Mike Wyatt's Weblog

Project Managers - Skillsets Required

I received several comments regarding the need for vendor project managers from yesterdays posting. Unfortunately my comment tracking is not working properly so I cannot respond to the posters. Here are the points made and that I fully agree with and support:

1. Both the vendor project managers and the customer project managers should (*must*) attend at a minimum the introductory technical training on the product or products being implemented. For example, a PM with WebSSO experience may use incorrect assumptions or design biases based on previous experiences and not fully understanding the capabilities and boundaries of the provisioning product being implemented. Having a project manager that simply makes sure the project artifacts are up to date and the billable time and expense are entered may be important for financial management, those contributions have little to do with driving a project to successful completion.

2. Architecture is critical. Frankly I was surprised that readers somehow thought that I put project management at a much higher priority level than architecture. That's not the case at all. That said, the best architecture in the world will be next to impossible to implement without strong project governance including project management. I'll blog more about architecture in a future post. With direct experience with many provisioning and compliance solution rollouts as well as managing a team that has overseen hundreds of deployments, I can state emphatically that when projects fail they fail primarily due to either poor expectation setting during the sales cycle, lack of commitment by the customer to implement the required business process changes, lack of customer staff commitment due to other priorities and poor project governance and management. Yes, I have seen a few projects that have failed or at least struggle due to poor architecture and other that do not have the desired performance characteristics from a transaction throughput perspective but poor architectures are NOT the primary reason projects take years to rollout and don't meet intial expectations.

Finally, this is my first experience of having my content critiqued publically in the blogosphere. Check out James McGovern's response to my previous posting. It isn't surprising that an Enterprise Architect would put architecture as a higher priority critical success factor than project governance. While James is correct that any analyst will provide the feedback on the need for project management / governance, the point James misses is that despite the "common knowledge / common sense" understanding of the importance of project management and governance being importing, in practice it is surprisingly UNCOMMON.

James has a number of other comments related to fine grained entitlements and such. They are good topics to cover and I will be happy to respond in future postings. Feel free to email me directly (I'll update my template soon) at michael.wyatt@sun.com

Posted at 08:36AM Dec 19, 2006 by Michael Wyatt in Identity Management  | 

Project Managers as a Critical Success Factor or Identity Management Projects

My team and I have lived through projects that have run the gamut from extremely successful to unsuccessful. It is interesting that when companies purchase enterprise software and Identity Management solutions in particular, there is incredible focus placed on the ability to meet certain use cases, usually thought up when the Request for Proposal was written. In addition, there is great emphasis placed on "feature function" comparisons between the various finalist product offerings.Though there is usually some attention paid to the implementation approach and the governance model for the project, it is almost always a secondary to the question of product capabilities.

In addition, when a vendor provides an estimate of the level of effort to complete a project, either in terms of hours or dollars, customers do not like the initial proposal. "This is WAY too HIGH! Your competition is 1/2 the amount of your bid." Usually one of the first items to come under attach is the vendor's project manager. I cannot tell you the number of times I've heard the buyer for the customer say, "We have experienced project managers and we will manage our own project."

Unfortunately, in order to "get the deal done" vendors will make this concession. More often than not, when a project gets in trouble, the common issue is not technology (the bits) or even the vendor's technical team. It is usually the lack of strong project management, especially when customers are providing the project manager. Identity Management projects are complex and often political. The systems that an IDM solution touch, especially in the case of provisioning, often cut across functional boundaries, creating an interesting tension within the customer environment. Add to that the need to change to expectations of the customer stake holders regarding the inevitable limitations and nuances of the solution and you get tough situations needing strong project managers.

I'm not saying the customer should not have a project manager on the project; they should but that does not obviate the need for the vendor to also have a strong project manager. Where it works best are when the two project managers hold each other accountable. Without a vendor PM, when issues arise, the vendor's project or implementation team will always take the brunt of the criticism. It is simply human nature; customer project managers will be biased toward their company's point of view. Without a vendor PM, the project can go off track without the vendor having visibility, the implementation team may be tasked with unauthorized change requests, deliverables such as documentation and milestone signoff may lag, the implementation team may get pulled into meetings that negatively impact completion of deliverables, etc.

What about having the vendor's technical lead act as the PM? I've seen this approach fail more often than not. The lead architect needs to have a good relationship with the customer. Often times, if the customer asks if the product can do X, the technical will agree and move toward implementing X even if out of scope. It is not their core competency and I've seen a clear division of labor much more effective (though I've certainly seen consultants and architects that are fantastic project managers too!). At best you have great technical talent time slicing between technical implementation and project management, introducing overhead (and often stress) to the project team.

The best approach is to find the funding to cover the vendor project manager as part of the project and peer them with the customer project manager.

Posted at 07:15AM Dec 18, 2006 by Michael Wyatt in Identity Management  | 

Industry Pundit - Bruce Schneier

Several years ago, someone gave me a copy of Secrets & Lies - Digital Secuirty in a Networked World. I made it mandatory reading for all new hires in the professional services group at Waveset. Bruce Schneier's book is a great foundation on digital security. Though originally published in 2000, almost all of the content is still relevant and accessible to the non CS degreed professional. Bruce is a bright cookie - he has written encryption algorithms including Blowfish and Twofish. Check out Bruce Schneier's Blog. He also has an email newsletter Crypto-gram.

Posted at 10:33AM Dec 15, 2006 by Michael Wyatt in Identity Management  | 

More Enterprise Single Sign On

I received feedback from my last post that Enterprise Single Sign On is actually considered by some to be more straight forward than Identity Provisioning and that I was a bit off base by describing it as complex. Frankly I have not worked with ESSO solutions directly for some time. My principle experience is based on my attempts in the mid 1990s to roll out an IBM DCE Kerberos based solution as well as my experience with other enterprise systems management ESSO solutions during my work implementing Identity Management solutions. Wikipedia has a good explaination for various SSO approaches. One approach that does appear to be successful and far less complex than traditional ESSO solutions is from Passlogix. Though I've not worked with it directly, I have heard from mutual customers that are pleased with their technology and architecture.

Posted at 03:18AM Dec 05, 2006 by Michael Wyatt in Identity Management  |