Project Management – Page 26 – IS Survivor Publishing

Spycraft, project-craft … what’s the difference?

By: Bob Lewis|In: Career Management|Last Updated: September 1, 2014

What, I’m sure you’ve been wondering, does successful spycraft have to do with the projects your organization undertakes?

Wonder no more. I’ve tracked down the answer, courtesy of Good Hunting: An American Spymaster’s Story (2014), whose author, Jack Devine, ran some of the CIA’s biggest, most complex, and highest-profile covert operations (he was the Phillip Seymour Hoffman character’s successor in “Charlie Wilson’s war” – the U.S. support for the mujahedeen’s resistance to the Soviet invasion of Afghanistan.

If you decide to read it you either will or won’t be put off by the author’s occasionally self-congratulatory tone, and might or might not be convinced CIA covert operations are as good an idea as he thinks they are. KJR doesn’t discuss foreign policy matters unless they’re directly related to information technology, and even then …

Whether you think covert operations are a good idea has nothing to do with they take. Turns out, a lot of it is (or should be) Project Management 101. It also turns out that whatever else Jack Devine is, he’s KJR’s kind of project manager: His list isn’t about what’s needed for covert ops to succeed. It’s a list of the factors without which covert operations (and your projects) are bound to fail:

Viable partners in place: In the world of covert ops this means there has to be a significant faction within a host nation that shares our goals and objectives and is willing to fight for them. In your world this means someone who matters in the affected business areas has to want it deeply enough to stick his or her neck out from time to time to help the project succeed.
Real-time, accurate information: In the world of spycraft this means information from foreign agents, not just technologically gathered intelligence. In your world this means you need a personal network that lets you know what the buzz is about your project.
Adequate resources: You might recall that nearly every Y2K remediation project succeeded. You also might recall that companies opened their checkbooks to support them. You also might recall business leaders who drew exactly the wrong conclusion … too many idiotically decided their success meant there never had been any risk. The right conclusion: While “throwing money at a project” doesn’t generally help, starving a project is usually much worse.
Bipartisan political support: In business, bipartisanship isn’t good enough, because few businesses are limited to just two competing factions. So from your perspective let’s call it multi-partisanship. Not everyone has to support a project for it to succeed, but enough have to that the political clout is on the project manager’s side.
A direct threat to U.S security: In covert operations, this means the adversary against which the covert operation is targeted must present a clear and present danger — covert operations aren’t something to undertake lightly. Projects in your world ought to have some reasonably direct connection to threats and opportunities in the marketplace.
Proportionality: Even the cleanest covert operation can cause “collateral damage” (the intelligence community’s clinical euphemism for “innocent bystanders can get hurt or killed”). In your world the situation is less extreme but still real: The expected value of a project’s outcomes must outweigh, not only its direct costs but also the intangible costs associated with the disruption it causes.
A reasonable prospect for success: For a covert operation, policy makers must have clear objectives and a fact-based assessment demonstrating that the operation is feasible. For one of your projects it’s usually a good idea to either determine that someone else has done something similar and succeeded at it, or to complete a so-called but usually mis-named “proof of concept.”

Devine makes the point that making sure these factors are in place is the responsibility of policy makers, not the CIA. KJR makes the point that business policy makers have a parallel responsibility, not the CIO.

Except that this is where the parallel breaks down. When we’re talking about the CIA and covert operations, even success can have grave consequences, so strong top-down controls are essential.

Keep in mind that instituting controls means establishing a system in which the default answer to any suggestion is “No.” This is rarely desirable. At best, it’s less undesirable than the alternatives.

Most businesses want, or should want to encourage innovation and initiative, something controls stifle through the EHL effect (epiphany half life) — the time needed for the enthusiasm for a new idea to be cut in half.

So before you subject proposed projects to too much vetting, ask yourself whether the loss of innovation and initiative is worth it.

See proportionality, above.

The unstable optimum

Etymology isn’t identity. Where words come from is a matter of historical interest, not proper usage.

So I hope you enjoyed your Memorial Day, even though it’s become little more than a day off and an opportunity for retailers to offer sale prices.

Not that Memorial Day is something to be cynical about. I think about the sacrifices men and women in uniform have made for us and I’m reminded of the Passover tradition, where parents explain to their children that God brought them out of slavery — them personally, not just their ancestors.

Most of those who made the ultimate sacrifice probably weren’t thinking of us at the time. More likely they were thinking of getting the job done, of their buddies, and of their families. And yet, they sacrificed themselves for each of us, personally, and we shouldn’t forget it.

Which has what to do with running an IT department?

Just this: Too often, business leaders cast the need to get the job done in moral terms. There’s a project with milestones and deadlines — employees who don’t meet them are letting the company down, aren’t taking responsibility, won’t “give 200%” (and can we please start respecting the field of mathematics by jettisoning this tired cliché?).

They’re bad people, even though the milestones, and deadlines, and staffing to accomplish them, were adjusted to the point of absurdity through optimism bias and political necessity.

Please remember — the success of a business project lacks the moral imperative of liberating Dachau’s prisoners, not to mention France.

What’s hard is that this isn’t binary. You have more alternatives than just death marches and clock-watching.

In business, a sense of urgency is a valuable dimension of the corporate culture. It’s just that more isn’t better. Even more urgent is equal to frantic — an unproductive state in which employees divert their energy and attention from getting things done to worrying about how they’ll ever manage to get things done, while managers divert their time and energy from making sure things get done to making sure employees look busy every minute of every hour of every day.

There’s a dimension of oddity to this, too. The best executive leaders project an air of relaxed confidence. They’re able to act with urgency without ever looking rushed and harried.

But many of these same leaders interpret an aura of relaxed confidence in their employees as apathy and lack of commitment.

Go figure.

Getting back to deadlines and making them, you want this to matter to everyone. You want this to be a matter of professional pride. You want to make sure “This deadline was never realistic” isn’t the team’s default conclusion when the deadline becomes challenging, even as you conclude it’s time to change the deadline because it was never realistic.

Which brings us to a broader topic.

In some situations, the point of stability is where you want to be. That’s when leadership is easy. None come to mind at the moment, but I’m sure there are situations like this.

Leadership is hard when the stable places are the extremes, because that’s where staying in the healthy middle takes constant attention, a great deal of energy, and constant vigilance.

Maintaining a balance in the healthy middle that bisects the line that has apathy on one end and frantic flailing on the other is just one example. Maintaining a healthy balance between the stable cultural characteristics of chaos and bureaucracy is another.

If you’re a metrics-oriented sort, ask yourself how you’ll measure this sort of thing. Take CMMI (Capability Maturity Model integration), which in many respects is an admirable approach to process maturity. CMMI doesn’t, of course, advocate bureaucracy as it promotes increasing sophistication in process management.

The problem: It doesn’t recognize the near-inevitability of an encroaching culture of bureaucracy as organizations become more process-mature, and incorporate strong management practices to prevent it.

For that matter, and it’s a related matter, CMMI, like most maturity models, has a strong focus on metrics, but tends to hand-wave over the difficulty of making sure the metrics used to measure a process are the right metrics.

Here’s what I’ve never seen: A multidimensional maturity model that makes too much just as immature as too little.

But this is exactly what mature business leaders have to do.