Security Audit of a Government Agency
My company was hired as part of a contract bid to conduct an audit and network security assessment of a federal agency at multiple sites across the U.S. The project was initiated by the headquarters for this particular agency (at Washington DC), but the work was to be conducted at the various local sites. My role was Project Technical Lead as well as the Lead Security Control Assessor for federal government sites in Hawaii. Working with my project team, we met all the required deliverables with just a slight slippage in the delivery date; however, it was a very difficult project with multiple stakeholders and issues.Processes, project artifacts and activities that contributed to the success of this project:
From (Greer, 2010)Step 2: Get your team together and start the project (p 10). Processes from this step that contributed to the success of his project included putting together a project kick off meeting with the customer (local stakeholders) which (1) introduced team members and their roles and responsibilities, (2) defined objectives, (3) defined the project scope, (4) defined deliverables, (5) identified risks and assumptions and (6) provided a proposed schedule. The initial face-to-face meeting went well and presented the customer with the requirements, while allowing the local customer/stakeholder to have input on the project, such as the schedule and scope.
Step 4: Figure out what you need to do to complete the work products. (Identify tasks and phases.) (p. 17). Processes from this step that contributed to the success of his project included reviewing the initial list of deliverables and identifying the specific tasks that needed to be accomplished. These were identified and tracked online where the overall PM could track the progress.
Step 5: Estimate time, effort, and resources (p. 20). Processes from this step that contributed to the success of his project included assembling the core team and obtaining additional resources. For example, a penetration test of the network was required as a deliverable and no one on the team had the skills to perform this skill so a new team member was hired. Team members met regularly to discuss the level of effort and resources required to complete the various tasks.Processes, project artifacts and activities that were not included that could have made the project more successful:
FromNot involving all key project stakeholders (p. 106) and Lack of commitment by all team members to the project’s success (p. 108). While this project was part of a multi-site project, the PM and customer rep/stakeholder did not obtain approval/buy-in from the local customer/stakeholders resulting in resentment towards the project team and their efforts to complete the project. Obtaining information from some of these stakeholders became very difficult throughout the project.
Not identifying and sharing key project assumptions (p. 107). Members of teams working the project at other sites had information about the project, but were hesitant or late in sharing the information. In addition, our customer asked us to modify the standard assumptions so that the team could provide the customer with better feedback in areas where they were weak or needed to improve. Other sites did not follow this guidance; however, had we followed the project assumption as written, the project would have been a complete disaster as the majority of the items to evaluate would have been “skipped” because the site was not ready for the review.
Greer. M. (2010). The project management minimalist: Just enough PM to rock your projects! (laureate custom ed.). Baltimore: Laureate Education, Inc.
Portny, S. E., Mantel, S. J., Meredith, J. R., Shafer, S. M., Sutton, M. M., & Kramer, B. E. (2008). Project management: Planning, scheduling, and controlling projects. Hoboken, NJ: John Wiley & Sons, Inc