Dorien Paesen
Dorien Paesen Back in 2019, Dorien decided to follow her passion and made the switch from Test Engineer to Security Consultant. She mainly performs ISO 27K audits and helps the client reach compliance towards this standard.

Project Management Part 2: Tips That Might Help

Project Management Part 2: Tips That Might Help

Projects are set up in every field, especially in the Information Security field. They are created to work towards changes within a company in a controlled manner. Even though many people from different backgrounds are involved in a project, it’s important that there is one person who keeps the overview: the Project Manager. Managing a project can be very fulfilling, but also comes with quite a few challenges in my experience. In this blogpost I will share a few tips that help me. If you have some tips you’d like to share, feel free to reach out to me.

Tip #1

You will regret it (and forget it) if you don’t document everything. Develop a method that works for you. Some people like taking notes physically and collect memo notes on their screen or desk. Others prefer creating excel spreadsheets. I personally use the Sticky Notes tool on Windows a lot to create to-do lists and to keep track of things I can’t forget. But also look for options into tools provided by your employer/client. Maybe an automatic solution is possible to report the progress and results. (for example, we use Atlassian Suite, and it provides an option to automatically put results into charts, very handy).

Tip #2

Define a project scope and try to always keep this in the back of your mind when decisions need to be made. Some people might lose focus and want to go further than what was originally planned or keep making additional changes (this is called scope creep). If this takes place, there will almost always be some kind of financial consequences, unrealistic deadlines, unapproved changes between stakeholders, etc. A clear scope for what is expected will help to avoid this.

Tip #3

Determine a timeline. Start by dividing the big project into smaller pieces. For this, you might need input from the people involved in the project, because you need to know which steps need to be taken to reach a result, and how much time these steps will take approximately. A nice software tool to help you with this is MS Project.

For example: part of your project is to incorporate risk management in the development process for your employer/client. Break it down in steps: the first step could be to make sure it’s supported with documentation (e.g. Standard Operating Procedure). Together with the person/team that needs to create this documentation, you can put a deadline on this first step. Continue like this for all the other steps that are required, and you will get a detailed timeline.

I noticed that making clear and specific agreements on timelines/deadlines from the beginning onwards is one of the most crucial requirements for success of project management. In case the deadlines can’t be reached, it’s best to inform management on time.

Tip #4

You are – most likely – working with people and not (only) with robots. Therefore, it’s important to talk to them, but even more importantly: to listen to them. Communication skills are key in project management. If something doesn’t go according to plan and you can already tell a deadline can’t be reached for example, don’t chase people and lecture them, but ask what went wrong. Maybe another emergency project got in the way, maybe his/her colleague fell sick, and all work is now on him/her… There might be a way you can help. This might sound very cliché but friendliness will get you a lot further in the end. You also have to report back to management in this case that for (unforeseen) reasons the deadline can’t be achieved, and a new deadline may be arranged keeping these reasons in mind.

If you need any assistance with cybersecurity projectmanagement or have any questions regarding cybersecurity within your company, don’t hesitate to contact us.