The US Military has Finally Met Their Match in the Overuse of Acronyms – Welcome to the World of Cybersecurity!

The use, and overuse, of acronyms only serves to add to the confusion and complexity surrounding cybersecurity. This can be a real hindrance to having conversations and making presentations to non-cybersecurity practitioners. It can also mean the difference between winning or losing funding for your next big project. Business executive’s eyes glaze over and they quit listening when they are bombarded with tech-speak and acronyms.

We are fighting back by providing a free PDF download of all the top cybersecurity terms, acronyms, and definitions. The next time your CISO wants to talk to you about funding a CASB, tell him to go get his SEG and NGFW fully functional and then you will consider it. Charlie Mike Roger and Out…

Section1 Cybersecurity Terms and Definitions Download

Capture

The Power of Phase I

The Power of Phase I

If you have been an IT leader for any length of time, it is in inevitable that you will have projects that fail. Let’s define failure as any project that fails to meet time, budget, or deliverable expectations. It is especially tough in the mid-market space since we are more likely to depend on vendors than our fortune 1000 counterparts, but no company is immune from problem projects.

One of the best ways I have found to reduce the inherent risk of project failures is to always think in terms of Phase I.

ProjectsFail

Phase I can be a proof of concept, an assessment, or a consulting engagement designed to discover and document requirements that can be used to reduce risk for the next phase of the project. There should be no expectation from the vendor performing the phase I engagement that they will become the vendor of choice for the next phase of the project – although it shouldn’t necessarily preclude them either. You just need to be careful that they are presenting you with unbiased information and not coloring or distorting the findings to sway the next phase in their direction.


The Stage-Gate Approach

Projects of any significance in terms of scope, impact, or investment, should never receive just one approval. Multiple stage-gates can be part of the governance process for complex and high-dollar projects, but even smaller projects should have at least one as part of the overall design and requirements review.

A good Phase 1 stage-gate design allocates just enough budget to accomplish the following:

  • Discover and document all functional and non-functional requirements
  • Create and document a design that meets all requirements, or identifies gaps
  • Identifies all hardware, software, resources, and third-party vendors that will be needed to complete the project
  • Compares the design and all known costs to the original budget and business case

Only after completing these steps can an informed go/no-go decision be made based on validating the original project and budget assumptions. The output of the Phase 1 stage-gate can be used to develop requests-for-quotes (RFQs) for smaller projects, and request-for-proposals (RFPs) for larger initiatives. Larger projects may also justify several phase-gates after the following steps:

phasegates

Examples

  • Create a paid Phase 1 initiative for a vendor to conduct a wireless site survey to determine the equipment needed for coverage, and then send the design document out to several providers for proposals. If you are paying for the wireless survey and design, there should be no expectation that you are going to use the same vendor for the complete project, although it is certainly an option.
  • Use an experienced independent contractor to discover and document requirements for a new software package, such as financial reporting. Take those requirements and turn them into an RFQ , or RFP, and send it out to 2-3 potential candidates. Conduct your Phase1 go/no-go based on the completed proposals and select the winner. The caution for these types of projects is to not use a company to build the RFP that also sells one of the proposed solutions since the proposal might be biased in that direction. Independent contractors are sometimes better in this instance.
  • Use a cybersecurity assessment to build a security program roadmap, prioritizing certain investments over 6 month or annual periods.
  • Utilize a Phase 1 assessment to develop requirements that can be used to determine the best fit for a managed service provider.
  • Utilize a Business Impact Assessment to feed into a disaster recovery initiative.
  • Create a Phase I project to assess the capabilities of your data center and use that to drive additional projects to increase maturity

The power of Phase I comes from its ability to utilize a small investment up front to identify and reduce risks before they become the cause of your next failed project. As you go through your next budgeting process, think in terms of multiple project phases and reduce risk, stress, and precious business capital.