This article is part 3 of our series “A Comprehensive Guide to Planning Your Cybersecurity Projects”. Read part 1 and part 2.
Are you struggling with managing your cybersecurity projects? Are you facing challenges during your project and don’t know how to deal with them?
We’ve put together several common cybersecurity project challenges and propose solutions for what you can do about them.
*Disclaimer: In this article, we focus on some of several commonly-cited challenges that can occur during cybersecurity projects. This list is not meant to be exhaustive but is intended for guidance only.
“Prioritization at a strategic and operational level is often the difference between success and failure. But many organizations do it badly.” (Harvard Business Review, 2016)
Cybersecurity project managers often complain about the sheer infinite number of projects they must manage within a year… rightfully so. In addition to the cybersecurity skills shortage, today’s IT and security professionals simply have too many priorities on their plate. And with too many priorities comes frustration, lack of focus, the feeling of being overworked and a greater risk for project failure.
It becomes less and less obvious which projects are really a priority for the organization, and which ones just create unnecessary burdens for your team. To avoid a lack of prioritization, you may want to ask yourself a set of qualifying questions before embarking on a new project.
Project Qualifying Questions:
The more qualification criteria your cybersecurity project fulfills, the higher it should be on your priority list.
A “good” cybersecurity project is one that is directly linked to your overall business strategy, supports your principal objectives, effectively protects your organization from cyber risks and delivers measurable ROI.
Related Post: How to Optimize Your Security Spend for Maximum ROI
Cybersecurity project managers will know that the scope of a project can change along the way, which can lead to frustration, misalignment or even project failure.
To avoid the phenomenon of scope creep, project managers need to determine, agree on and communicate the scope of the project early on. When defining your project scope, try to take as many elements as possible into account.
Project Scope Elements:
For example, you may want to establish a work breakdown structure (WBS) your project into several tasks, subtasks and related deliverables (see figure 1).
According to the Project Management Body of Knowledge (PMBOK), a work breakdown structure is a “deliverable-oriented hierarchical decomposition of the work to be executed by the project team.” Breaking down your project into a more digestible structure helps keep track of deliverables and illustrates the project flow in a more understandable, visual way for all parties involved.
With a properly-defined project scope from the get-go, including a clear work breakdown structure, cybersecurity project managers can prevent hiccups and scope creep before challenges unfold.
Related Post: 5 Benefits of Project Management for Cybersecurity
According to a recent survey by the Project Management Institute, 30% of all project failures are due to poor communication. In the same way, projects with effective communications are almost twice as likely to successfully deliver on project scope and meet quality standards.
What this means for cybersecurity project managers is that they must prioritize effective communication throughout the duration of the project. The longer poor communications linger, the greater the risk of project failure (see figure 2).
Cybersecurity project managers can facilitate effective communication by identifying and applying the 5Ws (Who, What, When, Where, Why):
Lastly, keep in mind that all communications need to be centralized for continuity and clarity purposes and that you have to stay consistent in your approach to communication throughout all cybersecurity projects.
The more your cybersecurity project is aligned to your overall business strategy, the more effective it will be.
“Companies that align their enterprise-wide PMO (project management office) to strategy had 38% more projects meet original goals than those that did not. They also had 33% fewer projects deemed failures.” (PMI Pulse of the Profession Survey, 2017)
Unfortunately, many cybersecurity projects are treated as pure cost centers and as a “necessary evil” as part of corporate cybersecurity hygiene standards. Too often, projects are not aligned to what really matters for the organization – the cybersecurity strategy.
To avoid strategic misalignment, make sure to:
Following a simple strategy checklist before kicking off the cybersecurity projects will help prevent strategic misalignment further down the road.
Related Post: How to Align Your Security Strategy with Your Business Goals
Managing cybersecurity projects is no piece of cake. If you’re involved with planning your cybersecurity projects throughout the year, you will know that project hiccups or failures are not as rare as you may hope them to be.
Effective cybersecurity projects are prioritized in accordance with their impact of the organization’s cybersecurity posture and threat exposure, follow a clearly-defined scope from the beginning and are aligned to the overall business strategy and goals. Project milestones, deliverables and updates should be communicated regularly and according to pre-established parameters.
Following these four recommendations will increase your chances of delivering your cybersecurity projects with more ease and confidence.