Technology cost was once a serious blocker to a fast and simple business flow. As productivity and collaboration solutions become cheaper and easier to adopt, organizations of all sizes have seemingly infinite options for streamlining how they operate. The rise of APIs and fee-based integration services have created an ecosystem where small companies with limited IT budgets can have robust business solutions that rival the expensive ERPs used by large enterprises. Today, a high performing solution can be achieved by combining multiple individual “best of breed” applications. Benefits to having a cohesive and efficient system include:
Increased agility
Simplified data management and access
Enhanced visualization
Faster Throughput
Fewer mistakes
More time to focus on priority initiatives
In 2020, you can achieve the high-quality enterprise solution that your organization deserves. Here are some ideas to help you get started.
Optimize Workflow
“We cannot stand still. We have to be trying new things and looking at our processes to see what is working and not working. And if it is working, we have to ask ourselves, Will it continue to work in the future?” -Andrew D. Paparozzi, Chief Economist, NAPL, ( How Industry Leaders Get—and Stay —Ahead, 2014)
Regardless of what you do, your organization operates on a routine. Over time, habits make your routine comfortable. Attaining impact from a new tool or system requires that you determine how to work smarter. Luckily, the process is not too difficult.
Document your business process into a map. There is no need for a comprehensive diagram. Include the key tasks that accomplish business goals. Use a flow tool such as Visio or Lucidchart. Alternatively, just draw it on a whiteboard
Identify inefficiencies. No one is smarter about your business than you. Once you can see the whole process at once; unnecessary tasks, redundant steps, and bottlenecks will seem obvious
Rethink your process. Inefficiencies are often the result of technology limitations. Wipe the slate clean and create the process that you would want if there were nothing holding you back
Automate simple tasks that drain valuable time. Also, target steps in the process that are prone to errors and delays
Many believe that optimizing a business process must involve a complex and time-consuming assessment. However, at the core, it’s a simple matter of creating patterns that allow for smart decisions to be made at the right time.
Business Requirements
Business requirements come in many styles and formats. Some teams prefer to keep things simple and use a bulleted wish list. Others might find a collection of use case specifications easier to use based on their existing setup. Either approach can work. The optimized workflow must be translated into a clear set of capabilities. The priority of the needed capabilities must be communicated as well.
Now the technical team has what they need to turn that new business process into a working solution.
Minimize Touchpoints
If business constraints, such as cost, lead the assessment towards a hybrid solution, the technical team must think strategically. Moving back and forth between systems is inefficient. Every touchpoint in the workflow is time spent.
A Uniform Data Strategy Lifecycle
Remember the Future
Will you be doing business the same way in 2 to 5 years? Don’t forget that your solution needs to adapt and grow with your organization.
Market Search
When looking for the right tools to modernize, it can be tempting to go for trendiness and buzz. Outline your criteria ahead of time and stay true to your requirements. Keep an open mind as you pick out suitable alternatives.
Don’t know where to begin? How about a review of systems in use by similar organizations in your industry? Comparable use cases are a great source for leads that are relevant to your needs. Ask around, conduct targeted searches, read comparisons, and check reviews. Software trials are a great way determine if options are worthwhile.
Choosing a poor or incompatible solution can have painful, embarrassing, and expensive consequences. Spending some extra time on research is almost never a bad investment.
User Pilot
You have decided to try out a new solution. Now that’s exciting! The most important consideration at this stage is to figure out where you will need help. Are you working with a new vendor? Several vendors? Is your team building part of the solution in house? What’s your tolerance for downtime and outages? Who is on the hook to keep everything up and running?
Whatever challenges come your way; a test run will help to ensure that your team is ready. Ask questions, document concerns, and track feedback.
Acquisition
Depending on the licensing terms and the availability of trials; purchasing can come either before or after your user pilot(s). When you explain your goals, environment, concerns, and constraints to your vendor(s), they are often willing to accommodate within reason. Don’t be afraid to ask for their help.
Once the contracts are signed, you will have to either live with the terms or spend additional funds to amend them. Don’t forget to cover important agreements such as:
Dispute resolution process
Cadence of future releases
Access to future enhancements
Access to vendor support
Professional services for custom features
License lifecycle (extensions/amendments)
Feedback into technical roadmap
Termination or transfer rights
Conclusion
Business management tools have come a long way and are constantly improving. Investment is on the rise for robust solutions that minimize chaos improve productivity. More and more organizations are adopting smarter ways to get work done, foresee risks, and promote healthy operations. With a just little bit of ingenuity, technical strategy, and collaboration; you too can feel confident that you have a system that bolsters your organization’s performance.
There was a time when you could buy software from a trusted vendor and have confidence that everything in the system was created from a safe source. However, modern software is the product of a code supply chain. Creating and maintaining software built from scratch is simply too inefficient to sustain in a competitive time sensitive market. As a result, the following trends have been observed in commercially available software products:
80% of the included code is open source
18% of components incorporated from repositories contain known threats
3M known vulnerabilities have no corresponding CVE
66% have had a software supply chain attack within the last year
*Sources: Sonatype, Crowdstrike, Grand View Research
Meanwhile, software vendors are not exactly eager to share the “secret sauce” of how their products are assembled. Software consumers are under increasing pressure to protect their organizations from a rising accumulation of threats. How does one assess the risk exposure of deploying someone else’s code? Even for software that you have paid for. This post will provide some ideas for managing software supply chain trust.
Managing Trust
The first step towards minimizing the risk of threat exposure is to understand your organization’s code supply chain. The automobile, electronic manufacturing, and pharmaceutical industries have long understood the need for provenance and veracity in their supply chains. Who are your vendors? What open source products do you use? What do you build on your own? Most importantly, what could come back to bite you?
Scope out your supply chain by investigating and understanding how source code, configuration items, and packages get into your deployment pipeline. This might be done by creating a simple diagram of the deployment architecture and then marking the accessible entry points. Once you have identified the vulnerable spots, create clear policies for those who have access and then enforce them. These policies should focus on:
Repository Management: Create and enforce rules surrounding what is allowed to be stored in your software repositories, and how each repository is to be curated.
Vulnerability Management: Constantly scan and assess for risks arising from third-party components and custom code libraries. Code should be scanned continuously throughout each stage of the life-cycle. We can recommend a number of quality scanning tools for each of type of artifact.
Configuration Management: Create and enforce rules surrounding access management, passwords and secrets, audit logging, code promotion, deployment, and automated orchestration.
The operations team must work closely with development and security to effectively review alerts and respond accordingly. There is no substitute for active risk assessment and policy enforcement.
Modeling and Simulation
Even in an ideal setup, your system of security alerts and policy violations can only provide a reactive, rearview picture of what has already happened within your software pipeline. Some challenges to a SIEM-only based compliance approach include:
Misconfigured security controls due to lack of contextual knowledge, frequent changes that impact other security controls, and unavoidable administrative errors
Missing security controls due to lack of understanding of the threat environment, risk priority understanding, or available operational budget
Inability to patch due to potential impact to business operations. Many systems cannot simply be patched at will.
By the time you are able to respond, the attack is already underway. The total damage inflicted becomes a function of how quickly you respond to and contain the attack once you have detected it.
Modeling and simulation solutions form the proactive arm of your security strategy. This approach has been used for many years in practical applications such as weather forecasting, power grid management, automotive engineering, structural architecture design, forensics analysis, flight training, and medical procedures.
How Does it Work?
The process starts by creating a replica of your environment. This will typically include representative constructs for the system infrastructure, applied security controls, known vulnerabilities, architecture components, and threats. For example, you might want to create a malware attack model where you include:
Comparisons of known malware
Network packet flow
Application behavioral profiles
System event history
Authentication credentials and signatures
User session flows
Another example might be to create an insider threat model where you include
Human resource data
Individual behavioral profiles
RBAC tables
User activity logs
Exploit time windows
Once a suitable model is in place, executing simulated attack scenarios allows you to safely assess the preparedness of your system. The use of simulation technology affords the ability to run numerous complex attack scenarios quickly. The results of which will highlight the probability of compromise and potential damage associated with an attack.
Now that we have actionable intelligence regarding potential attacks we can take the following proactive steps:
Identify the available countermeasures for each compromise that occurred during simulation
Prioritize the mitigation of vulnerabilities to maximize the efficiency of organizational resources in implementing security solutions
Remediate the vulnerabilities and check their effectiveness by running new simulations
Track progress and continue to update the model as the architecture and system configuration evolve
Answer: Don't Trust Anything
The question posed in the title of this post is largely in jest. For modern software, it’s almost never wise to implicitly trust anything in your supply chain. Validate the trustworthiness of every element. Nothing should ever be allowed to move through your system without restriction. It’s true that a zero trust model can be complex to implement. However, the days of being able to take chances with external and internal threats have gone by the wayside.
Conclusion
Open source software is a powerful engine for innovation, and the best developers in the world leverage it effectively. However, as responsible IT leaders within organizations that rely on us to keep them safe, we simply can’t ignore the associated security concerns. Through continuous monitoring and automated assessment, organizations are finding ways to stay ahead of cyber threats and are managing to significantly reduce the risk of being exposed. Risk modeling and attack simulation technologies allow us as IT professionals to visualize and simulate the interaction of our system with a potential attack. By repeating the analysis frequently, organizations are minimizing their overall risk while protecting their core business and most sensitive data.
With the continuous stream of data breaches, network disruptions, and ransom attacks, we have collectively begun to become desensitized to cybersecurity incidents of all sizes. Nobody wants to be the next headline in the news as the unsuspecting victim. As a result, chief information security officers (CISOs) and security teams are under increasing pressure to secure vulnerabilities and prevent attacks.
Meanwhile, product teams and business managers are increasingly under pressure to make delivery commitments and meet deadlines. They don’t want to be in the news any more than their security colleagues. However, priorities between the cybersecurity team and business teams are not always aligned. Friction between mitigating security risks and making schedule deadlines often results in frustration and strained relationships. Keep reading for some approaches to bridge the gap between the cybersecurity team and business operations.
1. Speak the Same Language
Technical experts in different domains often encounter collaboration challenges due to the distinct jargon and terminology associated with their discipline. Will software developers understand the output of a security scanning tool? Will InfoSec approvers understand the contents of an application log?
Speaking the same language doesn’t mean turning your software developers into forensic analysts. However, it does mean that they should study and learn cybersecurity best practices for applications in their industry. The best engineers know how to think like an attacker so that they can design and build the right mechanisms to foil attacks. Conversely, your cybersecurity professionals should know and understand the fundamentals of system architecture and engineering. To achieve this end, you might need to establish IT centers of excellence, partner tech leaders across disciplines, or even temporarily embed team members into cross functional areas.
Common language and understanding allows for substantive and meaningful engagements. It also fosters trust and credibility between teams for talking through requirements and constraints.
2. Start Early
The best mitigation for a potential vulnerability is to design it out of the system before it can be built-in. The security team is a key stakeholder to the project and their requirements should be included with business owner’s needs. They should also be prioritized independently as part of the architecture runway. No completed iteration is truly deployable unless it is secure.
You never want to be in the position of absorbing re-work due to security vulnerabilities. An even worse prospect is to be forced into reactive mode due to an ongoing attack. Start your security work as early as possible.
3. Plan for the Worst
Zero trust security teaches us to trust nothing and inspect everything. However, all the required scanning will for sure take up time in the project schedule. Not to mention the time to needed mitigate the scan findings. Factor in time to work the vulnerabilities out of your system with proper coverage.
4. Automate, Automate, Automate
Built-In Security
Integrate application security tools into your system value chain. These tools can be deployed early in your development cycle and provide the coverage needed to review modules and components for weak spots as they are being developed. An important benefit, especially for government agencies, is that they can also save time by populating compliance documents with automatically detected security information and applied techniques.
Continuous Assessment
Integrate security configuration, testing, and validation into your CI/CD pipeline. This allows all teams to maintain ongoing awareness of compliance and vulnerability status. The real-time security data also provides for proactive management of vulnerability risk.
5. Organize Strategically
Is your organization properly staffed to deliver secure systems? Rapid delivery requires a complete engineering team staffed with information security experts. Without sufficient numbers, it’s common for the cybersecurity team to become overextended. Any approving entities must also be setup to review and adjudicate quickly. Review your allocations often and build up your cybersecurity team to keep pace with the flow of business.
Conclusion
As your organization evaluates risk and exposure to cyber attacks, remember that there will always be new threats that can impact a business of any size. When your operations and cybersecurity teams are at odds, no one wins. It’s incumbent upon leadership to foster the right balance of priorities, digital solutions, and team collaboration.
If you have ever been on the leading edge of adopting a new innovative solution, you know that not everyone will immediately embrace a disruptive idea despite obvious benefits. Here are 5 tips to speed up insertion of innovative products into your environment.
“Sometimes we get so enthralled with shiny new tech tools that we forget the basic fact they need to bring business value.”
A key element of generating momentum behind a new solution is to demonstrate the impact. Does the new solution save time, money, or resources? How so? How much? Create a clear and direct linkage between the proposed technology and something that stakeholders want.
Cost Dynamics
Often times, budget managers focus on the upfront cost of new technology. Be sure to include a cost analysis in your value assessment that articulates potential savings over time. If the investment is savings neutral, consider demonstrating the opportunity cost associated with choosing not to acquire the benefits brought about by the new innovation.
Risks
Nobody likes surprises, especially decision makers and leaders. Identify the worst case scenarios up front and cover likelihood of and responses to risky outcomes.
2. Identify and Recruit Advocates
Leadership
A champion in leadership can socialize the value of new technology at the highest levels within the organization. They are key to removing adoption obstacles. Enlist a champion in leadership with powerful influence who can provide a force for change.
Influencers
Similar to champions, influencers have significant organizational voice regarding decision making within their sphere. These might be technical SMEs, key contributors, or cross-team liaisons. Engage influencers actively and encourage them to communicate with their teams.
Manage Expectations
Set clear goals and communicate them effectively to all stakeholders. Clear expectations set the framework for the results you want to achieve. If advocates don’t understand the full picture, they can’t be helpful in spreading the word.
3. Plan and Execute a Limited Pilot
Testing new technologies in a low-risk environment before moving to full scale is almost always a wise move. Plan first, in order to execute your pilot effectively.
Create Success Metrics
Determine what success looks like based on your previous value analysis. Use those ideas to create some target metrics. What do we expect to happen? Did we achieve the desired outcomes?
Define Evaluation Criteria
Determine how you will gauge the results of the pilot. Are some outcomes more important than others? Are there competing technologies that should be compared? How will you measure feedback taken from key participants? Determine how your collected metrics will be rated once the pilot is complete.
4. Conduct a Pilot Review
Spread the News
Your pilot should provide you with quantitative results about the positive effects of your proposed solution. Share the information about pilot performance with your stakeholders.
5. Create an Adoption Plan
Funding & Acquisition
Now that you can support the value of your proposal, you need to secure funds to initiate purchasing. Use your pilot results as a basis for your estimates and factor in deployment and sustainment costs. Also factor in any training needed.
Change Management
New technology will often disrupt the existing apple cart. Consider the best way to roll out your new technology throughout the organization. Some solutions can deploy wholesale, while others may require more incremental phasing into operation. Consider the people impacts of adoption and plan ahead for potential course adjustments along the way.
Conclusion
Successful technology adoption requires early planning, significant buy-in, and efficient engagement. You never want to be the person that wastes money on the expensive solution that doesn’t produce. Instead, be the driver of ROI by pre-empting resistance and strategically aligning innovative technology to the business.
If you’re in the project management realm, there’s a good chance you’ve dealt with unplanned departures in the middle of your project. When two-week notices start to pile up, it can truly wreck your delivery plans.
Dealing with team member attrition is one of the most difficult challenges that we have to coach clients through. The standard reaction is to load more work onto the remaining team. However, that only leads to resentment, lowered morale, and ultimately, more attrition.
“Attrition is like an infectious disease, if not controlled effectively, in time, it can spread to the masses and … adversely affect the business.” –Mohanty
It is incredibly important to be strategic in reacting to a mounting attrition problem. The goal is to minimize delivery impact while maximizing energy and motivation within the ranks.
Standard project management teachings will lay out the appropriate programmatic response. However, experienced managers can give you the right tools to deal with people dynamics.
If you are currently dealing with attrition issues, or want to know what to do should you encounter them in the future, read on for strategies that can save your project.
1. Bolster Morale
Have a great team culture
Healthy culture and morale go hand in hand. It’s simply impossible to have one without the other. They will form the social and psychological environment of the project. As stated by Deloitte,
“Organizations that create a culture defined by meaningful work, deep employee engagement, job and organizational fit, and strong leadership are outperforming their peers and will likely beat their competition in attracting top talent.”
This also applies to retention. Team members who feel connected to a shared vision are more likely to commit to see the effort through to the end. Some ideas to help keep your culture fresh and empowering include:
Maintain team focus on the impact of the project to the mission or business
Communicate a clear vision for the team’s future
Recognize and reward accomplishments
Maintain equity in work distribution and opportunities
Provide windows for growth and advancement
Mix things up so that assignments don’t become mundane or boring
Listen actively to team member ideas and proposals
Practice Transparency
Trust and credibility is a vital part of overcoming adversity in any circumstance. It only follows that honesty and openness is an essential component of healthy team morale. People like to be dealt with honesty. We all appreciate and respond well to leaders who provide timely updates and set clear expectations.
If you attempt to hide or downplay the coming changes and their impact, you will only serve to undermine your own credibility. Don’t do it. Instead, let the team know what you are doing to mitigate the impact of losing a team member and offer to listen to their input and ideas.
2. Minimize Your Vulnerability
Heroes need side-kicks
As a PM, having high-performing rock-stars as part of your team is quite the nice luxury. However, what happens when your superhero employee who has massive institutional knowledge decides to move on? Will they leave a huge hole in your project timeline?
It’s never a good idea to get in the way of progress and efficiency by creating redundancy. It’s also never a good idea to allow single-threaded work to create high impact risks. Your job as the PM is to strike the right balance between the two. Some approaches that can help you find balance include:
Maintain a collaboration space where important knowledge and artifacts are kept
Conduct design reviews focused on knowledge sharing
Have junior and new team members shadow senior workers to learn the ropes
Spread out work assignments across functional areas or layers and rotate frequently
Practice paired or group assignments where applicable
Know Your Weak Points
Sound PM practices require you to identify, rate, and mitigate your risks. If your schedule depends on the creative work of your team, then their potential departure is a risk.
Do you know which items within your project deliverable are most critical? The most complex? Are they documented? Who knows how they work?
Answering these types of questions allows you to assess your where you can be damaged by a key loss. If your top performer wins a windfall lotto jackpot, what activities and items fall on the floor? What is the resulting impact?
Take Preventative Action
Now that you know which potential impacts are most damaging, decide which of them are unacceptable. List out your available responses and rate them. Your goal should be to optimize efficiency and benefit. For example, can you offer retention incentives to essential team members? Work with senior leadership to decide the best course of action, and move forward accordingly.
3. Have a Solid Contingency Plan
Obviously, it’s impossible to eliminate attrition vulnerability. We don’t want to be on our heels when we receive a departure notice. Instead, we immediately enact our plan. Some elements to think through and include in planning are:
Options available to retain the team member(s) (counter-offers, job incentives)
Key activities and responsibilities that will need coverage
Transition events that must occur prior to departure
People or offices within the organization that need be informed and take action
Backfill processes and procedures
Best and worst case scenarios for delivery impact
4. Understand Why People are Leaving
Know Your Team
We can’t emphasize strongly enough how important it is to engage actively with your team members. Through effective engagement, employees feel valued and understand their contribution(s) to the organization’s core mission. If you are engaging properly, you should know which team members might be unhappy and the source of their frustration.
You can never please everyone. However, if the concerns are legitimate or the remedies simple, then by all means, address them. There will always be obstacles outside of the span of your control. However, it is important to have and display genuine empathy for their concerns so that team members know that you are doing everything that you can.
Know Yourself
Now for the hard part. Statistics suggest that almost 40% of employee turnover is caused directly by the immediate supervisor. The remedy can be difficult for all of us. Swallow a dose of humility and take the opportunity to reflect that you might very well be the root cause of the problem. Don’t be afraid to solicit feedback. Don’t be so uptight that a team member would never dare share their true feedback.
There is no one size fits all management style. However, if your approach is consistently resulting in negative outcomes for otherwise positive situations, be open minded about trying a new approach.
5. Never Stop Recruiting
Recruiting is the life blood of a thriving team. Don’t recruit only when you are understaffed. Once you have developed a sound profile for the type of person that fits well in your environment, never stop looking for them. Mine your sources consistently for new candidates and assess their interest in joining you. Where there is mutual interest, complete the connection. If you don’t have openings at the time, let them know that you would like to re-connect as soon as an opening becomes available.
Through this approach, you can develop a “back bench” of candidates who can potentially expedite the backfill process in a staffing pinch.
6. Coach Your Team Through the Changes
Manage Expectations
One of the biggest mistakes that is often made when combating attrition is to panic. Don’t embark on a hiring spree without consideration for the ramifications to the overall team dynamics. For example, if your new hire incentives do not match retention incentives, the existing team is bound to feel unfairly rewarded for their loyalty.
Another common mistake is to set unrealistic expectations with candidates about roles within the team before re-organization and re-assignment planning is finalized. For example, if you hire a candidate for a role on Task A and then assign them to Task B when they arrive, they can feel misled and you might never gain their trust.
Embrace Adversity
Teams often reflect the mood and attitudes of their leadership. If you panic and become stressed, your anxiety will poison your efforts to navigate the project back to equilibrium. You’ve got this! Let your confidence be the pillar that holds the team together. Make it is clear that while there will be challenges, as long as every team member steps up and contributes fairly, the team will endure.
Communicate and negotiate frequently with the team, senior leadership, project sponsors, and stakeholders. Make sure that everyone knows what is occurring, what the impacts are, and what the plan is moving forward.
7. Seize the Opportunity to Enhance Your Team
Yes, you read that heading correctly. The goal should not be to simply survive the unforeseen events of the day, but rather to enact a prescribed plan to increase alignment between team composition and culture. Because you have been diligently working to upgrade your culture, you have a prime opportunity to find the right people who can raise the bar and improve your overall talent mix. Some tactics that you can employ to accelerate positive outcomes include:
Re-organize the team to better address delivery needs
Promote team members who have demonstrated ability into more prominent roles
Re-assign misaligned team members into roles more suited to their skill set
Maintaining a positive attitude can go quite a long way. If you fight this battle strategically with a clear picture of what success look like, you will come out on the other side stronger for the experience.
Conclusion
The simple truth is that attrition and turnover are a part of business. Especially in today’s evolving work landscape. However, through preparation and resolve, you don’t have to become a victim of events. We realize that there are other determining factors not covered in this page, such as market forces, compensation, and employer dynamics. However, we chose to focus on project managers, who have significant influence in winning a war against attrition. We have enjoyed sharing some of the tools that have worked for us and our clients. We would love to hear your thoughts and experiences.
Welcome to your expectations exceeded. Choice Consulting Associates is a full service IT solutions provider based in the Washington DC metropolitan area.
Through innovation, we help organizations unleash the power of technology to bolster their success.
