enough. And if you completely lack the awareness of where your project budget stands, then you’re really heading for disaster. You’ll likely wake up to find yourself way over budget with no ability to take enough corrective action to save the project. Just like you really can’t go a month without balancing your checkbook, you can’t do that on your project either. If you do, then you’ll probably find your project financially spiraling out of control.