Managing Multiple Projects, Part II – Traps

Earlier we spoke of the effective management of multiple projects (see article immediately below this one).

It’s important to recognize that, no matter how wise our PM, the allied team, the business stakeholders, and no matter how effective our project tracking and managing is, we are still vulnerable to certain traps.  These traps can rob our efficiency, can imperil milestones and deliveries, and ultimately crash mutually dependent projects and go-lives.  Recognizing common traps can help us to side-step them by managing to standards of avoidance.  We’ll list some here, but you should also keep your own running list – you’ll develop a recognition of traps that may be specific to your organization’s nature and circumstances.

Traps                                                                    

Not tracking dependencies:  Be very aware of the competition for resources.  Note all dependencies between projects, such as competition for resources.  Document all assumptions.   Example:  Project A’s Deliverable XYZ is dependent on [Project B’s Deliverable QRS] … [HR’s production of Report LMN] … and so forth.

Over-allocation of Resources/Over-commitment:  Again, negotiate all things.  Be wary of stretching people too far.  Make allowance in budgets for the unforeseen.  Further, do not count on resources’ availabilities based on the fact that they’re not committed 100% of the time in any specific place.  You don’t want to find out the hard way that a once-a-week utilization for something coincides with the very window you need that critical resource.  Or, that something that is used 10% of the time has suddenly gone into a 100% contingency utilization (perhaps due to failure of other resources elsewhere).

Interlocking milestones:  Be careful about milestones within one project that are dependent on deliverables from another – goes hand-in-hand with dependencies, above.

The shifting of critical resources to “higher priority” projects:  “Higher priorites” is in quotes because these are projects outside of your PM’ing, and therefore the pop-up priorities are normally unknown within your specific plan(s).  This one is especially dangerous.  Higher powers, above the PM, can strip anything from “your” project or projects – including personnel.  When documenting projects at the outset, negotiate with these higher powers – attempt to preserve your understanding and protection of projects’ definitions at the outset.  But also, simply ask “What happens if I lose this resource?  Is there any chance, no matter how small, of this happening?”  If you’re aware of parallel projects that are outside of your purview, that may compete for critical resources, again ask:  “What are the perils for this happening?  Will there be an understanding that the project(s) under my control can be impacted?  I don’t want my team taking responsibility for lags that are not under our direct control.”  Define, negotiate, document.

Unrealistic deadlines/deliveries:  Again, negotiate with business stakeholders at the outset.  Stakeholders must negotiate with IT and the PM.  Guard against constant updating and re-baselining of project plans and documentation sets.  That defeats the purpose of project management, and is an indication of poor project definition and planning at the outset of projects.

Conflicting priorities:  Watch for this carefully.  Departments and stakeholders may make commitments that they cannot keep.  A ripe area to watch for, is where a project may impact profitability.  For example:  If a key project deliverable falls in a window requiring a temporary shut-down of a production-area during a “busy season,” and that season is a “money-in” winner, you’re likely in a competition you can’t win.  Avoid these sorts of conflicts at the outset by being aware of them.  Don’t fall into this sort of trap – you can’t afford to impact the organization’s “win” situations with any particular project’s.  Examples of your specific liabilities here should readily come to you – avoid conflicting priorities.

Conflicting incentives:  As related to priorities, be wary of conflicting incentives, to include organizational loyalties.  Not to be overly political, but be aware of relationships between powerful people, departments, and even subordinate players.  Folks, particularly in large enterprises, have their points of power and “understandings” – in a pinch, people are going to pitch their efforts to other people, departments, and endeavors that are going to provide them payoffs and future loyalties – that incentivization – and these don’t necessarily track with any particular project’s best interests.  Also watch for such things as formal incentives, such as to sales and marketing teams, and levels of efforts in service to that sort of incentivization at the expense of the concurrent project.  This obviously stripes into scheduling and prudent project planning – again, avoid these traps.

In avoiding traps, make full exposure of each project’s strengths, inter-dependencies, intra-dependencies, any liabilities, any limits, and build in breathing room for contingencies… even emergencies.  It’s always a good idea to identify “backup players” in the event of critical teammembers’ absences.  Document assumptions that are employed in creating and sustaining the critical path.

Managing Multiple Projects, Part I – Juggling Effectively

I frequently hear from people who manage projects on a near continuous basis.  One project wraps, and another starts almost immediately.  I’m not speaking of professional project managers (PMs) here, but of the rest of the usual cast of characters:  IT directors, managers, and any collateral people who have the good fortune, or bad misfortune, to be assigned any particular project, be they programmers, business analysts, engineers, support personnel, etc.

PM’ing is a special talent – and that talent’s harbor is not the exclusive domain of PMs, or even people who have various degrees of formalized training in PM’ing.  Oftentimes there are folks who just naturally become effective PMs, while many other folks with advanced training just aren’t much good at it.  It’s a special talent:  One that involves not only technical and business knowledge, but an awareness of politics, an ability to get along with and get the most from a diverse group of people, and a unique ability to adjust to changing project impacts, even as you balance that against adherence to timelines, milestones, budgets, and go-lives.  Beyond mere intelligence and knowledge, a good PM is wise.  Wisdom is born of native intelligence, experience, and knowledge as applied in a mature and leveraged fashion to any particular endeavor.

And what of the PM who has the task of managing and coordinating multiple projects?  Take any challenging element you can think of involving a project, and consider the steroidal impact of that element as it stripes through multiple, concurrent, and even overlapping – mutually reinforcing – projects.  Here, there is no “affordability” for mediocre PM,ing, or PMs.  We need advanced wisdom.  Effectively managing multiple projects requires:

The right team:  The PM will pick the right people for various teams; those with the appropriate knowledge and experience.  Too, they will be people who can get along with others in difficult circumstances.  Projects are a crucible for stress.  These people will likely be on multiple teams in large enterprise environments, making their maturity and balance all the more imperative.  Pick a mature person who needs a little “spec’ing up” over a less mature person, albeit one with a little more familiarity for the project at-hand, for better long term results.  (You may wish to consider establishment of a permanent Business Implementation Team [BIT] that can be activated and inactivated according to organizational demands – people of special knowledge and experience – the team can flex membership too, based on exigencies and requirements.  More info can be had here, in the chapter “Getting There:  Qualifying the organization for change”).

Resources:  Resource allocation is crucial to supporting the critical path of the project’s progression; it’s tracking, timeliness, and support to interim milestone deliveries and ultimate go-live date.  Speaking of people, they’re resources too, so be mindful of stretching them too far – maintain a balanced approach on their time, focus, and whatever else they need to be doing outside of the project (if applicable).  In addition, be aware of budgets, particularly those that are vulnerable to several projects’ influence.  Outside solutions partners, and their time, must be carefully managed too.  All resources have limitations – they’re not infinite:  Be aware of equipment limitations and balance, to include servers, storage, bandwidth considerations, as well as any facilities that must harbor project elements and activities.  Coordinate demands on these items by tracking and balancing multiple projects within all considerations.

Dependencies:  Some of our considered dependencies involve that balance of resources we just spoke about.  But in addition, understand that one project’s milestone may have another project’s interim deliverable as a dependency.  Missing any particular milestone on one project may cause a sequential crashing of other projects’ milestones and deliverables in-turn – sort of like the fall of a string of dominos.  Again, managing multiple, within the limits of common resources, is tricky business and requires accurate measurements, tracking, and adjustments.

Milestones:  Be certain to establish practical milestones, within all limitations and contingencies (we’ll speak of contingencies in a moment).  In this regard, negotiation at projects’ outsets with business stakeholds is imperative.  Establish and keep a balanced schedule.  In ensuring favorability for meeting milestones, be certain to track performance: people meeting goals; the performance of budget unwinds vs. results; the projects’ adherence to timelines, and so forth.  As a PM, or as any support player,  don’t allow yourself to get locked into impossible circumstances and deliveries.  Negotiate, expose limits and variables, negotiate, weigh, assess, and did I say… negotiate?  The PM will be be negotiating not only with business stakeholders, but with his/her project support teammembers.

Contingencies:  What happens if a critical member gets sick and is suddenly unavailable to the project?  What happens if a resource is pulled, due to an emergency elsewhere?  What happens if a go-live is slipped back?  Is any particular one of those a deal-breaker on other projects’ deliveries?  If so, what happens?  Which milestones can adjust back, or forward, in supporting overall commitments?  Which milestones must be steadfast, thereby taking priority over other parallel milestones on other projects?  Identify and define everything in detail.  Make allowance where possible for contingencies, so as to have built-in triggers for prudent adjustments.

In doing all of this, define all things in detail:  Required personnel, their level of involvement, interdependencies, and all critical elements.  Be certain to set up the tracking for progress and the meeting of interim goals – milestones.  Whether formal PM software, or something of your own, ensure it tracks across multiple projects where there are intertwined resources and dependencies.  Be certain to understand tracking programs  so that you input everything, and everything correctly, in making effective multiple management.

Next up we’ll look at Traps to watch for, that can effect multiple projects (and for that matter, stand-alone projects too).

The Multiplicity of “End Points” for Sensitive Information

Symantec is aggressively positioning themselves for the changing dynamics of security, and it brings to mind some important realizations regarding today’s vulnerabilities.

First: Symantec is monitoring and addressing the threat landscape with a division called STAR: Security, Technology and Response. The team is made up of virus hunters, threat analysts, engineers and researchers. That’s a robust team, and this aggressive forward edge is always necessary, in my opinion. But STAR’s existence owes itself, in part, to a relatively recent and growing recognition:

Today everyone, from consumer to service provider to product developer, is recognizing that the average person has multiple “end points” for data and sensitive information.

For example: Gone is the day of a household, or any house member, with a single, simple device: a desktop PC, for example. Rather, today’s individual may have many multiple devices: smartphones, laptops, iPads, iPods, tablets, portable media players, GPS devices, drives and sticks… Further, many homes have their own wireless networks and centralized data – also under that same roof may reside multiple people with multiple devices – further compounded by multiple social networking accounts, multiple e-mail accounts, etc. In other words, an almost exponential explosion of end-points, portals, and avenues of potential human error in bringing breaching and harming incidents to fruition.

Consider the organization: What holds for the household is manifested through and by many, many employees. The avenues for potential breach and harm can number in the dozens, to hundreds, to many thousands.

On a local scale, just recently, the lack of a prudent, forward, view of security evidenced itself to me. A colleague’s auxiliary e-mail account was hacked, and subsequently used to disseminate e-mail advertising through the account’s group lists. But that’s not the worst of it – the free-mail account was of no great concern. However, this person used the same password for multiple accounts, including banks, and decided to change all passwords, and to make them unique to each account – a wise move.

Incredibly, one of his banks sent a confirmation e-mail of the password change, with the user ID and password for his account plainly spelled out. I thought those days were gone. Passwords should never be transmitted through e-mail.

Today’s environment means having a very proactive, provocative, security awareness. For organizations: Take survey of your end-points, your processes, your providers – a whole, 360-degree, view. Assign someone to assess vulnerabilities, and mount a plan that captures all devices and the nature of their use. Be sure to position yourself/selves for best security given your awareness and affordabilities.

Image credit:  hueniverse.com

M2M: Machine-to-Machine, Mobile, and Your Organization

Word comes from ABI Research that machine-to-machine communications and enablements (M2M) is becoming “a fully mainstream segment of the cellular industry.”  That firm’s latest study says that cumulative cellular M2M connections will approach 365 million by year 2016.  By comparison, there were a mere 110 million in 2011.

One driving factor is expected to be automotive telematics (no pun intended).  Mercedes has announced “in dash apps” and remote services for its mbrace offering (which seems to be a nifty play on “embrace,” with the very necessary “m” for mobile).  mbrace is a mobile app and system allowing you to connect with your Benz “like never before!”  Offerings in the M2M and mobile realm are also available from Audi and Cadillac, and most others will undoubtedly follow.

It may come to pass that routine auto diagnostics and tune-ups will happen via mobile, with nary an action by customer or servicing garage/dealership:  A simple subscription service will allow your vehicle to be maintained by M2M servicing – electronic adjustments to brakes, or fuel efficiencies, for example.  The necessity for maintenance requiring a visit to the shop will be communicated to the car/customer too.

This understanding can lead to other interesting possibilities:  Various products could have onboard diagnosing mechanisms, with a dock (or cable) for plug in of a smartphone.  Once the phone was docked and turned on, the product could do a M2M connection for reportage of the machine’s status.  In other instances, a machine could simply self-diagnose, and call you with status.

A couple examples come to mind:  A furnace could report to your phone that its filter was dirty and in need of change.  For that matter, a vacuum cleaner could ring you when its bag was full!  This last could well be a point of diminishing return (you’ll have to excuse me, my vacuum is calling on my other line), but you get the idea.

But what does this mean to the typical organization, company, enterprise… even sole-proprietorship?  It means that you should survey for products – servers and operations architecture items – that are M2M-capable.

You should at least consider M2M versions of components when and where available, for the prudent adoption of them in capturing efficiencies of maintenance, notifications, and repair.  The Mobile Revolution is just getting started.

A Transformative View to Financial Markets and Investing

It’s not just social interaction, à la Facebook et al, that has benefited and changed markedly through electronic enablement.  So too has entrepreneurship, the raising of capital, and basic investing; and these are about to undergo further transformative change – if the Securities and Exchange Commission (SEC) gets around to ironing out some nuances in the Jumpstart Our Business Startups Act (JOBS Act).

To set the discussion, let’s suppose you have a great business idea, but you can’t interest big capital investors… and you need startup capital – what to do?  Conversely, suppose you’re a solid citizen of rather limited means, but still would like to invest; yet, typical investment routes are not open to you by your lack of capital (in terms of qualifying-amount)…

NowStreetJournal hosted a recent New York City symposium, Women Transforming Our Financial Markets, which I was privileged to attend in December.  It granted attendees a view to an upcoming evolution in financing, by virtue of a healthy discussion of CrowdFunding.

What’s sparking the evolution, and the whole idea of CrowdFunding?  According to CEO and Founder Dara Albright, it is a basic need:  The need for innovators, entrepreneurs, and small-to-medium businesses (SMBs), to be able to access the capital required for business start-up, development and growth.  But that’s only half the story.

Concurrently, large numbers of small investors (the story’s ‘other half’) are seeking opportunities to invest – even if it means unconventional cutting-edge channels.  In fact, smaller individual investors may not have enough capital to qualify for typical investments, but the sheer numbers of these small investors can make a meaningful combined investment in the aggregate; and therefore a contribution to a small business person’s total for necessary capital.  Thus, we seek an enabling for a pairing of investors who may have been screened from participation in earlier days,  with those seeking capital, who otherwise may not have had access to it through routine channels in days past.

Ms. Albright characterizes the current flow of capital as a “Circle of Big.”  That is, Big Money that goes ‘round and ‘round between deep-pocket individual investors, such as the Warren Buffets; large institutions such as Goldman-Sachs; and favored entities such as “Government Motors” and other large private companies that are well-established.  In the middle of the circle is Big Government, larding out favors, reaping the benefits of taxes, as well as receiving the largess of Big Money in the form of campaign contributions.

In her view, we’ve allowed Wall Street investing to become a game:  One involving non-committal “flippers” and a handful of super-sized banking conglomerates, who run amok with our financial markets; all while preventing small investors and startups from ever pairing… and profiting.

Thankfully, modern times are yielding an entirely new view to a much more sensible approach – a “ground up” approach – to the flow of capital.  A flow that goes to-and-from the entrepreneur/the innovator/the job creator, and back to the average American investor.  And here’s where… wait for it… CrowdFunding comes in:  Rather than a capital access-flow from mega-cap stock, mega-cap bank, and mega-institution, CrowdFunding puts the individual and small investor right in the thick of things.

This year, the SEC is working on legislation that will help to define this new environment, thus helping small investors and business innovators alike:  Helping investors to invest, and businesses to access capital – for mutual reward.

Malware Signs and Symptoms

Malware spreads through various means, but you can watch for similar symptoms – and frequently you can’t help but notice them. You may experience:

- Increased usage of your CPU: You can monitor CPU usage with any number of tools, many of which ship free with your computer. Search for “Performance Information and Tools” on your system, or simply “CPU” and the like. You can also download freeware, but try to avail yourself of ones that are recommended through forums that you’re comfortable with. Ask friends and colleagues for recommendations. Google “computer forum” for some ideas, but vet these.

- Slow overall speed: If you experience a sudden drop in performance, it’s time for a full-system scan with your preferred anti-virus/internet security program. Remember to lengthen the time until Sleep/Hibernate modes (I keep mine fairly short), as many scans suspend themselves upon entry to these states, and they do not override. Related –

- Slow web browsing, and related poor performance: Watch for unnaturally long times for access to websites, and full resolution of the landing and subsequent pages. One incidence, or one slow site experience, is not cause for alarm – the problem may be with the site itself. Check a couple – if you’re running into problems with everyone, check things out.

- Difficulty connecting to networks, or lengthy times: This can be a reason to check out your equipment – but also, it’s possible that the problem may be on the other end – if other users of network resources are experiencing problems, call the system administrator or HelpDesk and give them a heads-up.

- Crashing/Freezing: If you’re crashing frequently, and experiencing “screens of death”, or if your system freezes for lengthy periods of time, with sudden bursts of drive/CPU activity after periods of frozen frustration, check things out.

- Missing files – modified files: Are you missing data? Are you suffering corruption to files? Speaks for itself.

- Appearance of new, unbeckoned, desktop icons and related: If anything shows up without your active solicitation and installation of it, be aware and check it out. Any files and/or programs that show up unbidden too.

- Spontaneous launch of programs, particularly unrecognized ones: Also watch for programs that are a regular part of your routine, and use, suddenly shutting down spontaneously, while in the middle of use. Also, recognize that malware can reconfigure or disable firewall programs, and antivirus software.

- Monitor your e-mail program carefully: Watch for e-mails being sent from your account that are not of your creation. If friends or colleagues report receiving strange e-mails from you, that you did not send, get corrections made quickly.

Any strange computer behavior should be checked immediately – you know your environment and your computing resources’ behaviors. Run anti-virus/malware cleanups on a regularized basis, and upon any strange activity. I never do partial-scans – stick to full-system scans if at all possible.

Controlling-Malware

Beyond mere malware as a nuisance factor, (as a type we discussed the other day), we must be on guard against Controlling-Malware.

This is malware that lies in wait, and is harming.  These are often referred to as Trojans.  Often times it is triggered by a date.  It can also be triggered by the simple launch of a program, or application – where it is embedded.  In this case, from any systems’ point-of-view, a trusted user ends up launching the malware and granting its yield:  That is, a user that has sanction within a system by virtue of login credentials, a corresponding set of system authorities and access, and consequently permission(s) to do various things with that system.

Recognize that that user can do things to the system, with the system, and through that system – thus the malware has the same enablements.  The malware can do things to the system:  changing it, disabling parts (or all) of it, modifying the system’s payloads and deliveries (stats, reports, etc.), render certain users’ or entities’ access useless, and on and on.

The malware can do things with the system:  Using resources such as processor power, storage and bandwidth to blast information; to rip-off contacts for access to those, in assembling broadcast lists, to further distribute various content, even to further distribute and install malware.

In doing things through a system, malware can hide its true origins, making it appear that it is spawning its nefarious purposes and deliveries from your domain – and actually, it is.

Worse, Remote Access Trojans (RATs) open back doors to your resources, for purpose of remote control.  Now, changes and updates are possible for “best” possible use and abuse of hacked resources.

Tomorrow, we’ll discuss another general area, Destructive Malware, and then we’ll delve into symptoms and a few more specifics.

Malware Types: Nuisance malware

Not all malware produces instances of horrendous harm.  Some of it is simply a nuisance, in delivering unwanted content and add-ons – such as toolbars, or unwanted and even embarrassing content in the “real estate” dedicated to rotating ads on certain sites.

Spyware can rake a system for sensitive information, sending it back to the malware’s originator.  This can inhibit system performance, and hence productivity, as the malware overtakes processing power, memory, possibly even storage, and bandwidth in surveying and shoveling information to those seeking it.  Recognize too that there is yet peril here for other harm beyond nuisance:  Identifying-information makes identity theft a potential, and in the case of organizations, sensitive business info can be ripped off and exploited:  Business reputation is not easily recovered in many of these circumstances, and even when it is, it is of course a nuisance in the extreme to make that recovery.

Often times, malware is really nefarious in its nuisance-ness:  There is nothing more discomfiting that not knowing exactly what is going on.  A business colleague reported that his laptop had suffered an extreme degradation in performance:  Looooong boot-up times [his routine became:  1)  Start laptop, 2)  Make and wait on a pot of coffee]; longer than usual sign-in time; then subsequent drive grinding.  Launch of applications took about four times longer than usual, but this subsided after he’d been booted and logged on for 5 minutes or so – then performance was normal.  The only other sign that something might be amiss, was a pop-up box that appeared for less than half a second – its appearance was so quick, in the center of the desktop, that you couldn’t read the title bar, but were able to see, or sense, an “OK” and a “Cancel” button – it disappeared to quickly to act on it.

He ran several utilities, but nothing seemed to help.  Until:  An update to his Norton utilities and a full-system sweep removed whatever it was – fortunately, after a few weeks’ hassle, he didn’t notice any ID theft or collateral systems’ breaches, such as the draining of bank accounts, PayPal, etc.

Keep all of your protections up-to-date.  It bears repeating:  An ounce of prevention is worth a pound of cure. 

Next up:  Controlling-malware

Malware: Insertion and Types

In continuing our awareness for cyber-crime, recognize that after an entity penetrates a network for access, far more than an episodic outcome can occur (such as a one-time theft of data or money, for example).

Beyond the sole-harming event type of experience, the insertion and ongoing residency of malware has to be considered.  This represents a particularly gnarly problem, because ongoing control regarding systems can be manifested – and it may continue in the absence of an organization’s knowledge for quite some time – until various harming incidents stack up, or an accrual of thefts occur, until they gain a profile that bites hard enough to be noticed.

Resident malware can execute its code for particular outcomes, and recognition of these helps to monitor for them.  In the next days, we’ll take a look at three basic types of malware:

Nuisance (perhaps delivering marketing-oriented spam, or provide for spying, etc.)

Controlling (to provide “back door” access, or takeover of systems by remote control)

Destructive (perhaps to destroy data, or plant false content, to harm reputation of the host.  Destruction can also be used to remove evidence of intrusion).

NP:  Joshua Redmond; Freedom in the Groove

Cyber-crime Continued: Attacks’ methodology

No matter the nefarious goal of attack, subsequent entry, and exploitation, (such as those mentioned in articles below), there are basic steps for breaking your defenses, and taking advantage of the breach, that are common to all attacks.

- Exploration, or scouting, for potential targets: Breaching entities here are searching for networks and systems that have vulnerabilities. These vulnerabilities can include easily breached or guessed authenticating credentials, outdated and susceptible software, and missing or misconfigurated settings for both software and hardware. Recognize that in addition to hard, empirical, soft spots – such as easily hacked firewalls or default/too-simple login credentials, there is the liability of simple human failing. This is going to include an exploration for naiveté regarding phishing; that is, fraudulent e-mails that solicit sensitive data by posing as legitimate enterprise e-mail/authority. Also pharming, whereby fraudulent websites that pose as legitimate partnering/enhancing entities can glean registration, and thus make solicitation of sensitive data. Be aware too that once an outside entity establishes a relationship, any manner of “legitimate” download can be recommended and thus penetration made.

- Taking stock goes hand-in-hand with exploration, in expanding the knowledge gained regarding vulnerabilities. Correlation of known bugs regarding the software surveyed during exploration happens. Human error can be paired with what that person has access to, and breaching entities can then reference other people and specific knowledge in looking legitimate to others… climbing a ladder of access, into ever more rarified and sensitive circles…

- Penetration can be for any of the purposes mentioned in the day’s prior article, but also it can be to perpetrate simple Denial-of-Service (DoS) attacks, which will not only render networks and sites inoperable, but can also crash business reputation.

Next: The introduction of malware to the environment…