Every project has the obvious costs associated with it. The project manager or creative director, the resources charging time to it, materials that will be expended. Meetings. Did I mention meetings? Third party vendors. Those project stakeholders that need things and provide things. More meetings. Probably even some post-project support.


But what about the hidden costs? Those costs that are usually associated with risks that are realized and the unplanned issues that come up and knock a project off its budget and timeline. Work that you may have to give away for free to satisfy a frustrated client. It happens...it's part of the negotiation and give and take process.


For me, there are 5 key areas where hidden costs can rise up and knock a smooth running project off the rails for an unsuspecting team calmly carrying out their project duties. These are...


Vendor acquisition and management. Not all projects require outside vendors but when they do you may not have considered the risks of vendors who can't offer what they intended to offer or take extra time delivering the goods. If either of these potential risks. Exonerated a reality you will end up with additional costs associated with waiting on the vendor to deliver or finding a new vendor to provide these services.


Client engagement. You plan the project as if the customer will be available whenever you need them. Sadly this is often not the case. And you may have no control over the situation. This can result in costs associated with delayed timeframes and delayed decisions.


Resource management. When you plan the project you are usually anticipating complete availability and compliance from your project time. However, there may end up being team member conflicts, resources who are suddenly tied up on another project or resources who leave the company altogether. Replacing resources or waiting on them can be costly.


Senior management involvement. Senior management can be a food thing. They can help breed customer satisfaction by getting involved and making clients feel more important orb helping knock down project roadblocks. They can also sometimes hinder progress by needlessly getting involved for their own informational purposes by calling extra meetings and requesting new reporting during critical times of work and progress on the engagement.


The issues. Oh yes...the issues that come up and must be resolved. You never really plan for these but they do happen on nearly every project. You can bury done in the costs. However, when they start to pile up, that's when you will really start to notice the project


Summary / call for inputs


The obvious costs can be counted on and managed fairly easily. Well, maybe not easily, but at least you know what to expect...what you're looking out for. Those hidden costs – the ones that are often associated with sudden issues or risks that creep up on you and become real – those are the ones that are the scariest and can quickly doom any smoothly running, well planned and well managed project. Surprise! The best thing we can do on these projects is plan for risks, and put enough up front planning time in so we are ready to handle as much of this as possible without letting it kill the project budget. Easier said than done, and you'll never catch everything. But the better you plan, the more successful your project will likely be.


Thoughts? Readers...do you have any hidden cost ideas to add to this list...any scary stories of your own that come to mind and have changed the way you manage your projects? Please share and discuss.

Are you an experienced PM? Do you understand how projects work in the real world? What it takes to deliver a successful project to the project customer repeatedly, consistently and logically? Show it with Real World PM Certification (RWPM). One time fee to test, training is all free, test is a revolving 50 questions - 90% correct to pass. Retake for free. First 50 signups and all August signup are 50% off. Full price $250. More info coming... Questions? Contact me or email me. Thanks.

The wireless carrier suffered a massive data breach in the summer of 2021, the fifth publicly acknowledged incident of its type in three years.




​

• T-Mobile agreed to pay $500 million to settle a class-action lawsuit stemming from a 2021 cyberattack that exposed personal data on at least 76.6 million people.
• The settlement reached on Friday, which still requires final court approval, includes a $350 million payment to members of the class action and its related legal costs. T-Mobile also agreed to invest an additional $150 million in data security and cybersecurity technology in 2022 and 2023.
• The massive data breach, widely regarded as the largest carrier breach on record, marked the fifth publicly acknowledged security incident for T-Mobile in three years. The company assumed no admission of liability, wrongdoing or responsibility as part of the settlement. 

CYBERSECURITY DIVE

How to support overworked, understaffed security operations

Strapped for resources, companies can either have their security practitioners wear too many hats, or outsource the responsibilities.

Read Now

​Dive Insight:The settlement amounts to a one-time payment of about $6.50 for each individual whose personal information was compromised in the attack. T-Mobile gets to invest 30% of that directly back into its own cybersecurity practice.

The lingering damage done by the latest attack could cost T-Mobile more in missed business opportunities.

The company is known for having poor security and “attackers take advantage of that. They are an easier target because of it,” Allie Mellen, senior analyst at Forrester, said in a phone interview prior to the settlement agreement.

“Ultimately it’s going to take them even longer to really build up their defensive strategies because of all these continued breaches, and they’re also a much bigger target because of it,” she said. 

The company previously told investors it expected to record a $400 million charge during the second quarter of 2022 in connection with legal settlements related to the August 2021 cyberattack.

T-Mobile said it expects the class-action lawsuit settlement to receive final court approval in December 2022, but that could be delayed by appeals or additional proceedings.

The project manager is the project leader – the person who controls the project, manages the team, the customer, and the flow of the entire project engagement from start to finish. The effective project manager strives to keep his team and his customer and the entire customer team well engaged throughout the project – entirely focused on the end goals of the project.

An integral part of that management process is planning for, conducting, and participating in the regular and adhoc meetings that happen throughout the project. They are a key part of the overall project communication process. The project manager who effectively manages those meetings can keep his team and customer accountable and engaged…while the project manager who turns out to be a poor meeting planner and manager can slowly lose meeting attendance and participation. People are busy and, yes, our project resources have other jobs to do, so it’s imperative that we manage their time well. And part of that is ensuring that the meetings we schedule for them are worthwhile and productive and keep their involvement to a necessary minimum.


How do we do that? For me, it involves following these standard principles for good meeting planning and management…


Publish an agenda. Knowing what to expect helps everyone to prepare. It may be enough – if everyone is familiar with your meeting processes – to just send out a status report in advance of every meeting. As long as all participants understand that this report is the meeting driver and the bullet points on it are basically the agenda from week to week. For non-standard and adhoc meetings, though, you’ll still want to be sure to send out an agenda in advance to all participants. When everyone knows what topics will be discussed, the discussion will be much more productive.


Stay on time. Project meetings that start on time, stick to the time frame, and end on time will keep participants engaged and keep the meeting upbeat and productive. If your attendees know that you’re not the type of project manager who lets his project meetings regularly run overtime, then they’ll be focused on the meeting topics and not what other tasks they should be performing instead. Start it on time, be productive, and then end it.


If they’re late, let them catch up. If you are the type who likes to catch latecomers up as they arrive, then you’re feeding them and they will keep coming late. Avoid rehashing everything for the people who come or call in late – it’s their problem and they will have to worry about catching up on their own. And don’t be above reprimanding them if their missed participation was critical to the discussion that they’ve already missed. Don’t overdue it, but a little call out like that may ensure that it doesn’t happen next time.


Let them go. When the meeting is over – make it be over. Close it out with a brief wrap up and let them know you’ll be sending out notes for key participants to confirm understanding and then end the meeting. Save the idle chatter for the desk or water cooler – you don’t want to be the guy with a reputation for wasting everyone’s time.


Hold it anyway. If it looks like there’s really nothing new to be discussed during a regular weekly project meeting, hold it anyway…just keep it short. If you frequently cancel these meetings then your attendance and participation may dwindle. It’s easier to keep people engaged then to get them to re-engage. People sometimes say otherwise, but in general everyone likes organization and a schedule. Even if it’s a 5-minute meeting to ask if there are any key points that need discussed, hold it. You may keep something critical from falling through the cracks.


Publish brief meeting notes that emphasize action items. Finally, always follow up with a status summary of what was discussed, decisions that were made, action items that were assigned, etc. I usually do this as revised notes on the actual status report that I sent out and used to drive the meeting. I send it out via email and ask participants to respond if anything appears to be inaccurate or if something critical was missed. The goal is to make sure everyone comes out of the meeting on the same page and these notes can help ensure that.


Summary


Meetings are often considered a ‘necessary evil.’ They have to happen, but many hate to attend them and participate in them. As long as your planned attendees know you have a reputation for managing your meetings well and that you expect everyone to be prepared and ready to participate, your meetings should end up being productive and well attended. And that’s all you can ask for.

Does the Project Management Software that you use or you created have any artificial intelligence (AI) or cybersecurity elements build into it? By any stretch of the imagination? Any security? If so, contact me or email me to tell me about it.

Nearly half of all organizations studied by IBM have minimal or no cloud security practices in place.
​

• The global average cost of a data breach hit an all-time high of $4.35 million this year, but for companies operating in the U.S. — and those involved in critical infrastructure — the costs are even higher, according to an IBM Security report.
• American companies have the distinction of paying the highest price for data breaches at an average cost of $9.4 million, IBM said in its annual Cost of a Data Breach report.
• Cloud-based services were at fault for 45% of the data breaches that occurred during the 12-month period leading up to March 2022 and across the 550 organizations IBM studied.

Dive Insight:
Data breach aftermath often pushes businesses off-course. Most enterprises hit by data breaches pass costs associated with those intrusions on to their respective customers, the report said.
Six out of 10 organizations that suffered a data breach increased prices on products and services sold to their customers, an indication that data breach costs extend beyond the targeted victim and likely continue downstream. 
Rising costs and spreading fallout are no surprise considering other conclusions drawn by IBM Security, which commissioned Ponemon Institute to conduct the research.
Almost half of all data breaches occurred in the cloud and 43% of the organizations said they had not started or were in early stages of applying cloud security practices. Organizations with more security measures in place recovered quicker and paid a lower average cost per breach, according to IBM.
Nearly four out of five organizations in critical infrastructure industries have yet to deploy zero trust strategies. Moreover, companies in critical infrastructure paid an average cost of $1 million more than organizations in other markets — $4.8 million compared to $3.8 million, the report said.

​You're a PMO Director or CTO or CIO or even CEO. What experience are you looking for? Only PMP - you'll be missing out on a whole group of the best PMs available if you do that - and PMI is not how projects are managed in the real world - we all know that. There is nothing wrong with having a PMP, but it is not the only criteria and it is no criteria of measuring success. Success is success.

​I am available for 1 on 1 mentoring, team discussions, analyzing and fixing your PMO, or coming onboard as your newest Project Manager. Contact me or email me and tell me what you need.

I  can be available immediately if needed. I bring over 20 years of successful tech project management experience and a deep knowledge base in best practices. Private and public sector experience. High level security clearance obtainable - have held FBI level security clearance and Nevada Gaming Card. Contact me or email me.

• Named #1 in the "100 Most Inspiring People in Project Management"
• Named the #1 Provider of Project Management Content in the World
• Named #1 on the Best Project Management Blogs to Follow in 2022

Do you need long term or one-off expert project management help right now? I am a very experienced tech project manager with more than 20 years of successful project management experience. I can be available immediately and I can do remote or onsite, full-time or part-time, W2 or 1099. Contact me by email or through my contact form here. Let's discus. Thanks!

My motto is:

"You're only as successful as your last customer thinks you are..."

What does your organization look for in a project management leader?  A 'yes' man? Do you want someone who will listen to you and do exactly what you ask them to do? Hopefully not.  My clients are intelligent and experienced, but they don't always know exactly what they need.  They often don't even know for sure exactly what they want - though they may think that they do.

That might be the case for you as well.

If you decide to seek out my services, what you will get is an experienced professional who is more interested in actually understanding your true needs, how you got to where you are now, and what will satisfy you in the end.

It's not about 'phoning it in' on a project.  It's not always about getting it done in 'x' amount of time, either.  But it IS always about customer satisfaction.  It's about giving you - the customer - something you can live with and be happy with and that your end users can actually use.

View my resume

View my LinkedIn profile

Highlights:

• Led enterprise implementations for a growing healthcare organization offering health management systems
• Led enterprise IWMS (TRIRIGA) implementations for Fortune 500 companies and large government entities
• Authored 7,000+ expert PM, cybersecurity, consulting, business strategy, & best practices articles for clients worldwide
• Authored dozens of eBooks & white papers on project management, VDI, consulting and biz strategy topics
• Managed projects and programs in excess of $50 million
• Directed all remote corporate operations and staff for a $300 million global IT services organization
• Managed all activities and relationship with technology company's largest gaming & hospitality customer
• Led corporate technical staff supporting all casino & hospitality and lodging data systems
• Managed all financial activities for $50 million federal contract including pricing, forecasting and reporting
• Forecasted, planned and managed staff budgets more than $500,000
• Pioneered and implemented project management practices for a $2 billion corporation
• Led teams on successful proposal efforts for over $100 million in federal contracts

​
My Noteworthy accomplishments:​​

• Named the #1 Provider of Project Management Content in the World
• 2021 MVP Award winning article on Project Management Update - 7 Key Considerations for Building the Perfect PMO
• Named #1 on the Best Project Management Blogs to Follow in 2022
• Named the #1 Project Management Blog to Follow in 2021
• Year-end 2021 Named one of the Top 11 Blogs to Follow
• Project Management Roundup: The Best of 2021
• ​Named #1 of the Top Eight Blogs to Follow Right Now
• Named #1 Project Management Blog to Follow in 2020
• Named #1 in the "100 Most Inspiring People in Project Management"
• Named #9 on the 130 Top Project Management Influencers of 2020
• Named #6 on the 25 Project Management Blogs You Should be Reading

Does your PM software have any features or anything built into it or it's interface that makes it less vulnerable to a cyberattack or helps project teams better protect their data and customers against project cyberattacks? If so - by any stretch of the imagination - I want to hear about it. Hot topic right now and I want to hear what PM software vendors are doing to help CISOs and project teams protect their tech projects and customers. Contact me or email me with details. Thanks!

Though businesses have become more confident in preventing ransomware attacks, confronting risk is an internal commitment.

The tenor for ransomware threats changed as attacks flipped from delivering ransomware through consumer-targeted spam to spreading across networks. The threat of extortion and data exfiltration has yet to wane. 

More than half of CISOs said they were hit by ransomware at least once in 2021, according to a Black Kite-sponsored survey of 250 CISOs. More than two-thirds expect at least one ransomware attack this year. 

Though business leaders are more confident employing tactics to prevent ransomware attacks, confronting risk requires an internal commitment starting from the C-suite down to interns. “Businesses must take acceptable and calculated risks each day — the same applies to cybersecurity,” said Theo Zafirakos, CISO of Terranova Security. 

As 2022 unfolds, here are three ransomware mitigation tactics to watch and employ: 

Train, train and train againWhether negligent or malicious, insider threats are a leading cause of security incidents. Leveraging human behavior is a favored tactic for threat actors, especially when they find loopholes in technological safeguards. 

Companies will continue to invest in their employees, working to evolve  their behaviors to become more cyber-aware.  

“To succeed, organizations must invest in processes and people,” said Zafirakos. Companies have put more resources toward training employees on ransomware awareness. This includes ensuring employees know how to report suspicious messages. 

Back to basicsDespite the growing sophistication of ransomware, security controls largely remain within security basics, no matter the tools a company adds. 

Up against more security measures, threat actors pivoted their tactics to turning off mitigation capabilities to deploy ransomware, said Jon Clay, vice president of threat intelligence at Trend Micro. 
 
This means the security basics have had some modifications. Companies are implementing multifactor authentication for administrative accounts and mission-critical business application accounts. Companies are revisiting patch management strategies so they’re based on risk, which takes into account “any vulnerabilities with public proof of concepts and any actively exploited vulnerabilities being patched at once,” Clay said. 

Vulnerabilities from ProxyLogon, ProxyShell and PrintNightmare drew ransomware actors last year, according to research from Tenable. Basic VPN vulnerabilities remained a top attack vector, with the potential to linger as forgotten flaws among other highly publicized vulnerabilities disclosed and exploited last year. 

Funds might be recoveredU.S. and international law enforcement pursued one of the most prolific ransomware gangs, REvil last year, and partially recovered funds paid by Colonial Pipeline. Law enforcement will likely become more intertwined in incident response for businesses this year. 

“In fact, this will be the theme for the rest of the decade,” said Zafirakos. And given the onslaught of high-profile attacks lately, ”the stigma of being victim to ransomware has reduced.” 

Industry wants to see more action taken against cybercriminals or nation-state threats, but “they fail in their general deterrence effect to the cybercriminal undergrounds from which they operate,” said Ed Cabrera, chief cybersecurity officer at Trend Micro and former CISO of the U.S. Secret Service. This is most obvious in the constant rebranding of threat groups.  

“This is not to say [law enforcement] operations are futile or not effective but rather incredibly effective in developing criminal threat intelligence across the broader criminal underground ecosystem,” he said. 

Companies are not federally required to report incidents, which leaves gaps in intelligence for law enforcement agencies. “The vast majority of incident reporting today happens due to legal and regulatory requirements rather than the idea that law enforcement can immediately assist in mitigation,” Cabrera said. 

Moving forward, industry wants more collaboration with regulatory agencies in developing realistic cybersecurity mandates. Government needs more insight into how regulations could impact businesses. 

For example, “requiring organizations to disclose an attack before they have a better understanding of the situation may put their networks at risk of other attackers targeting them,” said Clay. 

By: Samantha Ann Schwartz • Published Jan. 31, 2022