Why Project Management Expertise Isn’t Enough: Lessons Learned from Security Breaches

How many times have I heard that “a good project manager can manage any project?” Too often for my taste. My biggest issue with the claim is that it begs the question: he statement assumes we all agree that any project manager with a mastery of the profession’s tools and techniques can succeed anywhere.

We’ve finally learned better, and PMI has acknowledged this in its new requirements for PMP continuing education. As PMI itself puts it:

As the global business environment and project management profession evolves, the [certification] program must adapt to provide development of new employer-desired skills…. The ideal skill set — the PMI Talent Triangle — is a combination of technical, leadership, and strategic and business management expertise. (PMI 2015 Continuing Certification Requirements (CCR) Program Updates)

Our pending research on project skill gaps (stay tuned for a webinar invite) shows that executives and senior managers understand this much better than project practitioners. They emphasize strategy, business, and leadership improvements, while practitioners don’t.

Perhaps an example from the current headlines will help. As most of you know, security breaches have wreaked havoc on a number of prominent firms: Target, Home Depot, Sony are simply the most well-known. The sad thing is that the most famous failures could have been prevented.

One of my new favorite podcasts is from Andreessen Horowitz, the venture capital firm. My most recent listen was an interview with Orion Hindawi of Tanium. I recommend listening to the whole thing — it’s less than 30 minutes — as Orion provides some great color to what, where, why, etc. on security attacks and vulnerabilities. The summary hits his sobering message on the head:

The paradox of security is we pretty much know what we are supposed to do most of the time — but we don’t do it. If you examine all the recent high-profile attacks, somebody in the organization knew something was wrong before it happened. They just didn’t have the ability to escalate the problem, or the ability to raise a flag that people took seriously.

In other words, we don’t lack the technical understanding of security risks, or the tools and techniques to mitigate them. We lack the leadership and business savvy to confront the challenge of communicating the risks, then deploying and using our toolkit effectively. The last two sentences show how these skills gaps drive the root causes:

  • Ability to escalate the problem” is a leadership challenge. This suggests that “somebody” wasn’t connected, articulate, or brave enough to get to decision makers.
  • Ability to raise a flag that people took seriously” is a symptom of weak strategy and business skills. If the threat isn’t framed, articulated, and understood in terms serious leaders get, then such warnings are ignored…or even worse, viewed as counterproductive scare mongering.
Advertisements

Week 10 Performance Report — Operation Dunk 2010

As you may have guessed by the absence of performance reports, Operation Dunk 2010 was stalled for a bit.  I allowed the demands of work and family to get in the way, but we’re back on the beam.  Luckily, the damage wasn’t too great, as I have remained active. 

  • Weight — Up2.5 lbs from week 4 (251.5 from 249)
  • Wii Age — I’m at 37, which is down from my last two reading of 45 and 55.
  • My balance and endurance has been clearly improving.  I believe that stems from my concentration on the obstacle course, as that contains a jumping motion and gives a pretty decent 2-5 minute workout per run.

    Week 4 Performance Report — Operation Dunk 2010

    Making good and steady progress.  I’ve made higher and higher scores on some of the multi-player games, but unfortunately I can’t seem to save and track my ongoing progress on those.  Of course, my son regularly humiliates me on the snowball fights so maybe I should be grateful for no tracking!

    • Weight — Down 4.5 lbs from week 2 (249 from 253.5)
    • Wii Age — I’m still at 55, though the missing week’s age turned out to be 45.

    The balance tests are still a bit of a problem.  I’m standing straighter — my center of balance is just about in the middle now — but I still have some issues w/ shifting my weight.  Also, I find that my right leg is feeling the workouts more.  There clearly was something I missed in rehabbing from my long-ago broken pelvis.

    Week 3 Performance Report — Operation Dunk 2010

    Now that I finally have published that promised post on performance reporting, I owe an update on Operation Dunk 2010.

    • Weight — Down 3.5 lbs from week 2 (253.5 from 261)
    • Wii Age — Forgot to measure this week… will assume I’m still at 55.

    I’m using the games to get some basic endurance and balance improvements underway.  I notice the difference already in the pace that I can keep up in my 1/4 – 1/3 walk to my office from the parking lot. 

    Finally, I’ve started the WiiFit strength training.  This has put some pressure on my balance issues, as the calisthenics in the program need me to balance on one leg often!

    Week 2 Performance Report — Operation Dunk 2010

    I was about to post on how unreliable performance reporting — progress, status, and forecast — is one of the first signs of project trouble.  However, I realized that I hadn’t posted on my own “Operation Dunk 2010” performance, so here goes:

    I’ve made some progress on my weight (the weight reduction KPI is related to the improvement of my jumping capability):

    • Weight — Down 3.5 lbs from week 1 (257.5 from 261)

    Also, I forgot to mention that I’ve started work on my balance and coordination capability with my Wii Fit.  There is a basic balance test that combines with my BMI to give me a Wii Age.  That’s probably as good a proxy for balance and coordination improvements as any, so it will be KPI #2.

    • Wii Age — Down six years from week 1 (55 from 61).

    What will I need to “build” so I can dunk?

    Per my last full post, I want to re-build my capability to dunk.  And to make sure that we all “know what done looks like”, by dunk I mean to dunk a men’s regulation basketball in a 10-foot goal by EOY 2010.   As I broke down the work, there are at least three sub-capabilities I need to have:

    1. Sufficient jumping ability to get my hands far enough above the rim.
    2. Sufficient “ball skills” to dribble or manipulate the ball (so it can be in my hands far enough above the rim).
    3. Sufficient balance and coordination to manage those two capabilities.

    My dim memory of basic physics (see this site on vertical jump power), my awareness of my ever-expanding waistline, and multiple years of rust on my jumping muscles will have me focus on jumping ability first.  This will involve reducing the amount of mass I’ll need to move — KPI #1 — and increasing the acceleration I can impart on that mass (not sure the KPI for this one yet).

    BTW: The KPI #1 baseline is 261 lbs as of 1/4/2010.  I have a Q1 target at home, but I don’t have it handy (probably in the 240’s).

    Building capabilities for the New Year

    I’ve struggled to find relevant topics for a while now.  It was far easier for me to post good stuff while at SAP because it was part of my job.   It is far harder to at Mead Johnson because the most interesting material is best left unaired.  I’ll try to throw out nuggets where I can, but I’ll need to be discreet.

    I hope that I’ve found a better “hook” to keep me posting on leadership and project management — having my New Year’s Resolutions focus on building capabilities.  I went through a litany of ideas — weight loss, exercise, savings, etc. — when I realized that these were pretty abstract goals.  In fact, most were essentially measures without any reference to the capabilities I should get from them.

    Call it a flash of inspiration or a flight of fancy, I decided that my New Year’s Resolution for 2010 would be to build the capability to dunk again by year-end.   I’m in the midst of building deliverables and measures to support that goal.  I’ll post on my baseline shortly!

    Why dunking?  As I watched a college hoops game last week, I realized that it had been 20 years (plus) since I had dunked a basketball.  In fact, that would be about the last time I had motored around the court with any purpose.  Watching that game reminded me why so many of my New Year’s Resolutions had failed.  They had been abstract objectives — tied to deliverables or capabilities — that failed to inspire or motivate me.

    %d bloggers like this: