Leadership Laboratory

Leadership Lab: Management Competencies

Situational Awareness Advice for Security Managers - February 4th, 2008
Tenet Nosce - January 29th, 2008
Using Key Competencies to Manage Career Development and Direction - May 30th, 2008
Motivation Mistakes Inexperienced Leaders Make and How to Avoid Making Them - March 10th, 2008
Improve the performance of a project with a good start - January 11th, 2008
Project Management for Security Managers: Develop a Plan - January 29th, 2008
Resolving Performance Issues Caused by Lack of Skill or Ability - December 24th, 2007
Living Life on Purpose - Personal Branding - Updated September 6th, 2007
Positional and Personal Authority - Updated September 6th, 2007
Cross-training: A Case Study - July 27th, 2007
How to "Pushback" - July 17th, 2007
Should I Apply for this Middle Management Position? - Updated June 13th, 2007
Groups in Conflict: How to Manage their Relationship - June 8th, 2007
Creating the Next Generation of Cyber Security Leaders - May 8th, 2007
How To Budget Time - February 8th, 2007
The Security Manager and Business Situational Awareness - January 29th, 2007
How to Address Shortcomings in Employee Evaluations - January 1st, 2007
Conducting an Exit Interview - March 22nd, 2007
Measuring Employee Performance - November 14th, 2006
Coaching to Improve Performance - March 12th, 2007

Project Management for Security Managers: Develop a Plan

January 29th, 2008
By Stephen Northcutt


I like to think of a project plan as something similar to a recipe in a cookbook: it gives me the ingredients I need, and often includes a picture of what the finished product will look like. It gives me the steps in the sequence that I need to follow in order to create the final deliverable. Many times there are intermediate steps along the way, such as creating a sauce to be used later. You can think of these as milestones. Good cooks are always aware of "the long pole in the tent"; the task or dependency that controls when they will be able to produce the final product. As a manager, when someone asks you to review a project plan, it is strongly advised that you give it the cookbook test. The project plan should have all the items you'd see in a recipe in a well written cookbook.

Here are some tips for the planning process from Scott Ambler, who uses the Agile approach [1]:
Discussion: Good cooks also know there is more than one way to do it. If you have been doing PMI for ten years, your blood pressure might be going up just a bit. That's ok, Agile project planning is a team based approach, lots of collaboration, less control is given to the project planner. Let's look at some other approaches.

Project Kickstart, like Ambler's above, suggests not being too focused on infinity, they introduce the term, planning horizon. "Create a detailed workplan, including assigning resources and estimating the work as far out as you feel comfortable. This is your planning horizon. Past the planning horizon, lay out the project at a higher level, reflecting the increased level of uncertainty. The planning horizon will move forward as the project progresses. High-level activities that were initially vague need to be defined in more detail as their timeframe gets closer."[2]

Businessballs.com suggests that "Planning for and anticipating the unforeseen, or the possibility that things may not go as expected, is called 'contingency planning'. Contingency planning is vital in any task when results and outcomes cannot be absolutely guaranteed. Often a contingency budget needs to be planned as there are usually costs associated. Contingency planning is about preparing fall-back actions, and making sure that leeway for time, activity and resource exists to rectify or replace first-choice plans. A simple contingency plan for the fried breakfast would be to plan for the possibility of breaking the yolk of an egg, in which case spare resources (eggs) should be budgeted for and available if needed. Another might be to prepare some hash-browns and mushrooms in the event that any of the diners are vegetarian. It may be difficult to anticipate precisely what contingency to plan for in complex long-term projects, in which case simply a contingency budget is provided, to be allocated later when and if required.[3]

Finally, here are some very useful and pragmatic tips from the folks that brought you random acts of kindness[5], "By staying closely involved with the groups and sharing your enthusiasm and ideas on a regular basis, you can help foster a sense of community among them. Here are some tips for working with groups:
Bottom line for computer security managers developing a project plan:
Keep it simple, communicate often, consider the idea Agile brings to the table of collaboration. Take some time to think about project horizon: if you are planning more than 90 days out, unless this is a repeatable task like building a house or you have years of experience planning, you are probably fairly wrong. Instead, update often, consider the Agile idea of Just in Time Planning. Expect problems, try to find the places where things can go wrong. Above all, make sure you have the work breakdown structure clearly in mind: memorize it and keep it up to date.


Links valid as of January 28, 2008
1. http://www.ambysoft.com/essays/agileProjectPlanning.html
2. http://www.projectkickstart.com/downloads/tips10-project-management-best-practices.cfm
3. http://www.businessballs.com/project.htm
4. http://www.sans.edu/resources/leadershiplab/project_charter.php
5. http://www.actsofkindness.org/file_uploads/files/215_pdf.pdf