2009 National BDPA Technology Conference Presentations

2009 National BDPA Technology Conference
Raleigh, North Carolina

Professional Development
•Everybody Matters: A Practice in Diversity Appreciation
•High- Tech High- Touch Coaching. Why It Works
•LinkedIn- Networking for the 21st Century
•Put Your Career on Steroids in a Matrixed Organization
•Why Go Geek?


Everybody Matters:
A Practice in Diversity Appreciation™

L. LaShawn Brown
One in a Billion Consulting

August 5 – 9, 2009
Raleigh, NC
3

Presentation Objectives

• To illuminate one key way to be a better
listener;
• To become more informed about how to be
more supportive of members in various
subgroups represented in the session;
• To recognize that diversity is a multi-faceted
word;
• To practice the conscious act of appreciating
the unique qualities found in all people

4

Everybody Matters

• Introduction/Overview

• Participant Introductions

5

Listening Exercise

• Name some challenges to listening.

• Why is it important to listen?

• In what ways do we not listen?

• Do listening activity.

6

Working Agreement

• Create a working agreement together and
post in the room

7

Appreciating Similarities

STAND IF…

• Stand when your category is called.

• Recognize with whom in the room you have
commonalities.

• Practice appreciating multiple qualities in
people.

8

Shifting Paradigms

• What are some key differences between
assimilation, differentiation, and inclusion?

9

Cognitive Scripts

• What is a cognitive script?

• How does it affect me?

• How does this affect stereotyping?

10

Honoring Differences

How I View The World

• Break into smaller groups

• Do “Respecting Differences” Activity

11

Wrap Up

• Appreciations/Highlights

• Q&A

• Evaluations

• Dismissal

12

Contact Information

L. LaShawn Brown
President/CEO
One in a Billion Consulting
LaShawn@oneinabillionconsulting.com
210.775.2637
www.oneinabillionconsulting.com

13


“ High-tech high-touch coaching “

Doris Shannon
CEO
Coaching for Success Inc.

August 5 – 9, 2009
Raleigh, NC

Coaching for Success Inc. 14
http://www.coaching4mysuccess.com

What is personal coaching and
why it works.


Personal coaching!
• Human-to-human coaching has proven to be the
most impactful of all human performance
development methodologies.
• Coaching does not replace education and training.
• However once a person has learned what is
needed to meet the norm/be competent - coaching
helps them both define and create success.
• Success is a personal “choice”.
• The multi-billion dollar profession of personal
coaching helps people create it.

16 Coaching for Success Inc.

What is personal coaching?

• Coaching is often confused with, consulting, therapy and
mentoring

Consultants Coaches
Supports people
Therapists
Supports organizations in becoming
to become successful successful
Focus you on
Focuses you on understanding your
creating past.
your future.

Reveals clients to
themselves.

Reveals common
experiences and their
perspectives.

Mentors


Coaching works!
that‟s accepted, without question
in sports.

winning winning

Individuals Teams


Activity
• What do sports coaches do that creates
winners?


Coaching creates
Winners in business.
In the past 10-15 years performance coaching has
moved inside organizations.


Who‟s getting coached?

Inside organizations

2009 Sherpa Executive Coaching Survey:
Coaches work with:


Executive coach compensation

$3,500
per hour
2009 survey:
$200
per hour Under 3 years: $250 per hour
3-5 years: $260 per hour
5+ years: $335 per hour


Because it works!

• Studies show proven performance
improvements from coaching executives

• Booz Allen study - 689% ROI
• Manchester - over 6- times ROI


Non-executive coaching studies
Sherpa & ICF studies

•96.2 % would repeat their coaching experience.
•82.7 % “very satisfied” with their coaching experience.
The top three motivations for obtaining coaching are 1) Self-esteem/Self-confidence (40.9 percent); 2)
Work/Life Balance (35.6 percent); and Career Opportunities (26.8 percent).

Who hires coaches
•The majority of coaching clients have acquired an advanced level of education
(a post graduate degree such as a master‟s degree or Ph.D.).
•The duration for the average coaching relationship for survey participants was 12.8 months.
•65 percent of coaching clients are female.
•The largest cluster of coaching clients are between the ages of 36 and 45 (35.9
percent).


3 broad coaching niches

• Executive/leadership
development coaches
• Career coaches
• Life coaches


EVOLUTION of coaching

• # of coaches

• Use of technology


High-tech, high-touch coaching


Group Coaching
Group Coaching is a
wonderful opportunity to
receive coach-like facilitation
while benefiting from the ideas
successes and challenges of
others.

“knowing”
Group Coaching is highly
effective and an efficient use of
time. Call in from the
convenience of your home or
office or any location. There is
no need to go anywhere.

$ Savings


Maestro Conference calls


Deepen your understanding of
why coaching works


Why Coaching works

• We asked our clients


Ubuntu… I am because of others

• "Ubuntu" means I am a person through
other persons, referring to the fact that
you cannot be human alone, that you find
meaning and fulfillment in community with
others, and that you are who you are
because of others.
• “One of the sayings in our country is Ubuntu - the essence of being human. Ubuntu
speaks particularly about the fact that you can't exist as a human being in isolation. It
speaks about our interconnectedness. You can't be human all by yourself, and when
you have this quality - Ubuntu - you are known for your generosity. We think of ourselves
far too frequently as just individuals, separated from one another, whereas you are connected and what you
do affects the whole world. When you do well, it spreads out; it is for the whole of humanity.


Coaching works
engages our 3 most powerful intelligences

#1

#3 #2

3rd I intelligence quotient 2nd Emotional quotient


What is Spiritual Intelligence?


ACTIVITY
Are you ready to win?

Question: If you have the K.S.A. what else do you
need to win?


What is your new “Knowing”?


YOUR Questions


References

Research studies/papers Finding a personal coach
1. Booz Allen “The Business Impact of Websites
Executive Coaching • International coach federation
2. Manchester “Executive coaching
yields return on investment almost six  http://www.coachfederation.org/find-a-coach /
times its cost, says study”  ICF Local chapters
3. 2009 Sherpa Executive Coaching Survey

Group coaching organizations
1. International coach federation (ICF
http://www.coachfederation.org/find-a-
coach
2. Compass/Coach Training Institute


Contact information

Doris Shannon
Coaching for Success Inc.
doris@coaching4mysuccess.com
678-701-5815


What is Personal coaching…
Partnership
Builds client-directed partnerships that
Helps people
are confidential, non-
find and reach judgmental, trusting, collaborative, sup
Ask the clients to
their goals and portive,
do more than
dreams
they would have And focused on action, growth and
done on their results.
own.
Customized for
each clients
•Focuses the evolving needs
client to more
quickly produce
results Provides the tools, Elicits the
support and client‟s natural
structure to inspire wisdom and
the client to creativity
accomplish more.


Top 10 Benefits of coaching

1. Maintain a greater focus, clarity
and purpose.
• Define personal and business
vision and map out a strategy.
• Set goals you‟re passionate about.
• Build life-changing skills.
• Create a better life – not just a
better lifestyle.
• Balance professional life with
personal values.
• Develop and maintain momentum.
• Take Accountability.
• Work smarter, not harder.
• Eliminate limiting beliefs and gain
new perspectives.


2009 National BDPA Technology
Conference

Networking for the 21st Century
Presented by

Keith Warrick
August 5 -8, 2009
Raleigh, NC

An online professional networking site
with 40+ million professionals.

Learning Objectives

• Top 10 Uses
• Overview of
• Setting Networking Goals
• LinkedIn Resources

Top 10 Uses
• Personal Connect with friends, family, classmates
• Business Work with colleagues, recruiters, hiring
managers and associates around the world
• Hiring Post/distribute job postings
• Helping Others Pay It Forward ( ))
• Find Recommended service providers, new
clients, subject matter experts & partners
• Be Found For Business Opportunities
• Search For jobs and companies
• Discover Connections to land new jobs/close deals
• Find High quality passive candidates
• Get Introduced To Other Professionals through your network

What Does Success Look Like?

Succeed by finding the individuals you seek
 Sales Leads
Executives from every Fortune 500 company

37m  Candidates
Users Millions of employed professionals open to
hearing about new career opportunities

 Business Partners
More than 50,000 companies worldwide

 Industry Experts
Experts in all major industries

LinkedIn Facts

Largest, most popular professional/business social
networking site.

• 40+ million users in 170 industries globally

• Millions of business introductions have been facilitated

• Users accept 84% of all introductions

• Based on six degrees of separation concept but displays three
degrees on LinkedIn

Sean Maya Mike
Brett 1st level =
Bob
Seth 500+
Jeff Chris
Malik Justin
Dave
Pam
Keith
John 2nd level =
Dave Rod 92,000+
Caryn
Brad
Mark Juan
Chen
3rd level =
Doug Cyana Lisa
Allan 6,000,000+
Jean
Dwayne

LinkedIn: Three Levels of Connection

Your Home Page

The In Box …How To Find Everything!

The Home Page of LinkedIn!

•Activity Summary on Home
Page

•Inbox
•Network Updates
•Profile Updates from
your Contacts
•Recommendations
shared by your contacts
•New Connections
•Info on your total
network – group
Navigate the updates, etc
website easily
from this box

Inbox Of LinkedIn!

•You may receive multiple invitations at one time.
•To Add at one time, simply click on the arrow next to Receive, select
„Invitations‟ , each invitation and then click „Accept‟.
•Follow the same process for InMail, Introductions, Q&A, Jobs, group
messages and recommendations.
•To handle individually, click on Subject.

Site Map Of LinkedIn!

Site Map is found on the Bottom of each page

Develop A Complete Profile
• Two Goals
1. Want to be found by business partners, prospects and recruiters quickly.

 Reflect on how people search for business contacts and populate your profile
accordingly.
 Use your „brand statement‟, 30-second commercial or elevator speech to
engage a reader in your career summary/highlights in the „Summary Section‟
 List keywords that you use on your resume in the “Specialties Area” to
maximize chances of being found in searches

2. To be found by employers, colleagues, alumni and classmates.

 List every employer and full academic history (leave off the years if you are
concerned about age)
 Highlight accomplishments for each of your employers
 Ask clients, managers , vendors and peers for recommendations
 Allows former colleagues to find you

Obtain Recommendations
• Request that your best clients, vendors, former colleagues and
managers write a recommendation

• Why?
 LinkedIn prioritizes search results by # of recommendations and account type.
 8 + recommendations will be featured prominently if a search is done with your
keywords.
 Using Search Engine Optimization (SEO) principle - the more clicks on a web page the
higher it shows up in search results. This builds your brand because it keeps looping
back due to you having lots of recommendations.

 Greater likelihood that you will be contacted by someone viewing your profile
who doesn‟t know you personally
 Recommendations build your credibility with those that do not know you thereby
decreasing risk on their part

Obtain Recommendations

• You control what is displayed on your profile
 Any mis-spelled words or grammatical errors can be returned back to the
sender for revisions
 If the tenor of the recommendation is not to your liking, you can always
choose to not display the recommendation on your profile

• Give To Get – writing one for someone else usually prompts
him/her to reciprocate

• All recommendations can only be written by a LinkedIn member.

Keith’s Profile

If You Want All
To Connect to
You, Add Email
to name line

Email could go in the
heading section

•PDF Download
• Can attach as a
supplemental doc to
supply recommendations
to Hiring Managers
•Create a personal, vanity
profile link
•Edit Any Field Easily

Details Of Your Public Profile on LinkedIn!

•Public Profile
Settings Page
•Verify Data You Want
On Internet
•Use Full View
 Several Others To
Include:
•Basic View Includes:
name, Industry, Location, N
umber of
Recommendations
•Headline
•Summary
•Specialties
•Current Position with
Details
•Education
•Websites
•Interests
•Groups
•Honors and Awards
•Interested in

Invest Time And Energy Into Making Connections!

has over 40 million members!

Who do you know?
Think of everywhere you have worked, lived, volunteered,
worshipped, hung out…you know lots of people!

• Co-Workers
• Classmates
• Neighbors
• Friends
• Relatives
• Service Providers
• Clients
• Vendors
• Mentors

GROW YOUR NETWORK (Caution)
• Always personalize your invitations to connect and never use the standard
default message of “I‟d like to add you to my network on LinkedIn”.
• Invitee can select one of three options – ACCEPT, ARCHIVE & I DON‟T
KNOW.
• A personal message makes connecting more compelling and shows that
you intend to treat your network with the 3 As: Attention, Affection &
Appreciation.
• Create LinkedIn invitation script templates that you can use over and over
by simply modifying the details for each particular invitation.
• An ARCHIVED invitation simply means that it will be stored away on the
Archive Server, available for you at any time on your account.
• If an invitee selects the I DON‟T KNOW button 5 times (cumulative) you will
be locked out of LinkedIn.
• If locked out of LinkedIn, you will have to contact LinkedIn customer service
via EMAIL ONLY (NO PHONES) and beg and plead to be reinstated.
• LinkedIn sends a warning message to you after the 3rd time someone has
selected I DON'T KNOW as you are inviting new connections to connect

SEARCH FOR CONTACTS

•Keyword Search
•Like other standard search
engines
•Place “Multiple words”
searches in Quotes
•Narrow Search Criteria by
making as many selections
as possible

Use complex Boolean searches to Can do Simple Name Search at
find just the right contacts! Top

(HR OR human OR employee OR
staffing OR recruiting OR recruiter
OR employment AND (vice OR VP OR
EVP OR SVP OR director)

THE THREE I’s
Invitation
• A direct request to join LinkedIn and/or your network from another LinkedIn user.
 The requestor must have your e-mail address in order to send the invite unless he has
indicated you are a friend, colleague, classmate , done business together or share
membership in a LinkedIn group. Selecting „Other‟ will prompt the invitee‟s e-mail address to
be input.
• Invitations are a free service to all users with a lifetime limit of 3,000.
Introduction
• A free service for all users with a limit of 5 in the free account.
• 1st degree contacts can introduce you to 2nd or 3rd degree (and above) connections.
• All parties in the process must be LinkedIn account holders.
• This process facilitates an electronic introduction but does not add this person to your
network.
InMail
• This is a paid service if you are a free account holder – each InMail costs $10.00 or
part of a premium account.
• Allows you to connect directly to someone outside of your network without an
introduction but it does not add this person to your network.

Introduction

LinkedIn For Dummies by Joel Elad recommends that you observe the following
protocol in using
the Introduction Request feature of LinkedIn:
Approaching Each Party in the Introduction
Be honest and upfront – say exactly what you hope to achieve so there are no surprises
• Be polite and courteous – you are asking your friend/contact to make this introduction so that your
request goes to the intended party
• Be ready to give in order to get
• Be patient – you may have a deadline (don‟t we always?) but everyone else usually operates on a
different schedule and different levels of urgency – you can monitor the status of the introduction at any
time by returning back to the message and viewing its forward status by the trail of green arrows and
button – all green – it has been forwarded

When writing your message to your intended recipient, keep these tips in mind:

• Be honest and upfront
• Be succinct
• Be original
• Be ready to give in order to get

InMail

Directly contact with InMail
 30x more likely to get a response

 Fast and Direct
o Delivered to the user‟s e-mail address/LinkedIn InBox on their
home page

 Trusted
o LinkedIn acts as a secure communication broker – the privacy of
the recipient is maintained – you never learn what their e-mail
address is.
o It‟s a cold contact but your professional profile and the compelling
reason you provide in your message gives your recipient the
confidence to respond.

InMail

 Find some commonality between you and the recipient before
stating your desire/need in the opening sentence. Save that for
the body of your message. Eg.
o Simon: I came across your profile on LinkedIn and noticed that we
have several groups, past employers and people in common. I am
a business analyst here in the metro Atlanta area and am always
looking to grow my network. Would you be open to a call or a cup
of coffee this week to discuss XYZ? – XYZ = the reason why you
need to connect with Simon.

Be Proactive!
Approach Potential Business Partners & Prospects

Approach Don‟t wait for others to find you. Search for your
connections.
Continue To network with new people – those who can help you
reach your goals.
Ask People to introduce you to their contacts – 9 out of 10
times they will respond without hesitation.
Remember Open doors – find senior executives you want to do
business with.
Send Notes to thank individuals for making introductions and
for those who accept your invitation to connect.

JOIN GROUPS

• Over 220,000 groups on LinkedIn.
• Bring together people with common interests and backgrounds – i.e.,
professional groups, alumni groups and employment-related groups.
• Can create a group or join an existing one.
• Click on Groups …groups directory – by category or keywords.
• Maximum of 50 groups that you can join.
• Have access to group members – can send them a message and not
be directly connected.
• When a network search is done, group members that match your
criteria will come up in the results.
• Can participate in discussions – posting questions and answering them.
• Job postings are posted in groups.
• News/magazine articles can be posted in groups – information
repository.

Advanced Tips

Complete Your Profile

• Upload a photo (makes your profile complete). Makes it easier for others to
connect with you and remember who you are.
• Post questions and answers.
• Update your Status Message (What are you working on?) – allows up to
100 characters to inform who you choose (your network or anyone) what
you are currently doing. Helps build a true network community and
strengthens those ties.

YOUR SEARCH
…search your whole network in just a few minutes.

Looking for Jobs or Companies!

Search For Jobs

•Jobs Screen

•Update all your
information
before using tools
– profile,
connections and
recommendations

Search For Companies
New Feature on LinkedIn!

Tools & Plug-Ins

Download From Site List

Using The Tools on LinkedIn To Maximize Your
Productivity!

•Use Site List
to Find This
Page For your
Downloads

LinkedIn Outlook Companion Toolbar

LinkedIn Browser Companion Toolbar

Featured Applications

LinkedIn Applications enable you to enrich your profile, share and collaborate with
your network, and get the key insights that help you be more effective.

Applications are added to your homepage and profile enabling you to control who
gets access to what information.

New on LinkedIn!

• Events
– Found under Applications. This functionality allows a user to add an event to LinkedIn to
promote to his network. A message can be sent out to 50 connections at a time so if you are
inviting more than 50 from your network, you will have to send the message out as many
times as needed to reach your target audience number. Connections can respond to the
message by indicating if they will attend, are interested in attending or not attending.
• Personal Information
– Found on your profile between Honors and Awards and Contact Settings. Here you can
provide additional details around yourself that increase your accessibility such as your
birthdate, marital status, Instant Messenger ID, address and phone number. Some things can
be controlled as to what is displayed here on your public profile vis-à-vis the profile that your
network connections see.
• Tags
– This is the newest feature. Found under Connections. Tags are custom categories that you can
use to organize your connections on LinkedIn. You can create up to 200 tags and assign people
to more than one tag. You can use this to become a master networker by classifying everyone
by their specialty area, you will be able to connect people with the right opportunities.

Your Account Settings

Setting Them Up!

Account Options For LinkedIn!

•Be sure your settings
are the way you want
them and not the
system defaults.
•Also can upgrade to a
premium account on
this page.
•Enter all of your e-
mail addresses that
will receive LinkedIn
invitations.

Account and Settings

Settings Options
For LinkedIn!

Online Networking Dos and DON’Ts

Do
• Have a pay it forward attitude – give to get.

• Assess your skills, talents, experience and work style to convey your personal
brand and unique selling points.

• Focus on relationship building - finding people you don’t know.

• Focus on relationship building - reach out to those people you don’t know.

• View LinkedIn as an enormous spider web.


DO

• Focus on contacts that can help you get to the right person.

• Invite every person you meet to join your network.

• Accept invitations within a reasonable period of time.

• Set networking objectives and milestones.

• Understand the quality versus quantity debate in growing your network.


DON’T
• Forget your manners.

• Be selfish by abusing your network.

• Join LinkedIn, develop a profile and don’t accept new contacts or requests for
help.

• Be afraid to reach out to people you don’t know.

• Share access to your connections.


DON’T

• Let LinkedIn serve as a substitute for human interaction.

• Have unrealistic expectations.

Quality versus Quantity Networking

Who To Invite?
• Old school – only invite people you know and trust very well and be willing to
recommend

Open Closed

*LION *Hound Dog *Turtle

• New School - Dinner Part Introduction – know people casually or not at all
• Some people have hundreds, if not thousands of people in their 1st degree network.
How strong can these relationships be?

• From LinkedIntuition – http://linkedintuition.com/blog/the-lion-the-turtle-and-the-hound-dog, 03/26/09


The power of weak ties

• Weak tie: a friendly yet casual social connection.
• There is compelling data that shows that people don’t always get their
jobs through their friends. They get them through weak ties.

• Why?
– Traveling in the same circles sometimes means that you already have exhausted those
same connections.
– Limited opportunity due to smaller reach of companies and industries.


Networker: what are you?

• LION – An open networker – accepts all and any invitations to connect.

– Advantages:
• Grows your network exponentially – allowing you to see more in your target
searches for companies and contacts.
• More connections allows you to help others especially if it is in an area that you
have no expertise or knowledge. Remember it’s all about helping others first.

– Disadvantage:
• If an introduction request is made, they likely do not know the person and
therefore, can only pass on a lukewarm introduction.



• Hound Dog – Someone who connects to those that they know or connects
to those that they would like to know better. Hound Dog will have some
impact on the size of your network, more than a Turtle but less than a
LION.

– Advantage:
• If an introduction request is made, it will be better received than one from a LION.

– Disadvantage:
• If an introduction request is made, it will not be as good as one made by a Turtle.



• Turtle – is a closed networker or someone who has chosen to connect only
with those that they know very well.

– Advantage:
• If an introduction request is made, it is likely to be a very warm (quality)
introduction.

– Disadvantage:
• Since the size of their network is small, they will likely have less of an impact on the
size of your network.

LinkedIn Resources

• Blog by Sean Nelson
– Linked Intuition – http://linkedintuition.com/blog : sign up for the RSS
Feed – tips and tricks on LinkedIn
• Books
– Seven Days To Online Networking – Diane Crompton and Ellen Sautter
– LinkedIn For Dummies – Joel Elad
– How To Really Use LinkedIn – Jan Vermeiren

Contact Information

Keith Warrick

Trainer Consultant
404.580.3585
warrickk@successarchitechs.com
keith.warrick@gmail.com
www.successarchitechs.com


Putting Your Career on Steroids in a Matrixed
Environment

Cecil Jones ABD, MBA, PMP, CCP

August 5-9, 2009
Raleigh, NC


• Knowing Yourself and Being Your Best
• Knowing Your Organization and Its Values
• Understanding the 21st Century Workforce
• How to Move Up
• When to Move Laterally
• „Your Services are No Longer Needed‟
• What is this Networking Stuff?
• Putting Your Career Plan Together

115

Knowing Yourself, Being Your Best

• “We have met the enemy and he is us” –
Pogo (1)

• Assess yourself critically and honestly
• Become responsible for your own
development (2)
• Achieve and maintain productive
interpersonal relationships (2)
• Commit to achieving organizational goals
through improved performance (2)

(1) Pogo – syndicated cartoon column
(2) Being Your Best by Michael Baroff 116

Know Your Organization‟s Values

• Does your organization value relationships
above productivity?
• Does your organization value seniority?
• What are your immediate manager‟s values?
• What are your boss‟ boss values?
• What are the backgrounds of your peers and
your managers (direct and indirect
reporting)?

117

Understanding the 21st Century
Workforce

• A View of Work and
forces impacting your
Who is Working
work

Assess your world and the larger
environemnt

Future Developments
How is work
affecting your
organized
workplace

The 21st Century at Work by Karoly and Panis

118

The IT Professional Outlook:
Strategic Planning Assumptions
• By 2010, six out of 10 people affiliated with the IT
organization will assume business-facing roles around
information, process and relationships (0.7 probability).
• Through 2010, 30 percent of top technology performers
will migrate to IT vendors and IT service providers
(0.8 probability).
• By 2010, IT organizations in midsize and large companies
will be at least one-third smaller than they were in 2000 (0.7
probability).
• By 2010, 10 percent to 15 percent of IT professionals will
drop out of the IT occupation (0.7 probability).

X Quarter NBOD Meeting2007 National BDPA 119
Technology Conference

How to Move Up

• Promotion
Considerations
Do the leaders in organization
Is the Position look favorably upon you?
Available? Know this BEFORE
you apply for the new position

What will the new position require?
Why do you qualify?

120

When to Move Laterally

• To obtain additional needed skills, and
references
• To gain leadership skills – movement from
technical lead to managerial in the same
grade level
• To affiliate with promotable parts of the
organization
• To prevent layoff

121

“Your Services are No Longer Needed”

• Know the Signs
• Decreased Workload
• Memos cutting back on expenses
• Others are being „let go‟
• Change in the boss‟ attitude/communication with you
• New manager to which you report
• Organizational change
• Others trying to take your job

The Workplace Survival Guide by George Fuller

122

What is this Networking Stuff?

• Network Personally and Electronically
• Join at least two organizations germaine to
your career (BDPA is a GREAT choice!)
• Join the Membership team of the user group
or networking organization (get to know the
people in the organization)
• Know when you have „peaked‟ in a network

123

Putting Your Career Plan Together

• Know Yourself
• Know which environments in which you
thrive
• Understand how your Personal Financial
situation impacts your career choices
• Know your industry
• Develop your network
• Know who wants you to succeed
• Be great in your chosen career discipline

124

Reference Information

(1) Increasing Demand for Demand Management
http://www.bleum.com/pdf/Increase_demand_for_demand_manag
ement.pdf
(2) http://cio.osu.edu/projects/framework/project_class.html
(3) Kendall & Rollins, Advanced Project Portfolio Management and
the PMO
(4) Gido & Clements, Successful Project Management

?QUESTIONS?
Cecil Jones
Knowledge Services
Jones.1540@osu.edu
614-736-1100

125


“Going Geek is the New Chic”
Milt Haynes
Past National BDPA President
Founder Blacks Gone Geek

August, 2009
Raleigh, NC


This presentation will address all aspects of Careers In
IT and the core competencies necessary to build
and sustain a vibrant, fulfilling and prosperous
career.
• BDPA Education Life Cycle Program “From the Classroom to
the Boardroom” Introduction to IT industry trends and career
development best practices
• Successful strategies on how to get a job, keep a job and
develop a long term IT career
• Research results from the 2009 IT Job Outlook Readers Poll
• Skill sets that are hot in the current job market
• How to use social networking to “get discovered” for the hot job
opportunities
• How to build a successful online business in the IT Industry

2009 National BDPA Technology Conference 127

Why BDPA

When Earl Pace, Jr. and the late David
Wimberly founded BDPA in 1975 they voiced
their concerns as:
•Lack of minorities in middle and upper
management
•Poor preparation of minorities for these positions
•Low number of minorities being recruited for upper
management positions
•Lack of career mobility of minorities
•Lucrative minority placement services dominated
by non-minorities


BDPA Vision

Be a powerful advocate for our
stakeholders‟ interests within the
global technology industry.


BDPA Mission

BDPA is a global member-focused
technology organization that delivers
programs and services for the
professional well being of its
stakeholders.

BDPA Stakeholders

 Members
 Corporate Supporters and Sponsors
 Black IT Businesses and
Entrepreneurs
 Educational Institutions
 African American Community


Milt Haynes


Blacks Gone Geek

Blacks Gone Geek is an online community
that serves to inspire a new generation of
African Americans to consider and select IT
careers, as well enthuse interest and promote
technology entrepreneurship; ultimately
increasing African Americans‟ participation in
IT “from the classroom to the boardroom.”


Abbott Laboratories

Abbott is a global, broad-based health care company devoted to the
discovery, development, manufacture and marketing of pharmaceuticals and
medical products, including nutritionals, devices and diagnostics.

Founded in 1888 by Chicago physician Dr. Wallace C. Abbott, Abbott
has emerged as one of the world's most diverse health care
companies. The company, which ranks No. 80 on the FORTUNE
500, has more than

72,000 employees worldwide serving customers in more than 130
countries.
2008 Annual Revenue: $29.5 billion


IT Senior Management Forum
VISION
•To significantly increase African American
leadership in Information Technology

MISSION
•To fill the executive pipeline with the next
generation of IT professionals and foster the
continuing development of ITSMF members


“IT Solutions for Business Problems in Challenging Economic Times”

"BUSINESS OF INNOVATION AND IT"
"EXECUTIVE GUIDE TO PROJECT MANAGEMENT“
Moderated by Milt Haynes

Tuesday, April 28, 2009
Renaissance Schaumburg Hotel & Convention Center
Chicago, IL
http://www.pemconferences.com/chic09/chic09conference.htm


PMI Chicagoland Executive Council

The PMI Chicagoland Chapter Executive
Council is a group of invited executives from
various Chicago-area industries who share
ideas, perspectives and best practices for
improving the management of projects in
organizations and the role of the project
management profession.
Executive Council Members


BDPA Chicago Corporate Advisory Council

The Corporate Advisory Council (CAC) supports the Chicago Chapter of
the Black Data Processing Associates to fulfill its mission as an
AVDISORY group at the request of the Board of Directors of the Chicago
Chapter. The CAC will assist the BDPA Chicago Chapter in planning,
implementing and funding chapter programs. These programs should be
aimed at improving professional expertise and/or, to improve the
educational possibilities for community youth, through the Citywide High
School Computer Competition and related activities and programs.


Education Life Cycle
From the Classroom to the Boardroom

Corporate Advisory Council
IT Senior Management Forum

Professional
Development
Workshops/Seminars
College
Internships

High School
Computer Competition

High School
Computer Camp

Adopt-a-School
Adopt-a-Class

Our Challenges

• Offshore talent is much cheaper and well trained

• Recent graduates need experience to get a job and
a job to get experience!!

• Recruiters are pressured to present highly qualified
candidate with proven track records

• Entrepreneurs are not big enough to meet tier 1
vendor requirements for Corporate America


BDPA Who‟s Hiring Initiative
Program Background

• Demand for African Americans in IT is
outpacing supply
• Corporations are in need of a comprehensive
recruiting and retention strategy
• Gen Y and Echo Boomers use web 2.0 social
networking tools to communicate beyond email
• Education and training curriculums can‟t keep
pace with fast changing technology skill
demands


Program Purpose

• The purpose of this program is to fill the
pipeline with the next generation of IT
professionals and foster the continuing
development of BDPA members


Filling the Pipeline

Senior Executive
ITSMF Membership
Executive
Middle Management ITSMF Protégé/Alumni
1st Line Management Organization

Supervisory
Technical/Professional BDPA Leadership
Development
Entry Positions
Student Internships BDPA Professional
Development

Next Generation of IT
Professionals



Job Hunt Job
Gain

Professional
Development
Career Coaching Education
Certification Job
SIGs Placement

Job Outlook Career
Hot Jobs Development BDPA Who‟s Hiring
Industry Trends Plan Directory
BDPA Job Postings

http://blacksgonegeek.org/WhosHiring.aspx


Steps for Long Term Employment in IT*

• Obtain a strong foundational education
• Learn technologies used in a global industry
• Keep skills up-to-date throughout your career
• Develop good teamwork and communication skills
• Become familiar with other cultures
• Choose work in areas lest likely to be sent offshore

*From Globalization and Offshoring of Software: A Report of the ACM Job
Migration Task Force


Get Geeked!


Who‟s Getting Hired

• Internal candidates
• Industry experts (PMP, Business Objects, Clarity)
• Market Hires
• Contractors (e.g. Contract to hire, offshore)
• Diversity Candidates
 UNCF
 BDPA
 Black MBAs
 NSBE
 HACE
• Entrepreneurs (Diversity Suppliers)


Critical Skills Focus

“The only way to get ahead and stay ahead in
this challenging job market is to constantly
distinguish yourself from the competition by
demonstrating great performance and
maintaining highly marketable skills.”

Milt Haynes


2009 IT Job Outlook - Detailed Survey
Results


Top IT functional areas for greatest job
market demand in 2009

• Business Process Management 29%
• IT Leadership & Governance 24%
• Program & Project Management 22%
• Solutions Delivery 22%
• Risk Management 20%
• Enterprise Architecture 18%
• Business Planning 14%
• Infrastructure Management 14%
• Organization Planning & Design 12%
• Portfolio Management 10%
• Strategic Planning 8%
• Supplier Mgmt 8%
• Budget Management 6%
• Accounting & Allocation 4%
• Investment Analysis and Intelligence 4%
• Resource Management 4%
• Security 4%


Get Coached!


Feedback

• Can‟t Find a Job? Here‟s Why…
 Under qualified (skill set mismatch)
 Unprepared
 Under developed
 Project a poor image
 Don‟t interview well
 Not ready for the corporate culture
 Can‟t compete
 Reluctant to relocate


Feedback

• Can‟t Find a Job? Here‟s Why…
 You're not as marketable as you think
 You place too much faith in the Internet
 You haven‟t established your brand
 You‟re a lousy planner
 You don't follow up
 and…


Career Coaching
Assisting the BDPA Job Seeker

o How to “Get in the Game”
o Conducting the Employability Assessment
o Setting Realistic Expectations
o Finding the Best Career Objective
o Developing Your Unique Selling Proposition
(USP)
o Passing a Background Check
o Generating Leads


Career Coaching
Assisting the BDPA Job Seeker

o Matching Algorithm Exercise
o Writing a Killer Cover Letter
o Working the BDPA Referral
o Reporting Status
o Interviewing Tips
o Negotiating Offers
o Congratulations!
o Planning Your First 100 Days

http://blacksgonegeek.org/ToolBox.aspx


Coaches Corner: Keys to Success in 2009

o Establish Your Web Presence
o Communicate Your Value
o 6 Letters You Need to Use: G.O.O.G.L.E.
o Job Seeking in a Troubling Economic Climate
o Are you Flexible and Adaptable to a New Corporate
Culture?
o Incorporate the Six Degrees of Separation Theory

http://blacksgonegeek.org/CoachesCorner.aspx


Think BIG!


What‟s your USP?

Faster than a speeding bullet.

More powerful than a locomotive.

Able to leap tall buildings in a single
bound.

Look! Up in the sky!
It's a bird. It's a plane. It's Superman!


P. I. E.

There are three elements important to players who want to fine
tune their skills and move up in their profession. They must:

Perform exceptionally well (10%)
Cultivate proper image (30%)
Manage their exposure so the right people will know them
(60%)

Understand that your performance must be top-notch, because
you can be replaced, but also understand that there‟s a lot
more to career advancement than doing an outstanding job.
From “Empowering Yourself: The Organization Game Revealed” by Harvey Coleman


Get Discovered!


Online Community Start-up Guide

Document Outline

o Introduction
o Beginner's Guide to Website Creation
o Blogging
o Social Networking Sites
o Basic Marketing
o Advanced Marketing
o Branding
o Writing Tips
http://blacksgonegeek.org/OnlineCommunityStartupGuide.aspx


Get Engaged!


Development Spectrum

Development Most
Least Impact

People
Skill Learning On the Full
Examples/ Feedback
Builders from Job Job
Role coaching
Training Hardships Experience Change
Models

•Courses •Job Shadow •Seek and ask •Stretch •Active learning •Lateral
for feedback Assignments
•Seminars •Observe •Teach others •Cross-
Speakers •360 feedback •Unplanned functional
•Workshops •Analysis,
events
•Observe •Mentoring planning, •Hierarchical
•Audio &
Leaders •Difficult task execution
Video Tapes •Exposure •Related
•Exposure to •Mistakes •Lead/participate Business
•Readings •Support
different on a team, task
•Disappointm •Technical/
teams •Guidance force, council
ents Managerial
•Exposure to •Coaching •Cross-train
•Line/staff
different
•Join a
communities •Location
professional
organization •Independence


Critical Success Factors

• Managing Expectations
• Making the BDPA Connection
• Keeping Marketable
• Building a Best in Class Resume
• Leveraging Business vs. Technology
• Staying Interested in Education
• Playing Politics in Corporate America


Recommendations:
Where to Go From Here?

• Choose which domain of expertise best suits you. Learning
and relationships will fuel growth.
• Figure out what appeals to you. Look at industry
segments, business processes, service delivery models
and company size.
• Look outside the world of business IT for new challenges
and emerging roles.
• Network! Tap into professional, personal and social
networks.
• Keep an objective eye on your career path:
Are you doing what you want to do?


Recommendations:

• “Publish or perish”
 Publish Your Own Professional Website, Blog,
Podcast, Discussion Group
• Learn how to sell yourself
• Gain new technical skills
• Develop your soft skills and professional image
• Prove yourself by volunteering and managing a
successful project from start to finish
• Build relationships, references and referrals
• Dodge the offshore bullet by building business
skills and customer facing work experience


Recommendations:

• Know your gifts
• Find your niche
• Develop your business model (SWOT)
• Build your following
• Position yourself to find investors
 Ask and you shall receive
 Learn business development and CRM
 Help me help you
• Sell your wares
• Manage your finances
• Grow your business
• Help others


Recommendations:

• Master the politics of the business inner circle
• Practice life-long learning techniques
• Exercise Impression Management
• Link your accomplishments to the performance
criteria that matters
• Find out what the customer wants and focus on
that
• Get coached, get geeked, get engaged
• Follow-up, follow through and persist until you
succeed


Q&A


Back-up Slides


Recommended Reading

“Beyond Performance: What Employees Really Need to
Know to Climb the Success Ladder” by Roland D. Nolen
“Cracking the Corporate Code: From Survival to Mastery” by
Price M. Cobbs and Judith L. Turnock
“Dig Your Well Before You‟re Thirsty” by Harvey Mackay
“Due North! Strengthen Your Leadership Assets” by Jylla
Moore Foster
“Emotional Intelligence: Why It Can Matter More than IQ” by
Daniel Goleman“
Empowering Yourself: The Organization Game Revealed” by
Harvey Coleman
“How to Be a Star At Work: 9 Breakthrough Strategies You
Need to Succeed” by Robert E. Kelley
“People Skills” by Robert Bolton


Recommended Reading

“The New Rules of Marketing & PR: How to Use News Releases,
Blogs, Podcasting, Viral Marketing & Online Media to Reach Buyers
Directly” by David Meerman Scott
“The Seven Habits of Highly Effective People” by Stephen R. Covey
“The 8th Habit: From Effectiveness to Greatness” by Stephen R.
Covey
“The Secret Handshake: Mastering the Politics of the Business
Inner Circle” by Kathleen Kelley Reardon, Ph.D.
“Political Savvy: Systematic Approaches to Leadership Behind-the-
Scenes” by Joel R. DeLuca, Ph.D.
“Power and Politics in Project Management” by Jeffrey K. Pinto,
PhD.
“Execution: The Discipline of Getting Things Done” by Ram Charan
“The Greatest Salesman in the World” by Og Mandino


Recommended Reading

“The First 90 Days: Critical Success Strategies for New
Leaders at All Levels” by Michael Watkins
“Who Moved My Cheese? An Amazing Way to Deal with
Change in Your Work and in Your Life” by Spencer Johnson,
Kenneth H. Blanchard
Globalization and Offshoring of Software: A report of the ACM
Job Migration Task Force
“Choose to Lead: Advice, Tools, and Strategies from Women
for Women” by Narmen F. Hunter and Deborah C. Chima
“The Tipping Point: How Little Things Can Make a Big
Difference” by Malcolm Gladwell
“The World Is Flat: A Brief History of the Twenty-First Century”
by Thomas L. Friedman
From Good to Great: Why Some Companies Make the Leap
and Other Don‟t” by Jim Collins


Contact Information

Milt Haynes, Founder
Blacks Gone Geek
milt@blacksgonegeek.org
630-707-8001
www.blacksgonegeek.org



Project Management
•An Introduction to the Project Management Lifecycle

•Defining The Enterprise Architecture: The House Built on
Straw

•Going LEAN in Healthcare

•Key Trends in Project Management

•Leveraging the Subject Matter Expert for Project
Success

•Managing Risk of Critical Initiatives

•Portfolio Management, Demand Management and Resource
Management


An Introduction to the
Project Management Life Cycle

Jacqueline Ockleberry, PMP

August 5 – 9, 2009
Raleigh, NC


At the completion of this presentation, you will be
able to:
 Describe the differences between the product,
project, and project management life cycles
 Describe the relationship between the project
management process groups and knowledge
areas
 Explain “the big picture” of what happens and
when according to PMI®
 Identify the PMBOK® Guide 4th edition changes

178

Project Management

In general, for a project to be successful you will
need four things:
 Use of appropriate processes required to meet the
project objectives
 A defined approach that can be adopted to meet
requirements
 A method to ensure traceability and compliance of
requirements to meet the needs and expectations
of the stakeholder
 An approach to keep the project‟s
scope, time, cost, quality, resources and risk in
balance

179

Life Cycles

• Comprised of all the phases and iterations of
Product/Service the product/service
• Varies based on type of product or service

• Comprised of all the phases and stages
Project required to produce the final project outcome
• Varies by industry and project type

• Series of phases required to manage the
Project work throughout the project life cycle
Management • Same regardless of project type or industry

180

Product Life Cycle

181

Project Life Cycle

Design Code Test Train Implement

182

Project Management Life Cycle

Systems Development Project

Design
Design Code Test Train Implement

Initiating Initiating Initiating Initiating Initiating

Planning Planning Planning Planning Planning

Executing Executing Executing Executing Executing

Controlling Controlling Controlling Controlling Controlling

Closing Closing Closing Closing Closing

183

Process Groups
Initiating
• Processes performed to define a new project or new phase of an
existing project by obtaining authorization to start the project or
phase.

Planning
• Processes required to establish the scope, refine objectives, and
define the course of action required to attain the objectives that the
project was undertaken to address.

Executing
• Processes performed to complete the work defined in the project
management plan to satisfy the project specifications.

Monitoring and Controlling
• Processes required to track, review, and regulate the progress and
performance of the project; Identify any areas in which changes to
the plan are required; and initiate the corresponding changes.

Closing
• Processes performed to finalized all activities across all process
groups to formally close the project or phase.

184

Process Groups

 May overlap other process groups

 May be iterative throughout the project

Planning

Executing
Enter Phase/ Exit Phase/
Start Project Initiating Closing End Project

Monitoring and Closing
185

Knowledge Areas

Nine knowledge areas encompass the 42 fundamental project
management processes according to the PMBOK ® Guide 4th edition.
 Project Integration Management
 Project Scope Management
 Project Time Management
 Project Cost Management
 Project Quality Management
 Project Human Resource Management
 Project Communications Management
 Project Risk Management
 Project Procurement Management

186

Framework
Project Management Process Groups
Knowledge Monitoring &
Initiating Planning Executing Controlling Process Closing Process
Areas Process Group Process Group Process Group Group
Group
Develop Develop Project Direct and Manage Monitor and Control Close Project
Project Project Charter Management Plan Project Execution Project Work or Phase
Integration
Management Perform Integrated
Change Control
Collect Verify Scope
Project Requirements Control Scope
Scope Define Scope
Management Create WBS
Define Activities Control Schedule
Project Sequence Activities
Time
Management Estimate Activity
Resources
Estimate Activity
Durations
Develop Schedule
Project Estimate Costs Control Costs
Cost Determine Budget
Management
Plan Quality Perform Quality Perform Quality
Project
Assurance Control
Quality
Management 187

Framework
Project Management Process Groups
Knowledge Monitoring & Controlling
Initiating Process Planning Process Executing Process Process Group Closing Process
Areas
Group Group Group Group

Develop Human Acquire Project Team
Project Resource Plan
Develop Project Team
Human Resource
Management
Manage Project Team

Identify Plan Communications Distribute Information Report Performance
Project Stakeholders
Communications Manage Stakeholder
Management Expectations
Plan Risk Monitor and Control
Project Risk Management Risks
Management Identify Risks
Perform Qualitative
Risk Analysis
Perform Quantitative
Risk Analysis

Plan Risk Responses

Project Plan Procurements Conduct Administer Close
Procurements Procurements Procurements
Procurement
Management
188

Big Picture

Monitoring
Initiating Planning Executing and Closing
Controlling
Project Management
Plan

Requirements Closure, Final
Variances
Product
Project Charter Schedule

Budget

Resources
Deliverables Change Requests Closed Contracts
Roles and
Responsibilities

Risks

Stakeholder Communications
Expectations
Organizational
Quality Forecast Process Assets
(Updates)

Contracts

189

PMBOK 4th Edition Changes

 Standard language incorporated throughout the
document.
 New data flow diagrams clarify inputs and outputs for
each process.
 Greater attention placed on how Knowledge Areas
integrate in the Process Groups.
 The term “triple constraint” removed.
 The term “PERT” added.

190


 Overall number of processes decreased from 44 to
42.
 All process names changed to a verb-noun format.
 Added two new processes
 Identify Stakeholders
 Collect Requirements
 Deleted two processes
 Develop Preliminary Scope Statement
 Scope Planning
 Reconfigured Procurement Management into four
processes.

191


Changed processes:
 Close Project changed to Close Project or Phase
 Manage Project Team changed from a “controlling”
process to an “executing” process
 Manage Stakeholders change to Manage
Stakeholder Expectations; changed from a
“controlling” process to an “executing” process
 Plan Purchases and Acquisitions and Plan
Contracting changed to Plan Procurements
 Request Seller Responses and Select Sellers
changed to Conduct Procurements

192


 Corrective action, preventive action, defect repair,
and requested changes are now under general term
“change request.”
 The Arrow Diagramming Method (ADM) and Activity
on Arrow (AOA) removed.
 The To-Complete Performance Index (TCPI)
calculation added.
 New appendix “Interpersonal skills” added.

 Glossary expanded and updated.

193


 Clear distinction between the elements that occur in
Project Charter verses Scope Statement.
 The Project Management Plan and Project
Documents more clearly differentiated.

194

Project Management Plan Project Documents
Change management plan Activity attributes Quality metrics
Communications management plan Activity cost estimates Responsibility assignment matrix
Configuration management plan Activity list Requirements traceability matrix
Cost management plan Assumption log Resource breakdown structure
Cost performance baseline Basis of estimates Resource calendars
Human resources plan Change log Resource requirements
Process improvement plan Charter Risk register
Procurement management plan Contracts Roles and responsibilities
Quality management plan Duration estimates Sellers list
Requirements management plan Forecasts Source selection criteria
Risk management plan Issue log Stakeholder analysis
Schedule baseline Milestone list Stakeholder management strategy
Schedule management plan Performance reports Stakeholder register
Scope baseline Project funding requirements Stakeholder requirements
• Scope statement Proposals Statement of work
• WBS Procurement documents Team agreements
• WBS dictionary Project organizational structure Team performance assessments
Scope management plan Quality control measurements Work performance information
Quality checklists Work performance measurements
195


Charter Scope Statement
Project purpose or justification Product scope description (progressively
elaborated)
Measurable project objectives Project deliverables
and related success criteria
High-level requirements Product user acceptance criteria

High-level project description, product Project boundaries (exclusions)
characteristics
Summary milestone schedule Project constraints

Summary budget Project assumptions

Project approval requirements (what
constitutes success, who decides it, who signs
it)
Assigned project manager, responsibility, and
authority level
Name and responsibility of the person(s)
authorizing the project charter

196

References

PMBOK Guide®, 4th Edition

PMI®, PMP®, PMBOK Guide®,
Project Management Professional and Project
Management Body of Knowledge are
registered trademarks of Project Management
Institute.

197

Contact Information

Jacqueline Ockleberry, PMP
JYO Consulting
JOckleberry@JYO-Consulting.com
817.784.6926
www.jyo-consulting.com

198


Defining The Enterprise Architecture: The House Built Upon Straw
Conducting The Architecture Discovery

Arturo D. Hill IV

August 5 – 9, 2009
Raleigh, NC

ARCHITECTURE DISCOVERY SESSION

• Architecture Discovery Session Objectives
 To be better positioned to define the current use of technology
within [Your Organization] to move to an enterprise level of
Architectural Readiness
 Prioritize the value/impact of key initiatives against existing
Business Goals
 Validate results/direction set in your prior SLT and/or Sr.
Management meetings
 Ensure an understanding of the steps for a Three - Five Year
Technology Plan (3-5YTP)


Approach and Workshop Guidelines

Approach Workshop Guidelines
 Brainstorming to Describe Utopia  Open, Interactive, and Informative
 Focus on Collaboration and Information  Evaluation, Judgment and Criticism are not allowed
Sharing  Focus on Quantity not Quality (Do not edit your
 How to Leverage Technology ideas)
 Value to the organization (Highest Return)  Wild, Far Fetched and Illogical Ideas are encouraged
 Technology in the Marketplace  Ideas may be combined, modified or piggybacked
 Not “Technical Details” - Solutions (Should be highly encouraged)
 Rank & Prioritize Characteristics
 Eliminate Redundancy
 Prioritized (Ranking)
 Affinity Diagram (I‟ll explain…)
 Define Value Measures, and How to Achieve Value
 Validate Prior IMM to new Prioritized List
 Map prioritized Initiatives to Future State Map
 Review Action Steps for three year plan
 Recap Meeting and Next Steps


Objectives and Expectations

Value to Your Organization
• Listen, Understand Business Needs -> Services
• Listen, Understand Business Needs -> Technology
• Interest in Communication <IT>
• „Hear‟ ideas on how to leverage and use Technology
• Trigger ideas, start process - 3 year technology plan
• 2-3 workshops in 10 years - use of technology
• (Marketing oriented); Today - Higher Level
• Web (2.0) Based Applications
• 3-4 years ago - Ahead of technology curve
• Today - Internet - Lagging Behind
• Hear ideas/opinions
• Technology to do a better job
• Supply World-wide operations
• Full use of the Internet, and Web Applications
• What technology is available to leverage World-wide „pockets‟ of strength – Global Differentiators
• Communicate better; more access (Better Communication Plans; and tools and vehicles for communicating)
• Unify Enterprise and Internal Business Organizations
• How to integrate communications within the company/companies
• What are we really doing with e-commerce?
• Not just an internal tool – proactive…


360 Degree Feedback –
What Do You Want The World To Say About Your Organization?

 Reason for „High Market‟ Share
Shareholders
 [Your Organization (YO)] is “That Great”
 Quick and Profitable
Subsidiaries
 Answers & Products
 Always have the answer
 Product did the job - Provided Solution
Suppliers  Solves the Problem
 Accessible
Distributors
 Great Value
 Can‟t afford to deal with [YO]‟s Competitors
 [YO] = Experts
Joint Venture
 Easy to Do Business With (The Easiest)
Partners
 [YO] - Provides the Greatest Service
Customers
 Meets Customer‟s Requirements/Needs

Competitors


FUTURE STATE CHARACTERISTICS

What would occur in the perfect Enterprise Architectural Environment?
 [YO] is more Competitive
 The Face of Service and Product Distribution – Has Drastically Changed (Apple)
 Open, Information about [YO] „ More Visible‟
 Focus on Improvement; Processes, Performance, Customer Service
 More Transparent
 Consistency in eyes of customer & global view (uniformed image and product)
 Global Presence
 [YO] Information Available to Competitors
 Customers more sophisticated
 Focus Beyond price
 Value Driven Focus (Dollars, Safety, Job Easier)
 Responsiveness
 [YO] - Near Monopoly (i.e., Blackberry, and iPhone/iPod)

 Risks
 Advanced and Emerging Technology enables small competitors to compete


Risk Factors


[Your Organization‟s] Migration

[YO]‟s Use of Technology In A Global Enterprise Organization?

How does [YO] align / prioritize all the Strategic Initiatives?
 SLT/Enterprise-wide Initiatives
 Strategic Plan Initiative
 Architecture Readiness Initiatives
 Subsidiary / Business Acquisition planned Initiatives

Who are [YO]‟s customers and how well will you manage products/services and
satisfaction to your customers?
Executive
 Distributors
Management  End-User (Consumer) – Do we have all pertinent Information?
Concerns  Subsidiaries
How will you accurately measure your performance and success?
How will you continuously improve your performance and success?
How will you leverage technology to support the increase and efficiency of business?


Strategic Road Map To Defining
•Strategic
•Imperatives •Mission Critical Initiatives

•Business •Recognized as Global
•Company
•Objectives
•Realize
•World-Wide •Increase Market
•Growth •Share

•Leverage
•Technology

•Improve
•Customer Satisfaction
•Achieve
•Unequalled •Improve Subsidiary/
•Customer •Distributor/Customer
•Satisfaction •VOC

•Develop Education
•Program

•Develop
•Suppliers/Distributors
•Collaboration Program

•Vision
•Develop Global
•Financial Strategy

•Your Org. •Maximize
•Corporate-Wide
•„You‟ •Profitability •Identify and Track
•OEM Projects

•Value
•Products

•Value Competitor‟s
•Market Effectively •Products
•Against Vulcanization
•and Alternative
•Technologies •Value Market
•Comparisons/Prefs.

•Define Service
•Solution Offerings
•and Value

•Develop New
•Products/Strategies
•Improve
•Operational •Develop/Update
•Efficiency and •Product Procedures
•Product Innovation
•Improve Mfg., W/H
•and Distribution. Operations

•Develop
•Strategic 207
•Technology
•Plan

Architecture Planning Activities:
Implementation Planning
Scope and Budget Definition Define Project Team Structure
• Define Project Scope and Charter • Executive team
• Define Project Budget • Project Management Team
• Define Project Constraints (Schedule, Cost) • Business Team
• Technical Team
Formalize Approach • Operations Team
• Select Life Cycle Model • Change Management Team (Training/Rollout)
• Determine Generations, Phases and associated • Develop Resource Plan
activities
• Develop Rollout Strategy Develop High Level Project Plan and Cost Estimates
• Define Project Schedule and milestones • Develop effort estimates from resource plan, and approach
• Define Key Success factors and metrics • Resource costs (client, vendor)
(Business/Technical) • Infrastructure costs (hardware, software, other)
• Define Technical Approach • Operational costs – One time costs (training, Change Management)
• Agree on Technical Architecture, tools, vendors • Operational costs – Estimate ongoing costs (Help Desk, Operations,
• Agree on Technical Methodology/Process Backup, Business Continuity etc.)

Current Architecture Implementation
1 State Analysis 2 Definition 3 Planning

Create Architecture and Evaluation Framework Scope/Budget Definition
Review Business Strategy / Objectives

Develop Candidate Approaches
Formalize Approach and team
Review Technical Strategy
/ Objectives

Evaluate Candidate Approaches

Develop High Level Project Plan and Estimates
System Analysis

Prototype/ POC

Review
Application Analysis

Identify Migration Considerations

Create Final Deliverables
Organizational Analysis

Formalize Vendor Support

Design for Six Sigma activities

Develop Recommendations

4 Status Reporting Executive Oversight Communication

Issue Management
Delivery Assurance


Architecture Assessment Timelines

Timelines are dependent on the following variables:
• Complexity of the business or technical problem, size of the system or application to be analyzed. The
larger the scope of the business or technical strategy (Global, Enterprise, System, Application) the
larger the effort.
• Availability of current state documentation, and personnel to answer key questions; Availability of
SME‟s on business and technical issues. Relying on the project team to gather documentation via
interviews and information requests will take time. Having the information available prior to the start of
the engagement will reduce the overall timelines.

• Degree of specificity and precision of the business and technical objectives; Numerical metrics are
most precise, high level strategic goals least precise (require additional detailing and decomposition).
The review of business and technical objectives step, assumes that these goals are well developed
and documented. If not, additional workshops and interviews will need to be conducted by the project
team to clarify the goals.

• Availability of client personnel to participate in interviews, workshops, review interim work
products, provide information.
• Number of business units and/or domain areas affected by the proposed objectives or strategy that
need to be part of the architecture assessment definition process.


Assessment Timelines - representative

Typical Project Timelines for a single system/application
P ro je c t T a s k s W eeks
1 2 3 4 5 6 7 8 9 10 11 12 13
L e a d T im e
C u rre n t S ta te A n a lys is
R e v ie w B u s in e s s a n d T e c h n ic a l O b je c tiv e s
D e v e lo p A rc h ite c tu re E v a lu a tio n F ra m e w o rk
Id e n tify C a n d id a te A p p ro a c h e s
E v a lu a te C a n d id a te A p p ro a c h e s
P re p a re S tu d y D e liv e ra b le s (D ra ft)
P ro d u c e F in a l D e liv e ra b le s

Typical Project Timelines when creating a Technology POC is involved (single system/application)

Identify Candidate Approaches
Evaluate Candidate Approaches - - -
Design Technology Proof of Concept
Execute Technology Proof of Concept
Evaluate Findings (Possibly Redesign and Execute)
Prepare Assessment Deliverables (Draft)
Produce Final Deliverables


Project Team Composition

*Note: Team sizes will vary based on scope of the system.

PRPOSED CORE ASSESSMENT TEAM
• Business Program Lead and Project Manager
 Manages the overall Project, leads with understanding of the business objectives, functional requirements.
Liaises with Business Stakeholders to determine Business Strategy, Metrics, Goals, Functionality
• Business Lead
 Leads the Business team, facilitates meetings with the business unit and domain areas
• Business Analyst
 One or more based upon the size of the Project. Supports the Business Lead; prepare documentation
• Senior Solution Architect
 Leads the overall technical team, integrates business and technical objectives, develops the technology
architectures framework.
• Technical Lead/Architect
 Leads the Technical team – may be required for each business unit/ and or domain
• Technical Developers/Specialist
 Based upon the engagement, one or more specialists in specific Technology areas (Portals, Security,
Information, Data Warehousing, Infrastructure, etc.) may be required.
• Technical Specialists, Programmers, Technical writers
 Create Technical proofs of concept, research technical options, compare tools
• Business Content & Data Services Specialist
 Prepare and format final deliverables, create production quality deliverables for [YO]‟s delivery assurance;
Reviewers onsite reviewing interim deliverables, locating other resources, providing input.


Deliverables

• Recommendations
 Written Summary of Findings (Word Document)
 Written Summary, and Detailed Appendix of Recommendations
 Executive Presentation (PowerPoint Presentation)
• Specific Deliverables (will vary by Project Initiative)
 Architecture Documentation
 Business/Functional Architecture
 System/Technical Architecture
 Overall Architectural Blueprint
 High Level Implementation Plan (If Applicable)
 Gap Analysis
 Implementation Options and Road Map
 High Level timelines and Foundational Project Cost Estimations
 Reuse vs. Build Analysis (if Applicable)
 Build vs. Buy Analysis (if Applicable)
 Results of Technology POC (If Applicable)


Funding Considerations

• Structured as per needs of the specific project initiative
 Scope - Global, Enterprise wide, Multi-System, Single System/Application
 Specificity – High Level Assessment, Blueprinting, Roadmap,
Implementation Plan
 Deliverables – Findings/Recommendations, Documentation, Plans,
Estimates
 Domain and Technology expertise requirements
 Delivery of a technology proof of concept
 Detailed infrastructure sizing and estimating


Sample Architecture Views

• Functional Architecture – Current State
• Functional Architecture – End State/Vision
• Tool Selection Mapping View
• Information Architecture View
• UI Experience Architecture View
• UI Experience Architecture – Branded Sample
• Portal Technology Architecture – Comp. View
• Logical Architecture View


Functional Architecture - Current State


Functional Architecture - End State/Vision


Tool selection –
Capabilities mapped to architecture


Information Architecture


UI Experience Architecture

Look and feel driven by the Business Unit/Domain Area team.

Alert!
logo
Emergency Procedures
High Level Menu
Personal
Space 1 Search/ Directory Utility App/
LINKPAD Calendar

Breadcrumb ….

Second Level Top
Personal Menu Level
Space 2 Content
LAUNCHPAD

Content Pane

Personal
Space 3
PERSONAL
INFO

Personal
Space 4
APPS Core information

UI Experience Architecture –
Branded Prototype Sample


Portal Architecture – Components View


Logical Architecture

E X E C U T IO N A R C H IT E C T U R E

O P E R A T IO N A L A R C H IT E C T U R E

CONTENT CREATOR
/R E V IE W E R /A P P R O V E R / PORTAL IT
USER A D M IN IS T R A T O R
P U B L IS H E R /V IS U A L D E S IG N E R A D M IN IS T R A T O R
CELL CO NTENT CO NTENT PO RTAL A D M IN
PDA BROW SER BROW SER TO O LS BROW SER BROW SER
PHONE E D IT O R S E D IT O R S TO O LS TO O LS
CHANNEL
ACCESS

IN T E R N E T IN T E R N E T IN T E R N E T IN T E R N E T
W IR E L E S S
IN T R A N E T IN T R A N E T IN T R A N E T IN T R A N E T
GATEW AY
VPN VPN VPN VPN

TO O LS
WML .d o c , .x ls , TO O LS
HTM L HTM L o th e r HTM L HTM L (J A V A ,
VOXML e tc . (J A V A , A C T IV E X )
P R E S E N T A T IO N / U I

A C T IV E X )

R E N D E R IN G R E N D E R IN G R E N D E R IN G

C O N F IG S T A T IC STYLES S T A T IC C O N T E N T REPO RTS
CO NTENT STYLES S T A T IC C O N T E N T S E R V E R A D M IN U I
STYLES END USER UI CONTENT M GM T UI
D B A D M IN U I
D Y N A M IC P O R T A L A D M IN C O N S O L E
I1 8 N L O C A L IZ A T IO N CO NTENT I1 8 N L O C A L IZ A T IO N NETW ORK M GM T UI
C O N F IG (P O R T A L , I1 8 N ,
E X T E R N A L C O N T E N T e tc .)
M E T R IC S
P O R T L E T C O N T A IN E R

S E C U R IT Y S E C U R IT Y
A P P L IC A T IO N / S E R V IC E S

P E R S O N A L IZ A T IO N (A U T H O R IZ A T IO N ) IN D E X IN G A N D S E A R C H IN D E X IN G A N D S E A R C H ADD REMOVE
(L A Y O U T , C O L O R S , S E R V IC E S O R
C O N T E N T e tc .) C U S T O M S E R V IC E S USER AND RO LE CO NTENT
C A T E G O R IZ A T IO N C A T E G O R IZ A T IO N
(C A L E N D A R ) MANAGEMENT

P R O F IL E REPO RTS
IN D E X IN G A N D S E A R C H C O L L A B O R A T IO N C O L L A B O R A T IO N P O R T A L C O N F IG U R A T IO N
MANAGEMENT A N D M E T R IC S
S E R V IC E S
N A V IG A T IO N
A P P L IC A T IO N M O N IT O R IN G
S E A R C H F IL T E R S W O RKFLO W V E R S IO N W O RKFLO W V E R S IO N CO NTENT DEPLO YM ENT
TAXONOM Y
ALERTS S E R V IC E S
(M E T A D A T A D R IV E N ) S E R V IC E S CO NTRO L S E R V IC E S CO NTRO L S E R V IC E S
N A V IG A T IO N
CACHE
CO NTENT M ANAG EM ENT DOCUMENT MANAGEMENT IN F R A S T R U C T U R E M G M T
P O R T A L A P P L IC A T IO N S E R V IC E S P O R T A L A D M IN IS T R A T IO N S E R V IC E S
S Y S T E M S E R V IC E S S Y S T E M S E R V IC E S M O N IT O R IN G S E R V IC E S
IN T E G .

A P P L IC A T IO N
C O N T E N T A G G R E G A T IO N
CO NNECTO RS M E S S A G IN G F IL E T R A N S F E R

TAXONOM Y TAXONOM Y
DATA / CONTENT /

M ETADATA M ETADATA
FRAM EW ORK FRAM EW ORK
IN T E G R A T IO N

DOCUMENT
EXTERNAL AND
USER CO NTENT E M A IL
CO NTENT CO NTENT DOCUMENT A P P L IC A T IO N S A P P L IC A T IO N S A P P L IC A T IO N S
LDAP SYSTEM S
CACHE R E P O S IT O R Y R E P O S IT O R Y
/ 3RD PAR TY (W E B ) (D O C B A S E )
AD S E R V IC E S

SEARCH
B A C K U P , A R C H IV E , B A C K U P , A R C H IV E ,
IN D E X
CO NTENT DEPLO YM ENT CO NTENT DEPLO YM ENT


Contact Information

Arturo D. Hill IV
WellPoint Companies, Inc.
arturo.hill@wellpoint.com
(214)287-5931
www.wellpoint.com

223

2009 National BDPA Technology
232
Conference

”Challenges for Today, Strategies for Tomorrow”

Key Trends in Project Management

Ura Puranda
August 5 – 9, 2009
Raleigh, NC


Presentation Objective

To keep abreast of the State of the Project
Economy, and what are the key project
management trends and strategies for 2009.



Workshop Topics

 State of the Project Economy
 New PMBOK® Guide 4th edition
 Key Process Changes
 Key Trends in Project Management
 Strategies for Project Professionals
 References

269


State of the Project Economy
Around the world, countries and companies
are looking for ways to pull out of the
economic tailspin.

Global Economy
What‟s the State of the Global Economy?

What‟s the State of the U.S. Economy?

What‟s the State of the Project Economy?


State of the Global Economy

G20 Leaders met in London on April 2, 2009
“We face the greatest challenge to the world
economy in modern times; a crisis which has
deepened since we last met, which affects the
lives of women, men and children in every country
and which all countries must join together to
restore. A global crisis requires a global solution.”



State of the U.S. Economy

Bailout - Trillion-dollar Stimulus Plan: [U.S.]
President Barak Obama has committed to a chief
performance officer whose responsibility is to
focus on performing well, delivering what you said
you were going to deliver, making sure the projects
are on budget and on time…..project management
through this crisis…it’s going to be a discipline that
is critical.
Gregory Balestrero – PMI CEO



Project Management Opportunities

$150 billion – Amount expected to be spent on
infrastructure projects by the Obama
administration.
“If the projections for investment in infrastructure
projects become a reality, then world-class project
management is going to be very important.”

PM Network, April 2009



The Buzz – Shrinking Budget

Meeting the Challenge: The 2009 CIO Agenda, a
survey conducted by Gartner Executive
Programs.
”IT budgets are hurting. With the global economy
flatlining, IT spending budgets will be essentially
flat with a planned increase of 0.16% in 2009.
Executives face challenging global economic
conditions that have not existed for more than 50
years.”
Mark McDonald, VP Gartner Executive
Programs Research



PMI Value Proposition
Building on Value: As the global organization
for project management; this year PMI will
continue to focus on delivery of value by
increasing the number of PMI programs,
products and services.

PM Value in 2009
What‟s the direction of PMI?

What‟s the outlook for PMs?



Maximize Your PM Skills

An Excellent Career Choice; Hot skills for 2009
Keep Your Skills Sharp; You need to truly shine
Step Up to the Task and Manage Through
Adversity
Help Your Organizations Manage Their Portfolios
Credentials Have Great Value
Build Your Legacy; Step Forward and Be
Recognized
Leverage Communities of Practice to Hone Skills


PMBOK® Guide
A Guide to the Project Management Body of
Knowledge (PMBOK® Guide)

Fourth Edition
What‟s New?

How Does It Affect You?



New PMBOK® 4TH Edition
PMI released new version in December 2008. The changes
can be summarized into 3 general categories
Consistent compliance
Name Changes with the “verb + noun”

Processes have been
added, reorganized, or
Reorganization redefined

Several points of
clarification, eliminate
Clarifications redundancy, new
appendix


These are examples of the 26 Process Name Changes

Old Process Name New Process Name
Scope Definition Define Scope
Scope Verification Verify Scope
Risk Identification Identify Risks
Qualitative Risk Analysis Perform Qualitative Risk Analysis
Quantitative Risk Analysis Perform Quantitative Risk
Analysis
Risk Response Planning Plan Risk Responses
Risk Monitoring and Control Monitor and Control Risks



These 9 processes were added, reorganized, or defined

Process Name Change in New Edition
Develop Preliminary Scope Statement Deleted
Plan Scope Deleted
Collect Requirements Added to Scope Management
Identify Stakeholders Added to Communication
Management
Procurement Management Processes Reorganize and Redefined

Plan Purchases and Acquisitions Plan Procurements
Plan Contracting Conduct Procurements
Contract Administration….. Administer Procurements
Contract Closure Close Procurements


There were several points of clarification
Distinguish various elements of
the project management
framework, e.g. Project
Management Plan vs. other
project management documents

Clarifications Eliminate redundancy and
distinction between the Project
Charter and the Project Scope
Statement

Added a new appendix
(Appendix G – Interpersonal
Skills)


Key Process Changes
Project Scope Management: Collect Requirements

Describes how individual
Requirements requirements meet the
Documentation business need for the project

Documents how requirements
Requirements will be analyzed, documented
Management Plan and managed throughout the
project

Table linking requirements to
Requirements their origin and traces them
Traceability Matrix throughout the project lifecycle


Key Process Changes
Project Communications: Stakeholder Management

Project Manager Project Team Members
Leads project Execute project tasks

Project
Management

Project Sponsor Business Clients Define
Funds project business needs



Key Process Changes
Project Communications: Identify Stakeholders

Identifying all people or
organizations impacted by
the project
Identify
Stakeholders Conduct stakeholder
analysis; identify the potential
impact or support each
stakeholder could generate

Create Stakeholder Register,
e.g. stakeholder classification


Key Process Changes
Project Procurement Management
Documenting project purchasing
decisions, specifying the
approach, etc.

Plan Identifying project needs which
Procurements can best be met by acquiring
products or services outside of
the project organization

Create Procurement
Management Plan describing how
the procurement process will be
managed



Project-based organizations are the way of
the future – are you up to it?

Trends for 2009
What‟s the New PM Environment?

How to step up Your Game?



PMI CEO Perspective

CEO REPORTS Positive News on Projects and
Project Managers

“I think it couldn’t be a better time and a better
opportunity for project managers to step up and be
leaders.”

Gregory Balestrero – PMI CEO



Trends to Watch for in 2009
Convergence of PM and BA Roles
Trend 6

Trend 5 Greater Emphasis on Requirements
Management

Change in Requirements Approaches
Trend 4

Trend 3 Increased use of Agile Approach and Techniques

Step Up and Be a Leader
Trend 2

Sharper Distinctions Between Project and Program
Trend 1 Management



Distinction Between Project & Program
Many organizations manage programs with the same methods
used to manage projects, i.e. programs are “bigger projects”.

2009: Increase in understanding the differences and the use
of strategies to accomplish organizational objectives and results.

Convergence of PM and
BA Role

Greater Emphasis on Requirements
Management


Increase use of Agile Approaches & Techniques


Trend 1 Management



Project Management often focuses on the need to collect hard data to
make a “sure bet” decision, i.e. project environment with well defined
scope, deliverables, cost, time, etc.

2009: Project Managers have to start thinking more intuitively
as project management is used more to manage organizations.
BA Role

Management


Increase use of Agile Approaches & Techniques
Trend 2 Step Up and Be a Leader

Trend 1 Management



Increase Use of Agile Approaches
Project Management industry is looking for new methods that are
outside the traditional approach to deliver projects. There is now a
wide, varied, and inconsistent use of Agile techniques.

2009: Integration of Agile methods into project management as
organizations continue to adopt Agile Techniques and the industry adopts
commonly accepted practices. Convergence of PM and
BA Role

Management

Trend 3 Increase use of Agile Approaches & Techniques


Trend 1 Management



Dominant use of only formal written requirements specifications, e.g.
traditional use cases.

2009: Moving away from traditional requirements management, e.g. using
additional methods and automated tools for collecting and documenting
requirements.
BA Role

Management

Trend 4 Change in Requirements Approaches



Trend 1 Management



 Requirements Management was not clearly defined for the
project manager‟s role; focus was on the business analyst‟s role.

2009: PMBOK® 4TH Edition contains a new section under Project
Scope Management called “Collect Requirements”; emphasis on
Requirements Management Plan and Traceability Matrix.
BA Role

Trend 5
Management




Trend 1 Management



Convergence of PM and BA Role
Project Managers AND Business Analysts have been trying to work
within the same project (overlapping) space.

2009: As the economy tightens, organizations will try to get
the most out of the PM and BA Roles as “project professionals”.

Convergence of PM and BA
Trend 6 Role

Trend 5 Greater Emphasis on Requirements
Management



Trend 1 Management



Strategies for Project Professionals
Two special characteristics of project managers –
accountability and transparency – will help
organizations control assets in their projects and
deliver success in an economical way during
challenging times.

Strategies for 2009
What‟s the evolving role of the PM?

How to partner with the BA?

How to survive in the Slumping Economy?


Evolving Role of the Project Manager

Position yourself to oversee critical assets of
organizations and virtual teams
Help your organization embrace project, program
and portfolio management
Lead the Way; don‟t wait to be given direction
Build and sustain strong professional networks
Sharpen your requirements elicitation and
analysis skills; stronger alignment with BA role
Familiarize yourself with new edition of PMBOK®
Communicate, communicate, communicate


PM and BA Partnership

Familiarize yourself with BABOK® (Business
Analysis Body of Knowledge)
Understand the BA role in delivery of projects
Leverage each others strength
Be prepared to act in BA space and vice versa
Establish clear roles and responsibilities upfront



Tips for the Slumping Economy

Equip yourself with the right skills, knowledge and
tools to manage mission critical initiatives
Project management skills will still be hot
commodity long after the economy improves
Project Management Professional designation was
one of the certifications that commanded the
highest pay
Business Skills as well as technical expertise are
considered more valuable to organizations
Invest in yourself!


Step Up and Lead

“Project Managers are Best Placed to
Become Leaders in the New Economy, but
they need to be open-minded and seize all
the opportunities.”

PMI today April 2009



References

1. PMI ®Project Management Institute
2. PMBOK® 4TH Edition
3. PMI Today – PM Network
4. PMI ®Chicagoland Insights Newsletter
5. Watermark Learning
6. Global Knowledge
7. ESI International



Contact Information

Ura Puranda
Allstate Insurance Company
upuranda@allstate.com
847-402-7318



Subject Matter Experts –
The Forgotten Project Partner

Anne Harkins

August 5 – 9, 2009
Raleigh, NC


• Who is a Subject Matter Expert (SME)
• Industry Trends
• Characteristics of a SME
• Why Train SMEs
• Educating for Better Requirements


About your Presenter : Anne Harkins

IT Professional
 Developer  BA Manager
 Systems Analyst  Curriculum developer
 Business Analyst  Facilitator
 Lead Analyst  Consultant
 Project manager  Senior Instructor
B1 Team Training and Consulting President
and Founder

Anne Harkins
B1 Team Training and Consulting

• Roles held:
 Instructor
 Business Analysis Training focusing on:
 Project Life cycle, roles, methodologies
 Requirements elicitation
 Requirements documentation
 Data, Process, Agents, Actors and Business rules
 Consultant
 Informal Mentoring
 Formal Project Assignments
 Facilitator
 Group Sessions
 Project Team


Typical Project Team

Executive Project
Sponsor Manager

Business
Analyst

Developers
QA Business
Partners

Systems
Architect


Process Of Analysis

Business
Analyst

Elicitation of
Business
Requirements
Business
Partners


What are Business Requirements?

• Business Processes
• Business Data
• Business Rules
• Workflows
• Policies, Procedures
• Exceptions!!!
• Reports, Mailings, Spreadsheets, Month-end,
Quarter-end, Year-end, Screens,
Communications…


Who is a Subject Matter Expert?

“Business Partners” :
• Customers
• Clients
• Stakeholders
• Users
Business
• Subject Matter Experts Partners


Who is a Subject Matter Expert?

• Individual who has special, in-depth
knowledge of a business area
• Project team player who enhances team
understanding of the business process,
problem, need and/or opportunity
• Critical role player in project team success
• Thought leader and expert with a unique
understanding


the forgotten project partner

Why is the
Subject Matter
Expert (SME) the
forgotten project
partner?


Partnership

“The degree to which the business and IT can
partner together is the single most important
organizational aspect to successful business
intelligence.”

Successful Business intelligence
Cindi Howson 2007


Can‟t live with them…

“There is no realization on the part of the
business as to how they affect timelines and
implementations.”
IT Professional, large US Retailer

“Information Systems must understand the
business and be involved in what they are
trying to achieve.”
BI Leader, Landstar Inc.



What we have done as an Industry:
Trained and certified Project Managers
Trained and certified Quality Assurance
Analysts
Trained and certified Business Analysts
Trained and certified Facilitators

Have we gotten what we need?


Industry Report Card

70% of projects failed to meet deadlines
50-60% of projects fail to meet the
needs of the business
80% of issues stem from poor
requirements
40-50% of project timelines now spent
on rework
40% of defects are missed by QA and
caught by users Sources:
Standish Group Chaos report (2007)
Forrester Research (2007)
IAG Business Analysis Benchmark (2008)
IEEE (2007)


Project Success Skills

CIO MAGAZINE survey:
Which is the most important skill for project
success today?

Technical Proficiency – 10%
Understanding the Business – 58%
Communication of Business Requirements –
70%


Where does it break?

Who or What is the
weak link?


The Human Factor

When IT projects fail it rarely is a result of the
technology. At its core, project management
is all about people.

There seemed to be a direct relationship between
project failure and the human factor contributions. The
larger the failure, the more the human factor contributed
to that failure. This is more evidence that most software
development projects fail because of failures within the
team running them.

Failed IT Projects (The Human Factor)
Sheila Wilson

Why didn‟t you tell me?

• Is it still a requirement if the subject matter
expert didn‟t tell the analyst?


IAG study

Staggering findings:

Two different IAG studies have now produced
identical findings: There is a 60% time and
cost premium to be paid on projects with poor
quality requirements

IAG BA Benchmark 2008


Why?

• Almost 70% of organizations surveyed DID
NOT take effective action despite knowing
this. Why?

 Belief that analysis is not real project work
 Business requirements considered a document
not a cumulative process used to achieve
consensus on needs
 Superior technical skills make analysis
unimportant


Are we hitting the right target?


Why train SMEs

Consider:
If our business partners knew
what analysts needed from
them before they started the
project, they would likely
deliver truer, cleaner
requirements.
Better requirements get us
closer to the right solution!


Why train SMEs?

In absolute terms, the quality of requirements
will dictate the time and cost of the solution.



What can we do?

TRAIN OUR BUSINESS PARTNERS on :
what we need from them
how to communicate those needs
giving feedback on diagrams and models

Train our SMEs on Delivering Better
Requirements!


SME Challenges

• Delivering “right” information
• Availability
• Understanding their own role
• Understanding project
methodology, templates, diagrams
• Software development not primary job


How do we fix it?

Recommendation of IAG:

Focus must shift to quality of requirements
discovery as a process, not just a document,
if they hope to consistently deliver successful
projects.


How do we fix it?

“Success is driven more by how the
organization engages its stakeholders in the
process of requirements discovery and is less
associated with requirements
documentation.”

Business Analysis Benchmark 2008


Current SME role

The average project in study which used “poor
requirements practices” overran amount of
time expected by stakeholders for
participation by 200%
Result:
Difficulty in getting stakeholder
involvement in future
Lackluster efforts
Higher turnover
Heroic efforts

Future SME Role

• Productive use of time
• Understanding of the process
• Understanding of their role
• Delivering higher quality requirements
• Providing usable, meaningful feedback on
diagrams and templates
• Buy-in to end result


Good News

Chain reaction of excellent requirements:

 Design and coding can follow agreed upon models
 Rework reduced
 Features developed by priority
 Testing and QA focused on right requirements
 Testing and QA faster and more efficient
 End-user satisfaction rises
 Successful implementations!


B1Team Training Course offering

Maximizing SME Contributions
Critical tools for business partners


Maximizing SME Contributions:

• Course Outline
 Project Roles and Expectations
 Understanding Types of Requirements
 Providing the Right Resources
 Diagrams I can expect to see
 Contributions I should make
 Delivering Better Requirements by
delivering better answers


• Project Roles and Expectations:
 Learn the players
 Understand the positions
 Impact of lifecycle and
methodology


• Understanding Types of Requirements

Requirement: A condition or capability needed by a
stakeholder to solve a problem or achieve an objective.

BUSINESS FUNCTIONAL TECHNICAL

Learn the answers to questions such as:
What‟s my role here?
What do you need from me?
What will I be asked and why?


• Providing the Right Resources:
 What is in my business
area?
 Where can I find
requirements?
 Looking beyond
written documentation
 What do my analysts
need from me?
 What‟s important,
what‟s not?


• Diagrams/Documents I can expect to see


• Contributions I should make:
 Providing requirements
 Providing feedback
 Being available
(time, prepare, assignments)
 Making the project a priority


• Delivering Better Requirements by
delivering better answers

Understanding the question,
probing for specifics

Think like a wise man but communicate in the
language of the people
William Butler Yeats 1865 - 1939


Conclusions

Put emphasis on the “right target”

Train for the “human factor”

Plan for project success


from the “forgotten”
to the “Invaluable”
project partner

THANK YOU!


Additional Course Offerings
by B1Team Training

• Estimating the Analysis Work Effort
 Critical tools for estimating time and effort of analysis
• The Analyst role in Product Testing and Quality
 Critical tools for Testing Skills and Techniques
• The Analyst role in Web Development
 Critical tools for Analysis of Web-based Solutions
• Lean UML Requirements Elicitation
 Critical tools for Lean UML Analysts
• Agile Requirements Elicitation
 Critical tools for Agile Analysts
• Enhancing Analysts Performance
 Critical tools for BA Managers
• Facilitating Requirements
 Critical tools for Facilitators


Contact Us

• Contact Information:

 Anne Harkins, Training and Consulting
anne.harkins@yahoo.com
404-771-9468

 B1Team Training
Training for all project team members!
b1teamtraining.com

Resources Cited

• Standish Chaos Report 2007
• Borland 2008
• IAG Business Analysis Benchmark 2008
• IEEE 2007
• CIO Magazine 2008
• Forrester 2008
• Books/Abstracts/Articles:
 Successful Business Intelligence; Cindi Howson 2007
 Failed IT Projects (The Human Factor); Sheila Wilson 1998
(incorporated into college curriculums and course studies on
Project Management)
 Early Warning signs of IT Project Failure; Kappelman,
McKeeman, Zhang 2006



Managing Risk of Critical Initiatives

Ura Puranda
August 5 – 9, 2009
Raleigh, NC


Presentation Objective

To understand the importance of Managing
Risk of Critical Initiatives especially in a
Down Economy

11/13/2009 2009 National BDPA Technology Conference 346


Workshop Topics

 2009 Global Economy Outlook
 Project Risk Management
 Effective Risk Management Planning
 Managing Risk of Critical Initiatives
 Showing Business Value to organization
 References



2009 GLOBAL ECONOMY OUTLOOK



Global Budget Crisis

 Most industry sectors are facing massive
layoffs
 New focus on cost controls and downsizing
 Companies become very conservative on
spending
 Mantra for 2009: Making Do With Less
 U.S. Economy – “Bailout”; “Stimulus Plan”
 Unemployment Rate is inching up above 8%



Impact To IT Organizations

 Spending on cost-saving technologies
 Seeing more jobs going offshore
 Server Virtualization Software market is hot
 Slashed IT budgets; protecting core
business
 Delayed projects; reprioritized resources
 Proactive risk management, monitoring,
control and governance



Economists & Business Analysts View

 Gross Domestic Product posted its biggest loss
in seven years
 Recovery not expected until late 2009 or
mid-2010
 CIOs are going to be cutting budgets severely
this year; could be drastic as 25% - 40%
 Looking for ways to spend capital to reduce
operating costs
 CEOs will be questioning the value of their IT
organizations



2008 Research
34% of Projects are Successful (last period)

Standish Group - Project Research



2009 Research
30% of Projects are Successful (this period)
Gartner- Project Research
Challenged
43%

Failed
27%

Successful
30%



What is Research Telling Us?

 IT Project Mismanagement
 Most waste in IT comes from IT project failure
 70% of IT projects fails at a cost of $55 billion
annually
 Approximately 22% of the average total IT budget
wasted
 43% of IT projects that don‟t fail outright, overrun
the budget to the tune of $17 billion in additional
IT spending
 30% successful; 20% of all IT projects finish on
time, on budget with features promised


Risk Management Tools

“Statistics show that you can double your
chances of IT success by simply using
project management tools and techniques in
the right way. Cost to business: 22% of total
IT spend; delays, quality issues; loss of
competitive advantage.”

Global Knowledge



Project Risk Management
Are you leaving your project up to chance?



Risk Management Framework



Risk Management Plan
An effective risk management plan describes how
risk management will be structured and executed
which includes (at a minimum):

 Methodology: tools, resources and data sources
which may be used
 Roles and responsibilities
 Budgeting and timing
 Definitions of risk probability, impact and categories
 Probability, priority and impact matrix
 Stakeholder tolerances
 Reporting and tracking formats
 Strategies; Escalation points



Project Risk Register
Sample Template
RISK LIKELIHOOD IMPACT APPROACH PROXIMITY COST DECISION POINT



Risk Probability Matrix
Sample Template
R IS K E X P O S U R E G R ID

CONSEQU ENCE

P R O B A B IL IT Y 1 2 3 4
(M in im al (M o d erate (H igh Im p ac t) (V ery H igh
Im p act) Im p act) Im p act)

4 L o w R isk M E D IU M H IG H H IG H
(H igh ly L ik ely ) R isk R isk R isk

3 L o w R isk M E D IU M H IG H H IG H
(L ik ely ) R isk R isk R isk

2 L o w R isk L o w R isk M E D IU M M E D IU M
(U n lik ely ) R isk R isk

1 L o w R isk L o w R isk L o w R isk L o w R isk
(H igh ly U n lik ely )



Risk Priority Matrix
Sample Template
R is k P r io r ity M a tr ix

V e ry

H
H
L ik e ly

iig
g
h
h
Probability

M
M
e
e
L ik e ly

d
d
iiu
u
m
m
U n lik e ly L
L
o
o
w
w
Low M e d iu m H ig h

Im p a c t S e v e r ity



Effective Risk Management
Risk Contains Threat OR Opportunity



Looking At Risk Opportunity

“Including opportunity within the definition of
risk is not a theoretical or academic exercise. It
is a natural consequence of recognizing that
businesses, projects and people are affected by
uncertainty, some of which might be helpful if it
were managed proactively.”

Dr. David Hillson, PMP (Risk-Doctor)



Risk Opportunity Factors

Reasons to include opportunity alongside threat
Conceptual – Risk can be viewed as a source of
potential variability in performance, since if it occurs,
it would affect our ability to achieve our goals

Practical – Threats and opportunities are important,
and they both need to be managed. Dealing with
them together in an integrated risk process brings
synergies and efficiencies.

Beneficial – A structured approach to identifying
and capturing opportunities is good for business and
for projects.


Risk Management Strategies

 Put Core Processes in Place – handle risks before it does
damage to your project, take preventative steps
 Assess Early and Often – uncertainties can be discovered
at any time throughout the life cycle of the project, while the
relative probability and consequence of identified risks can
change over time
 Build It into the Schedule – the project schedule must
include risk management activities to deal with uncertain
events, supported by risk reviews
 Communicate and Illustrate Ownership – employ
effective communications and clear ownership of risk
elements


Critical Success Factors

 Develop and execute a good risk management
plan
 Manage the effects of risks at every level of
business (i.e. project, program and portfolio)
 Make risk management an essential component
of project management
 Choose strategies to reduce the impact or
probability of risk occurring
 Establish stakeholder roles and responsibilities
in the risk management process
 Communicate, communicate, communicate



Risk Management Assessment

 Assess risks and maintain the risk plan as a living
and breathing document
 Conduct formal assessment of change
management process
 Evaluate how change impacts those risks
 Evaluate the solutions implemented to determine
whether the changes are working successfully
 Link planned assumptions with actual experiences



Making Risk Management Work



Managing Critical Initiatives

Risk Management is an essential capability
in managing projects. Research has
demonstrated repeatedly that effective risk
management is the single greatest
influence on whether or not a project is
successful.
Mark E. Mullaly, PMP
©2007 gantthead



Project Risk Pitfalls
Key Project Risk Pitfalls to Avoid:
 Strategic business requirements lost amid volumes
of extensive documentation
 Costly technology investments made without early
and adequate validation
 Employees are trained to use a new system, but not
how to use the new system to do their old jobs
 Business leaders love the idea of new tools, but lose
sight of the key information used to make decisions
and manage operations
 Poor communication resulting in frequent surprises


Business Benefits
Successful risk management greatly impacts
business results:
 Forces clear definition of business objectives:
strategic – investments, value, ROI; AND
tactical – operational, run-the-business
 Focuses on factors affecting achievement of
objectives – threats to profitability or even
existence of the organization
 Leads to realized business benefits –
alignment and prioritization of projects,
programs and portfolios.


Tips for the Down Economy

Note: The pendulum of risk management will swing
from being risk-tolerant to risk-averse
Expect multiple Project checkpoints in shorter time
frames with short range commitments
Apply Risk Management Governance – quantifiable
range of potential results to base decisions
Trend: Short-range management makes it important
to practice risk analysis to eliminate surprises
Conduct routine project health assessment
Know the biggest exposure to the business



CIO‟s Perspective

“Risk Management looms large in the CIO’s
world. ” Successful risk management
delivers successful business.

Ganttheadlines 2/07



Implementation Tips

 Compile a risk checklist and register
 Assign impact and probability ratings
 Constantly review and reevaluate the risks
 Ask “What can go wrong”
 Think risk every time there is a change
 Take proactive approach
 Consider those potential risks first
 Determine the risk strategies
 Keep risk front and center
 Execute your risk management plan



References

1. PMI ®Project Management Institute
2. A Guide to the Project Management Body of Knowledge
(PMBOK® Guide) Third Edition
3. Gantthead.com
4. Standish Group
5. PMI Global Congress North America 2006
6. Milestone Consulting Group
7. Clerestory Consulting LLC
8. Global Knowledge
9. Dr. David Hillson – Risk Doctor
10. Gartner Research
11. NACD - Directors Monthly



Contact Information

Ura Puranda
Allstate Insurance Company
upuranda@allstate.com
847-402-7318



Portfolio Management, Demand Management and
Resource Management

Cecil Jones ABD, MBA, PMP, CCP

August 5-9, 2009
Raleigh, NC


• -An overview of Portfolio, Demand and Resource
Management practices in Corporations and
Government
• - Interactive Assessment of Organizations‟ Portfolio,
Demand and Resource Management
• -Case studies of Portfolio, Demand and Resource
Management Implementation in Organizations
• -The obstacles in Implementing good Portfolio,
• -The advantages of utilizing good Portfolio, Demand
and Resource Management

378

Demand Management Defined

• Demand Management

The systematic process of managing
organizational project needs and requests to
produce a set of prioritized projects with a
timeline for implementation (1).

379

Portfolio Management

• This is often not an efficient nor effective
group of processes, but one that varies
considerably by industry, company, internal
divisions and lines of business and
individual departments within each
organization.

380

Demand Management Overview

• A View of Demand
Management Regulatory/
Legal
Projects

IT Demand
Management

Application
Infrastructure
Development
Projects
Projects

381

Portfolio, Demand and Resource
Management Overview

• Another view of
Demand Management

Prioritized Input: Business cases,,
List of Projects Proposals, etc.

Prioritizing
Projects with
Consistent
Rules using Good Demand
Management Practices

382

Management Overview

• Case studies of Portfolio, Demand and
Resource Management Implementation in
Organizations

- Retail
- University
- Government
- Financial Services

383

Management Overview

• Retail

- Portfolio and Demand Management priority list
occurs during Annual Budgeting
- Is reviewed and updated by Governance Council,
each quarter
- Additional projects are reviewed by 1st and 2nd level
management each week
- Resource Allocations are part of the equation
- Skill sets are part of the equation

384

Management Overview

• University Demand Rating Criteria (2)

-Team Size (# of people)
-# of Workgroups Involved
-Technology/Technique/Process
-Complexity
-Political Profile
-Impact

Spends 100% of its budget each year
385

Management Overview

• Government

- Multiple methodologies (sometimes vendor
supplied methodologies)

Spends 100% of its budget each year

386

Management Overview

• Financial Services

-Large Organizations
-Very Separate Divisions, Lines of Business
-Centralized Demand Management not available
-Just coming out of a merger and/or just going into
one
-Rocky financial services climate today

387

Management Overview
• Project Definition
• Number of Hours
• Project Benefits
• Strategic Value Portfolio Prioritized
Establish Demand
List of Projects
Less than 200 hr
201 to 1000 hr
1001 hr to 2000 hr
Resources
Over 2001 hr Available

Financial Reporting
Project Status Reporting
388
Metrics Measurement

Management Overview

The Challenges of Demand and Resource
Management

-Accurate View of Work in the Enterprise
-Systems to Collect Project Knowledge
-Systems to Collect Operational Work
-Systems to House Skill Level & Knowledge
Traits

389

Management Overview

Level One – No major emphasis placed on Portfolio, Demand and
Resource Management in most of the organization;
occasional discussion; nothing major is planned

Level Two – Emphasis is placed on Portfolio, Demand and
Resource Management, at least on a divisional or line of
business or departmental level

Level Three – Emphasis is placed (or effort is being executed) for
enterprise wide Portfolio, Demand and Resource
Management utilizing resources from across the organization

WHERE IS YOUR ORGANIZATION?

390

Management Overview

The Advantages of Utilizing Good Portfolio,
- Associate/Employee Job Satisfaction
- Efficient Utilization of Human Resources
- More Agile Organization
- Clearer Focus on Completing Work

391

Management Overview

• Demand Management in Matrixed
Organizations
• The Role of the Resource Manager in
Demand Management
• The Role of the Project Manager in Portfolio,
• The Role of Senior Management
• The Role of the Employee

392

Reference Information

(1) Increasing Demand for Demand Management
http://www.bleum.com/pdf/Increase_demand_for_demand_manag
ement.pdf
(2) http://cio.osu.edu/projects/framework/project_class.html
(3) Kendall & Rollins, Advanced Project Portfolio Management and
the PMO
(4) Gido & Clements, Successful Project Management

?QUESTIONS?
Cecil Jones
Knowledge Services
Jones.1540@osu.edu
614-736-1100

393


Technology Track
•Identity Architectural Practices in IT
•Security Information Management and PCI Compliance
•Surviving a PCI Audit
•Top 10 Security Threats and Preventions for 2009


Identity Management 101

Ward Thomas Green

August 5 – 9, 2009
Raleigh, NC

Contact Information

Ward Thomas Green
Eli Lilly & Co.
IdM Architect Team
greenwt@lilly.com
317-651-5986
www.lilly.com

396

Identity Management (IdM) 101

• Why IdM is key to a companies
success?
• Importance of IdM
• IdM Basics
• Generic scenario
• IdM scenario
• Lilly IdM
• Q&A
397

Why Identity Management?

• Many companies waste time repeating localized
processes that often aren‟t well-maintained or
managed

• People have access to information they shouldn‟t

• Tracking historical access to information is nearly
impossible

• A lot of energy is spent maintaining passwords and
access to “stuff”

398

Importance of Identity Management

• Without robust Identity Management, we can
never be confident of our security
• Without confidence in security, data stewards
will not be willing to expose information
• Without current information, responsible
decisions are difficult – hence shadow
systems
• The University should change its culture to
make information available to those with
proper authorization by default

11/13/2009 399

Digital Identity

“Digital identity comprises electronic records
that represent network principals, including
people, machines, devices, applications, and
services.” 1

11/13/2009 401

Identity Management

“Identity Management (IdM) comprises the set
of business processes, and a supporting
infrastructure, for the creation, maintenance,
and use of digital identities within a legal and
policy context.” 1

11/13/2009 402

Identification

• The act of assigning a unique marker or a
token to a principal, such that principals can
be distinguished from one another.2 A key
step in this process is validation of the
principal.
• “John Doe, having verified your identity claim
through two forms of documentation, we are
assigning you username...”
• Methods: Personal interviews, shared secrets

11/13/2009 403

Authentication

• Validating that the principal producing a token
is that exact principal to whom the token was
assigned.2
• “You say you are the authentic John Doe.
Please prove that claim within a level of
confidence we define.”
• Methods: password, ID cards, biometrics

11/13/2009 404

Authorization

• The act of ensuring that an authenticated
principal is given access to only the services
and data required to support allowed tasks,
either explicitly or implicitly through group or
role memberships.2
• “John Doe, your request for access to that
data/service is granted/denied.”
• Methods: Entitlements by role, rule, or
identity.

11/13/2009 405

Accountability

• Appropriate administration of Identification,
Authentication, and Authorization, ensuring
that only the authorized principal can exercise
its individual authority.2
• With strong accountability, principals can be
held responsible for actions.
• Methods: policies, strong authentication

11/13/2009 406

Identity Management Basics
• An Identity is a set of:
 Attributes - medical history, past purchasing behavior,
bank balance, address
 Preferences - currency used, what brand of hot dog
you like,
 Traits - eye color, where a business was incorporated
• About a subject
• Credentials are qualifications issued by an
authority
• Subjects make requests relative to a resource
by presenting their credentials

Identity Management In Action

Vote anyone?

Questions to Consider

• How was the patron issued his credentials?
• What proof did the patron have to provide
before he was issued credentials?
• Who owns the age attribute?
• Is the age attribute reliable?
• Do all Voter Poll accept the same
credentials?
• Are the rules the same in all geographies?

The Cast
Subject

Credentials

Resource

Security Authority

Scene One
Resource

Subject

A person (subject) wants to Vote (i.e.
perform an action on a resource= the
voting machine ).

Scene Two
Security Authority

The subject presents Subject
his license (credentials)
to the Poll Worker
(security authority). The Credentials
Poll Worker examines Credentials
the credentials to
prove the subject is
who he says he is
(authenticates the
credential).

Scene Three

Credentials

Attribute
Now that the person is authenticated, the
Poll Worker examines the birth date
(attribute) and verifies that the subject is
register to vote in this district to see if the
Security Authority person is entitled authentic (allowed to
access based on rules) the Voting Machine
(resource).

Scene Four
Indeed, the person
(subject) is entitled
(meets the attribute
rules) to vote based
on his age (calculated
from DOB attribute), Credentials
and voting status, so
he is granted access
and happily Voting.

Questions to Consider
• How was the patron issued his credentials?
BMV
• What proof did the patron have to provide before he was
issued credentials?
SSI, Birth Cert, Passport, etc
• Who owns the age attribute?
Local Health Department
• Is the age attribute reliable?
Yes
• Do all Voter Poll accept the same credentials?
Yes
• Are the rules the same in all geographies?
Yes

Identity Management Continued

System Access

The Cast
Subject

Credentials
Resource
Security Authority

Scene One

Subject
Resource

A supervisor (subject) wants to access
the US Supervisor Site (resource) on
LillyNet.

Scene Two
Log On to Windows
Security Authority User name: C012561
Password: ********

The subject presents his UserID and password (credentials)
when he logs on to his computer in the morning. The
enterprise directory (security authority) examines the credentials
to prove the user is who he says he is (authenticates the
credential).

Scene Three

Security Authority

Attributes
Credentials
ID: DA87644 The user is successfully authenticated
Nm: Ward Green and now wishes to access the
Loc: United States Supervisor Site. The Security Authority
Supervisor: Y examines the work location and
Dept: IT supervisor status (attributes) of the user
PW ******** to determine if the person is entitled
(allowed) to the Supervisor Site.

Scene Four

Indeed, the user is
entitled to the
Supervisor Site based
on his work location
and supervisor status
and now accesses the
great tools at his
disposal.

Is It Really That Easy?
• To an end user, Identity Management (IdM)
should be easily consumable and require little
to no effort
• But like Disney World, there is a hidden
infrastructure that makes it all happen

Lilly‟s Story

• Identity Council Roles
• Subjects
 (Constituents)
• Architecture
 (IdM Construct Model)
• Tools

424

The Identity Council

Executive Process Owner, Enterprise Identity Management
Council Members:
 Global HR Process/Data Integration
 Procurement
 Office of Alliance Management
 US Recruiting and Staffing
 GBIP Center of Excellence
 Human Resource – IT
 Legal Human Resources
 LillyNet Services

Company Confidential
Copyright © 2004 Eli Lilly and Company

The Identity Council‟s Role

• Endorse roadmap of projects and activities recommended by the
Collaborator and Employee/Contractor groups (Identity Management
Team)
• Review enterprise business priorities and translate into specific projects
• Monitor identity projects, resources to ensure align with the enterprise
agenda
• Review recommendations from the Collaborator and
Employee/Contractor groups
• Stand for the enterprise agenda while representing local/area
requirements and adoption

Company Confidential
Copyright © 2004 Eli Lilly and Company

Identity Council Dashboard
September 2008
GOVERNANCE RESOURCE CAPACITY
0%

1 5 Id M P s R e c e iv e d 35% August Headcount
Lilly 15
56%
Contractors 1

P e n d ing D e cisio n = 1
Projects Open 0
 Support
Admin
Available
21%
 A p p ro ve d = 8 A u th en tic a tio n S e rvic e

P a s s w o rd R es e t

C a n ce lle d = 1
E n te rp ris e A cc e ss M g m t
 O n -B o a rd in g E xt. C o llab o rato rs

M IIS U p g ra d e

 R eje cted = 5 IC E R 5

RSA

Im prove E xtern al C ollaborator O n -boarding
THE CONSTRUCT E stab lish n ew A u thentication S ervice PROJECT PROGRESS
R eplace S upervisor S cript Idea Pr opose Develop Deploy Suppor t
P rovid e P assw ord M gm t for E xternal Authentication
C ollaborators Oct 1
Ser vice
W e b site U pgrade M IIS
P ro v id e to
Passw or d M gm t
P h ys ic a l W e b site
C reate E nterprise G roup s
M a in ta in
A u th S e c u re f or Ch em Ex p l or er
T ra ffic
Id e n tity Pass U s in g
P ro v id e E m a il
A ttrib u te s T h ru a N on-
Asset E n c ryp - S u p p o rt S u p p o rt S u p p o rt Passw or d M gm t
C re a te (S e lf)
R e m o ve
C re d e n -
A u th
T ru s te d
tio n R o le
B u s in e ss B u s in e ss
Legal Legal Legal Q3/ 07
A cce ss
Access
tia ls D e v ic e
Access
R u le A re a
R e q m n ts R e q m n ts R e q m n ts f or ot h er Ex t Col l ab s
M a in ta in A ccess D e le g a tio n
L o g o n P ro v id e U s in g G ra n tin g
Id e n tity D ig ita l S u p p o rt
U s in g K n o w - a D yn a m ic A cc e s s S u p p o rt S u p p o rt
C re a te A ttrib u te s D e a c tiva te C e rti- S in g le IT
Id e n tity (D e le g a te d ) Id e n tity
C re d e n - L e d g e T ru s te d
fic a te s A ttrib u te
A ttrib u te By
D e le g a tio n
R e g u la to ry R e g u la to ry R e g u la to ry
M ySite Cr e ation via
tia ls A u th D e v ic e A c c e s s In d ivid u a l R e q m n ts R e q m n ts R e q m n ts
Attr ibutes (ak a R5)
L ife c ycle A u d it
A u th e n tica tio n
A cce ss M g m t
A cce ss M g m t
A cce ss M g m t
M a in te n a n ce
O n -b o a rd in g

O ff-b o a rd in g

R e m o te A cc e s s
R e m o te A cc e s s

A c ce ss M g m t
A u th e n tic a tio n



D e le g a tio n
P u b lic K e y

A c ce ss b y

A c ce ss b y
A c ce ss b y
A c ce ss b y
A ttrib u tio n
A ttrib u tio n

E xc e p tio n
C o n d itio n
Id e n tity
Id e n tity
Id e n tity

Id e n tity
Id e n tity
Id e n tity
Id e n tity

Id e n tity
Id e n tity
Id e n tity
S ig n O n

Cr eate Identity
A u d it

A u d it
F a cto r
F a cto r
S in g le
S in g le

Q1/ 08
(f or Ex t Col l abor at or s)

Cr eate Access
Q1/ 08
(f or Ex t Col l abor at or s)
Id e n tity Access
A u th e n tic a tio n A u d it
L ife c y c le M anagem ent M IIS Upgr ade Dec 07

Id e n tity M a n a g e m e n t
Enter pr ise Access
Gr oup Cr eation

D a sh b o a rd D a sh b o a rd D a sh b o a rd

Lilly Subjects

• Lilly Subject are divided into four groups (each
group or sub-group has a business owner )
 Workers
 Customers
 Public
 Controllers
• Each group of subject were given a definition that
will be used by all area at Lilly.
• Each group of subject were broken down into
sub-group, which allows Lilly to target sub-groups
for IdM enhancements.

428

Identity Management Constituents
Groups impacted by ICE Rel 1 & 2 impacted

Constituents: Workforce Customer Public Controllers
CA= Corp Affairs
Those individuals / entities An entity with the
who previously, currently, or Individuals / entities
that receive Recipients of authority to control
Definition:
potentially contributed or will information, products, information made our right to operate
contribute to the delivery of available by Lilly to or who define the
products or services for the and the company.from
/ or services everyone. way we conduct
company. business.
•Patient Med •Shareholders CA •Any Government
• Job Applicant HR
–Clinical Trial Structure
• Job Candidate HR Patient •General CA –Rule makers
Population –Auditors
• New Hire HR •Consumer Demand –Regulators Med
–Caregiver •Media CA
• Lilly Employee HR –Patient Advocate CA
– Temporary Workforce •Trade groups CA
– Contingent Workforce •Advocacy Groups
•Provider Demand
•Lilly Board
– Family-related Person –Prescriber or Med Legal
Groups and
– Retiree (status) –Investigator •Non-Regulatory
sub-groups: Government CA •Standards
– Withdrawn (status) –Thought Leader
–B2B Influencer Organizations
• Contact ??? –Clinical Trial Site
• Vendor Procurement, HR
Personnel •Independent
•Payer Demand Review Boards /
• External Partner OAM Ethics Committees
•Distribution Chain Mfg Compliance
• Lilly Board Member –Pharmacy
Legal
–Wholesalers = Recommended
Managing Owner
= Possible
Managing Owner

IdM Team 2008 Objectives
 Improve External Collaborator Identity Lifecycle
Experience (ELI) and core account provisioning
 Create and Establish new Authentication Service (for
Approved by the Identity Council Applications)
 Password Mgmt for External Collaborators  Complete LillyNet Release 4 / 5 Commitments
 Upgrade MIIS F Establish Support Model for Identity Management IT
Services
F Access Management Service Provide
Website
to
Physical Website  Formalize Identity Mgmt Governance Process
Auth Secure
Maintain Traffic
Identity Pass Using
Provide
Attributes Thru a Non- Email
Asset Support Support Support
Create (Self) Creden- Trusted Encryp- Legal
Auth Legal Legal
Access
Remove tials Device tion Business Business Reqmnts Reqmnts Reqmnts
Maintain Access Role Area
Logon Provide Using Rule
Identity Digital Access Access Delegation
Using Know- a Support Support Support
Create Attributes Deactivate Certi- Granting
Creden- Ledge Trusted Dynamic Access Regulatory Regulatory Regulatory
Identity (Delegated) Identity ficates Single
Attribute By
IT Reqmnts Reqmnts Reqmnts
tials Auth Device

Lifecycle Audit
Authentication
Attribute Access Individual Delegation

Access Mgmt
Off-boarding
Maintenance
On-boarding

Remote Access
Authentication

Authentication

Authentication

Access Mgmt
Public Key
Identity

Identity

Identity

Delegation

Identity
Attribution
Access by

Access by

Access by
Exception
Condition
Sign On

Audit

Audit
Factor
Single

Identity Access
Authentication Audit
Lifecycle Management

11/13/2009
Identity Management Company Confidential
File name/location Copyright © 2000 Eli Lilly and Company

Identity Management Architecture Roadmap
– 2008

Identity Access
Authentication Audit
Lifecycle Management

Identity Management
Strong
Federation

Federation ILM V2
Cred.
ILM V2

Whale
Kerb. -Smart Card -InfoCards -Del. Admin
- Self Registration
SLDAP
EA -InfoCard -ADFS (WS*) RM -Attribution MOM BMC Log
- Workflow -Group List
-Bio-Metrics -SAML -Workflow
-RAS

(Directories)
Sun One Directory
Active Directory (EDS)

Identity Metasystem
(MIIS, ADAM, Identity Model, CLM)

WFSAD SAP Key Bus.
Apps
Constituency Grid Federation

Identity Lifecycle
The creation, maintenance and decommissioning of identities and associated attributes.
Create
Access Create Access: The ability for an individual to request access to Lilly resources
for themselves or on behalf of another person.
Create
Identity Create Identity: The ability for a business area or individual user to initiate the
creation of an “identity relationship” with a new person or group of people.
On-boarding
Identity

Identity On-boarding: The creation of an “identity” including gathering associated
attributes / information about the entity needed for uniqueness and identification.

Identity Create Access: Phase I – use existing access request methods
Lifecycle Next Phases – access based on attributions/role

IdM
Create Identity: IdM Self-Registration to collect IdM attributes and feeds
Self
Workflow K2.NET approval process.
Registration
MIIS/AD/BMC K2.NET

11/13/2009 Company Confidential
File name/location 432
Copyright © 2000 Eli

Authentication
Provide
Physical
Auth the ability to conclusively verify that a user is who he claims to be (“tell me who you are and prove it”)
Pass
Thru Provide Usage Patterns Developed – based on industry standards
Creden- Asset
tials Auth • Microsoft (Pass thru/Single Sign-on)
Logon Provide
Using Know-
• Secure LDAP (Logon using Credentials/Simplified Sign-on)
Creden- Ledge
tials Auth
• Federation Standards (Pass thru/Single Sign-on)
Service Profiles – Underdevelopment
Authentication

• 20+ different “profiles” can be used with new
Sign On
Single

Factor

Authentication service
• Which “profile” will depend on; Platform, O/S, COTS vs
Custom, Delta/ICE prioritization of profiles
• Information from business areas on application portfolio
Authentication usage of LSSO/LDAP
• Currently working with business areas on piloting the

IdM
profiles
• General availability after pilots
• Strong Authentication
Authentication • RAS (Remote Access Service)
Profiles
•Kerberos
EA LSSO • RBA (Role Based Access) Phase 1 Feb „09
•SLDAP

File name/location Copyright © 2000 Eli Lilly and Company
433

Lilly Access Management

• What attributes are available to grant access?
• Are the attributes reliable? Is there an
owner?
• How does someone get their credentials
issued? (On-boarding)
• How do applications consume the certificate
authority?
• What resources are available based on an
attribute or a set of attributes?

434

Definitions of Access

CREATE ACCESS - The ability for an individual
to request access to Lilly resources for
themselves or on behalf of another person.
ACCESS MANAGEMENT (Authorization) –The
enforcement of business rules at run-time to
ensure that users only access information to
which they have permission. (Controlling access to
resources based on the level of trust of an entity and the sensitivity of the
information.)


Access Management
the enforcement of access rules at run-time to ensure that users only access
information to which they have permission
Grant
Access Access by Entitlement:
By Role
Grant
Access
• Lilly_All-Workforce_UG - Entire active workforce in SAD
by that belong in SAP groups A, C, D, E, G and H. This
Single
Attribute includes employees and non-employees (enterprise
group)
Access by
Attribution

• Lilly_Employee_UG - All active employees in SAD that are
in SAP groups A,C,E, G and H. (enterprise group)
• Lilly_Non-Employee_UG - All active non-employees in
SAD that are in SAP group D (enterprise group)
• Request #1-Lillynet/Identity Management/Shared Documents/IdMArchitecture and
Access
Technologies/NT_Auth_AllGroup

Management Legacy: DS3 – Windows Group Management Tool
Group Admin – LSSO Group Management

IdM Tool
New (LillyNet): Group Populator – Access by Attribution
Group Admin

Rights Management – Access at the
Whale

Group
DS3 RM
Populator
Document level

Access Relationships

Create Access – What Resources are available?
 Definition of what information needs to be shared/accessed/created
 ~3000 applications
Manage Access – How are Resources Defined?
 Access by Entitlement (based on attributes)
 Enterprise Relationship
 Lilly vs Non-Lilly
 Supervisor
 Division
 Cost Center
 Access by Condition (based on attributes)
 Business Relationship
 Training Qualifications
 Collaboration
 Role (Business, System, Access)
 Access by Exception
 Adhoc (Named User)
 Access by Delegation
 Access created based on access from someone else


Access Management Service

Access Management – Phase 1
 R5 – Foundation Created
 3 Enterprise Groups (Roles) – Lilly & Non-Lilly
 Zone Groups – Lilly & Non-Lilly
 Top 10 Enterprise Groups
 Cost Center
 Physical Location
 Business Function (LRL, Legal, IT)
 Employee Status
 Org Code – Supervisor
 Employee Group
 Etc.
 Request – Please supply your top 2 Enterprise/Divisional Groups/Roles
 Standard Service to request Enterprise or Divisional
 Governance to manage requests and ensure ownership and stewardships
 Define what is an “appropriate” level for a role/group vs adhoc vs not an appropriate group – use an
enterprise role/group
 Enterprise (All)
 Enterprise (External only)
 Enterprise (Internal only)
 Departmental, Functional, Workgroup
 Federation


Summary

• Lilly has recognized that Identity is a journey.
• Governance is the key ingredient to success.
• Using industry standards from all Identity will
allow a company (Lilly)to be agile to met
business needs.
• Creating a Identity infrastructure and team
that focuses on the business needs and
process, which will assist in gaining control in
your environment.

439

WIFM?

• We waste time repeating localized processes that often aren‟t
well-maintained or managed
• Fewer local processes and one-stop shopping for access

• People have access to information they shouldn‟t
• Access to defined resources

• Tracking historical access to information is nearly impossible
• Audit trails

• A lot of energy is spent maintaining passwords and access to
“stuff”
• End user self service and access by attributes

440


Security Information Management and
PCI Compliance

Chris Blask

August 5 – 9, 2009
Raleigh, NC

• Industry Leaders in Network Security
• Public Speakers at Blackhat and Other CONS
• Several Publications to include:
 Gray Hat Hacking: the Ethical Hackers Handbook
• Over 20 Years experience in Gov and Industry
• Focused on:
 Security Strategy, Architecture, Policy Design
 Regulatory Compliance (PCI, SOX, HIPAA, GLBA, etc)
 Security Information Management (SIM/SEM/SEIM)
 Design, Implementation, Tuning, and Operations
 Penetration Testing of Networks and Applications
 Security Operations 443


• You Will Learn:

 The direction of Security Regulations and
Compliance in the United States

 The state of Security Information Management
(SIM) Technology and the Market

 The application of SIM Technologies to PCI
Compliance

444

• Once upon a time “CyberSecurity” meant a lock
on a door
• In the Olden Days, the records that run the
modern world were mostly kept on paper
• In that Bygone Era, computers were mostly for
computing lots of numbers

• Those days are gone

446

• Senate Bills S.773 and S.778 (govtrack.us)
• “To ensure the continued free flow of commerce
within the United States and with its global
trading partners through secure cyber
communications“

447

• 6.a “Within 1 year NIST shall establish
measurable and auditable cybersecurity
standards for all Federal Government,
government contractor, or grantee critical
infrastructure information systems and
networks… “
• 6.d.2 “The Director shall-require each Federal
agency, and each operator of an information
system or network designated by the President
as a critical infrastructure information system or
network, periodically to demonstrate
compliance....” 448

• 2.1 “America‟s failure to protect cyberspace is
one of the most urgent national security
problems facing the country. “
• 2.7 “The Cyber Strategic Inquiry 2008 …
recommended to „establish a single voice for
cybersecurity within government‟ concluding that
the „unique nature of cybersecurity requires a
new leadership paradigm.’. “

449

• Following public debacles such as TJ Maxx
(~50M, 2002) the card brands formed the PCI
Security Standards Council
• Current Version of PCI DSS 1.2
• Enforces “best practices”
• Requires Executive sign-off

• Heartland Payment Systems –audited as PCI
Compliant – reports breach in January 2009

450

• Nomenclature:
 Security Information Management (SIM)
 Security Event Management (SEM)
 Security Incident and Event Management (SIEM)
 They all walk like ducks
• SIM = A system for collecting and analyzing
information about what your information is doing
• SIM Inputs
 Events (syslog, SNMP, Flow Data, IDS alerts…)
 Network Data (Vulnerability Assessment, Inventory)

452

And What is it Doing?

Do You Know? In The Past In The Present

What You Have
? ?

What It‟s Doing
? ?

453

PC

PC PC

PC NAC

AUTH

454

• Everything your information system does, it can
report on
 Your information system does a lot of things every
day
 Even small systems can produce >1M events/day
• Most often, reporting (“logging”) is turned off
 Try telling Ops they must sort through 10M events
every day…
• Most network operators are flying blind
 Even many who have purchased a SIM

455

• About ten years into the evolution of SIM
 Started with simple logging solutions
 Recent evolutions (~5-6 years): productized solutions
becoming more consumable
• Software and Hardware solutions available
today
 Software solutions tend to be highly customizable and
highly expensive
 Hardware solutions tend to be highly deployable and
reasonably cost effective

457

• Have a goal in mind
 Identify a value you want to achieve with your SIM
 PCI Compliance
 Security Operations
 Network Operations
• Get Executive Buy-in
 Successful SIM deployment may require multiple groups
to collaborate
• Get Help
 SIM may touch everything
 SIM will require customization
 SIM is not your father‟s Oldsmobile 458

• The intent of PCI is to demonstrate that:
 You have secure control of Card Holder data
 You can verify that it stays secure
 You can tell when it stops being secure
 It’s all about diligence!
• Today, PCI requires you to be aware of your
network
• Inevitably, future PCI specs will increase logging
and log analysis requirements

460

• “What doesn’t SIM have to do with PCI?”
 Req #1: “Install and Maintain a FW configuration to
protect CH data.”
 Req #2: “Do not use vendor-supplied defaults for system
passwords and other security parameters.”
 Req #3: “Protect stored cardholder data.”
 Req #4: “Encrypt transmission of cardholder data across
open, public networks.”
 Req #5: “Use and regularly update anti-virus software or
programs.”
 Req #6: “Develop and maintain secure systems and
applications.”
461

• “What doesn’t SIM have to do with PCI?”
 Req #7: “Restrict access to cardholder data by business
need to know.”
 Req #8: “Assign a unique ID to each person with
computer access.”
 Req #9: “Restrict physical access to CH data.”
 Req #10: “Track and monitor all access to network
resources and cardholder data.”
 Req #11: “Regularly test security systems.”
 Req #12: “Maintain a policy that addresses infosec for
employees and contractors.”

462

• “Install and Maintain a FW configuration to protect
CH data.”
• A good SIM deployment should:
 Let you determine what is running on your network now
from layer 1 to 7
 Assist with FW policy creation
 Provide reporting platform
 Provide forensics platform

463

• “Do not use vendor-supplied defaults for system
passwords and other security parameters.”
 Be capable of detecting unencrypted logins
 Provide visibility into user logins

464

• “Protect stored cardholder data.”
 Be capable of detecting any out-of-policy access to
CH data
 Provide specific response capability to disallowed
access incidents
 Provide forensic platform

465

• “Encrypt transmission of cardholder data across
open, public networks.”
 Detect unencrypted traffic

466

• “Use and regularly update anti-virus software or
programs.”
 Enable effective prioritization of AV

467

• “Develop and maintain secure systems and
applications.”
 Verify hosts and applications are only communicating
as per policy

468

• “Restrict access to cardholder data by business
need to know.”
 Confirm enforcement of access rules
 Detect and record configuration changes to systems
holding CH data
 Detect suspicious login attempts to systems holding
CH data

469

• “Assign a unique ID to each person with
computer access.”
 Monitor user logins on all systems in PCI domain
 Detect non-standard logins (unencrypted, repeated
login failure…)
 Relate user IDs with originating IP Address

470

• “Restrict physical access to cardholder data.”
 OK, you almost got me on this one…
 BUT – think about integrating access-card usage data
with PCI system access logs…

471

• “Track and monitor all access to network
resources and cardholder data.”
 Maintain audit trail of all access to all components of
PCI domain
 Provide capability to alert on out-of-policy access
violations

472

• “Regularly test security systems and processes.”
 Constantly monitor all aspects of the PCI domain
 Provide central console to oversee regular testing
exercises

473

• “Maintain a policy that addresses information
security for employees and contractors.”
 Provide an active representation of existing policy
 Provide a platform for detecting policy violations
 Provide a platform for determining necessary policy
changes

474

• Both PCI compliance and SIM deployment ask
us to follow Best Practices:
 Have a policy, and enforce it
 Know what you have, and know what it‟s up to
• Both PCI and SIM can touch everything
• Deploying and using SIM properly makes
becoming PCI compliant simpler
• Becoming PCI compliant without a SIM is at best
problematic

475

Contact Information

Chris Blask
N2NetSecurity, Inc.
chris@n2netsec.com
941 201-8277
n2netsec.com

476

Contact Information

Chris Blask
N2NetSecurity, Inc.
chris@n2netsec.com
941 201-8277
n2netsec.com

477


Surviving a Payment Card Industry (PCI) Audit

Allen Harper

August 5 – 9, 2009
Raleigh, NC

• Focused on:

• Recent History
• PCI in a Nutshell
• PCI Compliance Requirements
• PCI Common Pitfalls
• Establishing a Monitoring
Capability
• PCI Maintenance

480

• Before PCI
• TJ Max
• Hannaford Bros
• Heartland Payment Systems

481

Data Security
Cardholder Information Standard (DSS)
Security Program (CISP) of
2001

Discover Information Security Site Data Protection
Compliance (DISC) Program (SDP)

Confused Merchants
482

• Poster child for PCI
• Initial compromise through WEP at stores
• Happened over 18 months (ending Mar 07)
• 45.6 Million credit cards compromised
• Still counting damage
• Many law suits filed
• Several states passed laws
• Motivation for PCI

483

• 270+ supermarkets in 5 eastern States
• 4.2M accounts exposed 12/07-3/08
• Two class action law suits filed
• Opinion:
 Inside job
 Malware placed on machines, sniffed data
 Security controls not in place
 May have been PCI compliant at time of breach
 PCI QSA audit in question

484

• Processes more than 600 Million CCs a year
• Reported a compromise on 20 Jan 09
• Number unknown, likely the biggest EVER!
• Several company systems infiltrated,
compromised and used to collect CC data
• Organized Cybercrime Involved
 Signals a new level of threat
 Lots of “chatter” in underground sites about a big
compromise in recent months…
 20% increase in online charitable contributions last
month…this is often a technique to see if card is
valid…
485

• PCI DSS
• PCI DSS Domains
• PCI Players
• PCI Terms
• PCI Encryption Requirement
• Self Assessment Questionnaire
• PCI Merchant Levels
• Consequences

486

• Card Associations founded an LLC (2006)
 Security Standards Council (open global forum)
 http://www.pcisecuritystandards.org
• Single Program, Single Focus
• Payment Card Industry Data Security Standard
(PCI-DSS), now at version 1.2
“Payment Card Industry (PCI) Data security requirements apply to all
Members, merchants, and service providers that store, process or
transmit cardholder data.”
• PCI is a Continuous Process

487

1. Install and maintain a firewall configuration to protect cardholder data
Build and Maintain a Secure
Network 2. Do not use vendor-supplied defaults for system passwords and other security
parameters

3. Protect stored cardholder data
Protect Cardholder Data
4. Encrypt transmission of cardholder data across open, public networks

5. Use and regularly update anti-virus software
Maintain a Vulnerability
Management Program
6. Develop and maintain secure systems and applications

7. Restrict access to cardholder data by business need-to-know
Implement Strong Access
8. Assign a unique ID to each person with computer access
Control Measures
9. Restrict physical access to cardholder data

10. Track and monitor all access to network resources and cardholder data
Regularly Monitor and Test
Networks
11. Regularly test security systems and processes

Maintain an Information
12. Maintain a policy that addresses information security
Security Policy 488

• PCI Security Standards Council
• Issuing and Acquiring Banks
• Merchants
• Service Providers
• Qualified Security Assessor (QSA)
 www.pcisecuritystandards.org/pdfs/pci_qsa_list.pd
f
• Approved Scan Vendor (ASV)
 www.pcisecuritystandards.org/pdfs/asv_report.htm
l
490

• Primary Account Number (PAN)
• Encryption
• Processing Systems
• CAV2/CID/CVC2/CVV2 (DIS, JBC, MC, Visa)
• Payment Applications Best Practices (PABP)
 https://www.pcisecuritystandards.org/pdfs/pci_pa
-dss_program_guide.pdf
• Self Assessment Questionnaire (SAQ)
• Report on Compliance (ROC)
• Point of Sale (POS)
• PIN Entry Devices (PED) 491

Data Element Storage Protection PCI DSS
Permitted Required 3.4

Cardholder Primary Account Number YES YES YES
data Cardholder name YES YES NO
Service Code YES YES NO
Expiration Date YES YES NO
Sensitive Full Magnetic Strip NO N/A N/A
Authentication CAV2/CVC2/CVV2/CID NO N/A N/A
data* PIN / PIN Block NO N/A N/A

492

SAQ Type Description Questions

1.2.A Card-not-present (e-commerce or mail/telephone-order) 11
merchants, all cardholder data functions outsourced.
This would never apply to face-to-face merchants.
1.2. B Imprint-only merchants with no electronic cardholder 21
data storage or Stand-alone dial-up terminal merchants,
no electronic cardholder data storage
1.2 C Merchants with payment application systems connected 38
to the Internet, no electronic cardholder data storage
1.2 D All other merchants (not included in descriptions for 226
SAQs A-C above) and all service providers defined by a
payment brand as eligible to complete an SAQ.

493

Who Requires
• Any merchant-regardless of acceptance channel- •On-site audit by QSA
1 processing over 6,000,000 transactions per year. •Annual report of compliance (ROC)
• Any merchant that has suffered a hack or an attack that •Quarterly scans by ASV
resulted in an account data compromise. •Annual penetration test (SAQ-D)
• Any merchant that Visa, at its sole discretion, determines
should meet the Level 1 merchant requirements to
minimize risk to the Visa system.
Any merchant-regardless of acceptance channel- •Self-assessment questionnaire (SAQ)
2 processing 1,000,000 to 6,000,000 transactions per year. •Quarterly scans by ASV
•Annual penetration test (SAQ-D)
Any merchant processing 20,000 to 1,000,000 credit card •Self-assessment questionnaire (SAQ)
3 transactions per year. •Quarterly scans by ASV
Any merchant processing fewer than 20,000 credit card •Self-assessment questionnaire (SAQ)
4 transactions per year, and all other merchants-regardless •Quarterly scans by ASV
of acceptance channel-processing up to 1,000,000 Visa
transactions per year.

Note: actual requirements vary by card issuer, check with them for specifics
494

• Cost of notifying victims
• Loss of business and reputation
• Cost of Lawsuits
• Fines up to $500,000 per incident
• Cost of replacing cards ($10/ea)
• Cost of any fraudulent transactions
• Cost of forensics by QSA
• Cost of audit (Level 1) by QSA
• Possible loss of credit card processing $$$
• Safe Harbor for Compliant Vendors (VISA)
495

• Vulnerability Scans
• Internal Penetration Test
• Quarterly External Scans by ASV
• Annual Assessments by QSA
• Preparing for Internal Audit
• Annual SAQ/ROC

496

• 11.2 Run internal and external network
vulnerability scans at least quarterly and after
any significant change in the network.
• These do not have to be performed by a QSA
• Use common tools (free or commercial)
• Use common best practice settings (no need
for DoS test)
• Document findings, recommendations to
resolve, and progress between scans

497

• Required for Level 1, 2 and 3 Merchants
• Check PCI site for ASVs (trained by PCI SSC)
• ASV may use their own software or other
• ASV should not install root-kit or other software
(unless authorized by PCI SSC)
• ASV must be non-disruptive
 No reboots, DOS, change of DNS routing, etc
• Advice: use an online, remote ASV, such as
Qualys

498

• 11.3 Perform penetration testing at least once
a year and after any significant infrastructure
or application upgrade or modification …
These penetration tests must include the
following:
 11.3.1 Network-layer penetration tests
 11.3.2 Application-layer penetration tests
• These do NOT have to be performed by QSA
or ASV

499

Annual Assessments by QSA

• Annually (for Level 1 Merchants), the QSA will:
 Define the scope of the assessment
 Verify all technical information provided by merchant
 Use independent judgment and confirm compliance
 Provide support and guidance to meet compliance
 Be onsite for validation of information and assessment
 Follow the PCI Security Assessment Procedures
 Select systems and components for sampling
 Evaluate Compensating Controls
 Produce Final Report
• Advice: Engage with QSA early and often, prior to actual
assessment, during preparation phase
500

• Get Executive Buy-in
• Develop a team
 IT/Network/Security
 PCI Auditors (QSA and non)
 Internal IT Auditors
 CIO/CFO/Legal/CISO
• Develop and Publish Policy
• Training (what is PCI?)
• Gap Analysis (use the PCI DSS in a spreadsheet, split up
work, conduct interviews, sample systems, validate policies,
identify gaps)
501

• Everyone should start with self assessment
questionnaire (see Gap Assessment on prev slide)
• Level 2-4 Merchants must submit annual SAQ
• Level 1 Merchants must have annual onsite
assessment and submit a ROC.
 Signed by a corporate officer.
 Signed by a QSA
 Submitted to Acquiring Bank for Approval

502

• Reducing Scope
• Compensating Controls
• 10.5.3/4 Centralized Logging
• 3.5/3.6 Key Management
• 6.3.7 Source Code Review
• 6.3.3 Separation of Duties
• 12.1 Security Policy
• 12.6 Security Awareness Program
• 12.9 Incident Response Plan/BCP
503

• Segmentation of internal network is key
 Reduces scope
 Reduces cost!
 This is critical!
• Isolates systems that process and store
cardholder data from other network systems
• Requires an in depth knowledge of flow of
cardholder data throughout network
• Use of internal firewalls, routers, ACLS, etc
• Segmentation will be verified by Assessor
• Advice: segment wireless and corporate network
(+DMZ) from cardholder environment 504

Compensating Controls

• Allowed when compliance on a particular item will
be too expensive or otherwise not feasible
• Should be used as only a last resort
• Requires a compensating controls worksheet
• Must be accepted by assessor and acquiring bank
• Must be reviewed annually by assessor and results
recorded on ROC.
• Advice: The fewer the better
 less than 10 for sure, less than 5 is norm (knowpci.com)

505

• 10.5.3 “Promptly back up audit trail files to a
centralized log server or media that is difficult to
alter.”
• 10.5.4 “Verify that logs for wireless networks are
offloaded or copied onto a centralized internal log
server or media that is difficult to alter.”
• Includes the following audit data:
 User ID, Type of Event, Date/Time, Success/Failure,
Origin of event, ID of affected data/system/component
• Advice: Ensure you get it all, then use your
SIM/SEM/SIEM device to perform this task.

506

• DSS Requires:
 Strong Key Generation
 Secure Key Distribution
 Secure Key Storage
 Periodic Changes of Key (at least annually)
 Destruction of old Keys
 Split Knowledge of Encrypted Key
 Prevention of Unauthorized Key Substitution
 Solid Key Revocation Process
 Key custodians sign “acknowledgement” form
• Advice: automate when possible, purchase
commercial solution when feasible.
Don‟t “roll your own” encryption…
507

• 6.3.7 “Review of custom code prior to release
to production or customers in order to identify
any potential coding vulnerability.”
• This applies to all custom code used to
accept, process, or store cardholder data
• Advise: start this early, it will take a while to
complete and fix findings afterward.
Outsource when skills are not present in-
house.

508

• 6.3.3 “Separation of duties between
development, test, and production
environments”
• This requires separate people for these roles.
No way around it.
• Advice: Peer developers from other in-house,
non-PCI applications may be used in this role.
Document controls such as source code
repository, code-diff review process, restricted
accounts on production systems, etc.

509

• 12.1 Requires
 12.1.1 Addresses all requirements in this specification
 12.1.2 Includes an annual process that identifies threats, and
vulnerabilities, and results in a formal risk assessment
 12.1.3 Includes a review at least once a year and updates when the
environment changes
• Signed acknowledgement for all employees
• May need to start without executive direction
• Advice: store centrally on portal, develop hierarchy
of documents to avoid redundancy. Publish
Authorized Use Policy for users.

510

• 12.6 Implement a formal security awareness
program to make all employees aware of the
importance of cardholder data security:
 12.6.1 Educate employees upon hire and at least annually (for
example, by letters, posters, memos, meetings, and promotions)
• Required for new employees and then annual
• Advice: create user security awareness training
material and track on Learning Management
System (LMS). Capture new users as part of on-
boarding system.

511

• 12.9 Requires
 Specific Incident Response Procedures
 Business Continuity Plan (BCP)
 Data Backup Procedures
 Roles and Responsibilities
 Communication and Contact Strategies
• BCP is Much bigger than security
 More than Disaster Recovery…
• Advice: develop plans and practice
regularly, develop scenarios to test
512

• Log Retention Considerations
• SIM/SEM/SEIM
• Security Operations

513

• 10.7 Retain audit trail history for at least one
year, with a minimum of three months
available online
• Expect Millions of Events per day
• Depending on format, may require Terabytes
of storage
• Advice: choose a good SIM/SEM/SIEM to
manage and parse this data

514

• Debatable name, clear requirement (10.6)
• Filters and correlates millions of events into a
manageable number of actionable incidents
• Your only hope to “find a needle in the haystack”
• Must be tuned:
 Quality and Quantity of Sensors Tens of Millions of raw events

Millions of security relevant events
 IDS, Firewalls, Routers, Scanners, OS
Hundreds of correlated events
 Change Control of Manager
Dozens of correlated
 Tuning of Manager incidents

 Reduction of False Positives Few actionable
incidents

 Creation of Content
 Filters, Rules, Reports, Charts
515

• Tiered Analyst Accounts (least access perms)
 Tier 1 – “Eyes on glass”, responsible for detection of
suspicious events and minimal analysis, escalation
 Tier 2 – “Heavy Analysis”, research, elimination of false
positives, reaching out to other business groups
 Tier 3 – “Change Control”, validates lower tiers work, leads
incident response, tunes manager as appropriate
• Tier 1 Analyst should treat all suspicious events as
potentially malicious, unless proven false. Either
way, both cases need to be escalated
• However: “first reports are often wrong”
516

• OK, you are now PCI compliant, now what…
• Your network changes from time to time
 Any significant network change that affects systems
that accept, process, store card holder data triggers a
reassessment.
• PCI-Changes from time to time
 DSS 1.1 released Sep 06
 SAQ 1.1 released Feb 08
 DSS 1.2 released Oct 08
 SAQ 1.2 released Oct 08

517

Summary of PCI DSS 1.2 Changes
• Mostly clarification, not many changes…
 DSS1: expanded to cover routers & firewalls, review 6mos
 DSS2: modified, broadcast of SSID now allowed
 DSS4: WEP not permitted after June 30, 2010
 DSS5: AV required on all systems “commonly affected”
 DSS6: More “risk management” in patching
 DSS 9: Review Security of offsite storage “annually”
 DSS 9: flexibility given for cameras or other controls
 DSS12: Relaxed language in contracts to Services providers
 DSS12: Expanded definition of “employee facing”…PDAs…

NOTE: there is now a new PCI PABP DSS out… see PCI site.

518

• Visa (CISP)
 http://www.visa.com/cisp
• MasterCard (SDP)
 http://www.mastercard.com/us/sdp/index.html
• PCI Security Standards Council
 https://www.pcisecuritystandards.org
 Self Assessment Questionnaire
 https://www.pcisecuritystandards.org/tech/saq.htm
• PCI DSS blogs
http://www.pcianswers.com
http://knowpci.com
• Your Acquiring Bank
519

• Security Strategy, Architecture, Policy Design
• Regulatory Compliance (PCI, SOX, etc.)
• Security Operations/Staff Augmentation
• SIM/SEM/SIEM Implementation, and Tuning
• Penetration Testing (Network, Applications)
• http://www.n2netsec.com

520

Contact Information

Allen A. Harper
N2NetSecurity, Inc.
allen@n2netsec.com
(919)654-6788
www.n2netsec.com

522


Top 10 Security Threats and Preventions
For 2009

Allen Harper

August 5 – 9, 2009
Raleigh, NC

• Focused on:

Books We Have Authored…

525

Purpose of Brief

• To Discuss Today‟s Security Trends
• Open your Eyes to Emerging Threats
• Dispel Some Common Security Beliefs
• Have Some Fun…

• Threats Presented in No Particular Order
• Both Threats and Preventions will be Discussed
• Actionable Items… Rick will Have Copy

526

Heartland Payment Systems, Inc
• Processes more than 600 Million CCs a year
• Reported a compromise on Tues, 20 Jan 09
• Number unknown, likely the biggest EVER!
• Several company systems infiltrated, compromised and
used to collect CC data
• Organized Cybercrime Likely Involved
 Signals a new level of threat
 Lots of “chatter” in underground sites about a big compromise in
recent months…
 20% increase in online charitable contributions at the end of
2008…this is often a technique to see if card is valid…

527

1. Data Loss
• Data at Rest
• Data in Transit
• Liability
• Prevention:
 Devalue Assets
 Classification/Tagging
 Log or Block USB Devices when Feasible
 Data Loss Prevention Technologies
 Encryption
 File Shadowing/Watermarking
 Exfiltration Monitoring
• Note: Compliance (PCI, SOX, HIPAA) != Security

2. Wireless Insecurities
• WEP is Dead (Aircrack-NG, WIcrawl)
• WPA is in Intensive Care (coWPAtty)
 WPA 1 & 2 PSK is Dead… only WPA2 Enterprise lives…
• War Driving/Walking/Flying/Balooning/Chalking
• Karma (Hotspots, Airports, Starbucks)
• Prevention:
 WPA 2-Enterprise (for now)
 Segmentation
 Layer 2 Encryption (IPSEC)
 Wireless IDS (AirDefense, AirMagnet)

3. Drive by Download Attacks

• Web Based Client Attacks – Wrong Place/Time
• Defense in Depth is Dead…

2 1

3

Defense for Web Based Attacks
• Switch Browsers…go Firefox! … for now!
• Virtual Browsers
 Hardened Linux running in VMware Appliance
 www.vmware.com/appliances/directory/browserapp.html
 CheckPoint ZoneAlarm‟s ForceField
 www.zonealarm.com/forcefield/

11/13/2009 FOUO 531

4. Phishing

• Attacks on Layer 8
• Not your dad‟s “Social Engineering”
• Spear Phishing – Data Gathered with Maltego
• Whale Phishing
• Prevention: Filtering and User Awareness

Phishing…It happens…

11/13/2009 FOUO 533

5. Security Information Overload

• Event Management Requirements (Millions/day)
• Log Management Requirements (Billions/years)
• Prevention: SEIM to the Rescue

6. Security Blind Spot

• Zero-day or 0day Exploits
• Exploits to non-disclosed vulnerabilities
• Exploits with NO signature (elevator key)
• Offer undetected access to any vulnerable system!!!!!
• They are Sold…Full Disclosure is dead!
 The black market (blackhats, virus/spyware writers)
 Organized crime (Russian Business Network-RBN)
 Vulnerability Sharing Clubs
 Vulnerability Announcement Services (Idefense, 3Com)
 Auctioned on sites like ebay… www.wslabi.com
 Governments play too…
536

Zero-day Auctions like ebay…

537
www.wslabi.com/

6. Security Blind Spot
State Level Anomaly based
Severity Info Warfare tools, Vuln
Discovery, and Zero-day line
Terrorist honeypots are
useful here!

Corporate Espionage
Signature based
Malicious tools and RED
Hacker teams are only
useful here!

Ethical Hacker
Curious Hacker
Script Kiddie
Infected worm victim

Probability 538
Attackers Defenders

7. Sophisticated Malware
• Was Annoying… Now Organized Crime…McColo
• Encrypted and Obfuscated Payloads
• Targeted Data, Identity, and Resources Theft
• Prevention: Patching, Antivirus, and Honeynets

8. Physical Network Access

• Physical Access is Admin Access!
• Jacks in Conference Rooms…Server Rooms…
• Insider Threat (estimated to be 40% of attacks)
• VoIP Attacks: sniffing, voicemail, exploits
• Blackberries use BES as proxy!
• Prevention:
 NAC to the rescue
 Network Segmentation
 Strong ACLs on Files and Shares
 Logging of Violations and Monitoring
 Forced timeout and passwords on Blackberries
 Strong Physical Security
 Harden your VoIP Services

9. Virtualization
• Old Attacks Apply and Some New Ones…
• Virtual Security Appliances? See me for info…
• Rogue Virtual Machines
• Not Just VMware…
• Patching?

Threats to Virtualization

542

10. E-Discovery

• What is the Threat? Time and Resources…
• If your company is sued and your lawyers say to
you… “We need all the emails for the last year and
all copies of all spreadsheets on all computers and
all network shares in the network…for the last
year…in 2 weeks…”
• Can you do it? Or will this request break you?
• Prevention:
 Clear Data Retention Policy (the shorter the better)
 Data Retention Technologies
 E-Discovery Policy, Personnel, Procedures

Demos… of Backtrack

544

Please let us know if we can assist your company…

allen@n2netsec.com

546

Contact Information

Allen A. Harper
N2NetSecurity, Inc.
allen@n2netsec.com
(919)654-6788
www.n2netsec.com

547


Professional Leadership and Management

•Best Practices in IT Summer Intern Programs

•Building a Culture of Innovation at GE Healthcare

•Change Management: Transitioning to New Leadership

•Processing America‟s Tax Returns: A Birdseye View

•Selling BDPA: Multiple Streams of Chapter Income

•Using Enterprise Architecture To Manage Today‟s Change

•Utilizing A Disciplined Management Approach for Success


IT Summer Intern Program Best Practices

Terry J. Morris

August 5 – 9, 2009
Raleigh, NC

Presentation Outline

• Introduction
• Presentation Objective
• Current State
• Typical Recruiting Process
• Intern Program Principles
• Intern Benefits
• Sample Intern Profile
• “The Talent Pipeline”
• Lilly IT Internship Program Overview
• Sample Organizational Structure
• Key Intern Program Roles
• Leadership Engagement
• Key Challenges
• Key Considerations
• References
• Q&A 550

Introduction

• Name: Terry J. Morris, Jr.
• Employer: Eli Lilly and Company (Since
2001)
 Current Role(s)
 Business Analyst in Global Medical & Regulatory IT
 Information Technology Intern Coordinator
• Previous Internships:
 Federal Express (1998)
 IBM/ATT Global Network Services (1999)

551


• Share best practices for ideal IT internship
programs
• Discuss key principles, components, roles,
and responsibilities of an ideal IT internship
program.
• Review Eli Lilly and Company‟s IT Intern
Program

552

Intern Cartoon #1

553

Intern Cartoon #2

554

Current State

• Employment of computer and information systems managers is
expected to grow between 18 to 26 percent for all occupations
through the year 2014.
• The number of students enrolled in computer science programs
is at its lowest in at least a decade.
• Computer Science was one of the hottest majors during the dot-
com boom of the late '90s, but the numbers dropped after the
2001 bust.
• Despite a strong market for IT professionals, college students
aren't as interested in studying computing as previously.
• There is now a higher demand for IT talent, but a smaller supply
of candidates.

555

Typical Recruiting Process

Early Engagement via
Youth Focused
Campus
Technology Programs (i.e. Interview Internship Full-time Hire
Recruiting
BDPA High Programming
Competition, NSBE, etc)

556

Intern Program Principles

• Mission and objectives should align with the
overall recruiting strategy for the organization.
• Appropriate level of senior management
engagement and sponsorship.
• Dedicated resources during planning and
execution periods.
• Valuable corporate experience for interns.
• Provide mechanism to evaluation the interns
performance based on objective data.
• Clearly defined candidate profile.

557

Intern Benefits

• Robust Projects
• Accountability
• Adding Value
• Interaction w/ Top Executives
• Corporate Experience
• Fun!!

558

Sample Intern Profile

• Minimum requirements
• Currently a freshman, sophomore, or junior in a computer related BS/MS
program
• Cumulative GPA of 3.0/4.0

• Additional skills/preferences
• Technical depth and ability to quickly learn new technologies
• Strong desire for a career in IT
• Demonstrated leadership and ability to influence
• Strong interpersonal skills with ability to work as a member of cross-
functional business teams and technical teams
• Excellent written and verbal communication skills

559

“The Talent Pipeline”

Attraction Assessment Closing
Onsite Visits
Interviews
Offers
Internship
Full-time Offers
Accepts
Recruiting Process
Target Schools
www.xxx.com
New Hire
Conferences Intern to Full Time
Facebook

560

Audience Engagement:
How do we recruit this generation in
the current cultural envrionment?

561

Lilly Intern Program

• Mission
• Objective(s)
• Components

562

Audience Engagement:
Other Intern Program Examples

563

Sample Organizational Structure

CIO

Executive Project Area
Sponsor Management

Program Program HR
HR Recruiter
Manager Coordinator Representative

Co- Committee Component
Interns Mentors
Coordinator Members Coordinators

564

Key Intern Program Roles

Intern Program Coordinator
• Facilitate knowledge transfer to Intern Co-Coordinator
• Serve as initial POC of entire Internship Program
• Accountable for coordination of entire Internship Program
• Facilitate all Lead Team/Coordinator Meetings
• Participate In Corporate Internship Program
Meetings/Functions
• Partner w/ HR Staffing & Recruiting
• Constantly look for ways to improve the program
• Provide leadership/counsel/guidance to Co-
Coordinator/Committee Members/TLs/Interns
• Look for ways to develop others during program
• Server as escalation contact for entire Program
565


Intern Program Co-Coordinator
• Serve as secondary POC of entire Internship Program
• Responsible for assisting with the coordination of entire
Internship Program
• Participate in all Lead Team/Coordinator Meetings
• Participate In Corporate Internship Program
Meetings/Functions
• Constantly look for ways to improve the program
• Provide leadership/counsel/guidance to Interns
• Look for ways to develop others during program
• Prepare for Coordinator Role Next Year

566


• Component Coordinator
 Work within their respective component to secure participation of a
management-level individual and to prepare them to present an overview
of their corresponding component
• Committee Members
 Responsible for planning any events assigned by the Coordinator
 Provide detailed updates on the events to the Coordinators
 Has low interaction with the interns
• Team Leader
 Provide a positive experience for the intern
 Establish/Maintain a strong relationship with the intern
 Be able to represent the interns work
• Mentor
 Provide a sounding board for more personal conversations
 Inquire about barriers/conflicts for potential advise or escalation
 Expose the intern to the city and in depth Lilly culture
 Serve as an unbiased contact 567


• Executive Sponsor
 Ensures management alignment with program vision.
 Allocates approval funding for program.
 Point of escalation from all management needs.
• HR Representative
 Human resource advocate /resource for students.
 Provide benefits and compensation overview for interns.

568

Leadership Engagement

• Leadership engagement is required to maintain the
appropriate level of sponsorship throughout the
organization.
• The organization‟s leadership should express the
importance of the intern program to all
management, to ensure of the appropriate allocation
of time and resources.
• Key organizational leaders should make themselves
available throughout the internship program for
direct interaction with the interns.

569

Key Challenges

• Decline in Computer Science and Information
Technology enrollment across the U.S.
• Maintaining corporate sponsorship and financial
support during economic downturns.
• Recruiting and retaining top talent.
• Providing adequate pay, room and board, and
transportation.
• Strategy for managing through geographic concerns.

570

Key Considerations

• Competitive Salaries
• Transportation allocation
• Room and board concessions
• Opportunity for feedback from all
stakeholders
• Robust project selection and matching
process
• Appropriate leadership and organizational
visibility

571

References

• Career Guide to Industries 2006-07 -
http://www.doleta.gov/BRG/Indprof/IT_profile.
cfm
• NPR “Computer Science Course
Enrollment Dips in U.S.” -
http://www.npr.org/templates/story/story.php?
storyId=88154024

572


Building a Culture of Innovation
at GE Healthcare

Russ Neumeier

August 5 – 9, 2009
Raleigh, NC

Global Landscape

Asia
15%
Americas
49%

Europe, Middle East & Africa
36%


Inverting the triangle

…from few to the
many

Inverting the Triangle

• New leadership
• New ideas
• More involvement
• More participation
• More ownership

This drives what we do and why we do it
579

Our Innovation History

…from Process to
Mindset


• November 2006:
the Innovation campaign!

• Focus: Technology

• The Process
 50 ideas
 30 participants

• Global IT Feedback

581

A Bit of Marketing

Have you ever wondered....?

"A picture is worth a thousand ideas." -- Gerald Haman
THREE days and counting

A Bit of Marketing

Have you ever taken a detour "just because...?"

"You have to have a plan in place, but not one so rigid that you don't
take detours. The A-ha's are in the detours." -- Terry Eggar
TWO days and counting

A Bit of Marketing

Have you ever asked, "what if....?"

"Never before has it been so economically feasible to ask „what if‟
questions,… Put concretely, without experimentation, we might all still be
living in caves and using rocks as tools." -- Stefan Thomke
TOMORROW is the day

A Bit of Marketing



• Innovation 2.0:
Opening Bell

• Wider Focus: Process & Technology

• Market Forces
 175 ideas
 300 participants


User Generated Content


Innovation 2.0 Results

Submitted Reviewed Approved
Leadership report outs POC
• Single Workflow for employee • Single Workflow for
• Firefox employee
• Onetool for ITSM • Web based Project Mgmt
• Web based Project Mgmt • Web based Visio
• Google docs • Acqusitions due diligence
• Web based Visio • Oracle enquiry bot
• MEA Video conf • SSO using digital certs
• Acqusitions due diligence • Collaboration workspace
• Time on Desktop
• Oracle enquiry bot
• SSO using digital certs More in pipe-line..
• Collaboration workspace

Top discussed ideas
• Onsite Helpdesk
• Firefox
• Onetool for ITSM
• Blackberry 2d barcode
• GE Answers


• Innovation 3.0:
a joint venture between IT/Engineering

• Narrow Focus: cost out of the business

• Market Forces
 101 ideas
 378 participants



• Growth Playbook:
purposefully cross-
functional

• Focus: answering
business problems

• Key Themes


Road Trips!

…going to the Innovators
and bringing the Innovators
to us

Road Trip

• GE Healthcare CIO &
Direct Reports

• West-Coast Swing

• Several Days,
Several Vendors


Regional Technology Fair

• 2008: things changed

• Flipped the idea

• Hundreds of participants


Regional Technology Fair

• 2009: built on success

• 80% of vendors were
repeats

• Hundreds of participants

• Creative ideas


Open-source software

…doing a lot for free

Humble Beginnings…Wiki

• TINY budget
• Talked to the early
adopters
• No formal marketing
• 2nd largest wiki in GE
• Every GE business is
interested


Humble Beginnings…Blogs


GE Opinion Survey – Virtual Pub

• Three areas of focus

• Nine Questions

• Two weeks

• The response:
 175 posts
 2,300+ views


The Pipeline

…technology
past, present, and future

Skunkworks Graduates

• Proven consumer
applications
• No formal project
• Open-source
• Word-of-Mouth
• Still growing!


Pipeline Projects

• Collaboration
• Community
• Self-Directed
• Ongoing


Peering Around the Corner


A Barbaric Yawp


Fostering Innovation

1. Grass-Roots

• Seek other early
adopters
• Show value to the
business
• Stop projects that don‟t
work
• Live by example



2. Embrace the
troublemakers

• Engage the ones
circumventing policy
• Talk to them
• Get them involved
• Let them be advocates
for change



3. Executive &
Management

• Provide air cover
• Provide seed funding
• Provide the visibility
• Live by example



4. Have Fun

• Break from tradition
• Allow some
personalization
• Trust people!



5. Start the conversations

• Ask questions
• Speak up
• Share what you know
• LISTEN!
• Live by example



6. One size does not fit all

• Try several things
• Experiment
• Messy can be good
• Build mindset



7. Permission to fail

• Encourages reasonable
risk
• Speeds innovation
• Learn MORE


Points to Ponder

• How can you encourage idea
sharing?
• Where do the innovators hang out
in your organization? How can
you draw them into creative
projects?
• Create a list of the things you can
do to promote cross-functional
work


Monday‟s Challenge

…quick things you can try on
Monday morning

Endless Possibilities

• Download some
software
• Take on a quick
project
• Ask people to solve
a problem
• Try one before
catching up on
email


Downloads – All Free…

• WAMP server -
http://www.wampserver.com/en/download.php
• MediaWiki -
http://www.mediawiki.org/wiki/Download
• WordPress MU -
http://mu.wordpress.org/download/
• PHPbb –
http://www.phpbb.com/downloads/

I‟ve run all of these apps on my laptop

Summary

• It‟s not all software
• Time
• It doesn‟t cost a lot
• Experiment
• Start the
conversation
• Listen
• Have fun


Contact Information

Russ Neumeier
GE Healthcare
russ.neumeier@ge.com
414.721.3573
http://www.gehealthcare.com

619


Transitioning To New Leadership

Sharon D. Fitzpatrick
The Fitzpatrick Group, LLC

August 5 – 9, 2009
Raleigh, NC


• Phases of Transition
• Creating A Strategic Vision
• Leadership: Individual Alignment with
Transition
• Organizations: Transitions and Change
• Proactive Approach for Transitioning to New
Leadership by Developing Professional
Networks

621

Leading Change

Exercise: Quick Change

Quick Change

We look at change as things that will be taken
away.

Often times we have to make too many
changes too quickly.

If change is not sustained in some way; there is
a tendency to return to the status quo.

Successful Leadership Transition

Change

Status Quo Resistance

3 Phases of Transition

New
Beginning
Neutral
Zone

Letting Go

Creating A Strategic Vision

• Imaginative Create a Strategic
• Interesting Vision Statement
• Doable that describes how
you will maintain the
• Focused focus of Strategic
• Flexible Objectives during a
• Understandable new leadership
transition

Leading People
“ Leaders make things possible. Excellent leaders make them
inevitable”
-----Lance Morrow

Organizations: Transitions &
Change

Organization‟s
Customer and Organization‟s
Employee Systems,
Environmental Culture &
Development Processes &
Impacts Philosophy
Structure


Developing Professional Networks

Organizational
Management

Internal:
Transitioning External:
Individuals, To New Practitioners,
Teams, Government
Groups
Leadership Customers
Vision

Social
Networks

Transitioning To New Leadership

Be Proactive in
developing networks Need to have a
particularly with new Vision for focusing
leadership that will on Strategic
assist in attaining the Objectives with the
focus of our Vision transition to New
and Professional leadership
Goals

Need to understand who we
are as leaders; how to
continue to be ethical and
build and maintain trust in
the midst of change

Contact Information

Sharon D. Fitzpatrick
The Fitzpatrick Group, LLC
sharon@mytrainingconsultant.com
(703) 669-5377
www.mytrainingconsultant.com

631


Processing America‟s Tax Returns, A
Birdseye View

Tony McMahon

August 5 – 9, 2009
Raleigh, NC

Processing America‟s Tax Returns, A Birdseye View

 Modernization & Information Technology
Services (MITS), The IRS IT Footprint

 Infrastructure

 Processes

 Best Practices

633


MITS – Locations - Personnel
UNITED STATES
Washington Vermont
39 0
Montana Maine
Maine
Washington Montana North Dakota 3
1 North Dakota
1 Minnesota 3
39 Minnesota
23
1 Vermont New Hampshire
Oregon 1 23 $ 0
12
Oregon
11 New Hampshire
11 Wisconsin 193 Massachusetts
Idaho South Dakota
South Dakota Wisconsin
Massachusetts
108
Idaho Wyoming 2 15
15 New York
New York
Wyoming 193 Connecticut
1 1 1 2 Michigan
Michigan Rhode Island 2
California
1 487 $ Connecticu 21
Iowa
Iowa Pennsylvania New
Pennsylvania New
California 2 $ 193
193 Jersey t
Jersey
Nebraska
Nebraska 2 24
Nevada $ 2 Ohio
Ohio
Nevada
19 2 Illinois Indiana 64 Maryland Delaware 2
Utah Illinois 27 64
19 Utah Colorado
Colorado 41
41 Indiana DC
Fresno 245 30 $ W.V. Maryland 2434
Fresno
128 245 27 West Virginia
Virginia
30 772
128 Kentucky 772 29 Virginia 29 200
$ Kentucky
127127 North Carolina
62 62
Other
Other Arizona Tennessee
Tennessee
170 20 New Mexico $ South
Arizona New Mexico
2 Oklahoma Arkansas 371
371
Oklahoma
21 Arkansas Carolina
South Carolina
20 3 $ 7
2 Texas
Texas 21 3 7
Mississippi Georgia
Other
Other Mississippi
214 2 Alabama
Alabama 202
Georgia
6
214 2 6 202
$ Florida
Austin
Austin
283
283 68
Florida
68

Puerto Rico
9 Total MITS Employees =
6848
Computing Center $ Campus

1000 ↑ 250-999 100-249 10-99 0-9
634


ECC – Locations - Infrastructure

• Enterprise Computing Centers –

 Martinsburg – 134,789 square ft of ADP space
 Memphis – 96,012 square ft of ADP space
 Detroit – 49,168 square ft of ADP space
 Remote Sites – Servers : All except Wyoming,
Delaware, and Hawaii

635


Tier 1 Systems – MTB – MEM – DET

System Channels MIPS MTB MEM DET

IBM 2094-711 Z9 328 4550 X
IBM 2094-711 Z9 208 4550 X
IBM 2094-405 Z9 260 895 X
IBM 2084 A-08 126 853 X
IBM 2066-OB1 SACS Prod 52 108 X X
IBM 2066-OB1 SACS Dev 52 108 X X
UNISYS Dorado 7800 187 1400 X
UNISYS Dorado 7800 192 1125 X

TOTAL 1405 13589



Tier II Systems – MTB – MEM – DET
Name Count Processors Memory MTB MEM DET
SUN F25K 4 142 551 GB X X
SUN F15K 5 304 1696 GB X X
SUN E25K 3 208 832 GB X
SUN Web Server 125 446 1220 GB X
Modernization 74 293 1304 GB X X
Consolidated 142 660 625 GB X
EMS 8 40 96 GB X
EMS/EFTPS 9 44 112 GB X
Forum Boxes 8 8 2 GB X X
Wintel Servers 460 1438 918.7 GB X X X

TOTAL 838 3583 7356.7GB



Tier II Systems – Remote Sites
Group Count Processors Memory
Appeals Wintel File-Servers 50 100 200GB
Appeals Wintel Blade Servers 12 48 96GB
Counsel Unix 15 34 90GB
Counsel Wintel 409 928 1521GB
ASA Andover 101 270 350GB

ASA Atlanta 88 260 330GB
ASA Austin 77 279 380GB
ASA Brookhaven 41 140 200GB
ASA Cincinnati 90 276 302GB
ASA Fresno 61 170 150GB

ASA Memphis 105 301 379GB
ASA Ogden 90 210 200



Tier II Systems – Remote Sites
Group Count Processors Memory
ASA Philadelphia 47 69 84GB
ASA Kansas City 73 202 190GB
ISA Group 1 52 308 105GB
ISA Group 4 629 1120 594GB
ISA Group 8 14 42 31.15GB

TOTAL 2482 6189 6423.15



Tier II Systems – OS Instances
Linux
Solaris 10
23 64 Solaris 2.6
Solaris 7
491 2 Solaris 8
96
Solaris 9
Unix (Misc)
246
108 VMWare ESX Server 2.1
5 11 VMWare ESX Server 2.5
49
7 VMWare VI-3

239 W2K Pro/XP
2398
2 Windows 2000 Adv Server SP4
37
28 Windows 2000 Server Modified
Windows 2000 SP2
Windows Server SP 2A
599
Windows Server SP 3
Windows Server SP 4
214 Windows 2003 Server
342 Windows 2003 Server SP1
Windows 2003 Server SP2
Windows Legacy OS (Pre W2K)
Windows NT 4 SP 4
Windows NT 4 SP 6



Processes
Weekly Processing Inputs
Enterprise Enterprise Computing
Computing Center (MTB)
Center
(DET)
Social
Security
Adm. (SSA)

Submission
Processing
Campuses
Enterprise Computing
Financial Center (MEM)
Management
Service (FMS)


Processes
Weekly Processing Outputs Financial
Management
Enterprise Service (FMS)
Computing Center
(MTB) Submission
Processing
Campuses

Enterprise
Computing
Center (DET)

Enterprise
Computing
Center (MEM)
Nationwide
IRS Sites


Processes

2006 2007 2008 2009
CFOL Transactions
Per day 6.0m 6.25m 6.70m 7.22m

CONTROL-M-Production batch.
Jobs Per day 3,500 4,150 4,300 4550



Processes
CFOL Transactions Per Day

9,000,000

8,000,000

7,000,000

6,000,000

5,000,000

4,000,000

3,000,000

2,000,000

1,000,000

0



Processes
MTB Master File Workload
Individual Tax Returns CADE Workload

CY04 – 132.9 million CY04 – 5,400* Started in July
CY05 – 133.4 million CY05 – 1.4 million
CY08 - 126.0 million CY08 - 30.6 million
(thru cycle 200913) (thru cycle 200913)
During the
February-May timeframe average 6
million tax returns
per week



Processes
MTB Master File Workload
Business Tax Returns

CY04 – 49.5 million
CY09 – 15.8 million (thru cycle 200913)



1040 Paper Return Pipeline Process
National Bank Of Doeville
U.S Mail
Internal Revenue Service 100.00
One Hundred
John Doe
Return Mailed Mail Delivered Mail Opened Returns
Checks Deposited /
Extracted/Sorted Coding & Editing
Remittance Processing

Pending

Error Resolution
Errors Computer Computer Numbering
Corrected Checked Entered

File Sent to MTB
U.S Mail

Paper Checks Mailed Refund files sent to
Treasury Disbursing
Center (TDC)
Treasury
Electronic Funds Disbursing, Regional Account Posted at MTB
Transferred to designated Financial Centers (RFC)
Financial Institutions issue electronic and Paper
647
Refunds.


1040 e-File Pipeline Process

Computer Entered Computer Checked Errors Corrected

File Sent to MTB
U.S Mail
Refund files sent to
Treasury Disbursing Paper Checks Mailed
Center (TDC)

Treasury Electronic Funds
Account Posted at MTB Disbursing, Regional Transferred to designated
Financial Centers (RFC) Financial Institutions
issue electronic and Paper
Refunds.

648

Daily Count

100,000
200,000
300,000
400,000
500,000
700,000

0
600,000
01/01/09 (Thu)

01/08/09 (Thu)

01/15/09 (Thu)

01/22/09 (Thu)

01/29/09 (Thu)

02/05/09 (Thu)

02/12/09 (Thu)

02/19/09 (Thu)

02/26/09 (Thu)

Date
03/05/09 (Thu)

03/12/09 (Thu)

03/19/09 (Thu)

03/26/09 (Thu)
Total January 1 to April 22 = 25,662,568

04/02/09 (Thu)

04/09/09 (Thu)

04/16/09 (Thu)

04/23/09 (Thu)
PAPER 1040 PROCESSING - ALL 10 SITES - 2009
1040 Paper Processing

04/30/09 (Thu)
649

Daily Count

0
500,000
1,000,000
1,500,000
2,000,000
3,000,000
3,500,000

2,500,000
01/01/09 (Thu)

01/08/09 (Thu)

01/15/09 (Thu)

01/22/09 (Thu)

01/29/09 (Thu)

02/05/09 (Thu)

02/12/09 (Thu)

02/19/09 (Thu)

02/26/09 (Thu)

Date
03/05/09 (Thu)

03/12/09 (Thu)

03/19/09 (Thu)

03/26/09 (Thu)
Total January 1 to April 20 = 72,832,200

04/02/09 (Thu)

04/09/09 (Thu)

04/16/09 (Thu)

04/23/09 (Thu)
E-FILE 1040 PROCESSING - ALL 5 SITES - 2009
1040 e-File Processing

04/30/09 (Thu)
650


Best Practices – Customer Support
 Incident Management –

Focus on processes to restore normal service operations as
quickly as possible with minimum disruption to the business.

Service Restoration Teams delivering a virtual trouble shooting
environment.

Develop a standardized process to document problem detection,
resolution steps, and lessons learned.

Creation of knowledge database to quickly search for known
problems.



Best Practices – Customer Support
 Problem Management –

Root Cause Analysis (RCA)

Trend Analysis

Proactive monitoring of key indicators of
systems that will allow for incident
prevention and quicker incident detection.



Best Practices - Staffing
 Flexi-Place & Alternative Work Schedules

 Collaborative Tools

 Upgrade Desktop

 Awards/Recognition Program


Contact Information

Tony McMahon
Department of Treasury, IRS
Anthony.H.McMahon@irs.gov
304-264-7110
WWW.IRS.GOV

654


Selling BDPA: Multiple Streams
of Chapter Revenue

Wayne Hicks

August 5 – 9, 2009
Raleigh, NC

It Can Be Done!
 Nat‟l Membership Committee Chair (1989-
1990)
• Chartered almost 25% of current chapters (10 of 51)

 Nat‟l BDPA Vice President (1991-1992)

 BDPA Cincinnati Chapter President (1999-
2001)
• Grew membership from 6 (Jan 1999) to 229 (Nov 2001)
• Won Chapter of the Year Twice (2000 and 2001)

 National BDPA President-Elect (2002-2003)

 National BDPA President (2004-2005)
• Profitable annual conferences
• All-time record in corporate sales
• All-time record in BDPA membership totals

 BETF Executive Director (2006 – Present)
• Over $144,000 grants for local BDPA chapters since 2006.
• Increased grant activity in 2008

Selling BDPA (Aug 2009) 661

Where Is the Money?

1.Marketing
2.Membership
is Money
3.Fundraising
4.Corporate
Sales

What is our Brand Essence?
1. BDPA is the center of influence, excellence and
professional development for African Americans in the
Information Technology industry
2. BDPA offers a pathway from the classroom to the
boardroom in an environment that rewards
innovation, technical mastery, business mastery and
individual growth.
3. From that initial mentoring session with a high school
student to a BDPA corporate executive or business
owner reaching out to promote interest and utilization of
IT, BDPA represents broad community leadership and
a nurturing association of inspired professionals.


Where is our „hurt‟?
The biggest marketing challenge that BDPA
faces is its low membership numbers.

 FACT #1: We have seen a steady stream of
major-name corporations to BDPA.

 FACT #2: However, that success will start to
falter if these corporations see BDPA as a small
organization which is not growing. To them, the
value of their investment comes from high
numbers.


BDPA Marketing Theme

“BDPA advances the careers of African
Americans in the IT industry from the
classroom to the boardroom”
Elevator pitch when people ask what does BDPA do
“We’re a service organization that advances IT professionals’, entrepreneurs’
and students’ careers from the classroom to the boardroom through
education, mentoring, services and business networking that enhance
innovation, technical skills, business savvy and personal growth.”


Our Marketing Messages
1. Marketing messages to potential 3. Marketing messages for potential
members entrepreneur members
• Join BDPA to advance your career  Open the door to new business
in IT. opportunities through BDPA
• Through BDPA, help shape and  Help us help you through
guide the next generation of IT contributing to BDPA‟s growth
professionals.  Participate in BDPA at the
• Participate in BDPA at the community level to bridge the digital
community level to bridge the digital divide
divide

2. Marketing messages to 4. Marketing messages for potential
potential sponsors student members
 Your support of BDPA today  Play with today‟s technology while
expands your IT resources for creating tomorrow‟s technology
tomorrow  Try it, you might like it
 Your active involvement in BDPA  Make friends and find mentors who
builds the next generation of IT and can shape your future
technology leaders
 BDPA is a strong partner to help
you open new markets within
African American communities


Helpful Hints
• Get covered in the press
• Get into the budget cycle
• Learn to fly in under the radar
• Organize a CIO Reception
• Partner with ITSMF, SIM, Urban
League and others
• Pick the low hanging fruit
• Seek investments, not donations
• Start a Corporate Advisory
Council
• Understand your product offering
• Use our CRM tool (SF.com)


Grow Your Membership

1. Who is your target 5. Attracting student
audience? members vs. IT
2. Recruitment professionals
strategies 6. Corporate
3. Retention strategies memberships
4. Wholesale 7. Using the
membership growth membership
vs. retail database to your
membership growth chapter's advantage.


Fundraising Tips

1. Annual awards banquets or luncheon (1Q)
2. Annual education banquets or luncheon (3Q)
3. Collaborating with BDPA Education &
Technology Foundation (BETF)
4. Matching funds
5. Raffles and other fundraising ideas
6. Traditional grant writing
7. Volunteer grants


Corporate Sales
Corporate Sales Roles & Corporate Participation
Responsibilities Continuum

1. Chapter President 1. Awareness
2. Account Manager
2. Involvement
3. Corporate
Champion 3. Corporate
4. Corporate Chapter
Supporter
5. BDPA-BETF
Director 4. Corporate Sponsor


Corporate ROI Decision

1. National Programs/Services – Resume
database, digital library, IT Institute, newsletter ads, web
banner or Bemley Scholarship fund.

2. Local Chapter Programs/Services – Monthly program
meeting, quarterly workshops, newsletter ads, web
banner or memberships.

3. Annual Conference – Career Fair, Speaking
Opportunity, Receptions, Conference Guide
advertisements or workshop presenters.


Corp Sales Talking Points
1. Has company realized 5. What are good areas for
benefits from BDPA collaboration (hot
sponsorship? buttons)?
2. What are your business 6. Is the corporation
interested in supporting
challenges? multiple chapters?
3. Is there more that National BDPA? National
BDPA can do to help Conference?
company meet 7. Will Company sponsor
corporate objectives? and at what level?
4. Any BDPA opportunities 8. What are the next steps?
for improvement?


Corp Sales Process Flow

1. Distribute Corporate Marketing Package
2. Hold preliminary meeting
3. Submit written proposal
4. Hold formal presentation meeting
5. Funds disbursement and receipt
6. Provide recognition and show appreciation
7. Increase corporate employee participation
8. Provide periodic status reports
9. Seek renewal and additional funds disbursement


Corp Sales Collateral Material

Annual Conference Brochure
Banquet Publications (local or national)
Corporate Opportunities Portfolio
Membership Brochure
Newsletters (local or national)
Your Chapter‟s Desk Reference


Contact Information

Wayne Hicks, CEO
Hicks Enterprises
wayne@elecvillage.com
(513) 284-4968
http://betf.blogspot.com
http://electronicvillage.blogspot.com

675


Utilizing a Disciplined Management Approach
for Success

Roderick L. King

August 5 – 9, 2009
Raleigh, NC

Contact Information

Name: Roderick L. King
Company: National Government Services, Inc.
(a subsidiary of WellPoint, Inc.)

Email Address: rod.king@anthem.com
Telephone Number: (317) 913-6354
Website Address: www.wellpoint.com

703

Disciplined Management Approach
for Success

• Who is WellPoint?
• Who is National Government Services?
• Contact Center Performance
• Define Discipline Management Approach
• Deciding
• Planning
• Executing
• Measuring
• Take Aways
704

for Success

• Who is WellPoint?

705

for Success

• National Government Services administers
Medicare contracts for the following:

 Medicare Part A (hospital insurance)
 Medicare Part B (medical insurance)
 Durable Medical Equipment
 Home Health and Hospice

706

for Success

• In fiscal year 2008 NGS:
 Processed approximately 200 M Medicare claims
 Paid approximately 96.9 B Medicare claims
 Responded to over 11.6 M phone calls and 56,050
written inquires
 Served approximately 24.5 M people with Medicare in 25
states and 5 U.S. Territories
 Served approximately 161,125 providers and suppliers

Source: 2009 National Government Services Medicare Contractor Fact Sheet

707

for Success

Jurisdiction States Included
J11 (A/B and home health & hospice (HH&H) sub), includes JC of NC, SC, VA WV; includes HH&H JC:
HH&H AL, AR, FL, GA, IL, IN, KY, LA, MS, NM, NC, OH, OK, SC,
TN, TX

J13 (A/B prime) CT, NY

J14 (A/B and home health & hospice (HH&H) sub), includes JA of MA, ME, NH, RI, VT; includes HH&H JA:
HH&H CT, MA, ME, NH, RI, VT

JA (DME sub) CT, DC, DE, MA, MD, ME, NH, NJ, NY, PA, RI, VT

JB (DME prime) IL, IN, KY, MI, MN, OH, WI,

708

for Success

• Journey Begins…………..

• NGS re-organization of the Senior Leadership
Team
• Role and responsibilities expanded
• Lead organization through contractor reform
• Operating in new environment

709

for Success

• Contact Center Performance
 Below expectations
 Customer feedback ---The contact center is NGS‟
#1 priority
 Provider feedback – Felt wait times were too long
and staff was not being helpful
 Morale Issues

710

for Success

• Disciplined Management Approach
 What is it?
 Webster‟s dictionary defines discipline as,
 “Control gained by enforcing obedience or order”
 “Orderly or prescribed conduct or pattern of behavior”
 “To bring under control”
 “Order”

• I define this as utilizing a focused processed
in order to achieve results
• Four steps to the Approach

711

for Success

Step one --- Deciding

 Clear direction
 Clear decisions
 Set the vision for team
 Level of urgency
 What needs to be done to improve contact center
 Change outlook for contact center
 Become Industry leader

712

for Success

Step two --- Planning

• Clear goals and Clear targets

• Return National Government Services to
meeting current performance requirements

• Prepare National Government Services for
meeting future performance requirements

713

for Success


• Hiring/Training
• Best skill routing
• System connectivity
• Internal site monitor of technology
• Third party review of contact center
• Contact top providers (high call activity)

714

for Success


• Long term strategy
 Focus on increasing self service tools
 Focus on becoming more efficient
 Drove technology play for contact center (not IT
department)

715

for Success

Step three --- Executing

• Focused implementation excellence
• Daily meetings
• Weekly updates to Senior Management
• Shared progress with entire organization
• Shared updates with agents
• Continued to look at areas to improve

716

for Success

Step four --- Measuring

• Key performance indicators
 Average Speed of Answer
 Completion rate
 Average handle time

• Looked at other measures (leaders in the
industry)
 First call resolution
 Calls handled vs. handled time
 Set standards for tier II calls

717

for Success

Step four --- Measuring

• Changed our call back policy
• Focus on customer satisfaction (survey)
• Changed our philosophy around service

718

for Success

Take Away

When we decide, plan, execute, and measure
in a disciplined manner, we achieve needed
results.

719

for Success

Thank You

Questions

720

2009 National BDPA Technology Conference Presentations

More Related Content

What's hot (20)

Similar to 2009 National BDPA Technology Conference Presentations (20)

More from BDPA Education and Technology Foundation (20)

Recently uploaded (20)

2009 National BDPA Technology Conference Presentations

Editor's Notes