Project Management

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Course
Time
8 hours 25 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Now our next section is project management.
00:00
Even though project management doesn't fall
00:00
under the responsibilities of our governing entities,
00:00
they are accountable for ensuring that
00:00
projects help satisfy
00:00
the long-term goals of the organization.
00:00
Projects that are chosen should fit in
00:00
with the strategic planning.
00:00
Projects should serve the purpose of bringing
00:00
the organization closer to their long-term goals.
00:00
Project management is important.
00:00
Of course, it's important.
00:00
Now, many of us in
00:00
risk management have managed projects in the past,
00:00
and we know what causes problems to fail
00:00
is risks, unknown events.
00:00
Some of those risks can be controlled,
00:00
some of them can be mitigated,
00:00
some of them can be avoided,
00:00
and some of them just have to be accepted.
00:00
Sometimes there's nothing you can do about a risk,
00:00
but in order to manage the projects in
00:00
such a way that supports the organization long-term,
00:00
we certainly have to look over some of the key elements.
00:00
Most IT endeavors should be managed as projects.
00:00
Like I said, we need
00:00
a governing entity to approve of projects.
00:00
This isn't something generally
00:00
that's done department to department.
00:00
We would like to see a steering committee,
00:00
that's maybe working in security.
00:00
A steering committee overseeing
00:00
IT security endeavors might
00:00
choose to upgrade the existing infrastructure,
00:00
to create a project based on that upgrade.
00:00
There might be a steering committee
00:00
that oversees migration to the cloud.
00:00
Whatever it is, senior leadership, governing entity,
00:00
steering committee,
00:00
usually not to the board of directors,
00:00
but those elements are going to be
00:00
responsible for choosing the projects.
00:00
Usually, the projects get handed off to us as CSOs.
00:00
Who's responsible for backing and supporting the project?
00:00
Senior management.
00:00
They sign the checks.
00:00
That's why project management is
00:00
coming under the heading of governance.
00:00
Not that the governing entities
00:00
are managing the projects,
00:00
but they're the ones selecting the projects,
00:00
supporting the projects,
00:00
and they're accountable for choosing
00:00
the products to meet our long-term goals.
00:00
Now, the importance of project management.
00:00
I think most people that have been around
00:00
project management for a while have
00:00
probably seen this cartoon.
00:00
It's one of those things that
00:00
it's funny because it's true.
00:00
What you can see if you go panel by panel,
00:00
at the very beginning,
00:00
the customer explained something they needed.
00:00
Now, just looking at that explanation,
00:00
it doesn't really make a lot of sense,
00:00
but okay, that's what the customer said.
00:00
Then we've got the project manager,
00:00
how they understand it.
00:00
My favorite is how the analyst designed it.
00:00
We'll make anything work if we have to.
00:00
But as you go panel by panel,
00:00
as this product of
00:00
the project is handed from one department to another,
00:00
it gets further and
00:00
further removed from what the customer explained.
00:00
It gets further away from being functional,
00:00
supportable within the budget.
00:00
Then all the way to the end where what we
00:00
produce is totally different
00:00
than what the customer explained.
00:00
We didn't interpret the customer's explanation.
00:00
There was no way that we
00:00
were going to make the right product.
00:00
Especially, when you see the customer
00:00
explained something but they need something else.
00:00
What we're going to talk about in
00:00
this next section are some of
00:00
the documents that we can use
00:00
to help avoid these problems.
00:00
We talk about a project management life cycle.
00:00
Now, this follows a traditional project management cycle
00:00
based on what's called the waterfall method.
00:00
The waterfall method is
00:00
a very traditional means of managing projects.
00:00
Basically, it assumes that
00:00
the project is predictable in nature.
00:00
You can say here are the requirements,
00:00
we're going to build off those requirements,
00:00
we'll produce a product,
00:00
and everything goes great.
00:00
Not changes to the requirements halfway through.
00:00
It's not a very adaptive or agile form
00:00
of project management.
00:00
It's one of those step-by-step.
00:00
That's what we're going to focus on here,
00:00
because that's the way they look at it on the test.
00:00
I have these phases; initiation,
00:00
planning, executing, controlling,
00:00
and closing the project.
00:00
These are the main phases,
00:00
and at each phase work gets done.
00:00
Not only does work get done,
00:00
but project management deliverables are
00:00
produced, not product deliverables.
00:00
These aren't necessarily elements
00:00
that I'm turning over to the customer.
00:00
But, for instance in the initiation phase,
00:00
I create a project charter.
00:00
That's a PM deliverable.
00:00
That's a deliverable that's
00:00
produced to help us run the project better.
00:00
Now then we go to planning.
00:00
We produce deliverables,
00:00
execution, control, closure.
00:00
Let's look at these phases just a little bit more.
00:00
When I look at the initiating phase, the first phase,
00:00
this is really where
00:00
the governance is going to have a hand,
00:00
is going to have the most input,
00:00
because they're involved in
00:00
the formal selection of the project.
00:00
They sign off.
00:00
They put in writing commitment to support the project.
00:00
That comes through a document called the project charter.
00:00
But before we can get the project charter,
00:00
we have to have conducted a business case.
00:00
Actually really the feasibility study comes first,
00:00
and that feasibility study says,
00:00
"Hey, can we even do this?
00:00
Is it going to be reasonable or the risk is too great?
00:00
Do we have the skill set?"
00:00
Then the project charter.
00:00
The feasibility study has
00:00
to come before the project charter.
00:00
Before the feasibility study though,
00:00
we do a business case.
00:00
That business case is where we tried to decide,
00:00
is this a good idea or not?
00:00
What are the values? What are the costs?
00:00
What are the pros and cons of undertaking this?
00:00
Is it a worthy business decision?
00:00
Sometimes you'll see a SWOT analysis here,
00:00
strengths, weaknesses, opportunities, threats.
00:00
That will allow us to make a choice.
00:00
Now, I want to talk just a
00:00
little bit here about this idea of a business case,
00:00
because this is the document that
00:00
prevents problem and solution.
00:00
>> Again, this hasn't been blessed as a project.
00:00
We're still in the decision-making process,
00:00
but we're trying to sell this.
00:00
We're trying to say, look,
00:00
here's why this is a good idea.
00:00
Remember, our value that
00:00
we're expressing in the business case should
00:00
always reflect organizational goals.
00:00
Again, if I'm undertaking an IT endeavor,
00:00
I don't want to talk technology.
00:00
I don't want to talk about in
00:00
acronyms or about specific types of malware,
00:00
what I want to do in a business case,
00:00
is I want to say, look,
00:00
this is the value we deliver to the business.
00:00
We're going to reduce loss,
00:00
maybe in man hours,
00:00
maybe in customer confidence,
00:00
maybe loss in profit.
00:00
We're going to present the case in business terms.
00:00
This exam is all about the business.
00:00
Keep coming back to supporting the business.
00:00
When we look at risks of our projects,
00:00
we look at risks
00:00
as they would impact the success of the project,
00:00
which would ultimately impact
00:00
the success of the input we looked having the business.
00:00
In initiating, what do we do?
00:00
We do some things before the charter, feasibility study,
00:00
business case, then we write the project charter.
00:00
Project charter is the document that blesses the project.
00:00
It commits funding,
00:00
it outlines what the project is supposed to do,
00:00
how it solves the problem the customer has.
00:00
It is a high level reference to
00:00
the amount of work, high level schedule,
00:00
high level cost budget,
00:00
and it gets signed off by the sponsor,
00:00
where they make their commitment to support
00:00
financially and otherwise the project.
00:00
The other thing that we do in the initiating phase,
00:00
is we also we'll identify who
00:00
our stakeholders are and prioritize them.
00:00
Now that we have that information,
00:00
we have a project,
00:00
it's been signed into life in the project charter,
00:00
then we move into the planning phase.
00:00
Now when we talk about project management planning,
00:00
this is where we set out
00:00
our approach to managing this project,
00:00
our methodology, this is also where we create baselines.
00:00
Our baselines are the plans
00:00
for how our project should go.
00:00
Usually you have a baseline for scope,
00:00
you have a baseline for cost,
00:00
you have a baseline for schedule.
00:00
Scope cost and schedule,
00:00
that's the triple constraint that you hear
00:00
about some times with project management,
00:00
it's also called the iron triangle.
00:00
The reason for that is those three are
00:00
interrelated in such a way that if you
00:00
change one, the others change.
00:00
If you change the scope of work,
00:00
then it's going to cost more money and take more time.
00:00
If you cut the budget in half,
00:00
it's going to take more time
00:00
and you're not going to be able to get all the work done.
00:00
We think about our baselines,
00:00
the three elements, most critical,
00:00
scope, cost, and schedule.
00:00
Now, these baselines are going to be used
00:00
later to determine are we on track.
00:00
Like I said, think of these as
00:00
your plans and then later we're going to ask ourselves,
00:00
are we on target with our plans?
00:00
Now, in execution,
00:00
this is where we do the work of the project.
00:00
Project manager, manages the work,
00:00
does their best to keep us on schedule, time, and scope.
00:00
This is where deliverables are produced,
00:00
this is also where the risks are likely to happen,
00:00
while we're executing the work of the project.
00:00
Then we move on to monitoring and controlling,
00:00
and at monitoring and controlling,
00:00
this is where we collect our data,
00:00
we analyze and produce information.
00:00
Data, just the facts, what's happening?
00:00
A, Bob calls and tells
00:00
me he's a quarter of the way through his work.
00:00
Terrence calls and says, "I've spent $500,000."
00:00
Yikes, that seems like a lot, but anyway.
00:00
That's the information, that's data.
00:00
Now I'm going to look at it.
00:00
I'm going to look at what's happening
00:00
versus what our baselines tell us.
00:00
What I'm going to need to do from that point in time is,
00:00
I'm going to assess, are we on schedule,
00:00
are we behind, are we above or a head,
00:00
same thing with budget, and same thing with scope.
00:00
This is the phase where I ask, is it working.
00:00
If it's not working, I need to make some changes,
00:00
if it is working, we continue on forward.
00:00
Of course, monitoring, controlling isn't
00:00
something you do after the work of the project is done.
00:00
As a matter of fact, plan, execute,
00:00
monitoring, control are all happening simultaneously.
00:00
You plan to do the work,
00:00
then you do the work,
00:00
you're checking to see if the work worked,
00:00
and then you're planning for additional changes.
00:00
I don't want you to so much think of this as a 1,
00:00
2, 3, 4, 5.
00:00
If we go back to this,
00:00
it's easy to put them in 1, 2, 3, 4,
00:00
5 order, and there's some degree of truth to it.
00:00
You initiate the new plan,
00:00
then you execute and control.
00:00
You can't control until you've
00:00
executed, until you've planned,
00:00
but I want you to think of those more
00:00
iterative in nature than purely linear.
00:00
Now, once the work of the project has been done,
00:00
once the customer has accepted the product,
00:00
it meets their requirements,
00:00
we've met our critical success factors,
00:00
now we bring the project to an orderly end.
00:00
Any disputes with our procurements would be handled,
00:00
we close out our contracts,
00:00
we meet with their team,
00:00
we conduct lessons learned meeting,
00:00
so that we can manage our projects better the next time.
00:00
Then these project files get archived.
00:00
They're usually stored somewhere called a PMO,
00:00
a project management office.
00:00
That PMO is there to support projects,
00:00
so that the next time
00:00
somebody is going to manage our project,
00:00
maybe that's similar to the one we've just managed,
00:00
then they're able to go back and
00:00
look at those archive files.
00:00
Project management.
00:00
It's not going to get really in-depth on the exam,
00:00
but I would just have that feel,
00:00
initiating, planning, executing,
00:00
monitoring, controlling, and closing.
00:00
What happens at each phase,
00:00
and any specific deliverables that are produced there.
Up Next