IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

GTC Southwest Classes Begin in Austin

Project management, security and more are topics of the day

GTC SW began yesterday in Austin under sunny skies and warm temperatures. Monday's agenda consisted of training classes in Project Management, Performance Based Statements of Work, Advanced XML Development, Security, Increasing your Value to Your Organization, GIS, and Defining Business Requirements.




Project Management
Phil Ostrom, a senior instructor for ESI, launched a multi-day class on project management with basic concepts, definitions, and some real-life examples of project management from the military and the Sydney Olympic Games. From brief introductions at one table, participants included a range of government staff from the City of Austin, Texas State Government and the University of Texas. Several were new to project management, and none called themselves experts, although one participant said this was her second course as preparation for some new responsibilities.

Phil Ostrom
A survey of both private and non-profit projects indicated that only 34 percent of IT projects are considered successful -- a 66 percent failure rate Over 70 percent of project stress, said Ostrom, is directly related to lack of clearly defined requirements.. To help define and analyze the success/failure factors, Ostrom launched into concepts such as the "Triple Constraints" of cost, time and scope. Scope is defined first in most cases, he said, as that determines the cost and time requirements. However, when IBM was setting up the technology for the Sydney Olympic Games, time was the top priority, as the opening ceremonies must happen on schedule, and so scope and cost were secondary. In any case, said Ostrom, it is up to the project manager to know what those priorities are, who the stakeholders are, and what they expect from the project.

Each project has a life cycle, said Ostrom. "IPIC" is the acronym for Initiation, Planning, Implementation and Closing. Each step of the cycle has a specific output that defines that stage of the process. A skilled project manager also must know how to negotiate and influence others in an ethical manner, as the implementation step of a project always requires "mid-course corrections" necessitating negotiation and communication to keep the project on course and the stakeholders informed and in agreement.

By lunch time, the class was divided into groups, each with a rotating "project manager" tackling simulated projects to flesh out the concepts discussed earlier. As Ostrom pointed out, there is a large gap between the "accidental project manager" who is given a project to manage, and one who has been trained to bring a project home on time, under budget and with all deliverables in place. And as illustrated in the morning class, it's not just IT projects that could use project management expertise. It's for anyone who wants to help create the future.

Security Boot Camp
Wendy Nather, Information Security Officer for the Texas Education Agency, at one time managed security for a Swiss bank. She began her presentation, however, with some very practical advice in dealing with people who don't welcome tight security, or see it as an obstacle.

Wendy Nather
And security is a formidable subject. Consider these questions a new ISO should ask: Are there external security regulations in your field such as HIPAA, Gramm-Leach-Bliley, FERPA, Sarbanes-Oxley? And if so, who interprets them for your organization? Have security audits been done? What were their findings? What kinds of security incidents have happened in the past? What are the relevant policies on passwords? Are outside contractors excluded from "the family" or given free access? Who is allowed to bend the rules? Do you have documentation up to date so





that you can answer up if an auditor asks: "What do you have open and why?" Does your organization have small "fiefdoms" with different rules, or do you have a centralized despot?

Nather discussed more of the realities of security, went over estimated costs for various security systems and tools, as well as the realities of public-sector budgets. When telephones began ringing after hours in a London banking office, said Nather, the staff realized that someone was "war dialing" to attempt to gain entrance to the computer system. The staff performed their own penetration test, and found a maintenance modem on an HP server that had a simple password. Luckily, she said, the attempt failed, but the lesson was clear.

Nather said there are ways to do "quick and dirty" assessments. While executives won't know security systems and terminology, they will know the location of critical assets, and will have concerns about protecting them. Security can start with low-hanging fruit, she said, Legal compliance issues must always be highlighted, and patches, anti-virus updates and basic security infrastructure can be installed and employed. Find out what is already being done, and address the omissions. That way, she said, you are assisting and forwarding what has already been done, which will gain support organizationally rather than encounter resistance.

Several of Monday's classes continue today, joined by others such as Computer Forensics, Negotiation Skills, ITIL/IT and more.
Wayne E. Hanson served as a writer and editor with e.Republic from 1989 to 2013, having worked for several business units including Government Technology magazine, the Center for Digital Government, Governing, and Digital Communities. Hanson was a juror from 1999 to 2004 with the Stockholm Challenge and Global Junior Challenge competitions in information technology and education.