Project teams deal with the possibility of failure every day. There are numerous reasons why projects fail, many of which can be avoided with a project health check. A project health check enables the team to take a step back from daily execution of tasks to evaluate the actual status of the project in an objective way. Here are seven factors to include in your project health check to overcome issues and risks.
Emotional Intelligence (EI), also known as Emotional Intelligence Quotient (EQ), is an increasingly sought-after skill for individual team members and project managers. Many of the attributes associated with EI can play a significant role in project management. By understanding the needs, wants and motivations of other people, project managers can develop the right relationships and get more from those involved in the project...
My background is primarily information technology and project management. What I've learned from my experiences in those areas and from attendance at the last five Black Hat digital security conferences and from everything I've read and studied everywhere is this...everything can be hacked. Everything. Does that have to be me and my projects? Maybe. Does that have to be you and your organization and your projects? Maybe. I've done a personal assessment of my clients over the past year and found that about 1 in 4 had experienced some sort of data breech. That matched up pretty well with other predictions and surveys I have read recently.
What can we do about it? We can't fully eliminate the possibility of a hack or identity theft or major data breech. Hackers are always a step ahead of all of us. If full prevention and avoidance is basically out of the question, then we need to focus on risk identification, mitigation and response. There are many amazing organizations coming up with software tools and services to help organizations realize safer environments today and tomorrow.
This is not an endorsement of any one service or solution or a ranking by any means. Rather it is a beginning presentation of a few of the enormous amounts of really good solutions and services that are waiting out there to help us prepare for this potential onslaught of hacking, data breeches, and targeted cyberattacks. What I'd like to do today is present a few of those we should all possibly start to consider...
SNYPR is a security analytics platform that transforms big data into actionable security intelligence. Developed by Securonix, the market leader in user and entity behavior analytics (UEBA) for cyber security, SNYPR delivers the proven power of Securonix analytics with the speed, scale, and affordable, long-term storage of Hadoop in a single, out-of-the box solution. Put simply, SNYPR is the most sophisticated big data security analytics platform ever built.
What does SNYPR mean for enterprise security?
Varonis provides software solutions that protect company data from insider threats and cyberattacks. Varonis specializes in unstructured data -- file and email systems that store valuable spreadsheets, word processing documents, presentations, audio and video files, emails, and text. This rapidly growing data often contains an enterprise's financial information, product plans, strategic initiatives, intellectual property, and confidential employee, customer or patient records. It is the data that companies tend to have the most of and know the least about in terms of insight into who has access, who does access and when they access those files.
IT and business personnel deploy Varonis software for a variety of use cases, including data security, governance and compliance, user behavior analytics, alerting, archiving, search, and file synchronization and sharing. With the rise in ransomware and other malware threats, Varonis solutions protect organizations by ensuring only the right people have access to the right files, monitoring access and flagging potential abuses. So if a user’s files begin encrypting from a ransomware breach, Varonis is able to alert and notify IT in time to prevent or limit the damage.
Mimecast's targeted threat protection with impersonation protection can protect employees from the new breed of email cyberattack. According to the U.S. Federal Bureau of Investigation (FBI), whaling email scams alone were up 270 percent from January to August 2015. The FBI also reported business losses due to whaling of more than $1.2 billion in little over two years, and an additional $800 million in the six months since August 2015.
Whaling attacks are real. And, cybercriminals are becoming more inventive and creative when it comes to compromising organizations. Whaling attacks seek to fraudulently trick employees into making wire or data transfers to the cybercriminal as a way of generating income for organized crime. With Mimecast Targeted Threat Protection with Impersonation Protect, organizations can protect their employees and financial assets from this type of fraud. Impersonation Protect provides instant and complete protection against this new breed of cyberattack by email, which is often malware-less and based entirely on social engineering, thereby able to pass through traditional gateway checks.
Thycotic Secret Server delivers a comprehensive Privileged Account Management solution set to protect your most valuable information assets from cyberattacks and insider threats. Thycotic Secret Server, Application Control, Local Security and Security Analytics solutions protect privileged accounts and enables organizations to enforce least privilege policies for business and administrative users, as well as control applications to reduce the attack surface without halting productivity.
The solution helps organizations revoke everyday local administrator privileges from business users while seamlessly elevating privileges when required by trusted applications. Complementing these privilege controls, the solution also delivers application controls, which are designed to manage and control which applications are permitted to run on endpoints and servers and prevent malicious applications from penetrating the environment.
Trustlook is a global leader in next-generation mobile device security with solutions that find more vulnerabilities sooner than any other to provide the industry's smallest vulnerability window. Trustlook's solutions protect users from both known and zero-day threats by examining over 20,000 new and updated applications every day for malware and malicious behavior.
The innovative Trustlook Antivirus & Mobile Security app available on Google Play protects your Android phone or tablet against malware, harmful viruses, spyware, trojans, phishing attempts and unsafe web browsing. In also includes additional features such as data backup and restore, speed boost, find my device and Identity Check, bringing you a fully featured security solution for Android mobile devices and platforms.
Summary / call for input
Cybersecurity concerns are big and real and are here today and everyday going forward. If you you're a CTO, CIO, CEO, project manager or other and your organization is involved in the tech industry anywhere or in any space or if you are taking on data sensitive projects or initiatives, you need to be aware. Anything and everything can be hacked...it only takes one visit to the Black Hat conference to realize that. I'm not saying that these organizations presented here can solve your problems. Hackers are already working on their next data breech...you can't stop that. But you can take steps – and it starts with organizations, software and services like these presented here. Look to this space for more cyber security options and more cyber crime prevention services to come.
For my next installment in the “5 Reasons Why...” series, I'd like to introduce you to the PREVU® Project Portfolio Management (PPM) software solution by IniPHI LLC. PREVU® is part of the new breed of Smart PPM solutions. PREVU® is all about integrated PPM, and was recently recognized by Gartner as a 2016 Cool Vendor in SaaS PPM. The solution can leverage the processes and tools that already work for you, while giving you the ability to focus on the areas you want to grow and improve. PREVU® does not prescribe or dictate methodology, and allows you to “right-fit” PPM into your evolving project or product delivery model every step of the way.
Let's look at 5 reasons why you should check out PREVU® for your own organizational needs:
1. Sometimes, you need to walk before you run
All organizations plan, but the level of maturity around the planning process can vary. Just because you’ve outgrown your spreadsheet doesn’t mean you have to go immediately to ERP. That’s like saying you can drive a car, so you’re ready for SpaceX! Sure, it’ll get you there faster…with a 100% likelihood you’ll crash and burn. PREVU® allows you to get started now-- where you are, and get you where you need to be at the speed that makes sense for you.
Not ready for what-if scenario planning, but need to get better visibility into supply and demand of your resources? No problem! Need better skills understanding without advanced road mapping at this time? No problem! While all aspects of PPM and resource/capacity planning are supported in PREVU®, PREVU® grows and scales with you. Even better, PREVU® focuses on integrated PPM, so you can continue to use the tools that make sense for you and your organization, without having to replace everything to get improved insight on how you can do things better.
2. Most organizations are bi-modal – your software tools should be too
“One-size-fits-all” for an organization? Umm…no. It’s a common reason process and practice change can stall, especially when you’re talking portfolio and resource/capacity management. PREVU® addresses this by being extremely configurable, and refraining from strict methodology-specific practices. Statuses, project types, strategic goals, project/product/portfolio labels, workflows, costs, teams - PREVU® focuses on letting all parts of an organization define and do things the way that is best for them. Even with such tremendous flexibility, PREVU® will bring all parts together for a clear and concise view of what was the plan, why things have focus and priority, and how does performance compare to plan.
3. Implementation of support tools should take a lunchtime, NOT a lifetime
OK, OK – a little tongue-in-cheek, but there is some truth here with PREVU®. Depending on the size and needs of your organization, you can be up and running with PREVU® in as little as one week. Even with larger organizations who are highly motivated to see improvements in their planning and management practices, but need to consider integrations and workflow, the PREVU® team prides itself on getting you there in 60 days or less! Like I stated above, it’s about operating at the speed that makes sense for you. Further, since PREVU® is SaaS-based hosted in a secure cloud, there’s no hardware or software for you to deploy and maintain. That’s a huge plus in today’s world of on-demand applications!
4. Computers are here to help you make Smart decisions. Does yours?
With PREVU®’s advanced algorithms, data and machine learning, and use of such geeky things like game theory, decisions can be supported more easily with science than just your intuition. A simple click or two can compare your what-if scenarios to show you the most optimal plan. Road mapping for the best resource allocations across teams can be achieved in a single click! As much as this science sounds like science fiction, rest assured, PREVU® still puts you in control. Let’s face it, there will always be someone at the top saying, “I don’t care, we HAVE to do this project.” No problem, PREVU® ultimately lets you choose what to do (although you may not like the end result – lol).
5. This sounds great, but there’s no way we can afford this
Here’s one of the best parts about PREVU®: enterprise-level features at a cost even a start-up can afford. Since PREVU® is a SaaS, cloud-based solution, the pricing is a per-seat, subscription model. Not everyone in your organization will need a full seat to PREVU®, and those only needing reports, dashboards, and read-only access are always FREE. Including your customers. Add on top of this the IniPHI team. They have the experience and expertise of a corporate and compliance-savvy management team, the tenacity, agility, and passion of a Silicon Valley start-up, and the touch and finesse of a five-star resort concierge. This is a group who truly cares about their clients, and not just simply looking to install some software and move on to the next opportunity. They truly care about your organization’s success with PREVU®.
PREVU® is uniquely positioned for the transformations so many companies are undergoing, and the dynamically changing landscape of PPM. Whether you need transparent resource and capacity management, skills tracking, simple-to-use road mapping, multiple what-if scenario play, or performance tracking to plan, PREVU® delivers all these abilities through digitization, templating, smart algorithms, and advanced analytics. All from one, quick-to-implement cloud-based solution. PREVU® offers a 30-day free trial with an additional 30 days free if you sign-up for a subscription. It’s definitely worth looking into!
I’m pretty sure by now that executives in organizations – especially organizations with some sensitive data to secure – are paying at least some cursory attention to cyber security and cyber crime. If not, then they need a wake up call and then a swift call to action in order to ensure that they don’t lose grounds and future lawsuits over a cyber attack that could have possibly been avoided or at least mitigated.
Consider these five things that your CEO should know about cyber crime and cyber security and make them happen sooner rather than later...
You can grow security from within. You don’t have to pay someone a million dollars to oversee your cyber security. You likely don’t even need to hire from outside first…you can probably build a knowledgeable and workable group from individuals within your current tech groups. Certification isn’t a must. Education and on the job work is important. It involves networking, research and then incorporating some proactive (and possibly reactive) measures to get started. But start somewhere. And for most organizations, starting from within is good enough and definitely better than nothing. The paralysis of analysis won’t serve you well. Tomorrow may be too late…read on.
Don’t wait for tomorrow to do what you should do today. As I just said, tomorrow may be too late. We should learn well from others’ mistakes and oversights. In the past year or so there have been a plethora of learning opportunities…just go back and search CNN on hacking and identity theft if you’re memory isn’t too good or you happened to have not checked the news in over a year. Your CEO would be smart to take action today. And if you are the CEO reading this, know that you’ve been warned daily in the news. If you doubt how vulnerable your organization is, just attend a security conference like Black Hat or fork out a few thousand dollars to send a couple of individuals to the next digital security conference. Everything can be hacked…don’t let your organization be next.
It does take money, not just time. You have to fund security, not just put someone “on it.” Joe in the cubical in the next room is a techie, but he’s not your security man, despite what I said above about staffing from within. Joe can help you get started with some research, but you’ll need to spend some money – even if it’s just getting more “Joes.” You don’t have to pay high end to protect your organization…because you’ll never be able to fully protect your organization no matter how much you spend. If someone wants your data bad enough, they can and will get it. But you need to do what you can to protect it. If you’ve shown enough due diligence and still get infiltrated, you’ll likely not lose the lawsuits to come.
It should be considered a key element in risk management in every project initiative going forward. Your organization has projects. And risks. Consider cyber theft and cyber security a risk and proactive measure for all projects. Build it into your project management processes and methodology and educate your PMO director and project managers on the importance of risk management and cyber security. If you’re not paying much attention to it, then assume they are paying even less to it.
Staff a CSO…now. The time is now for a Chief Security Officer…if your organization is large enough to afford one. And you can contact me first. But seriously, your CEO should be considering a high level security officer if you don’t already have one. Lots of big box companies were hit last year with credit card number theft, millions of government worker identities were infiltrated, and many marriages and other relationships…and lives…were ruined by recent data breaches. Wake up call…pay attention to cyber crime and cyber security now and spend money now to build your security organization. It may mean the difference between survival and disposal. Don’t be a fool – every thing can be hacked. And I believe we are only seeing the tip of a very big iceberg right now.
Summary / call for input
Security and cyber crime are big…right now. Today is the time to act – before your organization has a breach. So many times we fail to act…we are so used to just reacting. Reacting is often too late and you’ve already lost thousands or millions of dollars and possibly future customers and sales and profitability. Lesser organizations go down for the count from cyber attacks and never recover…costing hundreds or thousands of jobs in the process.
What our CEOs need to know is that this is an issue right now. That’s why there are conferences like Black Hat USA, Black Hat Europe, DefCon, and others. There seems to be almost daily feeds on Facebook and CNN about the latest data breaches by attack groups, foreign entities infiltrating USA databases and ransom ware acquiring access to very sensitive identity and financial data. The time is now to do something about it and it starts with the education of our CEOs.
What are your thoughts? Are you involved in data security? Are you frustrated by your organization’s lack of interest in cyber crime and cyber security? What measures have you taken to make the need more visible?
As project resources are identified and gathered, you may decide to recruit new employees to deliver on the requirements. Integrating new team members is quite challenging. The change is often disruptive to the existing team and daunting for the new employee, particularly if their assigned project is already under-way when they commence work. One way to ensure a smooth start is to use an onboarding program to help new employees develop the relevant skills, knowledge and behaviours...
Have you ever had the customer or senior management push to start a project that maybe wasn't quite ready? Waiting is hard, but as the Project Manager you need to make sure everything is in place to begin. Be sure to check these five things for sure...
Search this entire blog:
Use code BRADCCPM for 10% off training