How to manage a project

August 6, 2013

The essentials of project management in under 500 words

What’s a project?

A project is any endeavor that takes time and involves more than one person.  Typically, we don’t call it a project unless it involves at least 3 to 5 people, and then we call them a team.

A project requires communication, collaboration and coordination.  A project also usually results in something being delivered to a third party.

Five aspects of managing a project

1. Defining the parameters.

What are the inputs?  What are the outputs?  What are the rules?

2. Discovering the goals, limits and values.

Goals include requirements for the outputs and other things that you want to have as a result of the project.

Limits include things like how much money you can spend, how much time you have, and who is allowed to do what.

Values include the priorities among time, cost and quality; and what the people in the project want to get out of it.

3. Planning the work

Planning includes setting your own expectations and the expectations of others; and being prepared to deal with unforeseen events.

4. Reporting

Reporting means communicating about progress, problems, resources used, and results delivered.

5. Interacting

Interacting with team members and stakeholders to facilitate, encourage and moderate.

What is a successful project?

A successful project delivers the right outputs on time.

At the end of a successful project, the team is still improving and is ready to take on another project.

At the end of a successful project, we have learned something and improved how we define, discover, plan, report and interact.

How do projects fail?

A project that produces no output or produces the wrong output is a failure.  Examples include products that get returned or software that causes problems for the customer.

A project that consumes excessive resources is a failure.  A project that does not deliver results in time to be useful or valuable is also a failure.

A project that ends with a burnt out team who cannot take on another project is a failure.

How to head off failure?

Choose and keep the right team.  Select people who have needed skills and are good at being part of a team.  Remove people who don’t get along with the team.

Limit the scope of the project.  Put your job on the line to keep the project down to a manageable size.  Break the project into phases to limit the scope of the current work.

Verify correctness of the outputs with the customer.  Check the requirements with the stakeholders at the beginning, and verify regularly that what has been done is still needed and expected by the stakeholders.

Iterate at regular intervals.  Deliver workable parts of the output in small increments and then re-check the scope and priorities for the next increment.

Listen carefully at all times.  Don’t presume anything without verifying it yourself.  Tell people when they’re doing something right.

 

 

Interested in tiny houses?  See Tiny House Design Workshop for a September event in Washington, DC.

Filed Under: Agile Management, Painless IT Tagged With: , , , , , , , , , , ,

5 key things you should know about computer security

March 6, 2013

Computer security does not come easily.  It requires awareness of the ways in which computers and data are compromised.  To guard against loss, there are 5 key things you should know.

1.   Anti-virus programs are essential, but they’re not enough.

Anti-virus programs will not keep you safe from all attacks.   They are good for blocking older, known viruses, but they’re only as good for that if you keep them up to date.  Since there are always new viruses out there, the time between the virus discovery and an updated version of the virus library is a vulnerable period.

To maximize the effectiveness of your anti-virus program, update it every day.

2.   Vulnerability to malware is PRIMARILY a human-knowledge problem

Many scams are perpetrated by email “phishing” attacks.  These attacks work because the emails look to be legitimate, such as from your bank or a known vendor, complete with logo.

Even worse, it isn’t too hard for attackers to learn about your company by researching public information, and then targeting specific individuals in your company with “spear-phishing” emails.  These emails sound even more convincing because the person’s role is known and maybe even the person’s boss’ name.

There is no substitute for caution: Never click on a link in an email without first examining the detail of where it is going to take you.  You can do this in most browsers by hovering the cursor over the link.  When in doubt, don’t click!

3.   Passwords are often inadequate

When we log in to online services, we depend on passwords to identify and protect ourselves.  But we don’t want to bother with passwords that are long and un-memorable, so our logins are vulnerable to guessing.  In addition, we often use the same password over and over, so once one service is compromised, others can soon follow.

To protect yourself, use a password-generating program to make passwords long and un-guessable.  You can buy a program (such as “1Password”) and use it to keep a secure list of passwords on your computer.  Then you don’t need to remember your passwords and in addition you’ll have a central repository for all of them.  And you won’t use the same one over and over.

4.   Data loss is often caused by human action

There are lots of ways to lose data, and only some of them are caused by hardware failures.  For example, you may mistakenly delete a file, or you may modify data in a file without having a backup.  Also, you may delete your backup files.  Pay attention to what you’re doing when you’re moving or deleting files.  Make extra backups before doing a lot of file operations.

Then of course, you may not have any backups at all, because you haven’t set up an automatic process.  This is unwise.  Always set up an automatic mechanism that will back up your files.

5. Nothing can stop an insider who wants to cause damage

Pay attention to disgruntled employees & visitors.  Be aware of which computers are accessible to anyone who comes to your desk (or other desks).  Set up automatic “log-out” mechanisms, so that if you leave your computer, it will require a password to log back in.  And, of course, know who your visitors are.

Security depends a lot on what you know, what you do, and your willingness to invest the time and money to have the right tools.  Don’t blame insecurity on the malware.  Fix the tools and procedures in your own shop.

 

John will be on a panel Startup Candy: How to Be the Startup Everyone Wants to Work For on March 27 at 6:00 PM in San Francisco.  For a free ticket, visit Founders Space and enter “Levy” as your promotional code.  See you there!

The fastest way to kill your startup is with B players.  How can you attract–and hold onto–hot talent? Get ideas, real-life stories and advice on increasing your odds of funding, innovation, and success when you add smart, creative people to your team.  Our panel will discuss:

  • Why your team matters to investors
  • How to create a killer team
  • How to showcase your team to investors, partners and customers
  • How to identify and reach out to talented individuals
  • How to keep your team engaged
  • How to keep your talent from jumping ship for better opportunities
  • How to position your company as a hot career opportunity

Presenters: Josh Breinlinger of Sigma West Venture Capital; Max Shapiro of PeopleConnect; and John Levy of John Levy Consulting.

Filed Under: Agile Management, Painless IT Tagged With: , , , , , , , , , ,

Software Development – not by PERT alone

January 21, 2013

I have great respect for software developers.  Because software is abstract, invisible and runs at extreme speeds, the people who are good at building it have to possess a particular talent at visualization and a willingness to use complex tools.

When software developers become project managers (PMs), they tend to rely on software tools to monitor, control and report on projects, just as non-technical PMs do.  The problems that technologists have in management have to do with inexperience in people interaction, including conflict, collaboration and just plain old ability to listen well.  If you’re a technologist in management, you can find more ideas on what to do about this in my book Get Out of the Way.

For the rest of PMs, there are lots of good tools, such as PERT and Gantt charts, but simply having good tools will not make your project succeed.  Software development projects frequently fail to produce results that the customer or end-user wants.  Why?

Here are three factors that contribute to the unruliness of software development projects:

1.     Estimating the effort and time required to complete a task is difficult.  Even when reasonable-looking requirements and specifications of a software package are provided, understanding the difficulty of development may require architecting multiple layers and investigating interactions with a complex environment.  Since requirements are generally high-level items, and design has to be done at multiple levels, it is difficult to break down the work into “pebble-sized” tasks and then to keep to a schedule with those tasks.

2.      Designing an algorithm often takes experimentation.  Engineering a software system requires trying out some things to see if they work, or testing multiple possible ways to implement something to find one with reasonable performance, for example.  This aspect of software engineering is so prevalent that Fred Brooks in The Mythical Man-Month advised us to “plan to throw one away.”   He meant that at the completion of a complex software implementation (such as an operating system), the designers have learned so much that it is often best to start over and re-implement everything.

3.     Assuring that a software implementation functions properly under all conditions may take as long as the design phase.  In fact, you may never be able to prove proper functioning, because testing all combinations of conditions is impossible.  At best, using test-automation tools and good intuition about where to look for errors, a software team can reduce the number of bugs at the time of a software release, but almost never to zero.

Scheduling a software project is made more difficult by the fact that additional tasks are always discovered during implementation.  This is so prevalent that I learned long ago always to ask “What remains to be done?” in addition to “What have you completed?”  You can count on the list of tasks to be done growing during the project.

One of the best countermeasures to all of these problems is to use Agiledevelopment methods.  Iterative development with regular demonstrations of working software having incrementally greater functionality will help reduce uncertainty and increase the ability of a development team to adapt to a changing world.  It also shortens the time between the initial charter of the project and the point where the customer says, “but that’s not what I wanted.”

Even Agile will not save all projects.  If you’d like to learn more about why not, download the slides and notes from my webinar, ” Why Agile Won’t Fix All Your Problems.”

And good luck.  The world needs software, so we all have to keep on trying to deliver it the best we can.

jlcLogo-Lg

Filed Under: Agile Management, Painless IT Tagged With: , , , , , ,

No silver bullet

December 10, 2012

Software is in everything and we and our businesses depend on it more and more.  Yet Software Quality is not rising, so we have rising numbers of failure incidents and out-of-control costs in maintaining software.  What should you do about it?

Software, software, software

No matter where you look, there is software.  Whether you inspect the thermostat in your home, look at the smartphone in your pocket, or lift the hood of your car, you find digital chips running software that keeps the device going.

And this doesn’t even begin to describe all the software that is running in your computer and in The Cloud.  Software is everywhere and we are dependent on it for so many things in our daily lives.

If you have something to do with creating software, you’re probably in a secure job because software creation is not going away.  On the other hand, you’re probably worried about keeping up with the latest techniques and standards, because software development is in the public spotlight more and more.

Why?  Because software failures, system data breaches and rising maintenance costs are in the news more than ever.

Software can be stable and reliable

I attended this month’s meeting of an organization called SofTech and enjoyed hearing Fred Davis talk about the latest gadgets – which, of course, are full of software.  And in that room were some of the most experienced software developers in the San Francisco Bay Area.  Yet even among those high-tech gurus there is an unspoken acknowledgement that software quality is not very high overall, and that creating stable and reliable software is an arduous undertaking.

How can we make it less arduous?  Well, as Fred Brooks explained, there is no silver bullet — no single countermeasure that will make software development become predictable and reliable.  If you want reliable software, you have to organize and execute deliberately, monitor the results regularly and keep up with the evolving tools and methods that incrementally make the process better.

To learn more about development issues, have a look at Technical Debt.  Also visit SEI, PMI, and CISQ.  But above all, get expert guidance that is not focused solely on technology and tools, because creating reliable software depends as much on management and organization as it does on tools and process.

If you’re managing development projects …

I’ve started offering a series of webinars on managing development projects.  The first two were titled The 10 Danger Signs of a Failing IT Project and How to Fix a Failing IT Project.  The third one, in January, will be Why Agile Won’t Fix All Your Problems.

Even these webinars won’t fix all your problems.  But you may become aware of the possibilities and some of the pitfalls in development.  And that could be enough to get you on a path of improving the software quality in your enterprise.

 

Filed Under: Agile Management, Painless IT Tagged With: , , , , , , , , , , , , ,

Avoiding mishaps with Data in the Cloud

November 28, 2012

What might happen to your data while it is in the cloud?  In the last article, we discussed why you might want to have software and data in the cloud.  In this article, I list 9 things you can do to keep your data safe

What can happen to my data when it is in the cloud?

Most of these things can also happen to your data while it is on your desk or in your own data center.  It’s not necessarily the fault of the cloud that mishaps occur.  The focus of the following is choosing the best countermeasures to cloud-based data mishaps.

Here is a list of things that could happen to your data while it is in the cloud:

Mishap #1: My data is temporarily inaccessible

When your data is in the cloud, you may not be able to access it.  This can also happen when your data is in your own data center.  The reasons for inaccessibility can be any of these:

  1. Scheduled maintenance (downtime) — The system is offline for maintenance that was planned & scheduled.
  2. Unscheduled maintenance (outage recovery time) — The system is offline while recovery is performed for an unscheduled outage.
  3. Administrator error (system offline) — The system is offline because an administrator of the system made a mistake.  The specific causes range from configuration errors to improper responses to simple failures that would normally be recovered quickly.
  4. Failure of a storage system (but there is a backup copy) — Your data is temporarily inaccessible while the system switches over to the backup copy.
  5. Loss of internet access — You can’t get to your data because you have no access to the Internet.
  6. Overload on a cloud server.  Causes of this (overload) mishap can be any of the following: (a) Inadequate resource planning at cloud vendor; (b) The storage servers ran out of capacity (for storage or for accesses) due to inadequate planning for growth; (c) Denial of service attack (general) — A malicious person or entity has created excess demand for service from the servers your data is stored on.  The attack is aimed at the service provider or one of the provider’s other customers, without regard for the fact that you and your business are affected; (d) Denial of service attack (specific to me and my data) — A malicious person or entity created excess demand for service from servers your data is stored on, and the purpose is specifically aimed at disabling your business.

Mishap #2: My data is lost forever

  1. There was a failure in a storage system and the data was not backed up.
  2. There were multiple failures, and both the primary copy and the backup copy are gone.  This very unlikely, except when there was an administrator error after a storage system failure.

Mishap #3: Accessed by unauthorized person

  1. Accidental access from within the cloud vendor’s domain. — Someone in the cloud vendor’s data center accessed the data by accident.  Typically, this does not result in any loss, but the event should be reported so that it can be avoided in the future.
  2. Malicious attack — Someone outside of your company and your cloud vendor accessed your data, usually with the intention of misusing it.  This is a serious breach that may have to be reported to state or federal authorities.

Mishap #4: Data was corrupted by storing the wrong information

This can be caused by human error or by software error.  Human error may be as simple as someone entering the wrong data into a form, or by someone misunderstanding the meaning of some data.  It can also be caused by software error, either by some sort of error termination, or by a database transaction that fails to complete and leaves the data in an inconsistent internal state.

Things to do to prevent or minimize losses

Here are 9 things you can do to help your organization keep your data safe.

Understand how data is stored in virtual environments

Be sure your IT people know what sort of storage is provided in the virtual machines and cloud-based storage that your organization is using.

Plan for failures

Follow the rule that everything that can fail will fail.  Use regular disaster drills, including actually taking live data offline to see how the systems and people react.

Know your SLAs

Understand the implications of your service-level agreements in your cloud vendor’s contract.  Make sure that you are not putting critical data in a storage system that has only “normal” uptime commitments, such as you might get with a single disk drive.

And read the fine print of your contract.  Is an “outage” defined as more than 10 minutes of unavailability?  Can your business stand to have multiple outages that are 9 minutes long?

Know where your data is

Be aware of your cloud data storage vendor’s locations, levels of redundancy, and what the backup and recovery procedures are.

Also, since data is often corrupted by human error, it’s not enough simply to have backup copies – they will all be wrong if someone has entered the wrong information.  You also need checkpoints where the whole consistent set of data was backed up and can be retrieved after something has gone wrong.

Data recovery service

Since many cloud and virtual storage vendors don’t include recovery from software or human-caused data corruption, add a data recovery service provider in your contingency plans.

Arrange for education & education

Ask your cloud storage vendor to train or educate your staff on how to recover from a data disaster or handle data recovery in the cloud.

Prepare for vendor switching

Make sure that you have a plan for moving your data from one cloud vendor to another.  This includes knowing what it takes to download your data from the current vendor (or your backups) and then to upload it to a different vendor.  Anything less than this will leave you locked in to the current vendor and vulnerable to their shortcomings.

Implement stringent system access controls

While you want everyone who needs it to have access to data, you should restrict access to the data center systems, software and applications to the few people who need to manage those systems.

Don’t underestimate the cost of cleanup

After you suffer a security breach in your data, you have a lot of things to do to clean up and re-secure your data.  There may also be reporting to be done.  A recent survey found the cost of this kind of cleanup to be over $200 per data record.  Take this into account when you are justifying training and/or other security measures for your data storage.

Don’t let all of these potential disasters keep you from storing data in the cloud.  You can count on cloud vendors to be highly motivated to keep your data safe, and often they will spend much more on security than you would in your own data center.  But arm yourself with information, so you know what could happen and what to do about it when it does.

Filed Under: Painless IT Tagged With: , , , , , , , , ,

My data in the cloud?

November 12, 2012

What’s the Cloud?

“The Cloud” refers to computers, storage and software connected to the Internet and accessible via the World Wide Web.  The first question you may have about the cloud is whether your data is safe there.

To answer that question, let’s have a look at how access to data has changed over the past couple of decades.  When the Internet and the World Wide Web (the Web) first became widely available in the 1990s, we were accustomed to the Desktop model:

I’m sitting at a desk with the computer, the software, and the data storage on disk all within reach.  If I have Internet access, it’s probably a wired connection over Ethernet to a cable or DSL modem; I can interact with servers on the Web using my browser, and some of these servers may keep some data that I put into them.

By the mid-2000s, most of us were using the Laptop model:

My laptop computer is with me wherever I am, and the software and storage are inside the laptop.  Storage may be on a disk or a solid-state disk (SSD).  I’m connected to servers on the Web using a wireless (WiFi) connection or a wired (Ethernet) connection.

These days, many people are using the Smartphone model:

The smartphone is in my pocket when I’m not using it.  When I use it, software is running both in the phone (an App) and in the cloud (on a server somewhere).  My data is in the cloud (on a server somewhere).  I’m connected to the Web using a wireless connection (WiFi or the cellphone network).

Software in the cloud

Why would we put software in the cloud?  There are several reasons for this trend.  The main advantages are:

I can rent the software rather than buying it.  This could save me money in the short run.

I don’t have to keep the software up to date – the vendor I rent from does that for me.

I don’t have to configure the software in my computer.

When I want someone else in my company to have access to the same data and use the same software, it’s easy to do – I just add them to the list of users of the software service (and pay the rent for them).

The disadvantages of software in the cloud are:

If I lose my Web connection, I can’t use the software or access my data.

I can’t customize the software very much – I have to use the same features that are available to everyone.

Data in the cloud

Why should I put my data in the cloud?  There are some advantages:

There’s no limit on how much data I can store in the cloud, and the cost of renting space for it is relatively low (if I shop around). I don’t have to buy a new disk to store more data.

The storage vendor does automatic backup of my data (and replication – that is, storing a copy at another site, if I want them to).

The storage vendor typically uses privacy and security measures that I couldn’t afford on my own.

The disadvantages of data in the cloud are:

If I lose my Web connection, I can’t get to my data.

At the beginning of using cloud storage, I have to upload all of my data.

There is always the possibility that someone will break into my data (a data breach).  But then, isn’t that possible even when the data is in my computer?

The storage vendor could go out of business or fail to protect my data. That’s why I should be sure that the vendor is reliable, reputable and stable.

I should probably keep a copy of my data somewhere else as well.  But I had offsite backup copies before, didn’t I?

If my data is in the cloud, do I still own it?

If you’re concerned about ownership of your data, make sure you have a contract with the storage vendor that specifies not only who owns the data, but also how how easily you can copy your data and move it somewhere else.

Check the regulations in your state and your country with regard to data.  When you have customer’s personal information as part of your data, you have legal obligations.  You may be obligated to keep the data in the country, for example.  You also need to have a policy for dealing with data security.  If you do suffer a data breach, you may be obligated to report it.

For example, “California law requires a business or state agency to notify any California resident whose unencrypted personal information, as defined, was acquired, or reasonably believed to have been acquired, by an unauthorized person. (California Civil Code s. 1798.29(a) and California Civ. Code s. 1798.82(a))

Any person or business that is required to issue a security breach notification to more than 500 California residents as a result of a single breach of the security system shall electronically submit a single sample copy of that security breach notification, excluding any personally identifiable information, to the Attorney General. (California Civil Code s. 1798.29(e) and California Civ. Code s. 1798.82(f))”  (from the Attorney General of California website at http://oag.ca.gov/ecrime/databreach/reporting)

There are other resources that may be useful to you if you’re concerned about malware (software that invades your systems or your data with malicious intent) and cybercrime.  Visit some of these websites:

http://www.rsa.com/rsalabs/

http://www.cylab.cmu.edu/

http://www.us-cert.gov/

I hope this answers some of your questions about data and the cloud.  If you have other questions, please add your comments to the blog.

Filed Under: Agile Management, Painless IT Tagged With: , , , , , , , , , , , , ,