Briefly describe the typical size and organization of an IT team that you have managed. Include the division of responsibilities, how you track progress, etc.
My experience ranges from me working independently, mainly to maintain my independence when I perform audits to managing a team of more than 25 - 100 consultants in various roles. I have handled multiple projects simultaneously where we have multiple consultants (typically from five to ten) working on multiple projects. We have used a set of tools to specifically monitor progress as well as the milestones. The projects involved were simple roll out of products (Microsoft Active Directory Domain Builds, Log Consolidation, Vulnerability Management) in line with product specifications to complex integration of systems that involves building multiple SoA interfaces for healthcare applications.
For a successful project there needs to be proper delegation, personally I believe a person can deliver if he is not micromanaged, identifying the requisite skill set in a person is very important and empowering the person to take decisions at the level required by that person with proper oversight provides the needed impetus to provide for an effective strategy for successful projects. Most of the projects I managed is driven by the ability of the team to execute as well as providing with the required degrees of freedom to complete the project. Another important aspect is to ensure that the project is properly defined and responsibilities assigned, my experience have taught me that at times when people are not clearly defined their responsibilities they tend to ignore important indicators and would involve inputs that are not cognizant of multitude of decision makers and effectively stretches the project or eventually leads to the failure of the projects.
One of the important ways we monitor progress is to define clearly the milestones as well as the metrics through which we measure progress. Progress is measured as a function of set of deliverables. In infrastructure projects, the main areas that we work on is to have multiple "win" points along the project to ensure that we reach each of them as the timeline moves. This involves not only monitoring the progress of the project in specifics but also to define the metrics for measuring progress. Some of the metrics we have consistently and successfully used as part of project progress are
Total Progress as cost as a ratio to the total expenditure at a point of time
Total function points completed as a percentage of total function points in the project
Total objectives completed as a function of total objectives as part of the project.
However, it may sound trivial at times to evolve metrics just for the need to have metrics. The size of the project is detrimental in the usage of metrics as a function of measuring success of projects.
Many an infrastructure projects are defined as a function of win that can be materialized as the project progresses. But all projects are not the same, some are in multiple stages wherein we can find progress as a serial process but at times we have found certain projects which are measurable at the end of the project rather than as a milestone.
The major aspect that we measure is to ensure that we understand risk as a function in a project. We measure this consistently (particular mention about risks associated with skill set retention) in order to ensure successful completion and at times it provides you with early indicators as to the progress of the project. This helps in taking corrective action and to bring the project in line. We have consistently used Work Break Down Structures in tandem with Risk Break Down Structures and experience shows that not documenting and treating risk elements is the major issue when it comes to failure of projects as well as implementation of controls necessary for successful completion of projects.
Briefly describe your experiences as a hiring manager. How have you found good team members? How do you assess skills in domains that you are not expert in?
I have been part of the hiring process as I often end up looking for people to join my team, many a time these involve hiring decisions based on specific skill sets or as an investment over a long time for the organization.
Even though , a resume acts an important aspect in short listing candidates, i believe in meeting somebody in person than over the phone. A person at times is a very different one than the one who have been dealt with over the phone.
The main characteristics that I look for a probable hire is the person's willingness to learn. It is one of the best investments that an organization can make. There is major difference between "SKILL" and KNOWLEDGE. It is easy to acquire SKILLS but basic knowledge is something that is very effective in the overall ability of the person to acquire the necessary skills as well as to scale up to the requirements as required.
I have hired both technically sound technicians to potential entry level people, who show immense potential mainly on account of their interest to learn technology. I believe in hiring managers and technically competent people with strong basics. The way to analyze their ability is to find the logical approach they take towards solving problems. For example, for a networking person I would love a person who approaches the networking problem based on the OSI model... Start at the physical layer and go all the way up instead of somebody who tries to fix the web server the moment a problem is provided to him to attend to.
The other area that I always look for is the person asking pertinent questions about a question. I have used questions which are not complete and that which requires further information to effectively solve. If the person asks those important questions and collects information before answering it is sure fire way to know the logical approach the person takes to solving the problem. This is very important from productivity point of view as well as to use the knowledge base effectively. The person hired should effectively know and approach the problem with full knowledge of the problem at hand..
As for the other skills, it is very important for a person to work as a team and to share knowledge, I have worked technically very sound people but very difficult to move with others. I have worked with these people in mentoring them to share knowledge and to document their technical skills. This is effectively done by empowering them as effective mentors for lower level technicians and to for them to effectively tag along with these super techs to learn the tricks of the trade.
I have acted as a mentor and have the ability to help my team to scale up with the skill sets and to ensure that they get to work on areas that are in line with their overall ambitions. This I have been mastering over the years and is an effective way to reduce attrition.
Have you ever had to terminate an employee? On what grounds? In retrospect, are there things you think you could have done better as a manager in that situation?
I had to let a few people go a few times , however there is a clear distinction on the approach I took in both situations. When it was question of ethics, i had no qualms in asking the person to leave as this was important for the organization and I had to let him go in spite of his stellar technical qualifications. It was simple and I had a talk with the person as to the reasons for him to get the boot. At other times when the technical incompetence was the major reason, I have tried to accommodate them in other projects in line with skill set but at times when even that was difficult, I have normally sat with the person getting terminated as to the reasons as well as me being a mentor for them until they can address their weakness and move on. This I do on a personal level (never was in a position to fire too many individuals) and I believe that every individual have inherent ability and it is important for them to know their ability. Normally i try to cover this aspect to help them to understand this as well as to understand and take corrective actions on their weaknesses.
The major issue that I find myself confronting is the difficulty I take on personally as a consequence of termination of an employee. It takes me a while to get over the episode and I end up thinking if it was the best option available and whereas there were other options , or I could have redeployed them somewhere else.
May be I should learn myself to distance myself and keep myself less emotionally attached when I have to terminate somebody.
Briefly describe an instance in which you identified a business problem and implemented technology to solve it?
I believe in the Mantra that anything that is repetitive automate. There were many times when the business availability was a major issue and the failure of the system supporting the business was a function of human error or that was easily avoidable if it was automated. Many a times we have found that the problems that surface for example underwriting errors in Insurance or medical coding errors in health care are a function of human elements. I have worked on areas in health care where we automated the conversion of forms in the traditional format to the new HIPAA compliant formats. We had worked on an automated Java Parser that converts these to the new formats, this is xml based that effectively leveraged the ease of configuration that is a veritable source for customization.
Have also worked with doctors on e-prescription and to evolve a automated system which is in line with service providers norms. This is an JBoss powered application, and provides an interface for multitude of application interfaces utilizing WSDL standards. This effectively worked in a modular model to connect to multitude of interfaces from medical records applications, hospital information systems. This provides an interface for the end user physicians to check for eligibility when prescribing medicine as well as to check on the medical records.
Security metrics are another area that I have worked on extensively, the business required governance and to measure how business does in respect to governance objectives. This required using a set of open source tools and defining metrics. Once the thresholds are set after baselining it involves graphing as well as statistical collection. The generation of dashboard for business decision making was effective in measuring governance goals.
I have also involved in connecting rural locations for a seed manufacturing company This was initiated by a need to implement an ERP solution. As the interim CTO the job entailed me in evaluating all the options including VSAT connectivity, radio last mile and thorough evaluation of network performance and metrics for effective usage of application over WAN. The task was driven by a set of objectives set by the CEO and included engineering a WAN solution , Terminal Services using Citrix infrastructure and Navision as the ERP. The project was effectively concluded within the 120 days schedule for a successful launch.
Briefly describe an instance in which you or someone on your team made a mistake that cost the company time and/or money. How did you recover from it? In retrospect, what could you have done to avoid the mistake?
Scope creep is a major problem in most of the projects. Unless there is a clear definition of what needs to be accomplished and goals clearly set, there is always a thin line between what the customer wants and what is being delivered to the end user. In one instance, it involved us not specifying clearly what is included as part of the deliverable. The customer understood the deliverable differently and expected a different set of deliverables. This was further complicated by one of my team member who was actually executing the project. The communication that the team member delivered to the end customer was way different to what was part of the the deliverable as part of the SOW. This led to lot of misunderstanding on the part of the customer as well as that of the delivery team. The major reason was that the team member delivering the project was not properly appraised on the deliverables and he was consistently misinforming the end customer.
This led to project overruns both from a cost perspective as well as time. A four month time line was stretched to more than eight months and cost overruns that nearly made the organization spend more than double the billing amounts.
The major reason that we found was that as the project lead and handling multiple projects, was not properly addressed, the communication gap and improper debriefing to the team lead led to stretched technical team delivering the project as well as an unhappy customer. One of the steps that I had to take was to concentrate and spend much of my time with the customer. Redraw the specifics, make the customer understand the specifics of the deliverable and redraw the milestones. This was effective in bringing to an end the project, even though had a dissatisfied customer, we ensured that we delivered what was promised in the second iteration, and had won some of the customers confidence. Even though the customer found the organization delivering the service in bad light, as a project manager , I was able to salvage my professionalism as well as a working relationship with the organization outside my serving organization.
Maintaining operations in the face of natural or man-made disasters is a critical component of the long-term success of any company. Briefly describe your current BCP and DR plans.
Man made disasters are inevitable and are part of parcel of doing business. As a organization, we have worked in building redundancies from a disaster point of view and incorporate them as part of the Business Continuity Plans. The most important aspect of BCP is to ensure that the objectives are clearly defined. Once we had the specifics checked out and based on the Service Levels we had promised our customers (Internal and External) due cognizance was given to identify the key resources. DR involved ensuring that technology components and resources were made available at multitude of locations geographically dispersed. We worked on redundancies at multiple levels including last mile, redundant paths as well as technologies deployed. This was mainly done to ensure that single points of failures were addressed effectively. Once the technology part and the resources supporting the technologies were supported. an effective plan was evolved to address business support personnel. This included identifying key resources who would ensure that business services are available and seamless routing of the systems to warm and hot sites as mandated by the disaster in question.
Plans were also afoot to check the effectiveness of the disaster recovery and business continuity preparedness and this was done on a quarterly basis ( near disaster situation) to an yearly actual switch off and test of the disaster scenario. This was proven useful when we had lost power for nearly a day, as a blizzard downed power lines in the North East United States.
Data privacy and security are critical considerations in all we do. Briefly describe to what extent those are relevant issues in your current environment and how you address them.
Privacy is considered of paramount importance and is taken seriously at my organization. The present organization handles a variety of Personally Identifiable Information that are to be accorded highest consideration and protection mandated by government regulations as well as an important aspect of keeping business information safe. As a key member of the Information Security Team as well as wide experience as an Lead Auditor I have a keen eye to look at privacy consideration (HIPAA mandates, PCI-DSS) and there are a set of objectives that we use to achieve the goals.
1. Ensure that data at move, at rest are properly secured
2. Ensure that data is classified properly such that people who handle them understand the level of security to accord them
3. Ensure that people who handle classified information are properly trained in privacy as well as to effectively handle sensitive information (Very Critical)
4. Ensure Security Design Elements are incorporated as early in the SDLC to incorporate them into the design and implementation phases
5. Ensure that effective Change Management and Configuration Management principles are implemented as part of the ISMS (Information System Management Systems)
6. Effective audit trails are engaged in the event of a breach , the event can be traced back and remedial action taken
7. Ensure there is a regular effective check on the security posture on a regular basis (Vulnerability Management and Penetration Testing)
The above are effective areas that are part of the operations and effectively addresses privacy and security issues.
How do you keep up-to-date on emerging technologies and trends? What new technologies are currently of greatest interest to you?
I am regular reader of most current magazines and also a regular at webcasts and meetings of my local ISACA and ISC2 meetings. I also regularly present on topics of interest to the local chapter to evoke response from the audience to glean perspective on the technologies and specific problems faced by different organizations and as to how they address them. Networking opportunities provide perspectives as to how each industry address problems in various spheres and how effectively they tackle issues. I also regularly take technology and non technology exams to evaluate my understanding of the subject and also ensure that I have a good bearing on International Standards.
Comments