San Diego, CA, USA – October 01, 2015 – Lantern Three announced today that the Project Management Institute (PMI), the world’s largest project management member association, has named it as a Registered Education Provider (R.E.P.). R.E.P.s are organizations that have been approved by PMI to help project managers achieve and maintain the Project Management Professional (PMP)®, Program Management Professional (PgMP)® and other PMI professional credentials. These organizations have met PMI’s rigorous quality criteria for course content, instructor qualification, and instructional design.
Project managers are increasingly turning to R.E.P.s for certification in training and maintenance, especially since median salaries for the profession now exceed $100,000. Through its PMOLeader initiative, Lantern Three aims to reduce the alarmingly high failure rate of projects over $1 million by developing the leadership skills of project managers (PMs). In PMOLeader’s research, PMs with leadership skills are highly correlated to successful projects, and PMs who lack leadership skills are highly correlated to projects who are late, over budget, or do not deliver the promised scope.
“In a recent CIO Magazine ranking of the top 10 project management certifications, the first two spots belong to the Project Management Institute”, said John Eisenschmidt, a Managing Member of Lantern Three. “As a PMI-certified PMP for nearly 10 years, I have seen projects deliver much greater value with a credentialed PM, but have even greater outcomes with PMs who have credentials and leadership skills. With our PM Leadership Development Program (PMLDP), we are excited to offer critical skill development to those already working to deliver projects on time and on budget.”
Lantern Three joins more than 1,500 R.E.P.s in more than 80 countries. These organizations include commercial training providers, academic institutions, and corporate training departments within corporations and government agencies.
About Lantern Three
Lantern Three is a consultancy that provides pragmatic solutions at the intersection of people, process, and technology. Since 2009, our certified professionals have successfully led dozens of projects, designed and implemented large enterprise systems, reengineered business processes, delivered business intelligence and disaster recovery solutions. Our PMOLeader initiative is committed to cultivate leadership skills in project managers. Our principals also offer mentoring, one-on-one coaching, and a number of assessments.
Project Management Institute is the world’s leading not-for-profit professional membership association for the project, program and portfolio management profession. Founded in 1969, PMI delivers value for more than 2.9 million professionals working in nearly every country in the world through global advocacy, collaboration, education and research. PMI advances careers, improves organizational success and further matures the profession of project management through its globally recognized standards, certifications, resources, tools academic research, publications, professional development courses, and networking opportunities. As part of the PMI family, Human Systems International (HSI) provides organizational assessment and benchmarking services to leading businesses and government, while ProjectManagement.com and ProjectsAtWork.com create online global communities that deliver more resources, better tools, larger networks and broader perspectives.
AT&T and Verizon are the two largest wireless providers in the US, and their respective marketing focuses on differentiation.
Apple’s iPhone 4s was their first handset built to work on all US carriers, supporting CDMA (Verizon, Sprint) and GSM (AT&T, TMobile). In the US, customers typically “buy” phones with 2-year contracts, the wireless carrier subsidizes the cost of the phone (e.g. $649 unlocked vs. $199 carrier-locked), and charges an early termination fee if the customer does not fulfill their 2-year commitment:
I purchased my iPhone 5 unlocked, but currently use Verizon wireless. I divorced AT&T over issues providing coverage to my iPhone 3GS and iPhone 4, and wanted to share is my brief reconsideration of their network — which, I admit, is an apples vs oranges comparison (no pun intended). Others have written more detailed analysis of the technologies, transition, and how to switch SIM cards, so I won’t repeat that.
This week, Verizon announced a faster Long-Term Evolution (LTE) network, called XLTE. While both AT&T and Verizon support LTE, they use different frequencies; a Verizon iPhone that supports LTE will not work on AT&T’s LTE network, but will work on AT&T’s HSPA+ network.
My Verizon iPhone 5 has and uses a SIM card, when it’s installed my Settings -> About looks like this:
Using the Speedtest app for iOS at my home in San Diego, I got the following results:
How does one test a Verizon iPhone 5 on AT&T? I went to a corporate AT&T store, and purchased a prepaid SIM with 1 month of unlimited voice, text, and 2.5GB of data for $60. A Verizon iPhone with an AT&T SIM card:
So despite naming it “Verizon iPhone”, my iPhone 5 is using the AT&T HSPA+ 4G network, and the latest baseband firmware. When I first purchased the SIM card, I ran a quick Speedtest from the parking lot:
117 ms ping time, 6.66 Mbps download, 1.08 Mbps upload. I tried again a few minutes after running the Verizon Speedtest above, and here were my results:
97 ms ping time, 9.02 Mbps download, 1.18 Mbps upload. Better, but not great.
This is a very unscientific test, not intended to compare AT&T and Verizon’s network overall, but to compare the experience using an unlocked Verizon iPhone 5 on the AT&T network. Given the changes in both carrier’s family plan pricing, we briefly considered keeping our phones but switching carriers. Even if there is a slight cost savings, I’ll gladly pay more for 1/3 the latency, 2x the download speed, and 4x the download speed.
Not for the faint of heart! These unstable and untested builds are snapshots of our development, updated every few hours. This means that you might actually be the first person to try a particular build and discover that it eats your system. (We hope that doesn’t happen, of course, but since we won’t have tested the app before giving you access we can’t make any guarantees.)
If you’d like to join us on the bleeding edge of our development process, please select a download from below. If you’d prefer to work with something a little less risky, grab the latest stable release from our main site.
We recommend always using the latest build, but if you experience Major Issues you can come back here and download another recent version.
The OmniFocus 2 Public Beta is incredibly well-run, with precise communication and transparency. It’s a great opportunity to try out this product for free. But please tell us: who is the weirdo that wrote the video script?
“If it’s a place – nearby has a map – to show you which your location contexts are close to you – so you can finally pick up that bow-tie – you’ve been meaning to get – for your cat.”
Protecting your digital identity — the keys to the safe — is important, but it is equally important to protect any data –the contents of the safe, especially if you can render any data unreadable if lost or stolen.
Using the 2010 hacking of Ohio State University as an example, a hacker stole the personal information of 760,000 current and former faculty, students, and applicants. At the time, OSU estimated the cost at $4 million dollars, or $5.26 per record. Whether the OSU example is the low-end of the extreme, or the Symantec study is the high-end, the fact is that lost data is a high dollar cost, and a high reputation cost.
Keep your Job
Lose data? Lose your job. Just a few examples of Information Technology leaders who resigned or were fired following data breaches:
Utah CIO Steve Fletcher resigned following the 2012 discovery that a weak password allowed hackers to break through the department’s security and steal the personal information of as many as 780,000 people.
Provisions in HIPAA — the Health Insurance Privacy and Accountability Act — make it illegal to share patient information. The first known prosecution was reported in February of 2012. In the event that someone storing patient information (e.g. an insurance company) wants to share data with someone (e.g. a wellness program management company for those insured), a business associate agreement (BAA) must be signed between the two companies that clarifies what data will be shared and how it will be protected. In the event of a data breach, the signers of the agreement are subject to federal criminal charges in the United States.
Peace of Mind
The examples above were all in a work context, and involved multiple actors. But what about you? Do you have a spreadsheet on your home computer with the personal information of your partner and children? How about with all of your bank account information? What if a hacker lifted that off of your computer while you were sleeping, and undid years of planning and sacrifice in moments? With a modest amount of time and education, you can leverage some amazing tools and technologies to protect yourself to the best of your ability, and drastically reduce your personal risk of lost data.
The Three States of Data
Electronic information can exist in three separate states, just as water’s state can be changed to ice or steam:
Data In Use
This is data you are currently working on, for example Word documents, Excel spreadsheets, or a photo you are editing. This includes both files on a disk drive, and their representation in the computer’s memory.
Data In Transit
Simply put: information moving between two places. If you email someone an Excel workbook, that is an example of data in transit. Filling out a form on a website and pushing ‘submit’ is another example.
Data At Rest
When data is not being used or moved, it is considered to be at rest. This is your Excel workbook sleeping soundly on your home computer. It might also be a backup tape containing a database, which could contain customers, patients, partners, or taxpayers.
Technologies and Practices to Protect Data
Even smart technologists can make dumb mistakes using great tools. Understanding how to protect data in all three states, and following a few best practices, can drastically improve security.
The examples are not intended to be exhaustive, but a starting point as you investigate categories of tools and technologies.
Transport encryption is designed to protect data in transit, as it moves between systems, by making the information unreadable to any nosy third parties (foreign or domestic). Many tools are preloaded on computers and mobile devices, like support for the SSL/TLS protocol which secures our web browsers. Most websites (HTTP) work by sending plain text over the Internet, to your browser, which reads the information sent and renders it to look as it was intended. When no encryption is used, everything is sent as clear text, and every single system between the source and destination can read the contents. If you are ever given the option to use SSL/TLS, always say yes. Even in the face of a bug like Heartbleed, transport encryption with a gaping security hole is better than no transport encryption at all. The overhead of using secure transport like SSL is so nominal in 2014, there is absolutely no reason to opt out. On the projects that I manage, I require systems with any meaningful information — sensitive or not — to require SSL for all communication. Since the Heartbleed bug was discovered, Google has required HTTPS to use GMail.
Secure File Transfer
Just as HTTP (hypertext transfer protocol) sends information between systems in plain-text, so too does FTP (file transfer protocol) and Telnet (remote terminal session). In 2000, when people would say, “we’ll exchange data with the bank over FTP”, cold chills would run down my spine. In 2014, when people talk about sending files over FTP, or using Telnet, I want to take their computer away from them, replace it with an Etch-a-sketch, and ban them from ever using one. FTP and Telnet the most irresponsible technology decision you could ever make. There is no excuse for it, and no practical application for it. For more than 15 years, operating systems have shipped with comparable tools that support encrypted communication, with absolutely no learning curve compared to their insecure cousin:
Secure Shell (SSH) is a secure replacement for Telnet. Unless you are a systems administrator using Telnet to test if a server is listening on a particular port, you have no reason to ever, ever, ever use that command.
Secure Copy (SCP) and Secure FTP (SFTP) encrypt the communication between systems as files are exchanged, ensuring the contents cannot be read by a third party.
The overhead incurred by using the secure version of each tool is nearly zero, and should not factor into your decision. Stop using Telnet and FTP. Stop saying Telnet and FTP — it’s the equivalent of yelling “mug me” in Times Square, even if you’re talking to yourself.
File and Disk Encryption
File and Disk Encryption are designed to protect data in use and data at rest. If you lose custody of your file or disk (e.g. your transport encryption was hacked, or your laptop was stolen), this ensures that whomever has your data cannot read your data.
PGP (pretty good privacy) is just one popular tool used to encrypt and decrypt files. Exporting sensitive information from a system of record (e.g. patient information) into something like MS Excel is so egregious, you should be banned from ever using a computer again. That is a very common way in which data breaches happen. If you absolutely must keep sensitive information in a text file or Excel, they should be encrypted to ensure they are unreadable if you lose them (or a copy of them). Find a tool you like, learn it, and use it. Chances are there is at least one such tool on your computer.
Whole Disk Encryption
Encrypt your entire hard drive, making the contents unreadable unless you login and unlock it:
Apple’s FileVault2 – works for laptops, removable drives, and Time Machine backup drives
When relational database engines like Oracle, SQL Server, and MySQL are shut down, the contents of those databases are stored on the server’s hard drive as a flat file. While there are some basic security counter-measures in place, a skilled DBA can easily crack those open and access the contents of the database.
Transparent Data Encryption (TDE) encrypts database and transaction log files in the background. When the database is shut down, the contents are unreadable and inaccessible, even when backed up to tape. In the event that a backup tape of your database is lost or stolen, your data cannot be read or recovered by anyone.
Both Oracle and Microsoft include tools that support TDE, and third-parties like Gazzang zNcrypt add TDE support for MySQL.
It’s one thing to have a recent backup of your computer, but where do you keep it, and is it encrypted or not? It’s one thing to have a recent backup of your computer, but where do you keep it, and is it encrypted or not?
Do you have recent backups?
When is the last time you backed up your mobile devices and computers? When is the last time you tested your backups to ensure they were readable and recoverable?
Where are your backups kept?
Ideally, one keeps a backup onsite in a fireproof safe, and one offsite. This could be two external hard drives, under $100 each, that you rotate between a small home fire safe and a safe deposit box at your bank.
Are your backups encrypted at rest?
Misplaced and stolen server backups are one of the greatest causes of identity theft. For businesses and individuals, it is important to use whole disk encryption on your backup drives, and transparent data encryption for your backups, rendering them unreadable to whomever finds them. Misplaced and stolen server backups are one of the greatest causes of identity theft. For businesses and individuals, it is important to use whole disk encryption on your backup drives, rendering them unreadable to whomever finds them.
The only thing worse than losing your data is discovering someone else has your data. Educate yourself on the merits of data protection, and the cost of ignoring those risks. There are numerous free and commercial tools to protect your data while in use, in transit, and at rest. Follow good data protection practices to minimize the chance of losing data, and potentially losing your job or going to jail.
Shawn and John were invited to host a webinar for the Project Management Institute’s Leadership in PMCommunity of Practice. We will present Leading Virtual Project Teams: Research and Technology on Wednesday, April 30, 2014 at 2pm Eastern:
There are inherent challenges with leading virtual teams such as time, distance, and technology. Culture, trust, and leadership create the environment for virtual teams to collaborate and be successful. However, bridging cultural differences, building trust, and accommodating different learning and leadership styles are all aspects of virtual teaming that can result in differing outcomes.
In this webinar, we will explore:
the academic research about leading virtual teams,
the challenges of effectively leading virtual teams, and
how technology and tools can bridge communication and relational gaps, as well as foster trust among virtual teams
Don’t be left out! Space is limited. PMI members may Register Now.
What time is 30-April 02:00 PM EDT in my city? Click here.
The principals at Lantern Three have been collaborating on a newsletter for the past month. Our intention was to send it out this morning, but instead I discovered Constant Contact was down: (incidentally: terrible 404 page — this is where fail whales and exploding robots can pay off in spades):
Shortly after 10am Pacific, it appeared their marketing website, applications, and APIs were down; I skimmed their whois record:
Then I notified their admin email (which, in their shoes, I would appreciate):
I never received a reply, which I understand. As it turned out, their website and services were crippled by a car that crashed into a power pole near their data center. This email marketing firehose — née spam cannon — costs its customers no less than $15/month!
The outage continued throughout the day, well into the evening:
Until Constant Contact announced a partial service restoration at 11:15pm Eastern. They indicated email delivery capabilities would be down for another hour — on twitter and their blog:
As a customer, Project Manager, and career IT professional, I appreciate the regular updates through their blog and Twitter, but I don’t think it was sufficient. Constant Contact should have tested that redundant systems failed-over properly, and drilled their DR plan to ensure they could quickly recover in just such an event. They owe their customers a full root-cause failure analysis, delivered publicly within 30 days. They should also consider a pro-rated refund for April service charges to each subscriber.
Learn from Constant Contact’s oversight
Have a disaster recovery plan that covers the spectrum from neutron bomb to car vs power pole
Update your disaster recovery plan no less than quarterly
Drill your disaster recovery plan no less than once year
If you do drop the ball, keep your customers up to date and resolve to their satisfaction
UPDATE: 4/19/2014 at 5:32 p.m. EDT – Friday morning around 10:32 am ET, our primary service site experienced a major power disruption. Many of the redundant systems that should have kicked in immediately failed to do so. We do not yet know why but are working with our data center provider to get to the bottom of this. The power outage caused our systems, as well as the systems of other companies hosted at the site, to shut down. Based on having 90 minutes of unstable power and the abruptness of the way our systems shut down, we had to completely restart all systems. We did this to ensure the integrity of our customers’ data, and because methodically restarting all applications was the best way to make sure we got everything running in a safe and stable way. We were able to restore our website first. The additional work of shutting down all other applications, restarting them, and verifying their status took us until 1 am Saturday morning. At all times, your account information and data was fully secure. We are actively working with the data center facility to learn what went wrong and plan a full assessment of our own systems to ensure that this does not happen again. We anticipate having more information in the coming days to share with you. We appreciate your patience.
Way back in January of 2011, I wrote a blog post evangelizing Two-factor authentication with Google Apps. At that time, what passed for two factor authentication (2FA) primarily involved RSA SecurID fobs, which made it impractical for all but large scale or well funded applications. Google was one of the first companies to add 2FA support to their security infrastructure by using SMS — the protocol used for text messages on mobile phones — greatly increasing security at a very small cost and inconvenience.
What is Two Factor Authentication?
2FA is a subset of multi-factor authentication (MFA). From Wikipedia:
Multi-factor authentication (also MFA, two-factor authentication, two-step verification, TFA, T-FA or 2FA) is an approach to authentication which requires the presentation of two or more of the three authentication factors: a knowledge factor (“something only the user knows“), a possession factor (“something only the user has“), and an inherence factor (“something only the user is”).
Three ways to prove who you are to a system:
Something you know (e.g. a password)
Something you have (e.g. an RSA SecurID, a text message sent to your mobile phone)
Something you are (e.g. a biometric factor like a fingerprint or retina scan)
Typical implementations of 2FA involve something you know, and something you have.
Why is Two Factor Authentication Important?
Passwords need to be easy enough to remember, hard enough not to guess
I strongly recommend a tool like 1Password to help you create and manage strong passwords across your computers, tablets, and mobile phones.
Passwords move between systems across the Internet; systems are susceptible to exploits
Your password is a key to open a far away door. The forest along the road between you and this door is filled with robber-barons (blackhat hackers) who want to take your key, make a copy, and put it back in your pocket before you ever notice. There have been several significant security exploits in the first quarter of 2014:
gotofail – 22/FEB/2004
gotofail was a nasty bug in Apple’s implementation of the SSL client-side libraries. It permit a server to present another’s secure credentials as its own, and the Safari web browser on Mac computers, iPhones, and iPads would allow this even if the check proved the certificate was a forgery.
Heartbleed – 07/APR/2014
The open source library OpenSSL enables systems to communicate securely over the Internet using the SSL/TLS protocol. A recently discovered exploit in OpenSSL, called Heartbleed, could potentially allow a hacker to read the server’s private encryption key, which would allow them to monitor your communications encrypted over https. Mashable shared a list of popular sites and shared which were affected by Heartbleed, and if need to change your password.
A stack-based buffer overflow vulnerability exists in the qconnDoor service supplied with affected versions of BlackBerry 10 OS. The qconnDoor service is used by BlackBerry 10 OS to provide developer access, such as shell and remote debugging capabilities, to the smartphone.
Successful exploitation of this vulnerability could potentially result in an attacker terminating the qconnDoor service running on a user’s BlackBerry smartphone. In addition, the attacker could potentially execute code on the user’s BlackBerry smartphone with the privileges of the root user (superuser).
An attacker can exploit this vulnerability in the following ways:
Over Wi-Fi In order to exploit this vulnerability, an attacker must send a specially crafted message to the qconnDoor service on a smartphone located on the same Wi-Fi network. The smartphone user must have also enabled development mode on the smartphone before an attack.
Over USB In order to exploit this vulnerability, an attacker must gain physical access to a smartphone and then send a specially crafted message to the qconnDoor service over USB.
Even if a hacker takes your password (what you know), they don’t possess your second factor (what you have).
What Websites Support 2FA in 2014?
TwoFactorAuth.org provides an exhaustive list of sites, grouped by category, and if they currently support 2FA or are working on it. They provide a button to help visitors easily encourage the addition 2FA support, or to thank their developers if they are currently working to support it.
Three Years Later, how is Google’s Two Factor Authentication?
I’m proud to report that since I enabled 2FA on my Google Apps account: I have never disabled it, and I have taken advantage of additional safeguards that Google has added during that time:
Expanded 2FA Support for Free Google Apps and GMail Users
When Google first rolled out their 2-Step Verification, it only supported paid Google Apps for Domains accounts. They have since expanded support for free Google Apps accounts and GMail users, making it universally acceptable for their users. I am happy to report the functionality is identical for paid and free GMail accounts.
Support for Additional Second-Factors
Initially only SMS was supported, but now Google users can be verified with a phone call or using the Google Authenticator App — a free alternative to an RSA SecurID — and works on planes while you cannot receive text messages or phone calls. Configuration screens have become much easier to interact with.
What if I lose my phone?
Google will try your backup authentication factors, but in my example both are my phone (the Google Authenticator App, and an SMS message). If I need to access my account before I can replace my phone, I can download a set of predefined codes to tide me over.
What are App Specific Passwords?
Many applications that access your Google Account are ignorant that you enabled 2FA; for those, you can easily create an Application Specific Password. I use Application Specific Passwords for the Mail accounts on my iPhone and iPad, and my instant messaging client, Adium. You can easily see which Apps you have created passwords for, and revoke any that should no longer have access to your account.
Once you authenticate, Google asks if you want it to remember this device for 30 days. A great new feature since introduction is the ability to forget those computers you asked Google to remember.
Security is everyone’s problem, not just the security conscious. Following best practices to protect your digital identity will reduce the risk that your accounts fall into the wrong hands.
Use Strong Passwords that Humans can’t possibly remember
One huge step toward protecting yourself from digital muggers is to take responsibility for using a different, strong password on every system you login to (not just one password “for the banks and credit cards”). There are tools and password safes that can help you generate strong passwords and keep track of them in a secure manner. If you password is misappropriated, the potential damage to you is contained.
Enable Multiple Factors of Authentication
If a system you use supports 2FA, enable it. It is much, much more difficult to clone something you have (e.g. your phone) than something you know, like your password. This includes email providers like Google, social networks like Facebook (after all, how many websites have you used your Facebook account to authenticate with?) and Twitter, banks like Bank of America and Chase.
Have a Disaster Plan
Hacking is a reality of the digital age that we all live in, and even luddites cannot hide from it. Invest the time to ensure your digital identity is as secure as you can make, and have a plan in case it suddenly isn’t.
Do you have a list of all the systems you sign-in to? Just the critical ones?
I don’t recommend a piece of paper with every website and password on it, because losing that is the keys to the castle. I do recommend keeping a list of important sites you access, even if it’s a backup copy of your web browser bookmarks. For the most critical sites, ensure you know where to find their contact information just in case.
Do you have a list with your banking information (e.g. credit cards and their phone numbers)?
This might be a photocopy of the front and back of every card in your wallet, or something far more sophisticated. If one of your accounts is compromised, and it has the ability to transact on your behalf (e.g. Amazon, Paypal, your bank account website), you may need to act quickly to mitigate your risk.
I teach Leadership in Georgetown University’s Project Management Certificate Program. Last Wednesday, I had the pleasure of working with another great group of committed students who were moving through the Spring intensive program. This cohort had a longer-than-usual discussion about preventable communication breakdowns, and asked me to share my experience: I have often met project managers whose skills ranged from very competent to exceptionally talented, that avoided difficult conversations until it was too late. The more experienced students suggested “cover your ass” techniques, but their suggestions still avoided what was perceived as confrontation.
As a co-founder and member of the Washington, DC Somatics Practice Group, I plan my DC travel around their monthly meetings, which I find educational and generative to my growth as a leader. As it happened, our February meeting fell right after my class at Georgetown, and a colleague invited Joe Weston, author of Mastering Respectful Confrontation, to share his work with us. I am familiar with other non-violent communication frameworks, and I have read (and recommend) Fierce Conversations, but I was only about 30 pages into Joe’s book before our meeting began.
According to the website, and as Joe explained to us:
Respectful Confrontation is the belief that it is possible to stand in your power, speak your truth, hear the truth of others, and get your needs met in a way that won’t harm you or others. Confrontation is nothing more than open-hearted engagement, and ultimately, the most effective way to avoid and resolve conflict.
For many, confrontation has a negative connotation that runs parallel to conflict, and should be avoided. Respectful Confrontation is a framework and set of practices to cultivate strength, flexibility, focus, and grounding — the 4 pillars of true power. Joe teaches a 2-day workshop on Mastering Respectful Confrontation, and in two hours we went just below the surface. Having finished most of his book, I find it to be a great read, and hope to attend one of his workshops to experience the practices in community.
In the professional world, there are never enough resources to accomplish what everyone wants. As project managers, we hold the promise to manage the time, cost, and scope of a unique endeavor from start to finish. We do our stakeholders a great disservice by NOT standing in our power (as the appointed expert in managing this project), both hearing their truth and speaking the truth of the current reality, and ensuring that needs are met without harming others or ourselves.
Effective leadership, like a good marriage, hinges on how you deal with the tough stuff. But addressing and resolving conflicts requires enormous mental and emotional strength, which is why many of us try to avoid it. When confronted with a problem or dispute, we either move away (flee the scene, rely on others for resolution), move against (quietly using positional power to quell opposing arguments) or move toward (make nice, give in). This is natural. We instinctively want to avoid the risk of loss and social embarrassment, to stick with our points of view, to preserve relationships and the status quo.
But all three strategies are wrong-headed. When you fail to engage with a conflict, you can’t gather the input you need to find a workable solution. And it hurts your image as a leader. […]
For project managers to lead effectively, they are called to be present, courageous, and to initiate the often challenging conversations required to create a new future. If you find yourself avoiding such difficult discussions, your professional toolbox would benefit from a framework like Respectful Confrontation.
I have used Atlassian JIRA (and Confluence) since 2007, and a good product has just gotten better. Organize Epics, User Stories, Tasks, Enhancement Requests, and Bug Reports. The Agile plug-in (formerly Greenhopper) enables kanban and other agile boards (to do, in progress, and done). The Service Desk plug-in lets you use of JIRA as a help desk system, and includes browser code to enable public submission of bug reports into JIRA without accounts. Tempo is a robust and inexpensive time tracking plug-in. Adapters for iOS and Android enable mobile application crashes to automatically create cases and attach error logs. JIRA is available as a self-hosted download — starting at $10/yr for up to 10 users, or host the same number of users in the cloud for $10/month.
Communications: Daily Stand-up Meetings
I have found no better technique for team coordination than making 15 minutes in the morning to bring everyone together, to answer three questions:
What did you do yesterday?
What are you working on today?
What issues (if any) are impeding your progress?
Ideally everyone is face-to-face, but if that is not possible then always include a teleconference bridge. I have also had great success incorporating video — in order of most to least success: GoToMeeting (I disable VOIP, and I find if everyone calls in audio quality is significantly better), Skype Premium (if at least one caller doesn’t have a paid subscription, the audio/video quality are degraded), and FaceTime.
Also, as previously mentioned, don’t forget to express your gratitude — your team’s hard work made your project a success.
I use Confluence to organize information on projects for research, government, and private companies. It has been an invaluable asset to quickly assemble and curate information that is easily editable by anyone (think Wikipedia). All changes to your content are versioned and easily comparable. Live link to issues in JIRA to quickly create real-time dashboards.
I am currently an administrator of 5 Confluence instances, and prior to it used several wikis, including Mediawiki (which powers Wikipedia).
Brainstorming and idea generation — particularly related to product management — can quickly become unmanageable. XMind allows you to quickly organize concepts into visualizations to drive understanding and consensus.
Despite taking a week-long class on how to (correctly) use Microsoft Project (circa), I placed it on my “lifetime ban list” back in 2006. In late 2013, I started working for a client who was pretty adamant about using MS Project, so I built a fresh Windows 8.1 VM, bought and installed MS Project 2013 64-bit, and created schedules for each project in our program. My first issue was incompatibilities between the 32-bit and 64-bit versions of Project 2013, which I worked around. After a week of developing a master schedule, MS Project 2013 crashed and the file was no longer readable.
Microsoft does not currently accept bug reports from the public, and the cost for MS Project server makes it unapproachable for all but the largest/well-funded projects, so I convinced yet another client to switch to Merlin2. Besides being a fully functional Macintosh replacement for MS Project, for about the cost of MS Project 2013 you can purchase Merlin2, the web sharing license (functionality built-in), and the iOS sharing license (functionality built-in). This allows me to create the schedule, publish it, and allow up to 10 simultaneous web users and 1 simultaneous iOS user view and update the schedule.
Though not the most robust test case management tool I’ve used, TestRail does allow teams to quickly and easily built a library of test cases, declare milestones, schedule and track test runs, and report robustly.
Version control is not just for code, I’ve found it critical to keep prior versions of Project Schedules, Requirements Documents, and in some cases presentations. A central version control repository also makes collaboration across teams. Some of this can be accomplished with tools like Google Drive, but I prefer to dogfood whatever solution my development team is using (which can sometimes boost your credibility as a PM). In the past, that has included cvs, mercurial, and svn. My current projects use github and bitbucket (SaaS source control is trendy right now), but I’d have no concern going back to svn or another solution.
Pictures tell the story. While Visio is one of the better Microsoft tools, I’ve been very pleased with OmniGraffle Pro for Mac when creating diagrams, timelines, and other visualizations.
Occasionally photos and screen shots need editing, which is when I fire up Adobe Photoshop. There are several other, less expensive applications that can accomplish your goals, but I’ve been using it since around 2000, and I’m very comfortable getting things done in there.
When screen shots just need markup or redacting, I turn to Skitch from Evernote.
As we begin 2014, what project management tools do you find critical to your projects?