Author: Kevin Coleman

Project Resources – Guarding Against SME Overload

coleman Mar5At the end of each project the project staff should take a moment and examine what went right and what went wrong. I began to pull together lessons learned, reflecting back after the successful completion of a recent project. When you think about project difficulties poor communications, ill-defined requirements, changing requirements, technology failures all come to mind. It quickly became clear that once again difficulties experienced during the project were not only avoidable but more importantly has become much more problematic in recent years. One of the most pressing problems is demand being placed on resources serving on projects while still performing many if not all of their work duties. It is no wonder that a recent Gallup in its 2013 State of the American Workplace Report identified that 70 percent of the U.S. workforce was either disengaged or miserable! The business and productivity impact of that has to be horrendous. Work overload is one factor that is contributing to such a dismal stat. Today, we all wear multiple hats and have conflicting demand placed on us and that increases stress.

Shared resources that split their time between their normal work activities and the work assigned to them as part of the project team has become part of modern projects. The individuals that are the most valuable to many of these strategic initiatives are the most valuable to the organizations within their current roles. These organizations do not have these resources whose normal utilization is 60-80 percent. All too often these resources become even more overloaded and fail to maintain a healthy balance between their normal work, project responsibilities as well as their personal lives. This is clearly a contributing factor when it comes to employee burn-out. Burn-out occurs as a response to chronic stressors placed on them. Left unchecked, this imbalance creates a substantial risk with implications that go far beyond the project and may result in stress issues and health problems for these individuals. That being said, the risks do not stop there. There have been instances where the overloaded individuals become so fed-up they seek employment elsewhere. This has become so prevalent that project stress now must be integrated into the projects overall risk management plan. Stop and think for a moment.

Have you ever seen project staff stress in your latest project’s risk management plan? Should it have been? Some deal with these stressors far better than others. Stress from whatever work pressures we are experiencing manifests itself in many ways from feeling a bit under the weather to high blood pressure, over-eating and can lead to serious illness. Clearly action must be taken to address this growing problem.

Today’s projects are full of hassles, deadlines, frustrations, and demands. This has led many to come to believe that workplace pressures and stress is now so commonplace that it has become a routine part of our professional lives. All too often the employees suffering from stress and overload do not recognize how it is impacting them. Many of them when asked about their stress go as far as deny and dismiss the notion. Given the physical symptoms of stress, this type of overload becomes a downward spiral in many cases for those affected, so quick identification and action is essential. There are a number of stress deduction guides and it would be advisable to include some of these techniques in the project handbook given out to all project participants at the very beginning of the initiative. Here is another project stress risk management technique that is simple and easy to do. As part of the project initiation phase, the managers of individuals assigned to the project are asked to sign a document recognizing the individual’s project participation and commitment. In addition, they are asked to assign resources that will be responsible to off-load the project resources primary job activities. The benefits of this go far beyond formalizing resource commitment. It goes to further intensify stakeholder commitment. After all, if management is not willing to make this commitment what does that say regarding how they feel about the importance of the project?

While this is an important aspect when dealing with this issue, there is a far more important aspect. Employees and contractors must have a level of comfort to raise the issue of work-overload to the project manager and their direct manager as well. Many do not! I can recall multiple instances where when these individuals bring up their overload issue, the response is “Come on … suck it up.” In addition, many of these individuals because so concerned about finishing what they have been assigned and their health and personal lives suffer. Modern project management now requires PMs to not just work to reduce project stress but to manage stress and the impact it has on the project staff.

These resources are extremely valuable assets and must be protected against this growing problem. After soliciting input from multiple sources with different perspectives, there is a growing opinion that workload management and stress monitoring and mitigation activities must now be integrated into today’s project management efforts. To assist in that effort, project managers must be on the lookout for overload situations. As part of this responsibility they must promote open and honest communications between all the members of the project team. PMs need to help project members strike the right balance and get help to successfully manage the competing demands. Project stress management does not stop there! Most project managers tend to internalize issues and keep things like this to themselves. PMs are not immune from stress and the implications of being stressed. There is no single best method when it comes to managing work/life stress. This is far from being a science and more analysis and thought must be given to this growing problem. You will never eliminate stress from projects after all, deadlines are the nature of the beast. Recognizing this problem is the first step and taking these simple actions to reduce stress and its impact will go a long way to mitigate this dangerous project affliction.

Don’t forget to leave your comments below.

Project Documents – High Value Targets of Cyber Espionage

The global reliance on technology has significantly increased the complexities of many current projects to levels not seen before. Indications are that this trend will not be slowing down any time soon. In fact, there are signs that the current rate of technology advancement will actually accelerate and drive the complexity level of many projects to new heights. If that doesn’t bring to mind a big enough challenge, there is a relatively new and rapidly evolving aspect of modern projects that is now on the plate of project managers and is something that must now be addressed. The latest change is being brought about by a change in philosophy about security. Speaking historically, cyber security has been treated as an afterthought; as such, security was what has been termed “bolted-on” rather than being designed in.

The risk is cyber attacks on our system and cyber espionage that target our proprietary and sensitive information are on the rise with no end in sight. In fact, recent reports suggest that cyber espionage losses in the United States total between cyber espionage and crime lies between $70 and $140 billion annually. Pause a moment and think about all the technologies that are involved in a modern project and the criticality of many of these initiatives. Now add to that the mountain of documents associated with those technologies and how they will be used throughout the life of the project and far beyond. Finally, add the project specific documents, schedules, procurement plan, shipping notices & schedules, implementation dates and the list of documents goes on and on. 

Most modern projects establish a project repository to manage all of these materials. All that information concentrated in one area is an enticing target for cyber espionage actors. For some businesses the theft of these sensitive documents has competitive consequences. For organizations involved with critical infrastructure projects, the theft of these documents pose a threat to homeland security and for those that work in the defense and intelligence area, theft of project documents can represent a national security threat. All this combines to make project repositories high value targets that some criminals, activist organizations, terrorist groups and even some nation-states would like to obtain. You can easily imagine just how attractive project documents have now become in that documentation about cyber security measures that is being designed into these products and systems are included in the project repository.

Many of you may not be aware that January of this year a cyber espionage campaign was disclosed of this year. That attack specifically targeted CAD diagrams generated by a widely used computer-aided design application as well as many other document formats that are all too common on projects. In fact, this specific clandestine initiative targeted files with DOC, XLS, PPT, RTF and PD in addition to file formats like DWG, DXF, CDW and DWF that are associated with drawings. All these documents types are routinely found within the project document repository.

Top areas the project managers must monitor include the loss or theft of laptops, the loss or theft of CDs/DVDs and USB drives containing project information, improper disposal of paper document and storage media (CDs/DVDs), and finally the unauthorized access or copying of documents by insiders. There was an interesting observation from one cyber investigator who said, “Thieves go where the money is and that includes dumpster diving looking for discarded document of value.” While cross-cut shredding of documents address the dumpster diving issue, solutions for securing online documents remains elusive. Many of you may be saying to yourselves encryption is the answer, you should reconsider that position. Earlier this year a researcher demonstrated at an international conference on cyber security a technique that broke the most common form of encryption. But wait, it gets worse! Hackers that launched a cyber attack that was discovered in 39 countries specifically targeted encrypted files. Investigators believe that the attackers must have the ability to decrypt these documents or they would not have waited their time and increased the risk of detection by going after those files.

Imagine for a moment that you are the project manager on a project that is to take a new product design from the working prototype stage through market introduction. As the researchers finalize their documentation and patent application, operations begins to look at what will be needed to produce, sell and support the new product. At the same time, marketing is busy designing the product materials, advertisements and overall launch campaign. The engineers and legal department submit the patent application and begin to support the follow-on activities. A few weeks go by and the patent office rejects the patent due to an application that had been filed a few weeks earlier. The engineers review the earlier patent and determine the similarities could not a coincidence. An investigation begins and cyber investigators discover all the research and engineering data had been exfiltrated from their systems to servers in foreign countries and a piece of malware routinely sent updates about the progress/status of the development project. All the investment the company made into bringing this new product to market now has to be written off! Management was counting on this new product and for a time is was not clear that the company would survive. Unfortunately, this is not a hypothetical situation. I was made aware of this incident in a conversation with an individual from a three-letter agency.

Information is a valuable asset and must be treated as such, including security measures and functionality that is now being built into these systems and products only increases the value of project information. Organizations and project managers must take a different approach to address the growing security threats posed by cyber attacks that seek to exfiltrated documents and other acts of cyber espionage. That would include insider threats that are all too often the source of many of data thefts. Many in cyber security are beginning to talk about establishing project metrics that monitor the measures taken to properly secure project documents. Project managers should be aware of this risk and take appropriate measures to insure proper security is in place around the project document repository, as well as addressing the risk posed by physical documents. Failure to do this, a project manager would be falling short of their professional responsibilities and exposing the company to a heightened level of risk. Perhaps it is time to integrate cyber threat training into all the project management courses and a topic on the agenda for project kick-off meetings!

Don’t forget to leave your comments below.