Management Laboratory

Management Laboratory

Leadership Lab: Management Competencies

Other Related Articles in Leadership Lab: Management Competencies


Project Management for Security Managers: Develop a Plan


By Stephen Northcutt
I like to think of a project plan as something similar to a recipe in a cookbook: it gives me the ingredients I need, and often includes a picture of what the finished product will look like. It gives me the steps in the sequence that I need to follow in order to create the final deliverable. Many times there are intermediate steps along the way, such as creating a sauce to be used later. You can think of these as milestones. Good cooks are always aware of "the long pole in the tent"; the task or dependency that controls when they will be able to produce the final product. As a manager, when someone asks you to review a project plan, it is strongly advised that you give it the cookbook test. The project plan should have all the items you'd see in a recipe in a well written cookbook.

Here are some tips for the planning process from Scott Ambler, who uses the Agile approach [1]:

  • You can accurately plan in detail only for nearby tasks. I'm doing just in time (JIT) planning.
  • The people doing the work must be actively involved in scheduling. They're motivated to get it right, they have skills to understand the dependencies, and they need to accept the schedule.
  • People should choose their work, they shouldn't be assigned it. It is quite common on agile projects for the team to do the planning, not just the manager/coach. Project planning is so important that we want to get it right.
Discussion: Good cooks also know there is more than one way to do it. If you have been doing PMI for ten years, your blood pressure might be going up just a bit. That's ok, Agile project planning is a team based approach, lots of collaboration, less control is given to the project planner. Let's look at some other approaches.

Project Kickstart, like Ambler's above, suggests not being too focused on infinity, they introduce the term, planning horizon. "Create a detailed workplan, including assigning resources and estimating the work as far out as you feel comfortable. This is your planning horizon. Past the planning horizon, lay out the project at a higher level, reflecting the increased level of uncertainty. The planning horizon will move forward as the project progresses. High-level activities that were initially vague need to be defined in more detail as their timeframe gets closer."[2]

Businessballs.com suggests that "Planning for and anticipating the unforeseen, or the possibility that things may not go as expected, is called 'contingency planning'. Contingency planning is vital in any task when results and outcomes cannot be absolutely guaranteed. Often a contingency budget needs to be planned as there are usually costs associated. Contingency planning is about preparing fall-back actions, and making sure that leeway for time, activity and resource exists to rectify or replace first-choice plans. A simple contingency plan for the fried breakfast would be to plan for the possibility of breaking the yolk of an egg, in which case spare resources (eggs) should be budgeted for and available if needed. Another might be to prepare some hash-browns and mushrooms in the event that any of the diners are vegetarian. It may be difficult to anticipate precisely what contingency to plan for in complex long-term projects, in which case simply a contingency budget is provided, to be allocated later when and if required.[3]

Finally, here are some very useful and pragmatic tips from the folks that brought you random acts of kindness[5], "By staying closely involved with the groups and sharing your enthusiasm and ideas on a regular basis, you can help foster a sense of community among them. Here are some tips for working with groups:
  • Simplify your work by communicating with one contact person or leader from each group.
  • Have that group leader keep his/her group informed.
  • Make reminder calls or send emails before deadlines or event dates. Ask them if they have any last minute questions.
  • Set up a group email list for quick and easy communication with group members.
  • Have a separate email list for your group leaders so you can send messages just to them when necessary.
  • Make a list of all the groups involved and distribute it to each group. This will help the groups network with one another."
Bottom line for computer security managers developing a project plan:
Keep it simple, communicate often, consider the idea Agile brings to the table of collaboration. Take some time to think about project horizon: if you are planning more than 90 days out, unless this is a repeatable task like building a house or you have years of experience planning, you are probably fairly wrong. Instead, update often, consider the Agile idea of Just in Time Planning. Expect problems, try to find the places where things can go wrong. Above all, make sure you have the work breakdown structure clearly in mind: memorize it and keep it up to date.


Links valid as of January 28, 2008
1. http://www.ambysoft.com/essays/agileProjectPlanning.html
2. http://www.projectkickstart.com/downloads/tips10-project-management-best-practices.cfm
3. http://www.businessballs.com/project.htm
4. http://www.sans.edu/resources/leadershiplab/project_charter.php
5. http://www.actsofkindness.org/file_uploads/files/215_pdf.pdf