Who should read this: Everyone at every level, especially executives!
We see it often in early, mid-career, and even in very experienced people - the tendency to push hard problems to their manager. This inefficient tactic is often used in projects and operations, by well-meaning Business Analysts, Project Managers acting as Business Analysts, and supervisors, managers, and others doing staff work...
I was reminded recently of our human, work, and leadership responsibility by an employee action at a vendor I was visiting as a client. While washing my hands in the restroom I recognized an employee as they washed their hands. He tossed a paper towel toward the waste bin and missed. I looked at him, he looked at me then without acknowledging me or the missed shot, he walked out.
So what did I do? I finished drying my hands, quickly wiped down the sink area, then stooped down and tossed both our paper towels in the bin. As a long-time consultant I have always trained my people to leave each place at least a little better than you found it. As a project manager, executive, and member of the human race, I know that walking the talk is important so I try to lead by example and not just by decree.
Was I obligated the do this? Of course not, I was the customer. However it left a sour taste in my mouth that the employee was not engaged, aware, or cared enough to pick up after themselves.
I mentioned this to the office manager when we were alone. She moaned, "Yes, many of them are like that..." I asked her what should have happened. She replied the employee should have picked up the towel and tossed it in the bin. She said she would address the behavior with the employee and thanked me. Sheesh.Read More >>
SOX, FISMA, HIPAA, PCI, CJIS – the alphabet soup of compliance requirements that many organizations must abide by. Scrupulous records must be kept for self-auditing and in case the dreaded official audit occurs. Regulatory bodies are serious; they have begun to hand down heavy penalties for non-compliance – to the tune of up to $1 million per resolution agreement. Fines do not tend to decrease in value, so awareness of the compliance mandates that impact your organization is important.
The requirements are going to continue to increase in terms of volume, frequency and scope. This will make staying in compliance one of Information Technology’s (IT) biggest challenges going forward. At the heart of most regulations is the protection of the confidentiality, integrity, and availability of information. Failure to meet a compliance mandate can lead to increased risks relating to information security and privacy.
The question then becomes how does an IT department holistically address the compliance challenge and integrate compliance activities into the day to day mindset of all employees and their activities? How do you insure that the teams responsible for applications, infrastructure, data, architecture, development, deployment, and operations are all on the same page with mature policies and processes that meet and exceed corporate, compliance and regulatory requirements? If this is not the case, how do you remediate? Very importantly, how do you continually stay up to date and implement new compliance requirements?Read More >>
Who should read this:
Executives, All levels Managers, Project Managers, Team Members, Senior Staff Members, Developers, Analysts.
Why aren't people using the system more?
We've asked people to use the system and they aren't!
They won't let go of their old processes and systems...
Why are we fighting to get people to come to training?
Why is adoption taking so long?
We carefully planned the rollout of our project that will improve our processes and systems. People have known of it for several weeks or months. Yet, when it comes time to implement there is nothing but excuses instead of cooperation. What is going on? We have to get our heads out of the clouds!
There is a disconnect here somewhere!
People think they have a successful project almost completed yet people drag their feet, or worse, never really adopt the solution. They push back hard at leaving their old processes and systems behind even when the benefits are obvious (to us...)
What is going on? Well, guess what, people seldom want to change. When it comes down to it, many people will fight hard for the status quo even if they have been griping about it for years... Let’s look at this from a human perspective - how would we feel? Fear, the possibility that they will be worse off, even more work added to what they may feel is a crushing workload, and not invented here (NIH) syndrome, are just some of the reasons.Read More >>
Henry Ford, a man who knew a thing or two about well-oiled machines, once said, "Coming together is a beginning. Keeping together is progress. Working together is success." Teamwork is key to the success of any major organization or company. So it’s no surprise that a teamwork-centered philosophy and set of practices created to help your organization run like a well-oiled machine would take the IT business world by storm. That, in a nutshell, is DevOps.
In the current IT landscape, there is often a great disconnect between a company's development team and the end user of company products. This is where DevOps comes into play, and why DevOps has become so critical to business success. Certification providers have begun to offer DevOps training, and the latest to join the ranks is enterprise Linux titan Red Hat.Read More >>
Encryption is a two edged sword. Although encryption protects sensitive data from eavesdropping, it also blinds layered defenses and audit tools, including your SIEM, IDS and DLP, from monitoring the activities of privileged identities.
It can be exploited by malicious insiders with privileged access to conceal attempts to access systems and steal sensitive information. Furthermore, malware that makes its way into the enterprise can leverage insider privileges in order to steal vital information.
Specifically I am addressing Secure Shell protocol (SSH), Remote Desktop Protocol (RDP) and Secure Sockets Layer/Transport Layer Security (SSL/TLS) traffic resulting from privileged user activity, i.e., administrative actions and file transfers. While both activities are common everyday tasks that occur in data centers worldwide, they are rarely monitored or controlled. This exposes your organization to data breaches, denial of service and compliance failures.Read More >>
Who should read this: Executives, Human Resources Staff, All levels Managers, Project Managers, Team Members, Senior Staff Members, Developers, Analysts.
Even in this economy there are opportunities that come up in every organization. How do you become the person that executives turn to when they have a problem or opportunity? I recently asked this of two executives at a lunch meeting. Here, along with what they said, I add the tidbits I have gleaned from 3 decades in business...
In no particular order, here is a list with my commentary on what they likely really mean…
YOU CAN BE THAT PERSON!
Here are the very skills and characteristics that the above and many other conversations with clients and others call out for:
We can help… Here are the courses that match up with the needed skills to be that person who can step in to solve big problems and take advantage of opportunities collaboratively.Read More >>
Identity Access Management (IAM) has solved many logistical problems and improved the security posture of the organizations that have implemented these processes. Access management is once again getting a lot of attention in the cybersecurity space. Of particular concern, is Privileged Access Management (PAM).
A simple comparison of IAM and PAM: IAM focuses on creating/deleting IDs and managing their security entitlements. With PAM, privileged IDs already exist and it is access to these accounts with elevated privileges that is being managed, or as we are finding out – not being managed. Privileged IDs may be shared among many IT administrators and in some cases with third parties.
Why is PAM important? The access provided by these privileged IDs is to sensitive data and the very core of an organizations’ IT environment. These are the IDs that the bad guys lust after. In the wrong hands, a privileged ID can lead to a data breach or a complete compromise of an IT departments’ ability to deliver services internally and externally.
Also driving review of the processes governing privileged IDs are the compliance mandates: PCI, HIPAA, NERC, etc. The National Institute of Standards in Technology (NIST) has been focusing on PAM due to the lack of management of these IDs and the potential impact. The compliance auditors can impose fines and business restrictions if identifiable processes for managing privileged IDS and evidence of these processes being used are not in place.
The ITIL framework provides a comprehensive library of access management best practices that can be applied to the management of privileged IDs with a focus on business-alignment. The following example walks us through how ITIL can be used to insure that access management is aligned with the business needs for meeting compliance mandates and of course, meeting security requirements.
The purpose of the Strategy Management for IT Services process in the ITIL Service Strategy phase is to communicate how a service provider (IT Department) will enable an organization to achieve its business outcomes. This is where the compliance mandates for the business are identified and included in the IT strategy, which is further defined in the IT Tactics. This is also where the need for data privacy policies are identified and developed.Read More >>
Who should read this: Executives, Human Resources Staff, All levels Managers, Project Managers, Team Members, Senior Staff Members, Developers, Analysts.
We have to get more done...
Let’s just ask our people to work more...
We have to work smarter, not harder...
We have to do more with less...
Just get it done! You committed to this now please do it...
Everyone is complaining about the workload but they are not here at 7pm!
In recent years many of us have asked our people time and time again to do more with less, or to solve the workload issue by doing more and multitasking (which we also know is just wrong). Yet research conclusively has shown for years that working over 40 hours per week (we’ll refer to that as overtime) does not lead to better results... It actually reduces productivity and increases both errors and employee bad feelings.
There is a disconnect here somewhere!
We’ve seen massive overtime at Dell. We’ve seen it at Rational Software and throughout IBM. We’ve seen it at startups all over the country. We’ve seen it at many of our clients. Hey, we’ve worked crazy overtime at many clients. Read on for how to ease the pain and churn...Read More >>
One of the benefits of my becoming ITIL certified is the clarity provided to processes that I have taken for granted since I started working in IT. Current events, new compliance regulations and changes in career interests have also provided additional insight, new approaches and motivation to address long standing problems, particularly in Cyber Security.
What I'm hearing as the new mantra in Cyber Security is 'know your environment'. A speaker at a recent security group luncheon put it very succinctly – 'Defending the unknown is impossible.' That is wisdom!
So where do you start on developing familiarity with your IT environment? ITIL provides a comprehensive framework that you can use all or part of. ITIL emphasizes knowing your environment with a 'service lifecycle' approach that focuses on managing the components that make up your IT environment.Read More >>
Who should read this:
Executives, all levels managers, project managers, team members, senior staff members, analysts.
Estimates and Scheduling seem to be frustrating everyone lately! Read on for how to ease the pain and churn...
There is a disconnect here somewhere!
Executives are frustrated and say things like:
"Why can’t our people get their projects done on time?"
"We spend days estimating and scheduling yet no one can tell us when any of our projects will really finish. Drives me crazy."
Project managers are frustrated and say things like:
"We were asked to estimate a project and did so, we even used optimistic estimates, yet senior management always cuts our estimates to the point we can't get people to finish their work ‘on time’ and sometimes not even pay attention to the schedule."
"We estimate based on availability % we are given, then people are constantly pulled off by their managers to work on something else!"Read More >>
Who should read this:
Project Managers, aspiring PMs, and those who manage PMs.
Managing a Project Manager career is challenging!
Growing into Project Management is a common way to move up, gain more experience and responsibility, and increase your value to your organization. Helping your PMs manage their careers is also challenging for executives, senior managers, and human resources specialists. Without planning, PMs may stagnate and end up leaving or worse, grow complacent.
There are three main ways to grow a PM’s career:
The Information Technology Infrastructure Library (ITIL) framework and the Project Management framework both serve different purposes, but are complementary disciplines.
The ITIL framework is a lifecycle that initially addresses the way an IT organization strategically interfaces with the business and then addresses the way it will design, transition, operate and improve services to the business. ITIL focuses on providing quality IT services with respect to customer expectations. Services are all of the things IT performs to deliver value to customers. ITIL is first and foremost business driven and answers the question "Are we doing the right things?”
The project management framework addresses the implementation of projects throughout the organization. Project Management establishes and drives projects that deliver a specific product, service or result for customers. Project Management requires that companies ask "Are we doing things the right way?”Read More >>
Who should read this: Everyone who has or works as staff for their manager.
We see it often in early, mid-career, and even in experienced staff - the tendency to push hard problems to their manager. This inefficient tactic is often used in projects and operations, by well-meaning Business Analysts, Project Managers acting as Business Analysts, and supervisors, managers, and others doing staff work...
Main area of concern here... Staff not doing their work before involving managers.
Our mantra for everyone is Do Your Own Work First, then and only then, involve subordinates, then your peers, and only when finished or as last resort your manager... Most of the time, you will be able, one way or another, to complete your work prior to presenting to your manager. For the managers reading, this is a great habit to instill in your staff... For staff members (and aren't we all at some level?) this is good for all of us to live by!
"Completed staff work" is the study of a problem, and presentation of a solution, by a staff officer, in such form that all that remains to be done on the part of the head of the staff division, or the commander, is to indicate his approval or disapproval of the completed action."
"Do not worry your chief with long explanations and memoranda. Writing a memorandum to your chief does not constitute completed staff work, but writing a memorandum for your chief to send to someone else does."Read More >>
(M_o_R)® is unlike any other risk management program as it addresses risk across all perspectives of an organization: strategic, program, project and operational. It provides guidance on how the principles, approaches and processes should be embedded, reviewed and applied differently depending on the nature of the objectives at risk.
M_o_R® combines an overall approach with a set of processes and principles. It also shows organizations how to apply these practices, review them and where necessary, adapt them to changing circumstances.
To manage risk over the long term, risk management practices must be applied, reviewed and constantly improved upon. At the heart of M_o_R® lies three core concepts:
(M_o_R)® Principles: strategic guidance for the application of the management of risk
(M_o_R)® Approach: principles are adapted to each organization
(M_o_R)® Processes: six distinct process steps ensure that risk is systematically identified, assessed and controlled.
ITIL is the most widely accepted approach to IT Service Management (ITSM) in the world. ITIL helps individuals and organizations use IT services to realize business change, transformation and growth.
It is made up of five key lifecycle stages, each with their own qualifications and books. These five stages are: Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement.
Organizations implement ITIL's approaches to improve business performance with ITIL through:
These organizations seek staff with the skills and certifications to ensure these approaches are implemented. If you want to successfully develop a career with ITIL, you need to:Read More >>
by Darrel Raynor
There are hidden and not so hidden Dangers of PMP® Certification... and best practice learning and implementation. These are not just for PMP's, but really any best practice changes that you have in mind in Project Management, Business Analysis, Management of Risk, IT specialties like ITIL, Security, Agile, and other Leadership areas. Certification heightens the below dangers! Keep in mind that while certification does hold many and even strategic values, that it is but one pillar of success for you and your people...
One danger is they will learn, especially in our classes that focus on Project Management, Business Analysis, or other Leadership Best Practices, all types of efficient processes to reduce time, cost, and hassle on their projects and in your ops areas. Why is that a danger? They may become frustrated with the same old ways of doing things... "That's how we do it here!" will likely not be a good enough excuse not to change. So, be sure you are ready for them to bring back powerful new processes and tools and support them as they improve your current environment...Read More >>
In today’s world, data is exploding. The expectation is we all take careful views of our data and act on it. We all need a good grasp of data analysis and data analytics and how they can be applied to decision making and process improvement to get more done. Executives, managers, and almost all professionals have a leadership role in projects. Everyone uses some form of Project Management and Business Analysis skills. While the application of full-blown Lean Six Sigma is beyond what most organizations are up for, applying appropriate 6Sigma techniques is well within everyone’s reach.
That is why you and your staff should be exposed to many of the productivity tools associated with data analysis and Lean Six Sigma. Everyone has access to all sorts of data and the free or low-cost tools to analyze and report on data. You may even have sophisticated tool licenses at your organization that are sitting idle… Tool capability is rising fast and prices are dropping. Expectations are that you are using data and analysis techniques appropriately to drive your efforts more "by the numbers." Plus, having data analysis as a skill with exposure to Lean Six Sigma will help you at review time. Organizations want their people to use data to drive decisions and process improvements.
Before you choose a tool or technique for your process improvement and other project efforts, you should have a firm grasp of the many concepts and forces, such as greatly increased expectations. Here are two examples:
Project Management Benefits are touted by software, app, and other tool vendors. They are highlighted by every training offering or program that has anything to do with Project or Program Management. You have attended or sent people to courses. You have tried at least three different toolsets to try to adapt to your people's work styles. You have asked people to use these tools and skills, yet the promised benefits just have not materialized... Here are two reasons why.
The Big Red Switch rarely works... you or your staff may be excited about a process improvement, tool, or technique. Consider what would really need to be in place to make a large change in internal processes. Better to address pain or specific opportunity than to try to change so much at once.
Training may expose staff to Best Practices that their organization is not ready for... There are great productivity increasing processes out there! They must be treated as Change Management projects with the energy, planning, and follow up needed for any mindset and process change.
Staff behavior and process change may require collaboration and effort from many different Stakeholders. Think about the move to Agile from Waterfall methodology. The biggest areas of change will be strategic planning, status reporting and meetings, and relaxing from a specific deliverable roadmap to an ever-changing array of new product/features, changes, defects, and time spent on processes. Agile seeks to minimize useless conversations and replaces them with what can be distilled as a policy of, "Trust Me" which is disconcerting to senior management who hold people’s hands to the fire on long term plan results.Read More >>
Recently, we have been asked to define Business Analysis and to explain the value to organizations of Business Analyst (BA) certifications and skills. How do they build productivity both individually and for your organization? Let’s define the term "BA,” since there are several vastly different areas called "business analysis” - in this context, we mean BA skills relating to:
Most BA projects are in IT, App, and new product development, and occur in all industries and organization sizes. Note: we are not addressing financial business analysis or analysis of businesses to determine a selling price. (See below for BA skills discussion)
Most people recognize the Project Management Institute PMI® and the Project Management Professional PMP® certification. Few are yet aware of the International Institute of Business Analysis IIBA® or the Certified Business Analysis Professional™ (CBAP®) or Certification of Competency in Business Analysis™ (CCBA®). These represent experience, study, and passing an exam much like the PMP®.
by Célia Geraldo
Having been part of a layoff three years ago, I have had first-hand experience with perceiving myself as having failed. This circumstance, compounded with a lack of employer input as to why the layoff happened, can cause almost anyone to feel inadequate. Having worked for many years in the training and development industry, my greatest asset has been (and still is) understanding the needs of adult learners. I have had many students in my classes who wanted to improve their skills in order to be better at their jobs. Many others were there because industry changes caused them to need to further develop their skills. Others, experiencing layoffs, were developing their skills to give themselves an edge as they looked for a new job.
Prior to a layoff, it can be very confusing if employer feedback is positive, and then suddenly one is "given the pink slip." This was my situation. After my layoff in an industry completely foreign to me (the oil and gas industry), I returned to adult training and development and felt much more at home, once again. Looking back, one major factor stands out in my mind regarding the position I had had: how little coaching and training I received. Training and coaching might have changed how things turned out.
Everyone who has been part of a layoff will say that they "felt it coming." Many follow their instincts and prepare for it, perhaps by finding something new and leaving before they are let go. "Dissatisfaction with some employee-development efforts appears to fuel many early exits." (Hamori, Cao, et al., 2012) In a 2012 study, when asked what their employers might offer them to help them grow in their jobs, young managers reported that, "companies generally satisfy their needs for on-the-job development and that they value these opportunities, which include high-visibility positions and significant increases in responsibility." Unfortunately, however, something else that they value highly, but say they aren’t getting, is "formal development, such as training, mentoring, and coaching". (Hamori, J.Cao, et al., 2012)
Have you ever met anyone who wakes up each morning and decides, "I am going out into the world and do everything badly today?"
Most of us would like to make a positive difference in the world, so the constant desire for improvement guides what we do.
Now, one may ask, "What has this to do with ITIL?" What does it mean? Look inward, and ask yourself the simple question, "As a customer of a product or a service, what do I want?" You want that product or service to work, to work the way you want it to, and the way you have been told to expect it to work.
IT services, just like other services in the world, undergo this very high level of scrutiny. Again we come to a question: if you expect your product or service to work in a very specific way and produce a very specific outcome and it does not - how do you react? How do you respond?
Service Operations in ITIL is therefore the process of making certain that the items envisaged in Service Strategy, designed in Service Design, and built and deployed in Service Transition work the way they are supposed to, the way that was promised, and that mechanisms are in place to make sure that they do.
Consider event management. This is where we use systems management tools to plan events or to detect unplanned events. I have been asked many times, "What is the difference between an event and an incident?" I simply use an adage often heard in the media to show the difference: "The event went off without incident." Understanding this statement, it becomes obvious that the one can be planned, and the other can happen without forewarning.
Strange as that may sound, coming from a training organization, it is unfortunately true... Here are three reasons why just training may not allow you to achieve your goals.
1. (The worst one first...) Senior Managers or Executives may have unrealistic expectations based on reading about, hearing a presentation or webinar, or talking with their peers. They may not have a plan in place to support changes based on training nor a prior or follow-up budget. So their expectations are for process and staff behavior changes that will almost certainly fall short of expectations.
To begin this article I will offer you a very simple premise- everyone goes through the process of service transition many times during the average day. The purpose of the premise is to demonstrate that when you actually think of the activities involved in ITIL Service Transition; that you accomplish all of these activities all of the time without thinking of it.
What that means is that it should be relatively simple and non-complex for IT to accomplish on a continuous basis. Interestingly this is not the case and so we will examine some of the reasons why and also some of the reasons it becomes a major expense for an organization.
Service Transition in ITIL includes Transition Management, Change Management, Release ad Deployment Management and Knowledge Management.
The definition of the word change is 'the movement from one defined point to another defined point'. The activities involved in change is defined as transition, however in order to accomplish successful transition management several things have to first be determined. Consider to move from one point A to one point B the exact starting point of A has to be determined very specifically. This is done such that measurement of progress- metrics can take place and milestones can be put in place- key performance indicators.
Project Management can be viewed as either a separate discipline complete with certification (PMP, CAPM) and also as a vast set of techniques to use in everyday operations and projects to be better organized. A professional toolbox or toolkit is a great way to view the skills and best practices that can be applied under the Project Management banner. About half or maybe three-fifths of our PM Certificate learners are after certification and about four-fifths of our PM Advanced 5-day, or "Bootcamp" learners are after certification. Many PMP's take the PM Certificate course for two reasons: a quick 48 PDU's to help them remain certified and to boost their modern best practices proficiency and everyone of course to get the St. Edward's University Advanced Project Management Certificate, which is valuable in its own right.
One of the interesting facets we have found, since we often perform Project Recovery or Project Turnarounds, taking over failing, under-performing, or restarting projects, is that so many of these Project Management (PM) techniques are also equally applicable to operations, start-ups, and projects of every size, shape, and color!