PMIH Volunteers Give Back at ServiceWorks Skill-Building Bootcamp

    PMIH Volunteers Give Back at ServiceWorks Skill-Building Bootcamp 

    By Amy Stonesifer, SVP External, PMI Houston 

    On August 6th 12 PMI Houston Members volunteered to support ServiceWorks, a groundbreaking national program that uses community engagement and volunteer service as a strategy to help underserved youth and young adults develop the skills they need to reach their college and career goals.  The Skill-Building Bootcamp is a high-energy, intense immersion experience powered by AmeriCorps, Points of Light and the Citi Foundation. 

    The event was held at Andrew Carnegie Vanguard High School for Houston area young adults between 16 – 24 years old who participated in the Mayor Turner’s Hire Houston Youth program.  Participants learned how service can be a pathway to college and career and were inspired to become agents of change in their own communities. 

    Volunteers had the opportunity to spend one hour using project management skills to set a goal and break it down into the steps needed to achieve the goal.  Students working in small groups selected from one of 3 goals:  applying to college, buying a car, or finding a job. 

    It was amazing to see students realize the steps it would take to achieve their goal and apply a timeline to it.  Participants worked with the mantra, “Plan your work, Work your plan. 

    The students amazed us!” commented volunteer Amy Stonesifer.  They really took the challenge to heart and saw the value of planning to achieve a goal.  They all saw how early they had to start to achieve the goal and how to apply a timeline. 

    PMI Houston Volunteers included: 

    • Keisha Sneed 
    • Patty Trimingham 
    • Max Meindl 
    • Kimberly Rhoton 
    • Walter Viali 
    • Pranav Patel 
    • Tarek Salloum 
    • Dinah Sylvester 
    • Shawn Stolle 
    • Donn Powell 
    • Juan Parra 
    • Amy Stonesifer 

     

    Event hosts included Georgia Gillette and Neil Bush from Points of Light foundation.  

    The Mayor was so excited about the success of this program they plan to repeat it and grow it next year.  Watch this summer for the opportunity to participate as a volunteer. 

    Changing Behaviors at the Cyber Security Front Line

    Changing Behaviors at the Cyber Security Front Line  

    By Catherine Pye, Principal Consultant at Pcubed 

    While cyber security is not every employee’s day job, all employees are at the front link of cyber threats.? Pcubed’s Catherine Pye highlights her work in the Energy sector, applying an Agile approach to behavioral change management aimed at maintaining a healthy cyber security culture. 

    Those in the know predict that the cyber security landscape will likely get worse before it gets better. Symantec reported that in 2015 a record-setting nine mega-breaches occurred, with 429 million identities exposed – a 23% increase on 2014.1 Many companies recognize this trend and are making proactive investments in cyber security capability, not only for their new innovations, but also working retroactively; looking to protect what is in production today.  

    To meet this goal, technology-based solutions alone are insufficient, as even the best technology is inadequate if human operators are unaware of their role in mitigating the threat. To engage the human factor, behavioral change management plays a critical role in the deployment of any cyber security enhancement project, particularly when seeking to get ahead of the curve or when the corporate perception of risk is lagging.  

    Working with an oil and gas major to implement an accelerated cybersecurity program focused on proactively delivering resilience, presented a unique set of challenges for the Pcubed team, particularly with the current economic backdrop. One key project focused on removable media (such as USBs, smart devices and portable hard drives) as a threat vector within the industrial control systems (ICS) space. While well-funded by enterprise IT, the accelerated pace to drive change across a vast array of diverse business units in a traditionally non-IT space required careful planning.  

    Building Awareness  

    When undertaking this proactive cyber security change initiative, it was essential to quickly and clearly articulate the risk. In the evolving risk landscape, many operators may not understand the mechanisms by which malicious code can be transmitted;  

    "like a flu virus spreads through an innocuous handshake, so can malicious code through thoughtless insertion of a USB flash drive into a corporate network." 

    USB has been identified as the primary method to spread STUXNET, a malicious worm notoriously used to target Programmable Lifecycle Controllers (PLC) within automation systems.2 In the ICS space, many networks are operated by facility / mechanical engineers and sometimes leverage vendor-rich resource pools; two groups that often have higher demand for file transfer flexibility, but are also outside the usual corporate IT messaging and communication channels. Engaging end-users through existing channels of communication - where they exist - and training for the specific user base significantly improves the adoption success rate. Using Business Unit Liaisons / Coordinators, to push and pull communication and training through these channels enables effective engagement. Early establishment of appropriate communications channels for casual, contract or a non-traditional workforce is vital to drive awareness and build desire to become part of the solution. Under this project, site champions were identified to perform local site visits and to post policy and process information at the worksite.  

    When developing a solution to resonate with end users, it was useful to demonstrate knowledge of the procedures and controls currently in use within the business. The project team used surveys to gather “current-state” data from each end user group to define maturity, then validated the findings, thus ensuring relevant recommendations were demonstrated to be fit-for-purpose. Engaging end users in the conversation from this early stage builds the omnipresent foundational layer of all change models – Awareness. Ensuring a thorough knowledge of the baseline practices also © PCUBED | 2016_ChangeAtCyberSecurityFrontLine | 2 - 2 provided the opportunity to develop use cases in-house; acknowledging home-grown expertise within the company, proven to fit current operating models.  

    Roadmap to the Desired State  

    As deployments commenced, Pcubed began championing early adopters to share success stories and case history which aided the project team in demonstrating the benefits of the action.  

    "Evidence of improved detection rates are gold for a pro-active cyber security project – driving desire for change by demonstrating that the problem exists and that you have successfully mitigated it, all-in-one." 

     This project encountered end user resistance based on perception of low return on investment in the current fiscal climate. Conversely, other stakeholders suggested that the solution did not go far enough or provided only a low value-add intermediary step, which could cause a need for re-work in future. To satisfy both arguments, it was necessary to demonstrate the investment to be incremental, agile and supportive of current business practices.  

    Integrating cyber security is a modern cost of doing business, making many cyber security projects a matter of compliance. Proving measurable benefits (through championing of early adopters) in the short term, and providing a clear and concise road map for building out the capability over time, provided ample fodder to build up that desire and reduce adoption resistance. To help users understand the incremental approach, the project team leveraged industry best practices such as P3M3 and BISSM to design a maturity model to assess people, process and tool capability. Business units were measured against the model, and required actions and recommended practices were tailored to their current state. Business units with below average practices were instructed on how to meet minimum bench marks with a focus on how this initial investment could be built upon as the processes matured.  

    Helping stakeholders and end users to understand the threat and change behavior, rather than rely on technology alone to mitigate risk, is not a small undertaking. The optimistic human condition can make it challenging to build up excitement when the risk doesn’t yet seem real to users. Supplementing change tactics with proven tools and techniques from three of the four Pcubed service lines; program delivery using AGILE, change management, and enterprise project delivery helped ensure project success. The Pcubed project team found that early and active engagement through existing channels, and leveraging an Agile, incremental approach to solution design and deployment goes a long way to breaking down resistance and enticing users from all fields into the mindset of maintaining a healthy cyber security posture.  

    References:  

    1) Symantec 2016 Internet Security Threat Report  

    2) Stuxnet delivered to Iranian nuclear plant on thumb drive, CNET  

    For further information on this article and Pcubed, please email info@pcubed.com 

    Catherine Pye is a Pcubed Principal Consultant in the Energy, Oil and Gas sector, based in Houston. Qualified as both Prince2® and MSP® practitioner, she specializes in delivering high complexity change programs with national and global stakeholders.  

    Pcubed is the largest global management consulting firm uniquely focused on program, portfolio and change management. Every day, we support our clients by steering major Projects and Programs, managing Project Portfolios, improving the maturity and efficiency of PM Organizations, and addressing business transformation and change management issues.