painpill 1303 Congress just now figured out waste comes from bad project management?

This is our Security “The Pain Pill” because only a few of us take vitamins.

Every week I talk about a security topic in simple terms to reduce our security load, increase our efficiency, and make our security work better. There is a free class on the topic so you can have a deep dive. If you need continuing education credits, this counts.

If you would like to learn about security in the System Development Life Cycle join our live class Thursday, May 2, 2013 at 18:00 Central time. How to attend our real class? 5 minutes before class, click the link below, you’re your name, turn on your speakers, have fun!

Congress just now figured out waste comes from bad project management?

April 26, 2013 Craig Killough testified on behalf of PMI before the United States House of Representatives Subcommittee on Oversight and Management Efficiency at a hearing entitled “Cutting DHS Duplication and Wasteful Spending: Implementing Private Sector Best Practices and Watchdog Recommendations.”

<soapbox> We could probably save money just by reducing the length of the name of the hearing. </soapbox>

Well, to be fair…

Mr. Killough made the statement that government should adopt the ways of commercial organizations that follow best practices in project management. If the government did follow these best practices, they could reduce waste.

Craig, where did you get such a crazy idea?

The Pulse of the Profession came out from the Project Management Institute (PMI). In this report they measure success and failure of projects. It stated that low-performing organizations are defined as those which complete < 60% of projects on time, on budget and within scope. Low performers are significantly less likely to provide a defined career path for project managers, a process to develop project management competency, and / or training on project management tools and techniques.

What does this mean?

If we do not make project management a recognized skill and promote it, we will continue to have failed projects. Or worse, project managers will leave organizations that do not recognize the skill? Does this mean that we don’t have the capability to do projects without project management?

This progression may not be absolute, but I think it’s pretty close. We can prove that by looking at all the successful and failed projects in our own organization. I think that organizations that do good project-management and System Development Life Cycle (SDLC) recognize their project is going to fail early and therefore they self-correct or they cancel it early on: this saves money.

I also think by recognizing problems and working the problems early in the process, we drive the project to completion rather than let it fail.

Why Project Management?

Actually I think some organizations do project management and don’t look at development lifecycle. There is nothing wrong with that. Project management is a generic concept applied to any kind of project. The emphasis is on people as the resources, not on the technical.


SDLC addresses more of the technical concerns, more programming concerns, more of the tools that we are working with in a project. Project managers may not be concerned with the software tools or the programming concepts. SDLC professionals will also address key concepts like programming languages.

SDLC also adds in maintenance, operations and disposal. This is the first chance that we really talk about security in most cases for organizations.  I think it’s wrong, but the reality is security gets bolted on at this point.

In all cases:

Managing your projects, teaching your people how to communicate clearly, and knowing project management techniques will inevitably lead to greater success. Risk is a big deal in project management and SDLC. Knowledgeable people reduce risk.

Blatant commercial: If you need more than just an hour on SDLC, come to our new project management class starting on May 18.

Come to our free class this week!

CISSP: Application Security SDLC 2013-05-02 18:00:00 Central time


Source: 2013 Pulse of the Profession

Thanks heraldonline !