2009 National BDPA Technology Conference Presentations

Loading...

Flash Player 9 (or above) is needed to view presentations.
We have detected that you do not have it on your computer. To install it, go here.

0 comments

Post a comment

    Post a comment
    Embed Video
    Edit your comment Cancel

    Notes on slide 1

    Today, I will discussing Identity Management and a high level overview of the Eli Lilly and Company’s stories.Several years ago Lilly saw a change the Pharmacy industry. We knew that we how we created and managed relationship with our business partner, which we hoped would improve our delivery of product to the market. Internal our abilities to on-board our partners to do work with us or on our behalf. Months once a contract was our partners still would not have access to application and data necessary to work. Additionally, we have at least 10 ways to on-board partner.

    I would like to cover a couple of definitions that will help tell the story.Credentials come in many types: Something you know (Password), Something you have (token), Something you are (eyes),Two-factor authentication is a security process in which the user provides two means of identification, one of which is typically a physical token, such as a card, and the other of which is typically something memorized, such as a security code. In this context, the two factors involved are sometimes spoken of as something you have and something you know.

    I will walk through a common Identity process that happens everyday.

    The Subject is Avery SampleThe Credential is the Driver LicenseThe Security Authority is BartenderThe Resource = Beer

    The subject in the case is a Supervisor at Lilly The Credentials is User name and PasswordThe Security Authority is HR systemThe resource is Access to the LillyNet supervisor portal

    Serves as the governance body overseeing the strategy, deployment and consumption of Identity Management principles and processes within Lilly.

    The key to having business owner for each Constituents is that the owner is accountable for Delivering secure access to Lilly resources group or sub-group.

    Mention frequent touch points between phases.

    Greetings, my name is Tony McMahon, I am pleased to have this opportunity today to take you on a “Virtual Tour” of the IRS’s IT environment.

    The Birdseye view of the Nations Tax Processing Environment will be presented within four topics. (mouse click)First a brief logistic note, the Federal Government utilizes a rather healthy approach to acronyms. Therefore for me to provide you with a fulfilling presentation and to allow me to stay within my allotted time frame, I too will be utilizing a healthy acronym approach. All acronyms will be fully qualified prior to their use. As I pull up the first topic you will see an example of this. (mouse click) Topic 1 – The Modernization & Information Technology Services (MITS), The IRS IT Footprint. During this topic we will quickly drill down through the IRS organization to build the understanding of where the IRS IT personnel fit into the overall IRS picture. From there we will breakdown the actual IRS IT footprint; a global view of IRS IT Real-estate. (mouse click)Topic 2 – Infrastructure. Will provide a breakdown of the IRS IT Hardware & Software. (mouse click)Topic 3 – Processes. The scheduling picture of the IRS, statistics of jobs processed, timeframes, and an interesting End to End view of how tax returns are processed. (mouse click)Topic 4 – Best Practices. A detailed view of the Best Practices that have been implemented and the supporting statistics showing their ability to improve Operations Support to the IRS. (mouse click)

    IRS infrastructure is housed primarily in the three Enterprise Computing Centers located in (mouse click) Martinsburg, (mouse click) Memphis, (mouse click) and Detroit. All three of these sites operate as Level V Computing Facilities, which is the highest security standard for Federal Buildings. (mouse click)Remote server sites are located in all states except for Wyoming, Delaware, and Hawaii.

    Now that you have an understanding of the People factor let’s get into the IRS Hardware side of the house. This slide breaks down the Tier I Mainframes located at the Martinsburg, Memphis, and Detroit Computing Centers. The IBM mainframes house the Corporate Files Online (CFOL), the UNISYS mainframes house the Integrated Data Retrieval System (IDRS).Up until 2003 the Unisys & Mainframe instances existed on older technology within the 10 Service Centers mentioned on the United States slide. Taking advantage of newer technology, the IRS began consolidating the Service Center mainframe environment in October of 1998. By 2002 all IRS mainframe operations were consolidated and migrated to the Martinsburg and Memphis computing centers. The service center operations were split evenly between the two sites, 5 at Martinsburg, 5 at Memphis.Taking further advantage of the speed of the newer IBM Mainframes, the IRS is in the process of migrating the Detroit mainframe workload off of the IBM 2084 to the Martinsburg IBM Z9 platform.With that said I want to emphasize that the figures shown here as well as the following infrastructure slides are a snapshot in time. Rust replacement (refresh), newer technology, application growth, congressional mandates, are just a few of the contributors to the ever changing IRS infrastructure picture.

    With the ever increasing demand to deliver e-Government applications to both internal and external customers the IRS is relying on the flexibility of Tier II systems. An excellent example of an IRS Public Facing Tier II product is the IRS Fact of Filing (IRFOF). Many of us have taken advantage of the “Where’s My Refund” online service on the WWW.IRS.GOV website. The “Where’s My Refund” product offering is built utilizing Unix and Wintel.

    In addition to those Tier II systems located inside the Computing Center proper .. ECC also has responsibility for servers located in the Service Center Campuses and remote IRS locations. As stated earlier, ECC has Tier II platforms in all states other than Wyoming, Delaware, and Hawaii. Many of these systems are administered remotely via access controls and Integrated Lights Out (ILO).

    As you can see, the count of our remote Tier II systems outweigh those housed within the Enterprise Computing Centers. The IRS continues to improve it’s control and support of all platforms. Currently an effort is underway to bring all Business Operating Division owned infrastructure under the MITS umbrella. This will allow us to baseline our applications and systems, enforce compliance, and take advantage of virtualization.

    I included this slide to emphasize the importance of base-lining systems. As you can see by this slide, the IRS Tier II infrastructure has a wide range of Operating System instances. As we continue our efforts to migrate infrastructure under the ownership of one entity we will see the pie begin to move towards greater percentages of same systems. The endeavor of taking ownership of systems from several different areas has been challenging. The development of static processes and customer interviews is resulting in smoother more expeditious migrations.

    At this point we have conquered our first two topics, have I lost you yet? Well hold on because the Processes topic will certainly wake you up.The IRS processes on a weekly basis. Inputs arrive from the sources shown here. All inputs to the processing are automated in such that the weekly processing cannot begin until all triggers of expected files have been set. Files are received and daily batch processing builds the input for the weekly batch; the actual posting runs.

    After the weekly batch processing has completed and balanced, the output files are sent to the receiving locations. Just as the input files are automated, the output files are automated as well. The receiving sites have triggers that if the expected incoming file is not received automated processes are kicked off to open a trouble ticket to the identified areas of responsibility.

    It is hard to imagine based on the hardware shown earlier that the above numbers are even capable. To this day I am impressed with the processing power and seamless operation of the IRS IT organizations.

    Corporate Files On Line is the collection of over 10 major IRS systems. CFOL is read only access and is available 24 hours a day. The term transaction in this instance is related to a Command Code. Command codes are transactional based queries that access the CFOL. All command code access is governed by a users profile maintained on an IBM system with Transaction Processing Facility TPF Operating System. None of the IRS systems have direct access, they are all protected by a front end Security system. This graph speaks volumes, for instance, the spike at the beginning of the year is directly related to the creation of 1099’s. After that one can see a relation to the first wave of filers, then the final filing stage the week of April 25th. Oh yes .. And the weekends are easily detected.

    Mail Delivered - Scheduled mail trucks arrive from the U.S. Postal Service during the non-peak months, (May – Dec), at 4:30 a.m. From January – April, trucks arrive at 9:30p.m. and 4:30 a.m.The mail is unloaded and brought into the “Service Center Automated Mail Processing System” (SCAMPS). SCAMPS is capable of sorting up to 30,000 envelopes per hour. During the “incoming” process, the system cuts open the envelope and reads the pre-printed bar code to sort by return type. It also detects the magnetic ink used in printing checks to detect envelopes that might have a remittance included. The bar codes printed on the envelopes serve purely as an aid to expedite the processing of the return. If tax forms are mailed in non-IRS envelopes, they are termed “white mail” and must be sorted manually. We are now in the Extracting area. From there the returns are sent to extraction/sorting. Computer Entered - The transcribers in this area enter the information from the return into the Integrated Submission and Remittance Processing (ISRP) system. These employees work on incentive pay based on both quantity and quality rates. Due to the nature of the job, the workstations are ergonomically designed for the employees’ maximum comfort. The desks are on a hydraulic system to raise and lower to the individuals’ own comfort level, even standing if desired. From this point the return goes through several automated checks and balances. If all is good, the return is process and final posting to the Corporate Files Online (CFOL).When errors are detected from return information input in Data Conversion, the return is sent back to the Input Correction Operation for Error Resolution. The tax examiners are trained to identify the errors and make necessary changes if possible. If the tax examiner is unable to legally make the required adjustments or if more information is needed to close the case, a notice is sent to the taxpayer informing them of the error or a letter is sent requesting the necessary information needed from the taxpayer.

    As you can see, the Individual electronic filing (e-File) process is highly streamlined compared to the that of paper processing. In this instance, the computer entering process is from individual tax payers using an online tax submission software. The remainder from our large scale third party business partners such as H&R block or Jackson Hewitt. In addition to the large scale partners the e-Service e-file option is open to any tax practitioner submitting 5 or more individual tax returns.

    The good news is that we continue to see promising results for Paper vs. Electronic. This year the statistics for paper indicate that a little more the 1/4th of the American Tax payer population utilized paper process for submitting their annual taxes.

    The accompanying statistics for electronic filing show the numbers are increasing .. Again, that’s good news. Also note that this slide identifies only 5 sites this is due to the fact that e-File processing is processed at only the Andover, Austin, Philadelphia, Fresno, and Kansas City Service Centers. The other interesting find on this graph is the spike on April 15th.

    Here we are at our Last Topic Best Practices. The MITS, Enterprise Computing Center formed a Service Delivery Command Center several years ago. Initial efforts focused on Best Practices needed to resolve customer outages. The team developed a process to quickly address high level Priority 1 and 2 trouble tickets. Service Delivery Manager (SDM) positions were created. SDM’s are high level highly technical individuals. If an SRT is needed, the SDM coordinates a Restoration Team of all disciplines needed to detect and resolve the outage. Utilization of Monitoring tools, Online Networking tools, and toll free bridge lines create a virtual environment. The SDM also captures all steps taken to resolve the problem. This includes logging all players that were engaged in the SRT and any data collected during the problem detection phase. This information is documented on an established form, sent to the SRT participants for review and approval and then added to a knowledge database for quicker resolution.The IRS SRT process has resulted in a 40% reduction in customer outages.

    Problem Management efforts have delivered a substantial increase in the reliability of systems and applications. A Root Cause Analysis will be conducted when:A Service Restoration Team (SRT) activity was conducted for a particular incident and root cause has not been determined;An outage lasted for more than four hours;A particular workaround was used for a recurring incident more that three times;More than 100 users were impacted by an outage;The incident was time sensitive in nature (e.g. it impacted the interest free cycle);More than two applications were impacted by one incident; orA request made by ACIO-area management.Trend Analysis of problems has allowed us to identify issues related to inadequate infrastructure, and code and sizing discrepancies. Development of Proactive Monitoring tools, many identified as a result of an SRT have created an environment of detecting problems before they become outages. For several identified problems we have utilized our monitoring software to create automated correction scripts.

    With today’s requirement for organizations to do more with less it is important to take whatever steps are necessary to provide staff with proper tools and alternative work methods. The IRS has implemented several changes that have resulted in less stress to the staff and actually have created a improved basis for other requirements. (Mouse Click)Offering Flexi-Place (Telecommuting) in addition to Alternative Work Schedules (5, 4, 9, or 4-10’s) not only reduces the stress level for staff, it also teaches staff to work remotely. Staff that become efficient in working remotely and using collaborative communication tools are better prepared to operate in the event of a Disaster Recovery Situation. (Mouse Click)Collaborative tools such as SharePoint, NetMeeting, Office Communicator, Voice Over IP have increased information sharing and literally remove geographic boundaries. (Mouse Click)Creating low cost recognition scenarios allows managers to tell staff they are doing a good job. This leads to more satisfied happier staff .. It also encourages staff to work harder.

    In this area, the clerks remove the returns from the envelopes and sort the contents accordingly. Returns that are due refunds are separated from those with checks or payments. Refund returns are sent directly to the batching area and balance due returns with payments will be sent to the RPS area of ISRP. Payments are further separated into categories of full or partially paid returns.

    This is the Remittance Processing area of ISRP. All returns with a remittance are sent to this area for processing. There are 2 distinct operations that occur in this area. The first is called “O.E.” original entry. The check digit or name control, EIN, tax period, and dollar amount are input into the computer. The second operation is called “K.V.” key verification. At this point, the information input in original entry is verified to make sure the taxpayer’s account is credited for the correct amount. At the end of each day, the 2 systems must balance to the penny.

    After leaving Code and Edit, the return is sent to Numbering. In this team, employees manually stamp a thirteen-digit document locator number on each tax return. Due to the varying sizes and shapes of tax returns, no attempts to automate this system have been successful in the past.

    This is the Code and Edit function of the Document Perfection Operation. These employees are responsible for editing key line information to be input into the ISRP system by data transcribers. They also check for missing signatures. When editing the returns, code and edit employees use a red pen for ISRP editing and a green pen for SCRIPS editing.

    Favorites, Groups & Events

    2009 National BDPA Technology Conference Presentations - Presentation Transcript

    1. 2009 National BDPA Technology Conference Raleigh, North Carolina Professional Development •Everybody Matters: A Practice in Diversity Appreciation •High- Tech High- Touch Coaching. Why It Works •LinkedIn- Networking for the 21st Century •Put Your Career on Steroids in a Matrixed Organization •Why Go Geek?
    2. 2009 National BDPA Technology Conference Everybody Matters: A Practice in Diversity Appreciation™ L. LaShawn Brown One in a Billion Consulting August 5 – 9, 2009 Raleigh, NC 3
    3. Presentation Objectives • To illuminate one key way to be a better listener; • To become more informed about how to be more supportive of members in various subgroups represented in the session; • To recognize that diversity is a multi-faceted word; • To practice the conscious act of appreciating the unique qualities found in all people 4
    4. Everybody Matters • Introduction/Overview • Participant Introductions 5
    5. Listening Exercise • Name some challenges to listening. • Why is it important to listen? • In what ways do we not listen? • Do listening activity. 6
    6. Working Agreement • Create a working agreement together and post in the room 7
    7. Appreciating Similarities STAND IF… • Stand when your category is called. • Recognize with whom in the room you have commonalities. • Practice appreciating multiple qualities in people. 8
    8. Shifting Paradigms • What are some key differences between assimilation, differentiation, and inclusion? 9
    9. Cognitive Scripts • What is a cognitive script? • How does it affect me? • How does this affect stereotyping? 10
    10. Honoring Differences How I View The World • Break into smaller groups • Do “Respecting Differences” Activity 11
    11. Wrap Up • Appreciations/Highlights • Q&A • Evaluations • Dismissal 12
    12. Contact Information L. LaShawn Brown President/CEO One in a Billion Consulting LaShawn@oneinabillionconsulting.com 210.775.2637 www.oneinabillionconsulting.com 13
    13. 2009 National BDPA Technology Conference “ High-tech high-touch coaching “ Doris Shannon CEO Coaching for Success Inc. August 5 – 9, 2009 Raleigh, NC Coaching for Success Inc. 14 http://www.coaching4mysuccess.com
    14. What is personal coaching and why it works. Coaching for Success Inc. 15 http://www.coaching4mysuccess.com
    15. Personal coaching! • Human-to-human coaching has proven to be the most impactful of all human performance development methodologies. • Coaching does not replace education and training. • However once a person has learned what is needed to meet the norm/be competent - coaching helps them both define and create success. • Success is a personal “choice”. • The multi-billion dollar profession of personal coaching helps people create it. 16 Coaching for Success Inc. http://www.coaching4mysuccess.com
    16. What is personal coaching? • Coaching is often confused with, consulting, therapy and mentoring Consultants Coaches Supports people Therapists Supports organizations in becoming to become successful successful Focus you on Focuses you on understanding your creating past. your future. Reveals clients to themselves. Reveals common experiences and their perspectives. Mentors 17 Coaching for Success Inc. http://www.coaching4mysuccess.com
    17. Coaching works! that‟s accepted, without question in sports. winning winning Individuals Teams Coaching for Success Inc. 18 http://www.coaching4mysuccess.com
    18. Activity • What do sports coaches do that creates winners? 19 Coaching for Success Inc. http://www.coaching4mysuccess.com
    19. Coaching creates Winners in business. In the past 10-15 years performance coaching has moved inside organizations. Coaching for Success Inc. 20 http://www.coaching4mysuccess.com
    20. Who‟s getting coached? Inside organizations 2009 Sherpa Executive Coaching Survey: Coaches work with: Coaching for Success Inc. 21 http://www.coaching4mysuccess.com
    21. Executive coach compensation $3,500 per hour 2009 survey: $200 per hour Under 3 years: $250 per hour 3-5 years: $260 per hour 5+ years: $335 per hour 22 Coaching for Success Inc. http://www.coaching4mysuccess.com
    22. Because it works! • Studies show proven performance improvements from coaching executives • Booz Allen study - 689% ROI • Manchester - over 6- times ROI 23 Coaching for Success Inc. http://www.coaching4mysuccess.com
    23. Non-executive coaching studies Sherpa & ICF studies •96.2 % would repeat their coaching experience. •82.7 % “very satisfied” with their coaching experience. The top three motivations for obtaining coaching are 1) Self-esteem/Self-confidence (40.9 percent); 2) Work/Life Balance (35.6 percent); and Career Opportunities (26.8 percent). Who hires coaches •The majority of coaching clients have acquired an advanced level of education (a post graduate degree such as a master‟s degree or Ph.D.). •The duration for the average coaching relationship for survey participants was 12.8 months. •65 percent of coaching clients are female. •The largest cluster of coaching clients are between the ages of 36 and 45 (35.9 percent). Coaching for Success Inc. 24 http://www.coaching4mysuccess.com
    24. 3 broad coaching niches • Executive/leadership development coaches • Career coaches • Life coaches 25 Coaching for Success Inc. http://www.coaching4mysuccess.com
    25. EVOLUTION of coaching • # of coaches • Use of technology 26 Coaching for Success Inc. http://www.coaching4mysuccess.com
    26. High-tech, high-touch coaching 27 Coaching for Success Inc. http://www.coaching4mysuccess.com
    27. Coaching for Success Inc. 28 http://www.coaching4mysuccess.com
    28. Group Coaching Group Coaching is a wonderful opportunity to receive coach-like facilitation while benefiting from the ideas successes and challenges of others. “knowing” Group Coaching is highly effective and an efficient use of time. Call in from the convenience of your home or office or any location. There is no need to go anywhere. $ Savings Coaching for Success Inc. 29 http://www.coaching4mysuccess.com
    29. Maestro Conference calls Coaching for Success Inc. 30 http://www.coaching4mysuccess.com
    30. Deepen your understanding of why coaching works Coaching for Success Inc. 31 http://www.coaching4mysuccess.com
    31. Why Coaching works • We asked our clients Coaching for Success Inc. 32 http://www.coaching4mysuccess.com
    32. Ubuntu… I am because of others • "Ubuntu" means I am a person through other persons, referring to the fact that you cannot be human alone, that you find meaning and fulfillment in community with others, and that you are who you are because of others. • “One of the sayings in our country is Ubuntu - the essence of being human. Ubuntu speaks particularly about the fact that you can't exist as a human being in isolation. It speaks about our interconnectedness. You can't be human all by yourself, and when you have this quality - Ubuntu - you are known for your generosity. We think of ourselves far too frequently as just individuals, separated from one another, whereas you are connected and what you do affects the whole world. When you do well, it spreads out; it is for the whole of humanity. 33 Coaching for Success Inc. http://www.coaching4mysuccess.com
    33. Coaching works engages our 3 most powerful intelligences #1 #3 #2 3rd I intelligence quotient 2nd Emotional quotient Coaching for Success Inc. 34 http://www.coaching4mysuccess.com
    34. What is Spiritual Intelligence? Coaching for Success Inc. 35 http://www.coaching4mysuccess.com
    35. ACTIVITY Are you ready to win? Question: If you have the K.S.A. what else do you need to win? 36 Coaching for Success Inc. http://www.coaching4mysuccess.com
    36. What is your new “Knowing”? 37 Coaching for Success Inc. http://www.coaching4mysuccess.com
    37. YOUR Questions Coaching for Success Inc. 38 http://www.coaching4mysuccess.com
    38. References Research studies/papers Finding a personal coach 1. Booz Allen “The Business Impact of Websites Executive Coaching • International coach federation 2. Manchester “Executive coaching yields return on investment almost six  http://www.coachfederation.org/find-a-coach / times its cost, says study”  ICF Local chapters 3. 2009 Sherpa Executive Coaching Survey Group coaching organizations 1. International coach federation (ICF http://www.coachfederation.org/find-a- coach 2. Compass/Coach Training Institute Coaching for Success Inc. 39 http://www.coaching4mysuccess.com
    39. Contact information Doris Shannon Coaching for Success Inc. doris@coaching4mysuccess.com 678-701-5815 http://www.coaching4mysuccess.com 40 Coaching for Success Inc. http://www.coaching4mysuccess.com
    40. Coaching for Success Inc. 41 http://www.coaching4mysuccess.com
    41. What is Personal coaching… Partnership Builds client-directed partnerships that Helps people are confidential, non- find and reach judgmental, trusting, collaborative, sup Ask the clients to their goals and portive, do more than dreams they would have And focused on action, growth and done on their results. own. Customized for each clients •Focuses the evolving needs client to more quickly produce results Provides the tools, Elicits the support and client‟s natural structure to inspire wisdom and the client to creativity accomplish more. Coaching for Success Inc. 42 http://www.coaching4mysuccess.com
    42. Top 10 Benefits of coaching 1. Maintain a greater focus, clarity and purpose. • Define personal and business vision and map out a strategy. • Set goals you‟re passionate about. • Build life-changing skills. • Create a better life – not just a better lifestyle. • Balance professional life with personal values. • Develop and maintain momentum. • Take Accountability. • Work smarter, not harder. • Eliminate limiting beliefs and gain new perspectives. Coaching for Success Inc. 43 http://www.coaching4mysuccess.com
    43. 2009 National BDPA Technology Conference Networking for the 21st Century Presented by Keith Warrick August 5 -8, 2009 Raleigh, NC
    44. An online professional networking site with 40+ million professionals.
    45. Learning Objectives • Top 10 Uses • Overview of • Setting Networking Goals • LinkedIn Resources
    46. Top 10 Uses • Personal Connect with friends, family, classmates • Business Work with colleagues, recruiters, hiring managers and associates around the world • Hiring Post/distribute job postings • Helping Others Pay It Forward ( )) • Find Recommended service providers, new clients, subject matter experts & partners • Be Found For Business Opportunities • Search For jobs and companies • Discover Connections to land new jobs/close deals • Find High quality passive candidates • Get Introduced To Other Professionals through your network
    47. What Does Success Look Like? Succeed by finding the individuals you seek  Sales Leads Executives from every Fortune 500 company 37m  Candidates Users Millions of employed professionals open to hearing about new career opportunities  Business Partners More than 50,000 companies worldwide  Industry Experts Experts in all major industries
    48. Overview of
    49. LinkedIn Facts Largest, most popular professional/business social networking site. • 40+ million users in 170 industries globally • Millions of business introductions have been facilitated • Users accept 84% of all introductions • Based on six degrees of separation concept but displays three degrees on LinkedIn
    50. Sean Maya Mike Brett 1st level = Bob Seth 500+ Jeff Chris Malik Justin Dave Pam Keith John 2nd level = Dave Rod 92,000+ Caryn Brad Mark Juan Chen 3rd level = Doug Cyana Lisa Allan 6,000,000+ Jean Dwayne LinkedIn: Three Levels of Connection
    51. Your Home Page The In Box …How To Find Everything!
    52. The Home Page of LinkedIn! •Activity Summary on Home Page •Inbox •Network Updates •Profile Updates from your Contacts •Recommendations shared by your contacts •New Connections •Info on your total network – group Navigate the updates, etc website easily from this box
    53. Inbox Of LinkedIn! •You may receive multiple invitations at one time. •To Add at one time, simply click on the arrow next to Receive, select „Invitations‟ , each invitation and then click „Accept‟. •Follow the same process for InMail, Introductions, Q&A, Jobs, group messages and recommendations. •To handle individually, click on Subject.
    54. Site Map Of LinkedIn! Site Map is found on the Bottom of each page
    55. Your Profile Setting It Up!
    56. Develop A Complete Profile • Two Goals 1. Want to be found by business partners, prospects and recruiters quickly.  Reflect on how people search for business contacts and populate your profile accordingly.  Use your „brand statement‟, 30-second commercial or elevator speech to engage a reader in your career summary/highlights in the „Summary Section‟  List keywords that you use on your resume in the “Specialties Area” to maximize chances of being found in searches 2. To be found by employers, colleagues, alumni and classmates.  List every employer and full academic history (leave off the years if you are concerned about age)  Highlight accomplishments for each of your employers  Ask clients, managers , vendors and peers for recommendations  Allows former colleagues to find you
    57. Obtain Recommendations • Request that your best clients, vendors, former colleagues and managers write a recommendation • Why?  LinkedIn prioritizes search results by # of recommendations and account type.  8 + recommendations will be featured prominently if a search is done with your keywords.  Using Search Engine Optimization (SEO) principle - the more clicks on a web page the higher it shows up in search results. This builds your brand because it keeps looping back due to you having lots of recommendations.  Greater likelihood that you will be contacted by someone viewing your profile who doesn‟t know you personally  Recommendations build your credibility with those that do not know you thereby decreasing risk on their part
    58. Obtain Recommendations • You control what is displayed on your profile  Any mis-spelled words or grammatical errors can be returned back to the sender for revisions  If the tenor of the recommendation is not to your liking, you can always choose to not display the recommendation on your profile • Give To Get – writing one for someone else usually prompts him/her to reciprocate • All recommendations can only be written by a LinkedIn member.
    59. Keith’s Profile If You Want All To Connect to You, Add Email to name line Email could go in the heading section •PDF Download • Can attach as a supplemental doc to supply recommendations to Hiring Managers •Create a personal, vanity profile link •Edit Any Field Easily
    60. Details Of Your Public Profile on LinkedIn! •Public Profile Settings Page •Verify Data You Want On Internet •Use Full View  Several Others To Include: •Basic View Includes: name, Industry, Location, N umber of Recommendations •Headline •Summary •Specialties •Current Position with Details •Education •Websites •Interests •Groups •Honors and Awards •Interested in
    61. YOUR NETWORK Grow it!
    62. Invest Time And Energy Into Making Connections! has over 40 million members! Who do you know? Think of everywhere you have worked, lived, volunteered, worshipped, hung out…you know lots of people! • Co-Workers • Classmates • Neighbors • Friends • Relatives • Service Providers • Clients • Vendors • Mentors
    63. YOUR NETWORK DETAILS
    64. YOUR NETWORK DETAILS
    65. GROW YOUR NETWORK (Invite)
    66. GROW YOUR NETWORK (Caution)
    67. GROW YOUR NETWORK (Caution) • Always personalize your invitations to connect and never use the standard default message of “I‟d like to add you to my network on LinkedIn”. • Invitee can select one of three options – ACCEPT, ARCHIVE & I DON‟T KNOW. • A personal message makes connecting more compelling and shows that you intend to treat your network with the 3 As: Attention, Affection & Appreciation. • Create LinkedIn invitation script templates that you can use over and over by simply modifying the details for each particular invitation. • An ARCHIVED invitation simply means that it will be stored away on the Archive Server, available for you at any time on your account. • If an invitee selects the I DON‟T KNOW button 5 times (cumulative) you will be locked out of LinkedIn. • If locked out of LinkedIn, you will have to contact LinkedIn customer service via EMAIL ONLY (NO PHONES) and beg and plead to be reinstated. • LinkedIn sends a warning message to you after the 3rd time someone has selected I DON'T KNOW as you are inviting new connections to connect
    68. SEARCH FOR CONTACTS •Keyword Search •Like other standard search engines •Place “Multiple words” searches in Quotes •Narrow Search Criteria by making as many selections as possible Use complex Boolean searches to Can do Simple Name Search at find just the right contacts! Top (HR OR human OR employee OR staffing OR recruiting OR recruiter OR employment AND (vice OR VP OR EVP OR SVP OR director)
    69. THE THREE I’s Invitation • A direct request to join LinkedIn and/or your network from another LinkedIn user.  The requestor must have your e-mail address in order to send the invite unless he has indicated you are a friend, colleague, classmate , done business together or share membership in a LinkedIn group. Selecting „Other‟ will prompt the invitee‟s e-mail address to be input. • Invitations are a free service to all users with a lifetime limit of 3,000. Introduction • A free service for all users with a limit of 5 in the free account. • 1st degree contacts can introduce you to 2nd or 3rd degree (and above) connections. • All parties in the process must be LinkedIn account holders. • This process facilitates an electronic introduction but does not add this person to your network. InMail • This is a paid service if you are a free account holder – each InMail costs $10.00 or part of a premium account. • Allows you to connect directly to someone outside of your network without an introduction but it does not add this person to your network.
    70. Invitation
    71. Introduction
    72. Introduction
    73. Introduction LinkedIn For Dummies by Joel Elad recommends that you observe the following protocol in using the Introduction Request feature of LinkedIn: Approaching Each Party in the Introduction Be honest and upfront – say exactly what you hope to achieve so there are no surprises • Be polite and courteous – you are asking your friend/contact to make this introduction so that your request goes to the intended party • Be ready to give in order to get • Be patient – you may have a deadline (don‟t we always?) but everyone else usually operates on a different schedule and different levels of urgency – you can monitor the status of the introduction at any time by returning back to the message and viewing its forward status by the trail of green arrows and button – all green – it has been forwarded When writing your message to your intended recipient, keep these tips in mind: • Be honest and upfront • Be succinct • Be original • Be ready to give in order to get
    74. InMail
    75. InMail Directly contact with InMail  30x more likely to get a response  Fast and Direct o Delivered to the user‟s e-mail address/LinkedIn InBox on their home page  Trusted o LinkedIn acts as a secure communication broker – the privacy of the recipient is maintained – you never learn what their e-mail address is. o It‟s a cold contact but your professional profile and the compelling reason you provide in your message gives your recipient the confidence to respond.
    76. InMail  Find some commonality between you and the recipient before stating your desire/need in the opening sentence. Save that for the body of your message. Eg. o Simon: I came across your profile on LinkedIn and noticed that we have several groups, past employers and people in common. I am a business analyst here in the metro Atlanta area and am always looking to grow my network. Would you be open to a call or a cup of coffee this week to discuss XYZ? – XYZ = the reason why you need to connect with Simon.
    77. Be Proactive! Approach Potential Business Partners & Prospects Approach Don‟t wait for others to find you. Search for your connections. Continue To network with new people – those who can help you reach your goals. Ask People to introduce you to their contacts – 9 out of 10 times they will respond without hesitation. Remember Open doors – find senior executives you want to do business with. Send Notes to thank individuals for making introductions and for those who accept your invitation to connect.
    78. JOIN GROUPS • Over 220,000 groups on LinkedIn. • Bring together people with common interests and backgrounds – i.e., professional groups, alumni groups and employment-related groups. • Can create a group or join an existing one. • Click on Groups …groups directory – by category or keywords. • Maximum of 50 groups that you can join. • Have access to group members – can send them a message and not be directly connected. • When a network search is done, group members that match your criteria will come up in the results. • Can participate in discussions – posting questions and answering them. • Job postings are posted in groups. • News/magazine articles can be posted in groups – information repository.
    79. JOIN GROUPS
    80. Advanced Tips Complete Your Profile • Upload a photo (makes your profile complete). Makes it easier for others to connect with you and remember who you are. • Post questions and answers. • Update your Status Message (What are you working on?) – allows up to 100 characters to inform who you choose (your network or anyone) what you are currently doing. Helps build a true network community and strengthens those ties.
    81. YOUR SEARCH …search your whole network in just a few minutes. Looking for Jobs or Companies!
    82. Search For Jobs •Jobs Screen •Update all your information before using tools – profile, connections and recommendations
    83. Search For Jobs
    84. Search For Jobs
    85. Search For Companies New Feature on LinkedIn!
    86. Search For Companies
    87. Tools & Plug-Ins Download From Site List
    88. Using The Tools on LinkedIn To Maximize Your Productivity! •Use Site List to Find This Page For your Downloads
    89. LinkedIn Outlook Companion Toolbar
    90. LinkedIn Outlook Companion Toolbar
    91. LinkedIn Outlook Companion Toolbar
    92. LinkedIn Browser Companion Toolbar
    93. Featured Applications LinkedIn Applications enable you to enrich your profile, share and collaborate with your network, and get the key insights that help you be more effective. Applications are added to your homepage and profile enabling you to control who gets access to what information.
    94. Featured Applications
    95. New on LinkedIn! • Events – Found under Applications. This functionality allows a user to add an event to LinkedIn to promote to his network. A message can be sent out to 50 connections at a time so if you are inviting more than 50 from your network, you will have to send the message out as many times as needed to reach your target audience number. Connections can respond to the message by indicating if they will attend, are interested in attending or not attending. • Personal Information – Found on your profile between Honors and Awards and Contact Settings. Here you can provide additional details around yourself that increase your accessibility such as your birthdate, marital status, Instant Messenger ID, address and phone number. Some things can be controlled as to what is displayed here on your public profile vis-à-vis the profile that your network connections see. • Tags – This is the newest feature. Found under Connections. Tags are custom categories that you can use to organize your connections on LinkedIn. You can create up to 200 tags and assign people to more than one tag. You can use this to become a master networker by classifying everyone by their specialty area, you will be able to connect people with the right opportunities.
    96. Your Account Settings Setting Them Up!
    97. Account Options For LinkedIn! •Be sure your settings are the way you want them and not the system defaults. •Also can upgrade to a premium account on this page. •Enter all of your e- mail addresses that will receive LinkedIn invitations.
    98. Account and Settings Settings Options For LinkedIn!
    99. Account and Settings
    100. Setting Networking Goals
    101. Online Networking Dos and DON’Ts Do • Have a pay it forward attitude – give to get. • Assess your skills, talents, experience and work style to convey your personal brand and unique selling points. • Focus on relationship building - finding people you don’t know. • Focus on relationship building - reach out to those people you don’t know. • View LinkedIn as an enormous spider web.
    102. Online Networking Dos and DON’Ts DO • Focus on contacts that can help you get to the right person. • Invite every person you meet to join your network. • Accept invitations within a reasonable period of time. • Set networking objectives and milestones. • Understand the quality versus quantity debate in growing your network.
    103. Online Networking Dos and DON’Ts DON’T • Forget your manners. • Be selfish by abusing your network. • Join LinkedIn, develop a profile and don’t accept new contacts or requests for help. • Be afraid to reach out to people you don’t know. • Share access to your connections.
    104. Online Networking Dos and DON’Ts DON’T • Let LinkedIn serve as a substitute for human interaction. • Have unrealistic expectations.
    105. Quality versus Quantity Networking Who To Invite? • Old school – only invite people you know and trust very well and be willing to recommend Open Closed *LION *Hound Dog *Turtle • New School - Dinner Part Introduction – know people casually or not at all • Some people have hundreds, if not thousands of people in their 1st degree network. How strong can these relationships be? • From LinkedIntuition – http://linkedintuition.com/blog/the-lion-the-turtle-and-the-hound-dog, 03/26/09
    106. Quality versus Quantity Networking The power of weak ties • Weak tie: a friendly yet casual social connection. • There is compelling data that shows that people don’t always get their jobs through their friends. They get them through weak ties. • Why? – Traveling in the same circles sometimes means that you already have exhausted those same connections. – Limited opportunity due to smaller reach of companies and industries.
    107. Quality versus Quantity Networking Networker: what are you? • LION – An open networker – accepts all and any invitations to connect. – Advantages: • Grows your network exponentially – allowing you to see more in your target searches for companies and contacts. • More connections allows you to help others especially if it is in an area that you have no expertise or knowledge. Remember it’s all about helping others first. – Disadvantage: • If an introduction request is made, they likely do not know the person and therefore, can only pass on a lukewarm introduction.
    108. Quality versus Quantity Networking Networker: what are you? • Hound Dog – Someone who connects to those that they know or connects to those that they would like to know better. Hound Dog will have some impact on the size of your network, more than a Turtle but less than a LION. – Advantage: • If an introduction request is made, it will be better received than one from a LION. – Disadvantage: • If an introduction request is made, it will not be as good as one made by a Turtle.
    109. Quality versus Quantity Networking Networker: what are you? • Turtle – is a closed networker or someone who has chosen to connect only with those that they know very well. – Advantage: • If an introduction request is made, it is likely to be a very warm (quality) introduction. – Disadvantage: • Since the size of their network is small, they will likely have less of an impact on the size of your network.
    110. LinkedIn Resources
    111. LinkedIn Resources • Blog by Sean Nelson – Linked Intuition – http://linkedintuition.com/blog : sign up for the RSS Feed – tips and tricks on LinkedIn • Books – Seven Days To Online Networking – Diane Crompton and Ellen Sautter – LinkedIn For Dummies – Joel Elad – How To Really Use LinkedIn – Jan Vermeiren
    112. Contact Information Keith Warrick Trainer Consultant 404.580.3585 warrickk@successarchitechs.com keith.warrick@gmail.com www.successarchitechs.com
    113. 2009 National BDPA Technology Conference Putting Your Career on Steroids in a Matrixed Environment Cecil Jones ABD, MBA, PMP, CCP August 5-9, 2009 Raleigh, NC
    114. Presentation Objectives • Knowing Yourself and Being Your Best • Knowing Your Organization and Its Values • Understanding the 21st Century Workforce • How to Move Up • When to Move Laterally • „Your Services are No Longer Needed‟ • What is this Networking Stuff? • Putting Your Career Plan Together 115
    115. Knowing Yourself, Being Your Best • “We have met the enemy and he is us” – Pogo (1) • Assess yourself critically and honestly • Become responsible for your own development (2) • Achieve and maintain productive interpersonal relationships (2) • Commit to achieving organizational goals through improved performance (2) (1) Pogo – syndicated cartoon column (2) Being Your Best by Michael Baroff 116
    116. Know Your Organization‟s Values • Does your organization value relationships above productivity? • Does your organization value seniority? • What are your immediate manager‟s values? • What are your boss‟ boss values? • What are the backgrounds of your peers and your managers (direct and indirect reporting)? 117
    117. Understanding the 21st Century Workforce • A View of Work and forces impacting your Who is Working work Assess your world and the larger environemnt Future Developments How is work affecting your organized workplace The 21st Century at Work by Karoly and Panis 118
    118. The IT Professional Outlook: Strategic Planning Assumptions • By 2010, six out of 10 people affiliated with the IT organization will assume business-facing roles around information, process and relationships (0.7 probability). • Through 2010, 30 percent of top technology performers will migrate to IT vendors and IT service providers (0.8 probability). • By 2010, IT organizations in midsize and large companies will be at least one-third smaller than they were in 2000 (0.7 probability). • By 2010, 10 percent to 15 percent of IT professionals will drop out of the IT occupation (0.7 probability). X Quarter NBOD Meeting2007 National BDPA 119 Technology Conference
    119. How to Move Up • Promotion Considerations Do the leaders in organization Is the Position look favorably upon you? Available? Know this BEFORE you apply for the new position What will the new position require? Why do you qualify? 120
    120. When to Move Laterally • To obtain additional needed skills, and references • To gain leadership skills – movement from technical lead to managerial in the same grade level • To affiliate with promotable parts of the organization • To prevent layoff 121
    121. “Your Services are No Longer Needed” • Know the Signs • Decreased Workload • Memos cutting back on expenses • Others are being „let go‟ • Change in the boss‟ attitude/communication with you • New manager to which you report • Organizational change • Others trying to take your job The Workplace Survival Guide by George Fuller 122
    122. What is this Networking Stuff? • Network Personally and Electronically • Join at least two organizations germaine to your career (BDPA is a GREAT choice!) • Join the Membership team of the user group or networking organization (get to know the people in the organization) • Know when you have „peaked‟ in a network 123
    123. Putting Your Career Plan Together • Know Yourself • Know which environments in which you thrive • Understand how your Personal Financial situation impacts your career choices • Know your industry • Develop your network • Know who wants you to succeed • Be great in your chosen career discipline 124
    124. Reference Information (1) Increasing Demand for Demand Management http://www.bleum.com/pdf/Increase_demand_for_demand_manag ement.pdf (2) http://cio.osu.edu/projects/framework/project_class.html (3) Kendall & Rollins, Advanced Project Portfolio Management and the PMO (4) Gido & Clements, Successful Project Management ?QUESTIONS? Cecil Jones Knowledge Services Jones.1540@osu.edu 614-736-1100 125
    125. 2009 National BDPA Technology Conference “Going Geek is the New Chic” Milt Haynes Past National BDPA President Founder Blacks Gone Geek August, 2009 Raleigh, NC
    126. Presentation Objectives This presentation will address all aspects of Careers In IT and the core competencies necessary to build and sustain a vibrant, fulfilling and prosperous career. • BDPA Education Life Cycle Program “From the Classroom to the Boardroom” Introduction to IT industry trends and career development best practices • Successful strategies on how to get a job, keep a job and develop a long term IT career • Research results from the 2009 IT Job Outlook Readers Poll • Skill sets that are hot in the current job market • How to use social networking to “get discovered” for the hot job opportunities • How to build a successful online business in the IT Industry 2009 National BDPA Technology Conference 127
    127. Why BDPA When Earl Pace, Jr. and the late David Wimberly founded BDPA in 1975 they voiced their concerns as: •Lack of minorities in middle and upper management •Poor preparation of minorities for these positions •Low number of minorities being recruited for upper management positions •Lack of career mobility of minorities •Lucrative minority placement services dominated by non-minorities 2009 National BDPA Technology Conference 128
    128. BDPA Vision Be a powerful advocate for our stakeholders‟ interests within the global technology industry. 2009 National BDPA Technology Conference 129
    129. BDPA Mission BDPA is a global member-focused technology organization that delivers programs and services for the professional well being of its stakeholders. 2009 National BDPA Technology Conference 130
    130. BDPA Stakeholders  Members  Corporate Supporters and Sponsors  Black IT Businesses and Entrepreneurs  Educational Institutions  African American Community 2009 National BDPA Technology Conference 131
    131. Milt Haynes 2009 National BDPA Technology Conference 132
    132. Blacks Gone Geek Blacks Gone Geek is an online community that serves to inspire a new generation of African Americans to consider and select IT careers, as well enthuse interest and promote technology entrepreneurship; ultimately increasing African Americans‟ participation in IT “from the classroom to the boardroom.” 2009 National BDPA Technology Conference 133
    133. Abbott Laboratories Abbott is a global, broad-based health care company devoted to the discovery, development, manufacture and marketing of pharmaceuticals and medical products, including nutritionals, devices and diagnostics. Founded in 1888 by Chicago physician Dr. Wallace C. Abbott, Abbott has emerged as one of the world's most diverse health care companies. The company, which ranks No. 80 on the FORTUNE 500, has more than 72,000 employees worldwide serving customers in more than 130 countries. 2008 Annual Revenue: $29.5 billion 2009 National BDPA Technology Conference 134
    134. IT Senior Management Forum VISION •To significantly increase African American leadership in Information Technology MISSION •To fill the executive pipeline with the next generation of IT professionals and foster the continuing development of ITSMF members 2009 National BDPA Technology Conference 136
    135. “IT Solutions for Business Problems in Challenging Economic Times” "BUSINESS OF INNOVATION AND IT" "EXECUTIVE GUIDE TO PROJECT MANAGEMENT“ Moderated by Milt Haynes Tuesday, April 28, 2009 Renaissance Schaumburg Hotel & Convention Center Chicago, IL http://www.pemconferences.com/chic09/chic09conference.htm 2009 National BDPA Technology Conference 137
    136. PMI Chicagoland Executive Council The PMI Chicagoland Chapter Executive Council is a group of invited executives from various Chicago-area industries who share ideas, perspectives and best practices for improving the management of projects in organizations and the role of the project management profession. Executive Council Members 2009 National BDPA Technology Conference 138
    137. BDPA Chicago Corporate Advisory Council The Corporate Advisory Council (CAC) supports the Chicago Chapter of the Black Data Processing Associates to fulfill its mission as an AVDISORY group at the request of the Board of Directors of the Chicago Chapter. The CAC will assist the BDPA Chicago Chapter in planning, implementing and funding chapter programs. These programs should be aimed at improving professional expertise and/or, to improve the educational possibilities for community youth, through the Citywide High School Computer Competition and related activities and programs. 2009 National BDPA Technology Conference 139
    138. Education Life Cycle From the Classroom to the Boardroom Corporate Advisory Council IT Senior Management Forum Professional Development Workshops/Seminars College Internships High School Computer Competition High School Computer Camp Adopt-a-School Adopt-a-Class 2009 National BDPA Technology Conference 140
    139. Our Challenges • Offshore talent is much cheaper and well trained • Recent graduates need experience to get a job and a job to get experience!! • Recruiters are pressured to present highly qualified candidate with proven track records • Entrepreneurs are not big enough to meet tier 1 vendor requirements for Corporate America 2009 National BDPA Technology Conference 141
    140. BDPA Who‟s Hiring Initiative Program Background • Demand for African Americans in IT is outpacing supply • Corporations are in need of a comprehensive recruiting and retention strategy • Gen Y and Echo Boomers use web 2.0 social networking tools to communicate beyond email • Education and training curriculums can‟t keep pace with fast changing technology skill demands 2009 National BDPA Technology Conference 142
    141. BDPA Who‟s Hiring Initiative Program Purpose • The purpose of this program is to fill the pipeline with the next generation of IT professionals and foster the continuing development of BDPA members 2009 National BDPA Technology Conference 143
    142. BDPA Who‟s Hiring Initiative Filling the Pipeline Senior Executive ITSMF Membership Executive Middle Management ITSMF Protégé/Alumni 1st Line Management Organization Supervisory Technical/Professional BDPA Leadership Development Entry Positions Student Internships BDPA Professional Development Next Generation of IT Professionals 2009 National BDPA Technology Conference 144
    143. BDPA Who‟s Hiring Initiative Job Hunt Job Gain Professional Development Career Coaching Education Certification Job SIGs Placement Job Outlook Career Hot Jobs Development BDPA Who‟s Hiring Industry Trends Plan Directory BDPA Job Postings http://blacksgonegeek.org/WhosHiring.aspx 2009 National BDPA Technology Conference 145
    144. Steps for Long Term Employment in IT* • Obtain a strong foundational education • Learn technologies used in a global industry • Keep skills up-to-date throughout your career • Develop good teamwork and communication skills • Become familiar with other cultures • Choose work in areas lest likely to be sent offshore *From Globalization and Offshoring of Software: A Report of the ACM Job Migration Task Force 2009 National BDPA Technology Conference 146
    145. Get Geeked! 2009 National BDPA Technology Conference 147
    146. Who‟s Getting Hired • Internal candidates • Industry experts (PMP, Business Objects, Clarity) • Market Hires • Contractors (e.g. Contract to hire, offshore) • Diversity Candidates  UNCF  BDPA  Black MBAs  NSBE  HACE • Entrepreneurs (Diversity Suppliers) 2009 National BDPA Technology Conference 148
    147. Critical Skills Focus “The only way to get ahead and stay ahead in this challenging job market is to constantly distinguish yourself from the competition by demonstrating great performance and maintaining highly marketable skills.” Milt Haynes 2009 National BDPA Technology Conference 149
    148. 2009 IT Job Outlook - Detailed Survey Results 2009 National BDPA Technology Conference 150
    149. Top IT functional areas for greatest job market demand in 2009 • Business Process Management 29% • IT Leadership & Governance 24% • Program & Project Management 22% • Solutions Delivery 22% • Risk Management 20% • Enterprise Architecture 18% • Business Planning 14% • Infrastructure Management 14% • Organization Planning & Design 12% • Portfolio Management 10% • Strategic Planning 8% • Supplier Mgmt 8% • Budget Management 6% • Accounting & Allocation 4% • Investment Analysis and Intelligence 4% • Resource Management 4% • Security 4% 2009 National BDPA Technology Conference 151
    150. Get Coached! 2009 National BDPA Technology Conference 152
    151. Feedback • Can‟t Find a Job? Here‟s Why…  Under qualified (skill set mismatch)  Unprepared  Under developed  Project a poor image  Don‟t interview well  Not ready for the corporate culture  Can‟t compete  Reluctant to relocate 2009 National BDPA Technology Conference 153
    152. Feedback • Can‟t Find a Job? Here‟s Why…  You're not as marketable as you think  You place too much faith in the Internet  You haven‟t established your brand  You‟re a lousy planner  You don't follow up  and… 2009 National BDPA Technology Conference 154
    153. Career Coaching Assisting the BDPA Job Seeker o How to “Get in the Game” o Conducting the Employability Assessment o Setting Realistic Expectations o Finding the Best Career Objective o Developing Your Unique Selling Proposition (USP) o Passing a Background Check o Generating Leads 2009 National BDPA Technology Conference 155
    154. Career Coaching Assisting the BDPA Job Seeker o Matching Algorithm Exercise o Writing a Killer Cover Letter o Working the BDPA Referral o Reporting Status o Interviewing Tips o Negotiating Offers o Congratulations! o Planning Your First 100 Days http://blacksgonegeek.org/ToolBox.aspx 2009 National BDPA Technology Conference 156
    155. Coaches Corner: Keys to Success in 2009 o Establish Your Web Presence o Communicate Your Value o 6 Letters You Need to Use: G.O.O.G.L.E. o Job Seeking in a Troubling Economic Climate o Are you Flexible and Adaptable to a New Corporate Culture? o Incorporate the Six Degrees of Separation Theory http://blacksgonegeek.org/CoachesCorner.aspx 2009 National BDPA Technology Conference 157
    156. Think BIG! 2009 National BDPA Technology Conference 158
    157. What‟s your USP? Faster than a speeding bullet. More powerful than a locomotive. Able to leap tall buildings in a single bound. Look! Up in the sky! It's a bird. It's a plane. It's Superman! 2009 National BDPA Technology Conference 159
    158. P. I. E. There are three elements important to players who want to fine tune their skills and move up in their profession. They must: Perform exceptionally well (10%) Cultivate proper image (30%) Manage their exposure so the right people will know them (60%) Understand that your performance must be top-notch, because you can be replaced, but also understand that there‟s a lot more to career advancement than doing an outstanding job. From “Empowering Yourself: The Organization Game Revealed” by Harvey Coleman 2009 National BDPA Technology Conference 160
    159. Get Discovered! 2009 National BDPA Technology Conference 161
    160. Online Community Start-up Guide Document Outline o Introduction o Beginner's Guide to Website Creation o Blogging o Social Networking Sites o Basic Marketing o Advanced Marketing o Branding o Writing Tips http://blacksgonegeek.org/OnlineCommunityStartupGuide.aspx 2009 National BDPA Technology Conference 162
    161. Get Engaged! 2009 National BDPA Technology Conference 163
    162. Development Spectrum Development Most Least Impact People Skill Learning On the Full Examples/ Feedback Builders from Job Job Role coaching Training Hardships Experience Change Models •Courses •Job Shadow •Seek and ask •Stretch •Active learning •Lateral for feedback Assignments •Seminars •Observe •Teach others •Cross- Speakers •360 feedback •Unplanned functional •Workshops •Analysis, events •Observe •Mentoring planning, •Hierarchical •Audio & Leaders •Difficult task execution Video Tapes •Exposure •Related •Exposure to •Mistakes •Lead/participate Business •Readings •Support different on a team, task •Disappointm •Technical/ teams •Guidance force, council ents Managerial •Exposure to •Coaching •Cross-train •Line/staff different •Join a communities •Location professional organization •Independence 2009 National BDPA Technology Conference 164
    163. Critical Success Factors • Managing Expectations • Making the BDPA Connection • Keeping Marketable • Building a Best in Class Resume • Leveraging Business vs. Technology • Staying Interested in Education • Playing Politics in Corporate America 2009 National BDPA Technology Conference 165
    164. Recommendations: Where to Go From Here? • Choose which domain of expertise best suits you. Learning and relationships will fuel growth. • Figure out what appeals to you. Look at industry segments, business processes, service delivery models and company size. • Look outside the world of business IT for new challenges and emerging roles. • Network! Tap into professional, personal and social networks. • Keep an objective eye on your career path: Are you doing what you want to do? 2009 National BDPA Technology Conference 166
    165. Recommendations: Where to Go From Here? • “Publish or perish”  Publish Your Own Professional Website, Blog, Podcast, Discussion Group • Learn how to sell yourself • Gain new technical skills • Develop your soft skills and professional image • Prove yourself by volunteering and managing a successful project from start to finish • Build relationships, references and referrals • Dodge the offshore bullet by building business skills and customer facing work experience 2009 National BDPA Technology Conference 167
    166. Recommendations: Where to Go From Here? • Know your gifts • Find your niche • Develop your business model (SWOT) • Build your following • Position yourself to find investors  Ask and you shall receive  Learn business development and CRM  Help me help you • Sell your wares • Manage your finances • Grow your business • Help others 2009 National BDPA Technology Conference 168
    167. Recommendations: Where to Go From Here? • Master the politics of the business inner circle • Practice life-long learning techniques • Exercise Impression Management • Link your accomplishments to the performance criteria that matters • Find out what the customer wants and focus on that • Get coached, get geeked, get engaged • Follow-up, follow through and persist until you succeed 2009 National BDPA Technology Conference 169
    168. Q&A 2009 National BDPA Technology Conference 170
    169. Back-up Slides 2009 National BDPA Technology Conference 171
    170. Recommended Reading “Beyond Performance: What Employees Really Need to Know to Climb the Success Ladder” by Roland D. Nolen “Cracking the Corporate Code: From Survival to Mastery” by Price M. Cobbs and Judith L. Turnock “Dig Your Well Before You‟re Thirsty” by Harvey Mackay “Due North! Strengthen Your Leadership Assets” by Jylla Moore Foster “Emotional Intelligence: Why It Can Matter More than IQ” by Daniel Goleman“ Empowering Yourself: The Organization Game Revealed” by Harvey Coleman “How to Be a Star At Work: 9 Breakthrough Strategies You Need to Succeed” by Robert E. Kelley “People Skills” by Robert Bolton 2009 National BDPA Technology Conference 172
    171. Recommended Reading “The New Rules of Marketing & PR: How to Use News Releases, Blogs, Podcasting, Viral Marketing & Online Media to Reach Buyers Directly” by David Meerman Scott “The Seven Habits of Highly Effective People” by Stephen R. Covey “The 8th Habit: From Effectiveness to Greatness” by Stephen R. Covey “The Secret Handshake: Mastering the Politics of the Business Inner Circle” by Kathleen Kelley Reardon, Ph.D. “Political Savvy: Systematic Approaches to Leadership Behind-the- Scenes” by Joel R. DeLuca, Ph.D. “Power and Politics in Project Management” by Jeffrey K. Pinto, PhD. “Execution: The Discipline of Getting Things Done” by Ram Charan “The Greatest Salesman in the World” by Og Mandino 2009 National BDPA Technology Conference 173
    172. Recommended Reading “The First 90 Days: Critical Success Strategies for New Leaders at All Levels” by Michael Watkins “Who Moved My Cheese? An Amazing Way to Deal with Change in Your Work and in Your Life” by Spencer Johnson, Kenneth H. Blanchard Globalization and Offshoring of Software: A report of the ACM Job Migration Task Force “Choose to Lead: Advice, Tools, and Strategies from Women for Women” by Narmen F. Hunter and Deborah C. Chima “The Tipping Point: How Little Things Can Make a Big Difference” by Malcolm Gladwell “The World Is Flat: A Brief History of the Twenty-First Century” by Thomas L. Friedman From Good to Great: Why Some Companies Make the Leap and Other Don‟t” by Jim Collins 2009 National BDPA Technology Conference 174
    173. Contact Information Milt Haynes, Founder Blacks Gone Geek milt@blacksgonegeek.org 630-707-8001 www.blacksgonegeek.org 2009 National BDPA Technology Conference 175
    174. 2009 National BDPA Technology Conference Raleigh, North Carolina Project Management •An Introduction to the Project Management Lifecycle •Defining The Enterprise Architecture: The House Built on Straw •Going LEAN in Healthcare •Key Trends in Project Management •Leveraging the Subject Matter Expert for Project Success •Managing Risk of Critical Initiatives •Portfolio Management, Demand Management and Resource Management
    175. 2009 National BDPA Technology Conference An Introduction to the Project Management Life Cycle Jacqueline Ockleberry, PMP August 5 – 9, 2009 Raleigh, NC
    176. Presentation Objectives At the completion of this presentation, you will be able to:  Describe the differences between the product, project, and project management life cycles  Describe the relationship between the project management process groups and knowledge areas  Explain “the big picture” of what happens and when according to PMI®  Identify the PMBOK® Guide 4th edition changes 178
    177. Project Management In general, for a project to be successful you will need four things:  Use of appropriate processes required to meet the project objectives  A defined approach that can be adopted to meet requirements  A method to ensure traceability and compliance of requirements to meet the needs and expectations of the stakeholder  An approach to keep the project‟s scope, time, cost, quality, resources and risk in balance 179
    178. Life Cycles • Comprised of all the phases and iterations of Product/Service the product/service • Varies based on type of product or service • Comprised of all the phases and stages Project required to produce the final project outcome • Varies by industry and project type • Series of phases required to manage the Project work throughout the project life cycle Management • Same regardless of project type or industry 180
    179. Product Life Cycle 181
    180. Project Life Cycle Design Code Test Train Implement 182
    181. Project Management Life Cycle Systems Development Project Design Design Code Test Train Implement Initiating Initiating Initiating Initiating Initiating Planning Planning Planning Planning Planning Executing Executing Executing Executing Executing Controlling Controlling Controlling Controlling Controlling Closing Closing Closing Closing Closing 183
    182. Process Groups Initiating • Processes performed to define a new project or new phase of an existing project by obtaining authorization to start the project or phase. Planning • Processes required to establish the scope, refine objectives, and define the course of action required to attain the objectives that the project was undertaken to address. Executing • Processes performed to complete the work defined in the project management plan to satisfy the project specifications. Monitoring and Controlling • Processes required to track, review, and regulate the progress and performance of the project; Identify any areas in which changes to the plan are required; and initiate the corresponding changes. Closing • Processes performed to finalized all activities across all process groups to formally close the project or phase. 184
    183. Process Groups  May overlap other process groups  May be iterative throughout the project Planning Executing Enter Phase/ Exit Phase/ Start Project Initiating Closing End Project Monitoring and Closing 185
    184. Knowledge Areas Nine knowledge areas encompass the 42 fundamental project management processes according to the PMBOK ® Guide 4th edition.  Project Integration Management  Project Scope Management  Project Time Management  Project Cost Management  Project Quality Management  Project Human Resource Management  Project Communications Management  Project Risk Management  Project Procurement Management 186
    185. Framework Project Management Process Groups Knowledge Monitoring & Initiating Planning Executing Controlling Process Closing Process Areas Process Group Process Group Process Group Group Group Develop Develop Project Direct and Manage Monitor and Control Close Project Project Project Charter Management Plan Project Execution Project Work or Phase Integration Management Perform Integrated Change Control Collect Verify Scope Project Requirements Control Scope Scope Define Scope Management Create WBS Define Activities Control Schedule Project Sequence Activities Time Management Estimate Activity Resources Estimate Activity Durations Develop Schedule Project Estimate Costs Control Costs Cost Determine Budget Management Plan Quality Perform Quality Perform Quality Project Assurance Control Quality Management 187
    186. Framework Project Management Process Groups Knowledge Monitoring & Controlling Initiating Process Planning Process Executing Process Process Group Closing Process Areas Group Group Group Group Develop Human Acquire Project Team Project Resource Plan Develop Project Team Human Resource Management Manage Project Team Identify Plan Communications Distribute Information Report Performance Project Stakeholders Communications Manage Stakeholder Management Expectations Plan Risk Monitor and Control Project Risk Management Risks Management Identify Risks Perform Qualitative Risk Analysis Perform Quantitative Risk Analysis Plan Risk Responses Project Plan Procurements Conduct Administer Close Procurements Procurements Procurements Procurement Management 188
    187. Big Picture Monitoring Initiating Planning Executing and Closing Controlling Project Management Plan Requirements Closure, Final Variances Product Project Charter Schedule Budget Resources Deliverables Change Requests Closed Contracts Roles and Responsibilities Risks Stakeholder Communications Expectations Organizational Quality Forecast Process Assets (Updates) Contracts 189
    188. PMBOK 4th Edition Changes  Standard language incorporated throughout the document.  New data flow diagrams clarify inputs and outputs for each process.  Greater attention placed on how Knowledge Areas integrate in the Process Groups.  The term “triple constraint” removed.  The term “PERT” added. 190
    189. PMBOK 4th Edition Changes  Overall number of processes decreased from 44 to 42.  All process names changed to a verb-noun format.  Added two new processes  Identify Stakeholders  Collect Requirements  Deleted two processes  Develop Preliminary Scope Statement  Scope Planning  Reconfigured Procurement Management into four processes. 191
    190. PMBOK 4th Edition Changes Changed processes:  Close Project changed to Close Project or Phase  Manage Project Team changed from a “controlling” process to an “executing” process  Manage Stakeholders change to Manage Stakeholder Expectations; changed from a “controlling” process to an “executing” process  Plan Purchases and Acquisitions and Plan Contracting changed to Plan Procurements  Request Seller Responses and Select Sellers changed to Conduct Procurements 192
    191. PMBOK 4th Edition Changes  Corrective action, preventive action, defect repair, and requested changes are now under general term “change request.”  The Arrow Diagramming Method (ADM) and Activity on Arrow (AOA) removed.  The To-Complete Performance Index (TCPI) calculation added.  New appendix “Interpersonal skills” added.  Glossary expanded and updated. 193
    192. PMBOK 4th Edition Changes  Clear distinction between the elements that occur in Project Charter verses Scope Statement.  The Project Management Plan and Project Documents more clearly differentiated. 194
    193. PMBOK 4th Edition Changes Project Management Plan Project Documents Change management plan Activity attributes Quality metrics Communications management plan Activity cost estimates Responsibility assignment matrix Configuration management plan Activity list Requirements traceability matrix Cost management plan Assumption log Resource breakdown structure Cost performance baseline Basis of estimates Resource calendars Human resources plan Change log Resource requirements Process improvement plan Charter Risk register Procurement management plan Contracts Roles and responsibilities Quality management plan Duration estimates Sellers list Requirements management plan Forecasts Source selection criteria Risk management plan Issue log Stakeholder analysis Schedule baseline Milestone list Stakeholder management strategy Schedule management plan Performance reports Stakeholder register Scope baseline Project funding requirements Stakeholder requirements • Scope statement Proposals Statement of work • WBS Procurement documents Team agreements • WBS dictionary Project organizational structure Team performance assessments Scope management plan Quality control measurements Work performance information Quality checklists Work performance measurements 195
    194. PMBOK 4th Edition Changes Charter Scope Statement Project purpose or justification Product scope description (progressively elaborated) Measurable project objectives Project deliverables and related success criteria High-level requirements Product user acceptance criteria High-level project description, product Project boundaries (exclusions) characteristics Summary milestone schedule Project constraints Summary budget Project assumptions Project approval requirements (what constitutes success, who decides it, who signs it) Assigned project manager, responsibility, and authority level Name and responsibility of the person(s) authorizing the project charter 196
    195. References PMBOK Guide®, 4th Edition PMI®, PMP®, PMBOK Guide®, Project Management Professional and Project Management Body of Knowledge are registered trademarks of Project Management Institute. 197
    196. Contact Information Jacqueline Ockleberry, PMP JYO Consulting JOckleberry@JYO-Consulting.com 817.784.6926 www.jyo-consulting.com 198
    197. 2009 National BDPA Technology Conference Defining The Enterprise Architecture: The House Built Upon Straw Conducting The Architecture Discovery Arturo D. Hill IV August 5 – 9, 2009 Raleigh, NC
    198. ARCHITECTURE DISCOVERY SESSION • Architecture Discovery Session Objectives  To be better positioned to define the current use of technology within [Your Organization] to move to an enterprise level of Architectural Readiness  Prioritize the value/impact of key initiatives against existing Business Goals  Validate results/direction set in your prior SLT and/or Sr. Management meetings  Ensure an understanding of the steps for a Three - Five Year Technology Plan (3-5YTP) 2009 National BDPA Technology Conference 200
    199. Approach and Workshop Guidelines Approach Workshop Guidelines  Brainstorming to Describe Utopia  Open, Interactive, and Informative  Focus on Collaboration and Information  Evaluation, Judgment and Criticism are not allowed Sharing  Focus on Quantity not Quality (Do not edit your  How to Leverage Technology ideas)  Value to the organization (Highest Return)  Wild, Far Fetched and Illogical Ideas are encouraged  Technology in the Marketplace  Ideas may be combined, modified or piggybacked  Not “Technical Details” - Solutions (Should be highly encouraged)  Rank & Prioritize Characteristics  Eliminate Redundancy  Prioritized (Ranking)  Affinity Diagram (I‟ll explain…)  Define Value Measures, and How to Achieve Value  Validate Prior IMM to new Prioritized List  Map prioritized Initiatives to Future State Map  Review Action Steps for three year plan  Recap Meeting and Next Steps 2009 National BDPA Technology Conference 201
    200. Objectives and Expectations Value to Your Organization • Listen, Understand Business Needs -> Services • Listen, Understand Business Needs -> Technology • Interest in Communication <IT> • „Hear‟ ideas on how to leverage and use Technology • Trigger ideas, start process - 3 year technology plan • 2-3 workshops in 10 years - use of technology • (Marketing oriented); Today - Higher Level • Web (2.0) Based Applications • 3-4 years ago - Ahead of technology curve • Today - Internet - Lagging Behind • Hear ideas/opinions • Technology to do a better job • Supply World-wide operations • Full use of the Internet, and Web Applications • What technology is available to leverage World-wide „pockets‟ of strength – Global Differentiators • Communicate better; more access (Better Communication Plans; and tools and vehicles for communicating) • Unify Enterprise and Internal Business Organizations • How to integrate communications within the company/companies • What are we really doing with e-commerce? • Not just an internal tool – proactive… 2009 National BDPA Technology Conference 202
    201. 360 Degree Feedback – What Do You Want The World To Say About Your Organization?  Reason for „High Market‟ Share Shareholders  [Your Organization (YO)] is “That Great”  Quick and Profitable Subsidiaries  Answers & Products  Always have the answer  Product did the job - Provided Solution Suppliers  Solves the Problem  Accessible Distributors  Great Value  Can‟t afford to deal with [YO]‟s Competitors  [YO] = Experts Joint Venture  Easy to Do Business With (The Easiest) Partners  [YO] - Provides the Greatest Service Customers  Meets Customer‟s Requirements/Needs Competitors 2009 National BDPA Technology Conference 203
    202. FUTURE STATE CHARACTERISTICS What would occur in the perfect Enterprise Architectural Environment?  [YO] is more Competitive  The Face of Service and Product Distribution – Has Drastically Changed (Apple)  Open, Information about [YO] „ More Visible‟  Focus on Improvement; Processes, Performance, Customer Service  More Transparent  Consistency in eyes of customer & global view (uniformed image and product)  Global Presence  [YO] Information Available to Competitors  Customers more sophisticated  Focus Beyond price  Value Driven Focus (Dollars, Safety, Job Easier)  Responsiveness  [YO] - Near Monopoly (i.e., Blackberry, and iPhone/iPod)  Risks  Advanced and Emerging Technology enables small competitors to compete 2009 National BDPA Technology Conference 204
    203. Risk Factors 2009 National BDPA Technology Conference 205
    204. [Your Organization‟s] Migration [YO]‟s Use of Technology In A Global Enterprise Organization? How does [YO] align / prioritize all the Strategic Initiatives?  SLT/Enterprise-wide Initiatives  Strategic Plan Initiative  Architecture Readiness Initiatives  Subsidiary / Business Acquisition planned Initiatives Who are [YO]‟s customers and how well will you manage products/services and satisfaction to your customers? Executive  Distributors Management  End-User (Consumer) – Do we have all pertinent Information? Concerns  Subsidiaries How will you accurately measure your performance and success? How will you continuously improve your performance and success? How will you leverage technology to support the increase and efficiency of business? 2009 National BDPA Technology Conference 206
    205. Strategic Road Map To Defining •Strategic •Imperatives •Mission Critical Initiatives •Business •Recognized as Global •Company •Objectives •Realize •World-Wide •Increase Market •Growth •Share •Leverage •Technology •Improve •Customer Satisfaction •Achieve •Unequalled •Improve Subsidiary/ •Customer •Distributor/Customer •Satisfaction •VOC •Develop Education •Program •Develop •Suppliers/Distributors •Collaboration Program •Vision •Develop Global •Financial Strategy •Your Org. •Maximize •Corporate-Wide •„You‟ •Profitability •Identify and Track •OEM Projects •Value •Products •Value Competitor‟s •Market Effectively •Products •Against Vulcanization •and Alternative •Technologies •Value Market •Comparisons/Prefs. •Define Service •Solution Offerings •and Value •Develop New •Products/Strategies •Improve •Operational •Develop/Update •Efficiency and •Product Procedures •Product Innovation •Improve Mfg., W/H •and Distribution. Operations •Develop 2009 National BDPA Technology Conference •Strategic 207 •Technology •Plan
    206. Architecture Planning Activities: Implementation Planning Scope and Budget Definition Define Project Team Structure • Define Project Scope and Charter • Executive team • Define Project Budget • Project Management Team • Define Project Constraints (Schedule, Cost) • Business Team • Technical Team Formalize Approach • Operations Team • Select Life Cycle Model • Change Management Team (Training/Rollout) • Determine Generations, Phases and associated • Develop Resource Plan activities • Develop Rollout Strategy Develop High Level Project Plan and Cost Estimates • Define Project Schedule and milestones • Develop effort estimates from resource plan, and approach • Define Key Success factors and metrics • Resource costs (client, vendor) (Business/Technical) • Infrastructure costs (hardware, software, other) • Define Technical Approach • Operational costs – One time costs (training, Change Management) • Agree on Technical Architecture, tools, vendors • Operational costs – Estimate ongoing costs (Help Desk, Operations, • Agree on Technical Methodology/Process Backup, Business Continuity etc.) Current Architecture Implementation 1 State Analysis 2 Definition 3 Planning Create Architecture and Evaluation Framework Scope/Budget Definition Review Business Strategy / Objectives Develop Candidate Approaches Formalize Approach and team Review Technical Strategy / Objectives Evaluate Candidate Approaches Develop High Level Project Plan and Estimates System Analysis Prototype/ POC Review Application Analysis Identify Migration Considerations Create Final Deliverables Organizational Analysis Formalize Vendor Support Design for Six Sigma activities Develop Recommendations 4 Status Reporting Executive Oversight Communication Issue Management Delivery Assurance 2009 National BDPA Technology Conference 208
    207. Architecture Assessment Timelines Timelines are dependent on the following variables: • Complexity of the business or technical problem, size of the system or application to be analyzed. The larger the scope of the business or technical strategy (Global, Enterprise, System, Application) the larger the effort. • Availability of current state documentation, and personnel to answer key questions; Availability of SME‟s on business and technical issues. Relying on the project team to gather documentation via interviews and information requests will take time. Having the information available prior to the start of the engagement will reduce the overall timelines. • Degree of specificity and precision of the business and technical objectives; Numerical metrics are most precise, high level strategic goals least precise (require additional detailing and decomposition). The review of business and technical objectives step, assumes that these goals are well developed and documented. If not, additional workshops and interviews will need to be conducted by the project team to clarify the goals. • Availability of client personnel to participate in interviews, workshops, review interim work products, provide information. • Number of business units and/or domain areas affected by the proposed objectives or strategy that need to be part of the architecture assessment definition process. 2009 National BDPA Technology Conference 209
    208. Assessment Timelines - representative Typical Project Timelines for a single system/application P ro je c t T a s k s W eeks 1 2 3 4 5 6 7 8 9 10 11 12 13 L e a d T im e C u rre n t S ta te A n a lys is R e v ie w B u s in e s s a n d T e c h n ic a l O b je c tiv e s D e v e lo p A rc h ite c tu re E v a lu a tio n F ra m e w o rk Id e n tify C a n d id a te A p p ro a c h e s E v a lu a te C a n d id a te A p p ro a c h e s P re p a re S tu d y D e liv e ra b le s (D ra ft) P ro d u c e F in a l D e liv e ra b le s Typical Project Timelines when creating a Technology POC is involved (single system/application) Identify Candidate Approaches Evaluate Candidate Approaches - - - Design Technology Proof of Concept Execute Technology Proof of Concept Evaluate Findings (Possibly Redesign and Execute) Prepare Assessment Deliverables (Draft) Produce Final Deliverables 2009 National BDPA Technology Conference 210
    209. Project Team Composition *Note: Team sizes will vary based on scope of the system. PRPOSED CORE ASSESSMENT TEAM • Business Program Lead and Project Manager  Manages the overall Project, leads with understanding of the business objectives, functional requirements. Liaises with Business Stakeholders to determine Business Strategy, Metrics, Goals, Functionality • Business Lead  Leads the Business team, facilitates meetings with the business unit and domain areas • Business Analyst  One or more based upon the size of the Project. Supports the Business Lead; prepare documentation • Senior Solution Architect  Leads the overall technical team, integrates business and technical objectives, develops the technology architectures framework. • Technical Lead/Architect  Leads the Technical team – may be required for each business unit/ and or domain • Technical Developers/Specialist  Based upon the engagement, one or more specialists in specific Technology areas (Portals, Security, Information, Data Warehousing, Infrastructure, etc.) may be required. • Technical Specialists, Programmers, Technical writers  Create Technical proofs of concept, research technical options, compare tools • Business Content & Data Services Specialist  Prepare and format final deliverables, create production quality deliverables for [YO]‟s delivery assurance; Reviewers onsite reviewing interim deliverables, locating other resources, providing input. 2009 National BDPA Technology Conference 211
    210. Deliverables • Recommendations  Written Summary of Findings (Word Document)  Written Summary, and Detailed Appendix of Recommendations  Executive Presentation (PowerPoint Presentation) • Specific Deliverables (will vary by Project Initiative)  Architecture Documentation  Business/Functional Architecture  System/Technical Architecture  Overall Architectural Blueprint  High Level Implementation Plan (If Applicable)  Gap Analysis  Implementation Options and Road Map  High Level timelines and Foundational Project Cost Estimations  Reuse vs. Build Analysis (if Applicable)  Build vs. Buy Analysis (if Applicable)  Results of Technology POC (If Applicable) 2009 National BDPA Technology Conference 212
    211. Funding Considerations • Structured as per needs of the specific project initiative  Scope - Global, Enterprise wide, Multi-System, Single System/Application  Specificity – High Level Assessment, Blueprinting, Roadmap, Implementation Plan  Deliverables – Findings/Recommendations, Documentation, Plans, Estimates  Domain and Technology expertise requirements  Delivery of a technology proof of concept  Detailed infrastructure sizing and estimating 2009 National BDPA Technology Conference 213
    212. Sample Architecture Views • Functional Architecture – Current State • Functional Architecture – End State/Vision • Tool Selection Mapping View • Information Architecture View • UI Experience Architecture View • UI Experience Architecture – Branded Sample • Portal Technology Architecture – Comp. View • Logical Architecture View 2009 National BDPA Technology Conference 214
    213. Functional Architecture - Current State 2009 National BDPA Technology Conference 215
    214. Functional Architecture - End State/Vision 2009 National BDPA Technology Conference 216
    215. Tool selection – Capabilities mapped to architecture 2009 National BDPA Technology Conference 217
    216. Information Architecture 2009 National BDPA Technology Conference 218
    217. UI Experience Architecture Look and feel driven by the Business Unit/Domain Area team. Alert! logo Emergency Procedures High Level Menu Personal Space 1 Search/ Directory Utility App/ LINKPAD Calendar Breadcrumb …. Second Level Top Personal Menu Level Space 2 Content LAUNCHPAD Content Pane Personal Space 3 PERSONAL INFO Personal Space 4 APPS Core information 2009 National BDPA Technology Conference 219
    218. UI Experience Architecture – Branded Prototype Sample 2009 National BDPA Technology Conference 220
    219. Portal Architecture – Components View 2009 National BDPA Technology Conference 221
    220. Logical Architecture E X E C U T IO N A R C H IT E C T U R E O P E R A T IO N A L A R C H IT E C T U R E CONTENT CREATOR /R E V IE W E R /A P P R O V E R / PORTAL IT USER A D M IN IS T R A T O R P U B L IS H E R /V IS U A L D E S IG N E R A D M IN IS T R A T O R CELL CO NTENT CO NTENT PO RTAL A D M IN PDA BROW SER BROW SER TO O LS BROW SER BROW SER PHONE E D IT O R S E D IT O R S TO O LS TO O LS CHANNEL ACCESS IN T E R N E T IN T E R N E T IN T E R N E T IN T E R N E T W IR E L E S S IN T R A N E T IN T R A N E T IN T R A N E T IN T R A N E T GATEW AY VPN VPN VPN VPN TO O LS WML .d o c , .x ls , TO O LS HTM L HTM L o th e r HTM L HTM L (J A V A , VOXML e tc . (J A V A , A C T IV E X ) P R E S E N T A T IO N / U I A C T IV E X ) R E N D E R IN G R E N D E R IN G R E N D E R IN G C O N F IG S T A T IC STYLES S T A T IC C O N T E N T REPO RTS CO NTENT STYLES S T A T IC C O N T E N T S E R V E R A D M IN U I STYLES END USER UI CONTENT M GM T UI D B A D M IN U I D Y N A M IC P O R T A L A D M IN C O N S O L E I1 8 N L O C A L IZ A T IO N CO NTENT I1 8 N L O C A L IZ A T IO N NETW ORK M GM T UI C O N F IG (P O R T A L , I1 8 N , E X T E R N A L C O N T E N T e tc .) M E T R IC S P O R T L E T C O N T A IN E R S E C U R IT Y S E C U R IT Y A P P L IC A T IO N / S E R V IC E S P E R S O N A L IZ A T IO N (A U T H O R IZ A T IO N ) IN D E X IN G A N D S E A R C H IN D E X IN G A N D S E A R C H ADD REMOVE (L A Y O U T , C O L O R S , S E R V IC E S O R C O N T E N T e tc .) C U S T O M S E R V IC E S USER AND RO LE CO NTENT C A T E G O R IZ A T IO N C A T E G O R IZ A T IO N (C A L E N D A R ) MANAGEMENT P R O F IL E REPO RTS IN D E X IN G A N D S E A R C H C O L L A B O R A T IO N C O L L A B O R A T IO N P O R T A L C O N F IG U R A T IO N MANAGEMENT A N D M E T R IC S S E R V IC E S N A V IG A T IO N A P P L IC A T IO N M O N IT O R IN G S E A R C H F IL T E R S W O RKFLO W V E R S IO N W O RKFLO W V E R S IO N CO NTENT DEPLO YM ENT TAXONOM Y ALERTS S E R V IC E S (M E T A D A T A D R IV E N ) S E R V IC E S CO NTRO L S E R V IC E S CO NTRO L S E R V IC E S N A V IG A T IO N CACHE CO NTENT M ANAG EM ENT DOCUMENT MANAGEMENT IN F R A S T R U C T U R E M G M T P O R T A L A P P L IC A T IO N S E R V IC E S P O R T A L A D M IN IS T R A T IO N S E R V IC E S S Y S T E M S E R V IC E S S Y S T E M S E R V IC E S M O N IT O R IN G S E R V IC E S IN T E G . A P P L IC A T IO N C O N T E N T A G G R E G A T IO N CO NNECTO RS M E S S A G IN G F IL E T R A N S F E R TAXONOM Y TAXONOM Y DATA / CONTENT / M ETADATA M ETADATA FRAM EW ORK FRAM EW ORK IN T E G R A T IO N DOCUMENT EXTERNAL AND USER CO NTENT E M A IL CO NTENT CO NTENT DOCUMENT A P P L IC A T IO N S A P P L IC A T IO N S A P P L IC A T IO N S LDAP SYSTEM S CACHE R E P O S IT O R Y R E P O S IT O R Y / 3RD PAR TY (W E B ) (D O C B A S E ) AD S E R V IC E S SEARCH B A C K U P , A R C H IV E , B A C K U P , A R C H IV E , IN D E X CO NTENT DEPLO YM ENT CO NTENT DEPLO YM ENT 2009 National BDPA Technology Conference 222
    221. Contact Information Arturo D. Hill IV WellPoint Companies, Inc. arturo.hill@wellpoint.com (214)287-5931 www.wellpoint.com 223
    222. 2009 National BDPA Technology Conference 224
    223. 2009 National BDPA Technology Conference 225
    224. 2009 National BDPA Technology Conference 226
    225. 2009 National BDPA Technology Conference 227
    226. 2009 National BDPA Technology Conference 228
    227. 2009 National BDPA Technology Conference 229
    228. 2009 National BDPA Technology Conference 230
    229. 2009 National BDPA Technology Conference 231
    230. 2009 National BDPA Technology 232 Conference
    231. 2009 National BDPA Technology Conference ”Challenges for Today, Strategies for Tomorrow” Key Trends in Project Management Ura Puranda August 5 – 9, 2009 Raleigh, NC
    232. ”Challenges for Today, Strategies for Tomorrow” Presentation Objective To keep abreast of the State of the Project Economy, and what are the key project management trends and strategies for 2009. 2009 National BDPA Technology Conference 268
    233. 2009 National BDPA Technology Conference ”Challenges for Today, Strategies for Tomorrow” Workshop Topics  State of the Project Economy  New PMBOK® Guide 4th edition  Key Process Changes  Key Trends in Project Management  Strategies for Project Professionals  References 269
    234. ”Challenges for Today, Strategies for Tomorrow” State of the Project Economy Around the world, countries and companies are looking for ways to pull out of the economic tailspin. Global Economy What‟s the State of the Global Economy? What‟s the State of the U.S. Economy? What‟s the State of the Project Economy? 2009 National BDPA Technology Conference 270
    235. ”Challenges for Today, Strategies for Tomorrow” State of the Global Economy G20 Leaders met in London on April 2, 2009 “We face the greatest challenge to the world economy in modern times; a crisis which has deepened since we last met, which affects the lives of women, men and children in every country and which all countries must join together to restore. A global crisis requires a global solution.” 2009 National BDPA Technology Conference 271
    236. ”Challenges for Today, Strategies for Tomorrow” State of the U.S. Economy Bailout - Trillion-dollar Stimulus Plan: [U.S.] President Barak Obama has committed to a chief performance officer whose responsibility is to focus on performing well, delivering what you said you were going to deliver, making sure the projects are on budget and on time…..project management through this crisis…it’s going to be a discipline that is critical. Gregory Balestrero – PMI CEO 2009 National BDPA Technology Conference 272
    237. ”Challenges for Today, Strategies for Tomorrow” Project Management Opportunities $150 billion – Amount expected to be spent on infrastructure projects by the Obama administration. “If the projections for investment in infrastructure projects become a reality, then world-class project management is going to be very important.” PM Network, April 2009 2009 National BDPA Technology Conference 273
    238. ”Challenges for Today, Strategies for Tomorrow” The Buzz – Shrinking Budget Meeting the Challenge: The 2009 CIO Agenda, a survey conducted by Gartner Executive Programs. ”IT budgets are hurting. With the global economy flatlining, IT spending budgets will be essentially flat with a planned increase of 0.16% in 2009. Executives face challenging global economic conditions that have not existed for more than 50 years.” Mark McDonald, VP Gartner Executive Programs Research 2009 National BDPA Technology Conference 274
    239. ”Challenges for Today, Strategies for Tomorrow” PMI Value Proposition Building on Value: As the global organization for project management; this year PMI will continue to focus on delivery of value by increasing the number of PMI programs, products and services. PM Value in 2009 What‟s the direction of PMI? What‟s the outlook for PMs? 2009 National BDPA Technology Conference 275
    240. ”Challenges for Today, Strategies for Tomorrow” Maximize Your PM Skills An Excellent Career Choice; Hot skills for 2009 Keep Your Skills Sharp; You need to truly shine Step Up to the Task and Manage Through Adversity Help Your Organizations Manage Their Portfolios Credentials Have Great Value Build Your Legacy; Step Forward and Be Recognized Leverage Communities of Practice to Hone Skills 2009 National BDPA Technology Conference 276
    241. ”Challenges for Today, Strategies for Tomorrow” PMBOK® Guide A Guide to the Project Management Body of Knowledge (PMBOK® Guide) Fourth Edition What‟s New? How Does It Affect You? 2009 National BDPA Technology Conference 277
    242. ”Challenges for Today, Strategies for Tomorrow” New PMBOK® 4TH Edition PMI released new version in December 2008. The changes can be summarized into 3 general categories Consistent compliance Name Changes with the “verb + noun” Processes have been added, reorganized, or Reorganization redefined Several points of clarification, eliminate Clarifications redundancy, new appendix 2009 National BDPA Technology Conference 278
    243. ”Challenges for Today, Strategies for Tomorrow” New PMBOK® 4TH Edition These are examples of the 26 Process Name Changes Old Process Name New Process Name Scope Definition Define Scope Scope Verification Verify Scope Risk Identification Identify Risks Qualitative Risk Analysis Perform Qualitative Risk Analysis Quantitative Risk Analysis Perform Quantitative Risk Analysis Risk Response Planning Plan Risk Responses Risk Monitoring and Control Monitor and Control Risks 2009 National BDPA Technology Conference 279
    244. ”Challenges for Today, Strategies for Tomorrow” New PMBOK® 4TH Edition These 9 processes were added, reorganized, or defined Process Name Change in New Edition Develop Preliminary Scope Statement Deleted Plan Scope Deleted Collect Requirements Added to Scope Management Identify Stakeholders Added to Communication Management Procurement Management Processes Reorganize and Redefined Plan Purchases and Acquisitions Plan Procurements Plan Contracting Conduct Procurements Contract Administration….. Administer Procurements Contract Closure Close Procurements 2009 National BDPA Technology Conference 280
    245. ”Challenges for Today, Strategies for Tomorrow” New PMBOK® 4TH Edition There were several points of clarification Distinguish various elements of the project management framework, e.g. Project Management Plan vs. other project management documents Clarifications Eliminate redundancy and distinction between the Project Charter and the Project Scope Statement Added a new appendix (Appendix G – Interpersonal Skills) 2009 National BDPA Technology Conference 281
    246. ”Challenges for Today, Strategies for Tomorrow” Key Process Changes Project Scope Management: Collect Requirements Describes how individual Requirements requirements meet the Documentation business need for the project Documents how requirements Requirements will be analyzed, documented Management Plan and managed throughout the project Table linking requirements to Requirements their origin and traces them Traceability Matrix throughout the project lifecycle 2009 National BDPA Technology Conference 282
    247. ”Challenges for Today, Strategies for Tomorrow” Key Process Changes Project Communications: Stakeholder Management Project Manager Project Team Members Leads project Execute project tasks Project Management Project Sponsor Business Clients Define Funds project business needs 2009 National BDPA Technology Conference 283
    248. ”Challenges for Today, Strategies for Tomorrow” Key Process Changes Project Communications: Identify Stakeholders Identifying all people or organizations impacted by the project Identify Stakeholders Conduct stakeholder analysis; identify the potential impact or support each stakeholder could generate Create Stakeholder Register, e.g. stakeholder classification 2009 National BDPA Technology Conference 284
    249. ”Challenges for Today, Strategies for Tomorrow” Key Process Changes Project Procurement Management Documenting project purchasing decisions, specifying the approach, etc. Plan Identifying project needs which Procurements can best be met by acquiring products or services outside of the project organization Create Procurement Management Plan describing how the procurement process will be managed 2009 National BDPA Technology Conference 285
    250. ”Challenges for Today, Strategies for Tomorrow” Key Trends in Project Management Project-based organizations are the way of the future – are you up to it? Trends for 2009 What‟s the New PM Environment? How to step up Your Game? 2009 National BDPA Technology Conference 286
    251. ”Challenges for Today, Strategies for Tomorrow” PMI CEO Perspective CEO REPORTS Positive News on Projects and Project Managers “I think it couldn’t be a better time and a better opportunity for project managers to step up and be leaders.” Gregory Balestrero – PMI CEO 2009 National BDPA Technology Conference 287
    252. ”Challenges for Today, Strategies for Tomorrow” Key Trends in Project Management Trends to Watch for in 2009 Convergence of PM and BA Roles Trend 6 Trend 5 Greater Emphasis on Requirements Management Change in Requirements Approaches Trend 4 Trend 3 Increased use of Agile Approach and Techniques Step Up and Be a Leader Trend 2 Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 288
    253. ”Challenges for Today, Strategies for Tomorrow” Distinction Between Project & Program Many organizations manage programs with the same methods used to manage projects, i.e. programs are “bigger projects”. 2009: Increase in understanding the differences and the use of strategies to accomplish organizational objectives and results. Convergence of PM and BA Role Greater Emphasis on Requirements Management Change in Requirements Approaches Increase use of Agile Approaches & Techniques Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 289
    254. ”Challenges for Today, Strategies for Tomorrow” Step Up and Be a Leader Project Management often focuses on the need to collect hard data to make a “sure bet” decision, i.e. project environment with well defined scope, deliverables, cost, time, etc. 2009: Project Managers have to start thinking more intuitively as project management is used more to manage organizations. Convergence of PM and BA Role Greater Emphasis on Requirements Management Change in Requirements Approaches Increase use of Agile Approaches & Techniques Trend 2 Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 290
    255. ”Challenges for Today, Strategies for Tomorrow” Increase Use of Agile Approaches Project Management industry is looking for new methods that are outside the traditional approach to deliver projects. There is now a wide, varied, and inconsistent use of Agile techniques. 2009: Integration of Agile methods into project management as organizations continue to adopt Agile Techniques and the industry adopts commonly accepted practices. Convergence of PM and BA Role Greater Emphasis on Requirements Management Change in Requirements Approaches Trend 3 Increase use of Agile Approaches & Techniques Trend 2 Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 291
    256. ”Challenges for Today, Strategies for Tomorrow” Change in Requirements Approaches Dominant use of only formal written requirements specifications, e.g. traditional use cases. 2009: Moving away from traditional requirements management, e.g. using additional methods and automated tools for collecting and documenting requirements. Convergence of PM and BA Role Greater Emphasis on Requirements Management Trend 4 Change in Requirements Approaches Trend 3 Increase use of Agile Approaches & Techniques Trend 2 Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 292
    257. ”Challenges for Today, Strategies for Tomorrow” Greater Emphasis on Requirements  Requirements Management was not clearly defined for the project manager‟s role; focus was on the business analyst‟s role. 2009: PMBOK® 4TH Edition contains a new section under Project Scope Management called “Collect Requirements”; emphasis on Requirements Management Plan and Traceability Matrix. Convergence of PM and BA Role Greater Emphasis on Requirements Trend 5 Management Trend 4 Change in Requirements Approaches Trend 3 Increase use of Agile Approaches & Techniques Trend 2 Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 293
    258. ”Challenges for Today, Strategies for Tomorrow” Convergence of PM and BA Role Project Managers AND Business Analysts have been trying to work within the same project (overlapping) space. 2009: As the economy tightens, organizations will try to get the most out of the PM and BA Roles as “project professionals”. Convergence of PM and BA Trend 6 Role Trend 5 Greater Emphasis on Requirements Management Trend 4 Change in Requirements Approaches Trend 3 Increase use of Agile Approaches & Techniques Trend 2 Step Up and Be a Leader Sharper Distinctions Between Project and Program Trend 1 Management 2009 National BDPA Technology Conference 294
    259. ”Challenges for Today, Strategies for Tomorrow” Strategies for Project Professionals Two special characteristics of project managers – accountability and transparency – will help organizations control assets in their projects and deliver success in an economical way during challenging times. Strategies for 2009 What‟s the evolving role of the PM? How to partner with the BA? How to survive in the Slumping Economy? 2009 National BDPA Technology Conference 295
    260. ”Challenges for Today, Strategies for Tomorrow” Evolving Role of the Project Manager Position yourself to oversee critical assets of organizations and virtual teams Help your organization embrace project, program and portfolio management Lead the Way; don‟t wait to be given direction Build and sustain strong professional networks Sharpen your requirements elicitation and analysis skills; stronger alignment with BA role Familiarize yourself with new edition of PMBOK® Communicate, communicate, communicate 2009 National BDPA Technology Conference 296
    261. ”Challenges for Today, Strategies for Tomorrow” PM and BA Partnership Familiarize yourself with BABOK® (Business Analysis Body of Knowledge) Understand the BA role in delivery of projects Leverage each others strength Be prepared to act in BA space and vice versa Establish clear roles and responsibilities upfront 2009 National BDPA Technology Conference 297
    262. ”Challenges for Today, Strategies for Tomorrow” Tips for the Slumping Economy Equip yourself with the right skills, knowledge and tools to manage mission critical initiatives Project management skills will still be hot commodity long after the economy improves Project Management Professional designation was one of the certifications that commanded the highest pay Business Skills as well as technical expertise are considered more valuable to organizations Invest in yourself! 2009 National BDPA Technology Conference 298
    263. ”Challenges for Today, Strategies for Tomorrow” Step Up and Lead “Project Managers are Best Placed to Become Leaders in the New Economy, but they need to be open-minded and seize all the opportunities.” PMI today April 2009 2009 National BDPA Technology Conference 299
    264. ”Challenges for Today, Strategies for Tomorrow” References 1. PMI ®Project Management Institute 2. PMBOK® 4TH Edition 3. PMI Today – PM Network 4. PMI ®Chicagoland Insights Newsletter 5. Watermark Learning 6. Global Knowledge 7. ESI International 2009 National BDPA Technology Conference 300
    265. ”Challenges for Today, Strategies for Tomorrow” Contact Information Ura Puranda Allstate Insurance Company upuranda@allstate.com 847-402-7318 2009 National BDPA Technology Conference 301
    266. 2009 National BDPA Technology Conference Subject Matter Experts – The Forgotten Project Partner Anne Harkins August 5 – 9, 2009 Raleigh, NC
    267. Presentation Objectives • Who is a Subject Matter Expert (SME) • Industry Trends • Characteristics of a SME • Why Train SMEs • Educating for Better Requirements 2007 National BDPA Technology Conference
    268. About your Presenter : Anne Harkins IT Professional  Developer  BA Manager  Systems Analyst  Curriculum developer  Business Analyst  Facilitator  Lead Analyst  Consultant  Project manager  Senior Instructor B1 Team Training and Consulting President and Founder 2007 National BDPA Technology Conference
    269. Anne Harkins B1 Team Training and Consulting • Roles held:  Instructor  Business Analysis Training focusing on:  Project Life cycle, roles, methodologies  Requirements elicitation  Requirements documentation  Data, Process, Agents, Actors and Business rules  Consultant  Informal Mentoring  Formal Project Assignments  Facilitator  Group Sessions  Project Team 2007 National BDPA Technology Conference
    270. Typical Project Team Executive Project Sponsor Manager Business Analyst Developers QA Business Partners Systems Architect 2007 National BDPA Technology Conference
    271. Process Of Analysis Business Analyst Elicitation of Business Requirements Business Partners 2007 National BDPA Technology Conference
    272. What are Business Requirements? • Business Processes • Business Data • Business Rules • Workflows • Policies, Procedures • Exceptions!!! • Reports, Mailings, Spreadsheets, Month-end, Quarter-end, Year-end, Screens, Communications… 2007 National BDPA Technology Conference
    273. Who is a Subject Matter Expert? “Business Partners” : • Customers • Clients • Stakeholders • Users Business • Subject Matter Experts Partners 2007 National BDPA Technology Conference
    274. Who is a Subject Matter Expert? • Individual who has special, in-depth knowledge of a business area • Project team player who enhances team understanding of the business process, problem, need and/or opportunity • Critical role player in project team success • Thought leader and expert with a unique understanding 2007 National BDPA Technology Conference
    275. Subject Matter Experts – the forgotten project partner Why is the Subject Matter Expert (SME) the forgotten project partner? 2007 National BDPA Technology Conference
    276. Partnership “The degree to which the business and IT can partner together is the single most important organizational aspect to successful business intelligence.” Successful Business intelligence Cindi Howson 2007 2007 National BDPA Technology Conference
    277. Can‟t live with them… “There is no realization on the part of the business as to how they affect timelines and implementations.” IT Professional, large US Retailer “Information Systems must understand the business and be involved in what they are trying to achieve.” BI Leader, Landstar Inc. 2007 National BDPA Technology Conference
    278. Subject Matter Experts – the forgotten project partner What we have done as an Industry: Trained and certified Project Managers Trained and certified Quality Assurance Analysts Trained and certified Business Analysts Trained and certified Facilitators Have we gotten what we need? 2007 National BDPA Technology Conference
    279. Industry Report Card 70% of projects failed to meet deadlines 50-60% of projects fail to meet the needs of the business 80% of issues stem from poor requirements 40-50% of project timelines now spent on rework 40% of defects are missed by QA and caught by users Sources: Standish Group Chaos report (2007) Forrester Research (2007) IAG Business Analysis Benchmark (2008) IEEE (2007) 2007 National BDPA Technology Conference
    280. Project Success Skills CIO MAGAZINE survey: Which is the most important skill for project success today? Technical Proficiency – 10% Understanding the Business – 58% Communication of Business Requirements – 70% 2007 National BDPA Technology Conference
    281. Where does it break? Who or What is the weak link? 2007 National BDPA Technology Conference
    282. The Human Factor When IT projects fail it rarely is a result of the technology. At its core, project management is all about people. There seemed to be a direct relationship between project failure and the human factor contributions. The larger the failure, the more the human factor contributed to that failure. This is more evidence that most software development projects fail because of failures within the team running them. Failed IT Projects (The Human Factor) Sheila Wilson 2007 National BDPA Technology Conference
    283. Why didn‟t you tell me? • Is it still a requirement if the subject matter expert didn‟t tell the analyst? 2007 National BDPA Technology Conference
    284. IAG study Staggering findings: Two different IAG studies have now produced identical findings: There is a 60% time and cost premium to be paid on projects with poor quality requirements IAG BA Benchmark 2008 2007 National BDPA Technology Conference
    285. Why? • Almost 70% of organizations surveyed DID NOT take effective action despite knowing this. Why?  Belief that analysis is not real project work  Business requirements considered a document not a cumulative process used to achieve consensus on needs  Superior technical skills make analysis unimportant 2007 National BDPA Technology Conference
    286. Are we hitting the right target? 2007 National BDPA Technology Conference
    287. Why train SMEs Consider: If our business partners knew what analysts needed from them before they started the project, they would likely deliver truer, cleaner requirements. Better requirements get us closer to the right solution! 2007 National BDPA Technology Conference
    288. Why train SMEs? In absolute terms, the quality of requirements will dictate the time and cost of the solution. 2007 National BDPA Technology Conference
    289. Subject Matter Experts – the forgotten project partner What can we do? TRAIN OUR BUSINESS PARTNERS on : what we need from them how to communicate those needs giving feedback on diagrams and models Train our SMEs on Delivering Better Requirements! 2007 National BDPA Technology Conference
    290. SME Challenges • Delivering “right” information • Availability • Understanding their own role • Understanding project methodology, templates, diagrams • Software development not primary job 2007 National BDPA Technology Conference
    291. How do we fix it? Recommendation of IAG: Focus must shift to quality of requirements discovery as a process, not just a document, if they hope to consistently deliver successful projects. 2007 National BDPA Technology Conference
    292. How do we fix it? “Success is driven more by how the organization engages its stakeholders in the process of requirements discovery and is less associated with requirements documentation.” Business Analysis Benchmark 2008 2007 National BDPA Technology Conference
    293. Current SME role The average project in study which used “poor requirements practices” overran amount of time expected by stakeholders for participation by 200% Result: Difficulty in getting stakeholder involvement in future Lackluster efforts Higher turnover Heroic efforts 2007 National BDPA Technology Conference
    294. Future SME Role • Productive use of time • Understanding of the process • Understanding of their role • Delivering higher quality requirements • Providing usable, meaningful feedback on diagrams and templates • Buy-in to end result 2007 National BDPA Technology Conference
    295. Good News Chain reaction of excellent requirements:  Design and coding can follow agreed upon models  Rework reduced  Features developed by priority  Testing and QA focused on right requirements  Testing and QA faster and more efficient  End-user satisfaction rises  Successful implementations! 2007 National BDPA Technology Conference
    296. B1Team Training Course offering Maximizing SME Contributions Critical tools for business partners 2007 National BDPA Technology Conference
    297. Maximizing SME Contributions: Critical tools for business partners • Course Outline  Project Roles and Expectations  Understanding Types of Requirements  Providing the Right Resources  Diagrams I can expect to see  Contributions I should make  Delivering Better Requirements by delivering better answers 2007 National BDPA Technology Conference
    298. Maximizing SME Contributions: Critical tools for business partners • Project Roles and Expectations:  Learn the players  Understand the positions  Impact of lifecycle and methodology 2007 National BDPA Technology Conference
    299. Maximizing SME Contributions: Critical tools for business partners • Understanding Types of Requirements Requirement: A condition or capability needed by a stakeholder to solve a problem or achieve an objective. BUSINESS FUNCTIONAL TECHNICAL Learn the answers to questions such as: What‟s my role here? What do you need from me? What will I be asked and why? 2007 National BDPA Technology Conference
    300. Maximizing SME Contributions: Critical tools for business partners • Providing the Right Resources:  What is in my business area?  Where can I find requirements?  Looking beyond written documentation  What do my analysts need from me?  What‟s important, what‟s not? 2007 National BDPA Technology Conference
    301. Maximizing SME Contributions: Critical tools for business partners • Diagrams/Documents I can expect to see 2007 National BDPA Technology Conference
    302. Maximizing SME Contributions: Critical tools for business partners • Contributions I should make:  Providing requirements  Providing feedback  Being available (time, prepare, assignments)  Making the project a priority 2007 National BDPA Technology Conference
    303. Maximizing SME Contributions: Critical tools for business partners • Delivering Better Requirements by delivering better answers Understanding the question, probing for specifics Think like a wise man but communicate in the language of the people William Butler Yeats 1865 - 1939 2007 National BDPA Technology Conference
    304. Conclusions Put emphasis on the “right target” Train for the “human factor” Plan for project success 2007 National BDPA Technology Conference
    305. Subject Matter Experts – from the “forgotten” to the “Invaluable” project partner THANK YOU! 2007 National BDPA Technology Conference
    306. Additional Course Offerings by B1Team Training • Estimating the Analysis Work Effort  Critical tools for estimating time and effort of analysis • The Analyst role in Product Testing and Quality  Critical tools for Testing Skills and Techniques • The Analyst role in Web Development  Critical tools for Analysis of Web-based Solutions • Lean UML Requirements Elicitation  Critical tools for Lean UML Analysts • Agile Requirements Elicitation  Critical tools for Agile Analysts • Enhancing Analysts Performance  Critical tools for BA Managers • Facilitating Requirements  Critical tools for Facilitators 2007 National BDPA Technology Conference
    307. Contact Us • Contact Information:  Anne Harkins, Training and Consulting anne.harkins@yahoo.com 404-771-9468  B1Team Training Training for all project team members! b1teamtraining.com 2007 National BDPA Technology Conference
    308. Resources Cited • Standish Chaos Report 2007 • Borland 2008 • IAG Business Analysis Benchmark 2008 • IEEE 2007 • CIO Magazine 2008 • Forrester 2008 • Books/Abstracts/Articles:  Successful Business Intelligence; Cindi Howson 2007  Failed IT Projects (The Human Factor); Sheila Wilson 1998 (incorporated into college curriculums and course studies on Project Management)  Early Warning signs of IT Project Failure; Kappelman, McKeeman, Zhang 2006 2007 National BDPA Technology Conference
    309. 2009 National BDPA Technology Conference ”Challenges for Today, Strategies for Tomorrow” Managing Risk of Critical Initiatives Ura Puranda August 5 – 9, 2009 Raleigh, NC
    310. ”Challenges for Today, Strategies for Tomorrow” Presentation Objective To understand the importance of Managing Risk of Critical Initiatives especially in a Down Economy 11/13/2009 2009 National BDPA Technology Conference 346
    311. ”Challenges for Today, Strategies for Tomorrow” Workshop Topics  2009 Global Economy Outlook  Project Risk Management  Effective Risk Management Planning  Managing Risk of Critical Initiatives  Showing Business Value to organization  References 11/13/2009 2009 National BDPA Technology Conference 347
    312. ”Challenges for Today, Strategies for Tomorrow” 2009 GLOBAL ECONOMY OUTLOOK 11/13/2009 2009 National BDPA Technology Conference 348
    313. ”Challenges for Today, Strategies for Tomorrow” Global Budget Crisis  Most industry sectors are facing massive layoffs  New focus on cost controls and downsizing  Companies become very conservative on spending  Mantra for 2009: Making Do With Less  U.S. Economy – “Bailout”; “Stimulus Plan”  Unemployment Rate is inching up above 8% 11/13/2009 2009 National BDPA Technology Conference 349
    314. ”Challenges for Today, Strategies for Tomorrow” Impact To IT Organizations  Spending on cost-saving technologies  Seeing more jobs going offshore  Server Virtualization Software market is hot  Slashed IT budgets; protecting core business  Delayed projects; reprioritized resources  Proactive risk management, monitoring, control and governance 11/13/2009 2009 National BDPA Technology Conference 350
    315. ”Challenges for Today, Strategies for Tomorrow” Economists & Business Analysts View  Gross Domestic Product posted its biggest loss in seven years  Recovery not expected until late 2009 or mid-2010  CIOs are going to be cutting budgets severely this year; could be drastic as 25% - 40%  Looking for ways to spend capital to reduce operating costs  CEOs will be questioning the value of their IT organizations 11/13/2009 2009 National BDPA Technology Conference 351
    316. ”Challenges for Today, Strategies for Tomorrow” 2008 Research 34% of Projects are Successful (last period) Standish Group - Project Research 11/13/2009 2009 National BDPA Technology Conference 352
    317. ”Challenges for Today, Strategies for Tomorrow” 2009 Research 30% of Projects are Successful (this period) Gartner- Project Research Challenged 43% Failed 27% Successful 30% 11/13/2009 2009 National BDPA Technology Conference 353
    318. ”Challenges for Today, Strategies for Tomorrow” What is Research Telling Us?  IT Project Mismanagement  Most waste in IT comes from IT project failure  70% of IT projects fails at a cost of $55 billion annually  Approximately 22% of the average total IT budget wasted  43% of IT projects that don‟t fail outright, overrun the budget to the tune of $17 billion in additional IT spending  30% successful; 20% of all IT projects finish on time, on budget with features promised 11/13/2009 2009 National BDPA Technology Conference 354
    319. ”Challenges for Today, Strategies for Tomorrow” Risk Management Tools “Statistics show that you can double your chances of IT success by simply using project management tools and techniques in the right way. Cost to business: 22% of total IT spend; delays, quality issues; loss of competitive advantage.” Global Knowledge 11/13/2009 2009 National BDPA Technology Conference 355
    320. ”Challenges for Today, Strategies for Tomorrow” Project Risk Management Are you leaving your project up to chance? 11/13/2009 2009 National BDPA Technology Conference 356
    321. ”Challenges for Today, Strategies for Tomorrow” Risk Management Framework 11/13/2009 2009 National BDPA Technology Conference 357
    322. ”Challenges for Today, Strategies for Tomorrow” Risk Management Plan An effective risk management plan describes how risk management will be structured and executed which includes (at a minimum):  Methodology: tools, resources and data sources which may be used  Roles and responsibilities  Budgeting and timing  Definitions of risk probability, impact and categories  Probability, priority and impact matrix  Stakeholder tolerances  Reporting and tracking formats  Strategies; Escalation points 11/13/2009 2009 National BDPA Technology Conference 358
    323. ”Challenges for Today, Strategies for Tomorrow” Project Risk Register Sample Template RISK LIKELIHOOD IMPACT APPROACH PROXIMITY COST DECISION POINT 11/13/2009 2009 National BDPA Technology Conference 359
    324. ”Challenges for Today, Strategies for Tomorrow” Risk Probability Matrix Sample Template R IS K E X P O S U R E G R ID CONSEQU ENCE P R O B A B IL IT Y 1 2 3 4 (M in im al (M o d erate (H igh Im p ac t) (V ery H igh Im p act) Im p act) Im p act) 4 L o w R isk M E D IU M H IG H H IG H (H igh ly L ik ely ) R isk R isk R isk 3 L o w R isk M E D IU M H IG H H IG H (L ik ely ) R isk R isk R isk 2 L o w R isk L o w R isk M E D IU M M E D IU M (U n lik ely ) R isk R isk 1 L o w R isk L o w R isk L o w R isk L o w R isk (H igh ly U n lik ely ) 11/13/2009 2009 National BDPA Technology Conference 360
    325. ”Challenges for Today, Strategies for Tomorrow” Risk Priority Matrix Sample Template R is k P r io r ity M a tr ix V e ry H H L ik e ly iig g h h Probability M M e e L ik e ly d d iiu u m m U n lik e ly L L o o w w Low M e d iu m H ig h Im p a c t S e v e r ity 11/13/2009 2009 National BDPA Technology Conference 361
    326. ”Challenges for Today, Strategies for Tomorrow” Effective Risk Management Risk Contains Threat OR Opportunity 11/13/2009 2009 National BDPA Technology Conference 362
    327. ”Challenges for Today, Strategies for Tomorrow” Looking At Risk Opportunity “Including opportunity within the definition of risk is not a theoretical or academic exercise. It is a natural consequence of recognizing that businesses, projects and people are affected by uncertainty, some of which might be helpful if it were managed proactively.” Dr. David Hillson, PMP (Risk-Doctor) 11/13/2009 2009 National BDPA Technology Conference 363
    328. ”Challenges for Today, Strategies for Tomorrow” Risk Opportunity Factors Reasons to include opportunity alongside threat Conceptual – Risk can be viewed as a source of potential variability in performance, since if it occurs, it would affect our ability to achieve our goals Practical – Threats and opportunities are important, and they both need to be managed. Dealing with them together in an integrated risk process brings synergies and efficiencies. Beneficial – A structured approach to identifying and capturing opportunities is good for business and for projects. 11/13/2009 2009 National BDPA Technology Conference 364
    329. ”Challenges for Today, Strategies for Tomorrow” Risk Management Strategies  Put Core Processes in Place – handle risks before it does damage to your project, take preventative steps  Assess Early and Often – uncertainties can be discovered at any time throughout the life cycle of the project, while the relative probability and consequence of identified risks can change over time  Build It into the Schedule – the project schedule must include risk management activities to deal with uncertain events, supported by risk reviews  Communicate and Illustrate Ownership – employ effective communications and clear ownership of risk elements 11/13/2009 2009 National BDPA Technology Conference 365
    330. ”Challenges for Today, Strategies for Tomorrow” Critical Success Factors  Develop and execute a good risk management plan  Manage the effects of risks at every level of business (i.e. project, program and portfolio)  Make risk management an essential component of project management  Choose strategies to reduce the impact or probability of risk occurring  Establish stakeholder roles and responsibilities in the risk management process  Communicate, communicate, communicate 11/13/2009 2009 National BDPA Technology Conference 366
    331. ”Challenges for Today, Strategies for Tomorrow” Risk Management Assessment  Assess risks and maintain the risk plan as a living and breathing document  Conduct formal assessment of change management process  Evaluate how change impacts those risks  Evaluate the solutions implemented to determine whether the changes are working successfully  Link planned assumptions with actual experiences 11/13/2009 2009 National BDPA Technology Conference 367
    332. ”Challenges for Today, Strategies for Tomorrow” Making Risk Management Work 11/13/2009 2009 National BDPA Technology Conference 368
    333. ”Challenges for Today, Strategies for Tomorrow” Managing Critical Initiatives Risk Management is an essential capability in managing projects. Research has demonstrated repeatedly that effective risk management is the single greatest influence on whether or not a project is successful. Mark E. Mullaly, PMP ©2007 gantthead 11/13/2009 2009 National BDPA Technology Conference 369
    334. ”Challenges for Today, Strategies for Tomorrow” Project Risk Pitfalls Key Project Risk Pitfalls to Avoid:  Strategic business requirements lost amid volumes of extensive documentation  Costly technology investments made without early and adequate validation  Employees are trained to use a new system, but not how to use the new system to do their old jobs  Business leaders love the idea of new tools, but lose sight of the key information used to make decisions and manage operations  Poor communication resulting in frequent surprises 11/13/2009 2009 National BDPA Technology Conference 370
    335. ”Challenges for Today, Strategies for Tomorrow” Business Benefits Successful risk management greatly impacts business results:  Forces clear definition of business objectives: strategic – investments, value, ROI; AND tactical – operational, run-the-business  Focuses on factors affecting achievement of objectives – threats to profitability or even existence of the organization  Leads to realized business benefits – alignment and prioritization of projects, programs and portfolios. 11/13/2009 2009 National BDPA Technology Conference 371
    336. ”Challenges for Today, Strategies for Tomorrow” Tips for the Down Economy Note: The pendulum of risk management will swing from being risk-tolerant to risk-averse Expect multiple Project checkpoints in shorter time frames with short range commitments Apply Risk Management Governance – quantifiable range of potential results to base decisions Trend: Short-range management makes it important to practice risk analysis to eliminate surprises Conduct routine project health assessment Know the biggest exposure to the business 11/13/2009 2009 National BDPA Technology Conference 372
    337. ”Challenges for Today, Strategies for Tomorrow” CIO‟s Perspective “Risk Management looms large in the CIO’s world. ” Successful risk management delivers successful business. Ganttheadlines 2/07 11/13/2009 2009 National BDPA Technology Conference 373
    338. ”Challenges for Today, Strategies for Tomorrow” Implementation Tips  Compile a risk checklist and register  Assign impact and probability ratings  Constantly review and reevaluate the risks  Ask “What can go wrong”  Think risk every time there is a change  Take proactive approach  Consider those potential risks first  Determine the risk strategies  Keep risk front and center  Execute your risk management plan 11/13/2009 2009 National BDPA Technology Conference 374
    339. ”Challenges for Today, Strategies for Tomorrow” References 1. PMI ®Project Management Institute 2. A Guide to the Project Management Body of Knowledge (PMBOK® Guide) Third Edition 3. Gantthead.com 4. Standish Group 5. PMI Global Congress North America 2006 6. Milestone Consulting Group 7. Clerestory Consulting LLC 8. Global Knowledge 9. Dr. David Hillson – Risk Doctor 10. Gartner Research 11. NACD - Directors Monthly 11/13/2009 2009 National BDPA Technology Conference 375
    340. ”Challenges for Today, Strategies for Tomorrow” Contact Information Ura Puranda Allstate Insurance Company upuranda@allstate.com 847-402-7318 11/13/2009 2009 National BDPA Technology Conference 376
    341. 2009 National BDPA Technology Conference Portfolio Management, Demand Management and Resource Management Cecil Jones ABD, MBA, PMP, CCP August 5-9, 2009 Raleigh, NC
    342. Presentation Objectives • -An overview of Portfolio, Demand and Resource Management practices in Corporations and Government • - Interactive Assessment of Organizations‟ Portfolio, Demand and Resource Management • -Case studies of Portfolio, Demand and Resource Management Implementation in Organizations • -The obstacles in Implementing good Portfolio, Demand and Resource Management • -The advantages of utilizing good Portfolio, Demand and Resource Management 378
    343. Demand Management Defined • Demand Management The systematic process of managing organizational project needs and requests to produce a set of prioritized projects with a timeline for implementation (1). 379
    344. Portfolio Management • This is often not an efficient nor effective group of processes, but one that varies considerably by industry, company, internal divisions and lines of business and individual departments within each organization. 380
    345. Demand Management Overview • A View of Demand Management Regulatory/ Legal Projects IT Demand Management Application Infrastructure Development Projects Projects 381
    346. Portfolio, Demand and Resource Management Overview • Another view of Demand Management Prioritized Input: Business cases,, List of Projects Proposals, etc. Prioritizing Projects with Consistent Rules using Good Demand Management Practices 382
    347. Portfolio, Demand and Resource Management Overview • Case studies of Portfolio, Demand and Resource Management Implementation in Organizations - Retail - University - Government - Financial Services 383
    348. Portfolio, Demand and Resource Management Overview • Retail - Portfolio and Demand Management priority list occurs during Annual Budgeting - Is reviewed and updated by Governance Council, each quarter - Additional projects are reviewed by 1st and 2nd level management each week - Resource Allocations are part of the equation - Skill sets are part of the equation 384
    349. Portfolio, Demand and Resource Management Overview • University Demand Rating Criteria (2) -Team Size (# of people) -# of Workgroups Involved -Technology/Technique/Process -Complexity -Political Profile -Impact Spends 100% of its budget each year 385
    350. Portfolio, Demand and Resource Management Overview • Government - Multiple methodologies (sometimes vendor supplied methodologies) Spends 100% of its budget each year 386
    351. Portfolio, Demand and Resource Management Overview • Financial Services -Large Organizations -Very Separate Divisions, Lines of Business -Centralized Demand Management not available -Just coming out of a merger and/or just going into one -Rocky financial services climate today 387
    352. Portfolio, Demand and Resource Management Overview • Project Definition • Number of Hours • Project Benefits • Strategic Value Portfolio Prioritized Establish Demand List of Projects Less than 200 hr 201 to 1000 hr 1001 hr to 2000 hr Resources Over 2001 hr Available Financial Reporting Project Status Reporting 388 Metrics Measurement
    353. Portfolio, Demand and Resource Management Overview The Challenges of Demand and Resource Management -Accurate View of Work in the Enterprise -Systems to Collect Project Knowledge -Systems to Collect Operational Work -Systems to House Skill Level & Knowledge Traits 389
    354. Portfolio, Demand and Resource Management Overview Level One – No major emphasis placed on Portfolio, Demand and Resource Management in most of the organization; occasional discussion; nothing major is planned Level Two – Emphasis is placed on Portfolio, Demand and Resource Management, at least on a divisional or line of business or departmental level Level Three – Emphasis is placed (or effort is being executed) for enterprise wide Portfolio, Demand and Resource Management utilizing resources from across the organization WHERE IS YOUR ORGANIZATION? 390
    355. Portfolio, Demand and Resource Management Overview The Advantages of Utilizing Good Portfolio, Demand and Resource Management - Associate/Employee Job Satisfaction - Efficient Utilization of Human Resources - More Agile Organization - Clearer Focus on Completing Work 391
    356. Portfolio, Demand and Resource Management Overview • Demand Management in Matrixed Organizations • The Role of the Resource Manager in Demand Management • The Role of the Project Manager in Portfolio, Demand and Resource Management • The Role of Senior Management • The Role of the Employee 392
    357. Reference Information (1) Increasing Demand for Demand Management http://www.bleum.com/pdf/Increase_demand_for_demand_manag ement.pdf (2) http://cio.osu.edu/projects/framework/project_class.html (3) Kendall & Rollins, Advanced Project Portfolio Management and the PMO (4) Gido & Clements, Successful Project Management ?QUESTIONS? Cecil Jones Knowledge Services Jones.1540@osu.edu 614-736-1100 393
    358. 2009 National BDPA Technology Conference Raleigh, North Carolina Technology Track •Identity Architectural Practices in IT •Security Information Management and PCI Compliance •Surviving a PCI Audit •Top 10 Security Threats and Preventions for 2009
    359. 2009 National BDPA Technology Conference Identity Management 101 Ward Thomas Green August 5 – 9, 2009 Raleigh, NC
    360. Contact Information Ward Thomas Green Eli Lilly & Co. IdM Architect Team greenwt@lilly.com 317-651-5986 www.lilly.com 396
    361. Identity Management (IdM) 101 • Why IdM is key to a companies success? • Importance of IdM • IdM Basics • Generic scenario • IdM scenario • Lilly IdM • Q&A 397
    362. Why Identity Management? • Many companies waste time repeating localized processes that often aren‟t well-maintained or managed • People have access to information they shouldn‟t • Tracking historical access to information is nearly impossible • A lot of energy is spent maintaining passwords and access to “stuff” 398
    363. Importance of Identity Management • Without robust Identity Management, we can never be confident of our security • Without confidence in security, data stewards will not be willing to expose information • Without current information, responsible decisions are difficult – hence shadow systems • The University should change its culture to make information available to those with proper authorization by default 11/13/2009 399
    364. IdM Definitions
    365. Digital Identity “Digital identity comprises electronic records that represent network principals, including people, machines, devices, applications, and services.” 1 11/13/2009 401
    366. Identity Management “Identity Management (IdM) comprises the set of business processes, and a supporting infrastructure, for the creation, maintenance, and use of digital identities within a legal and policy context.” 1 11/13/2009 402
    367. Identification • The act of assigning a unique marker or a token to a principal, such that principals can be distinguished from one another.2 A key step in this process is validation of the principal. • “John Doe, having verified your identity claim through two forms of documentation, we are assigning you username...” • Methods: Personal interviews, shared secrets 11/13/2009 403
    368. Authentication • Validating that the principal producing a token is that exact principal to whom the token was assigned.2 • “You say you are the authentic John Doe. Please prove that claim within a level of confidence we define.” • Methods: password, ID cards, biometrics 11/13/2009 404
    369. Authorization • The act of ensuring that an authenticated principal is given access to only the services and data required to support allowed tasks, either explicitly or implicitly through group or role memberships.2 • “John Doe, your request for access to that data/service is granted/denied.” • Methods: Entitlements by role, rule, or identity. 11/13/2009 405
    370. Accountability • Appropriate administration of Identification, Authentication, and Authorization, ensuring that only the authorized principal can exercise its individual authority.2 • With strong accountability, principals can be held responsible for actions. • Methods: policies, strong authentication 11/13/2009 406
    371. Identity Management Basics • An Identity is a set of:  Attributes - medical history, past purchasing behavior, bank balance, address  Preferences - currency used, what brand of hot dog you like,  Traits - eye color, where a business was incorporated • About a subject • Credentials are qualifications issued by an authority • Subjects make requests relative to a resource by presenting their credentials
    372. Identity Management In Action Vote anyone?
    373. Questions to Consider • How was the patron issued his credentials? • What proof did the patron have to provide before he was issued credentials? • Who owns the age attribute? • Is the age attribute reliable? • Do all Voter Poll accept the same credentials? • Are the rules the same in all geographies?
    374. The Cast Subject Credentials Resource Security Authority
    375. Scene One Resource Subject A person (subject) wants to Vote (i.e. perform an action on a resource= the voting machine ).
    376. Scene Two Security Authority The subject presents Subject his license (credentials) to the Poll Worker (security authority). The Credentials Poll Worker examines Credentials the credentials to prove the subject is who he says he is (authenticates the credential).
    377. Scene Three Credentials Attribute Now that the person is authenticated, the Poll Worker examines the birth date (attribute) and verifies that the subject is register to vote in this district to see if the Security Authority person is entitled authentic (allowed to access based on rules) the Voting Machine (resource).
    378. Scene Four Indeed, the person (subject) is entitled (meets the attribute rules) to vote based on his age (calculated from DOB attribute), Credentials and voting status, so he is granted access and happily Voting.
    379. Intermission
    380. Questions to Consider • How was the patron issued his credentials? BMV • What proof did the patron have to provide before he was issued credentials? SSI, Birth Cert, Passport, etc • Who owns the age attribute? Local Health Department • Is the age attribute reliable? Yes • Do all Voter Poll accept the same credentials? Yes • Are the rules the same in all geographies? Yes
    381. Identity Management Continued System Access
    382. The Cast Subject Credentials Resource Security Authority
    383. Scene One Subject Resource A supervisor (subject) wants to access the US Supervisor Site (resource) on LillyNet.
    384. Scene Two Log On to Windows Security Authority User name: C012561 Password: ******** The subject presents his UserID and password (credentials) when he logs on to his computer in the morning. The enterprise directory (security authority) examines the credentials to prove the user is who he says he is (authenticates the credential).
    385. Scene Three Security Authority Attributes Credentials ID: DA87644 The user is successfully authenticated Nm: Ward Green and now wishes to access the Loc: United States Supervisor Site. The Security Authority Supervisor: Y examines the work location and Dept: IT supervisor status (attributes) of the user PW ******** to determine if the person is entitled (allowed) to the Supervisor Site.
    386. Scene Four Indeed, the user is entitled to the Supervisor Site based on his work location and supervisor status and now accesses the great tools at his disposal.
    387. Is It Really That Easy? • To an end user, Identity Management (IdM) should be easily consumable and require little to no effort • But like Disney World, there is a hidden infrastructure that makes it all happen
    388. Lilly‟s Story • Identity Council Roles • Subjects  (Constituents) • Architecture  (IdM Construct Model) • Tools 424
    389. The Identity Council Executive Process Owner, Enterprise Identity Management Council Members:  Global HR Process/Data Integration  Procurement  Office of Alliance Management  US Recruiting and Staffing  GBIP Center of Excellence  Human Resource – IT  Legal Human Resources  LillyNet Services Company Confidential Copyright © 2004 Eli Lilly and Company
    390. The Identity Council‟s Role • Endorse roadmap of projects and activities recommended by the Collaborator and Employee/Contractor groups (Identity Management Team) • Review enterprise business priorities and translate into specific projects • Monitor identity projects, resources to ensure align with the enterprise agenda • Review recommendations from the Collaborator and Employee/Contractor groups • Stand for the enterprise agenda while representing local/area requirements and adoption Company Confidential Copyright © 2004 Eli Lilly and Company
    391. Identity Council Dashboard September 2008 GOVERNANCE RESOURCE CAPACITY 0% 1 5 Id M P s R e c e iv e d 35% August Headcount Lilly 15 56% Contractors 1 P e n d ing D e cisio n = 1 Projects Open 0  Support Admin Available 21%  A p p ro ve d = 8 A u th en tic a tio n S e rvic e P a s s w o rd R es e t C a n ce lle d = 1 E n te rp ris e A cc e ss M g m t  O n -B o a rd in g E xt. C o llab o rato rs M IIS U p g ra d e  R eje cted = 5 IC E R 5 RSA Im prove E xtern al C ollaborator O n -boarding THE CONSTRUCT E stab lish n ew A u thentication S ervice PROJECT PROGRESS R eplace S upervisor S cript Idea Pr opose Develop Deploy Suppor t P rovid e P assw ord M gm t for E xternal Authentication C ollaborators Oct 1 Ser vice W e b site U pgrade M IIS P ro v id e to Passw or d M gm t P h ys ic a l W e b site C reate E nterprise G roup s M a in ta in A u th S e c u re f or Ch em Ex p l or er T ra ffic Id e n tity Pass U s in g P ro v id e E m a il A ttrib u te s T h ru a N on- Asset E n c ryp - S u p p o rt S u p p o rt S u p p o rt Passw or d M gm t C re a te (S e lf) R e m o ve C re d e n - A u th T ru s te d tio n R o le B u s in e ss B u s in e ss Legal Legal Legal Q3/ 07 A cce ss Access tia ls D e v ic e Access R u le A re a R e q m n ts R e q m n ts R e q m n ts f or ot h er Ex t Col l ab s M a in ta in A ccess D e le g a tio n L o g o n P ro v id e U s in g G ra n tin g Id e n tity D ig ita l S u p p o rt U s in g K n o w - a D yn a m ic A cc e s s S u p p o rt S u p p o rt C re a te A ttrib u te s D e a c tiva te C e rti- S in g le IT Id e n tity (D e le g a te d ) Id e n tity C re d e n - L e d g e T ru s te d fic a te s A ttrib u te A ttrib u te By D e le g a tio n R e g u la to ry R e g u la to ry R e g u la to ry M ySite Cr e ation via tia ls A u th D e v ic e A c c e s s In d ivid u a l R e q m n ts R e q m n ts R e q m n ts Attr ibutes (ak a R5) L ife c ycle A u d it A u th e n tica tio n A cce ss M g m t A cce ss M g m t A cce ss M g m t M a in te n a n ce O n -b o a rd in g O ff-b o a rd in g R e m o te A cc e s s R e m o te A cc e s s A c ce ss M g m t A u th e n tic a tio n A u th e n tic a tio n A u th e n tic a tio n D e le g a tio n P u b lic K e y A c ce ss b y A c ce ss b y A c ce ss b y A c ce ss b y A ttrib u tio n A ttrib u tio n E xc e p tio n C o n d itio n Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity Id e n tity S ig n O n Cr eate Identity A u d it A u d it F a cto r F a cto r S in g le S in g le Q1/ 08 (f or Ex t Col l abor at or s) Cr eate Access Q1/ 08 (f or Ex t Col l abor at or s) Id e n tity Access A u th e n tic a tio n A u d it L ife c y c le M anagem ent M IIS Upgr ade Dec 07 Id e n tity M a n a g e m e n t Enter pr ise Access Gr oup Cr eation D a sh b o a rd D a sh b o a rd D a sh b o a rd
    392. Lilly Subjects • Lilly Subject are divided into four groups (each group or sub-group has a business owner )  Workers  Customers  Public  Controllers • Each group of subject were given a definition that will be used by all area at Lilly. • Each group of subject were broken down into sub-group, which allows Lilly to target sub-groups for IdM enhancements. 428
    393. Identity Management Constituents Groups impacted by ICE Rel 1 & 2 impacted Constituents: Workforce Customer Public Controllers CA= Corp Affairs Those individuals / entities An entity with the who previously, currently, or Individuals / entities that receive Recipients of authority to control Definition: potentially contributed or will information, products, information made our right to operate contribute to the delivery of available by Lilly to or who define the products or services for the and the company.from / or services everyone. way we conduct company. business. •Patient Med •Shareholders CA •Any Government • Job Applicant HR –Clinical Trial Structure • Job Candidate HR Patient •General CA –Rule makers Population –Auditors • New Hire HR •Consumer Demand –Regulators Med –Caregiver •Media CA • Lilly Employee HR –Patient Advocate CA – Temporary Workforce •Trade groups CA – Contingent Workforce •Advocacy Groups •Provider Demand •Lilly Board – Family-related Person –Prescriber or Med Legal Groups and – Retiree (status) –Investigator •Non-Regulatory sub-groups: Government CA •Standards – Withdrawn (status) –Thought Leader –B2B Influencer Organizations • Contact ??? –Clinical Trial Site • Vendor Procurement, HR Personnel •Independent •Payer Demand Review Boards / • External Partner OAM Ethics Committees •Distribution Chain Mfg Compliance • Lilly Board Member –Pharmacy Legal –Wholesalers = Recommended Managing Owner = Possible Managing Owner
    394. IdM Team 2008 Objectives  Improve External Collaborator Identity Lifecycle Experience (ELI) and core account provisioning  Create and Establish new Authentication Service (for Approved by the Identity Council Applications)  Password Mgmt for External Collaborators  Complete LillyNet Release 4 / 5 Commitments  Upgrade MIIS F Establish Support Model for Identity Management IT Services F Access Management Service Provide Website to Physical Website  Formalize Identity Mgmt Governance Process Auth Secure Maintain Traffic Identity Pass Using Provide Attributes Thru a Non- Email Asset Support Support Support Create (Self) Creden- Trusted Encryp- Legal Auth Legal Legal Access Remove tials Device tion Business Business Reqmnts Reqmnts Reqmnts Maintain Access Role Area Logon Provide Using Rule Identity Digital Access Access Delegation Using Know- a Support Support Support Create Attributes Deactivate Certi- Granting Creden- Ledge Trusted Dynamic Access Regulatory Regulatory Regulatory Identity (Delegated) Identity ficates Single Attribute By IT Reqmnts Reqmnts Reqmnts tials Auth Device Lifecycle Audit Authentication Attribute Access Individual Delegation Access Mgmt Off-boarding Maintenance On-boarding Remote Access Authentication Authentication Authentication Access Mgmt Public Key Identity Identity Identity Delegation Identity Attribution Access by Access by Access by Exception Condition Sign On Audit Audit Factor Single Identity Access Authentication Audit Lifecycle Management 11/13/2009 Identity Management Company Confidential File name/location Copyright © 2000 Eli Lilly and Company
    395. Identity Management Architecture Roadmap – 2008 Identity Access Authentication Audit Lifecycle Management Identity Management Strong Federation Federation ILM V2 Cred. ILM V2 Whale Kerb. -Smart Card -InfoCards -Del. Admin - Self Registration SLDAP EA -InfoCard -ADFS (WS*) RM -Attribution MOM BMC Log - Workflow -Group List -Bio-Metrics -SAML -Workflow -RAS (Directories) Sun One Directory Active Directory (EDS) Identity Metasystem (MIIS, ADAM, Identity Model, CLM) WFSAD SAP Key Bus. Apps Constituency Grid Federation
    396. Identity Lifecycle The creation, maintenance and decommissioning of identities and associated attributes. Create Access Create Access: The ability for an individual to request access to Lilly resources for themselves or on behalf of another person. Create Identity Create Identity: The ability for a business area or individual user to initiate the creation of an “identity relationship” with a new person or group of people. On-boarding Identity Identity On-boarding: The creation of an “identity” including gathering associated attributes / information about the entity needed for uniqueness and identification. Identity Create Access: Phase I – use existing access request methods Lifecycle Next Phases – access based on attributions/role IdM Create Identity: IdM Self-Registration to collect IdM attributes and feeds Self Workflow K2.NET approval process. Registration MIIS/AD/BMC K2.NET 11/13/2009 Company Confidential File name/location 432 Copyright © 2000 Eli
    397. Authentication Provide Physical Auth the ability to conclusively verify that a user is who he claims to be (“tell me who you are and prove it”) Pass Thru Provide Usage Patterns Developed – based on industry standards Creden- Asset tials Auth • Microsoft (Pass thru/Single Sign-on) Logon Provide Using Know- • Secure LDAP (Logon using Credentials/Simplified Sign-on) Creden- Ledge tials Auth • Federation Standards (Pass thru/Single Sign-on) Service Profiles – Underdevelopment Authentication • 20+ different “profiles” can be used with new Sign On Single Factor Authentication service • Which “profile” will depend on; Platform, O/S, COTS vs Custom, Delta/ICE prioritization of profiles • Information from business areas on application portfolio Authentication usage of LSSO/LDAP • Currently working with business areas on piloting the IdM profiles • General availability after pilots • Strong Authentication Authentication • RAS (Remote Access Service) Profiles •Kerberos EA LSSO • RBA (Role Based Access) Phase 1 Feb „09 •SLDAP 11/13/2009 Company Confidential File name/location Copyright © 2000 Eli Lilly and Company 433
    398. Lilly Access Management • What attributes are available to grant access? • Are the attributes reliable? Is there an owner? • How does someone get their credentials issued? (On-boarding) • How do applications consume the certificate authority? • What resources are available based on an attribute or a set of attributes? 434
    399. Definitions of Access CREATE ACCESS - The ability for an individual to request access to Lilly resources for themselves or on behalf of another person. ACCESS MANAGEMENT (Authorization) –The enforcement of business rules at run-time to ensure that users only access information to which they have permission. (Controlling access to resources based on the level of trust of an entity and the sensitivity of the information.) 11/13/2009 Company Confidential File name/location 435 Copyright © 2000 Eli
    400. Access Management the enforcement of access rules at run-time to ensure that users only access information to which they have permission Grant Access Access by Entitlement: By Role Grant Access • Lilly_All-Workforce_UG - Entire active workforce in SAD by that belong in SAP groups A, C, D, E, G and H. This Single Attribute includes employees and non-employees (enterprise group) Access by Attribution • Lilly_Employee_UG - All active employees in SAD that are in SAP groups A,C,E, G and H. (enterprise group) • Lilly_Non-Employee_UG - All active non-employees in SAD that are in SAP group D (enterprise group) • Request #1-Lillynet/Identity Management/Shared Documents/IdMArchitecture and Access Technologies/NT_Auth_AllGroup Management Legacy: DS3 – Windows Group Management Tool Group Admin – LSSO Group Management IdM Tool New (LillyNet): Group Populator – Access by Attribution Group Admin Rights Management – Access at the Whale Group DS3 RM Populator Document level 11/13/2009 Company Confidential File name/location 436 Copyright © 2000 Eli
    401. Access Relationships Create Access – What Resources are available?  Definition of what information needs to be shared/accessed/created  ~3000 applications Manage Access – How are Resources Defined?  Access by Entitlement (based on attributes)  Enterprise Relationship  Lilly vs Non-Lilly  Supervisor  Division  Cost Center  Access by Condition (based on attributes)  Business Relationship  Training Qualifications  Collaboration  Role (Business, System, Access)  Access by Exception  Adhoc (Named User)  Access by Delegation  Access created based on access from someone else 11/13/2009 Company Confidential File name/location 437 Copyright © 2000 Eli
    402. Access Management Service Access Management – Phase 1  R5 – Foundation Created  3 Enterprise Groups (Roles) – Lilly & Non-Lilly  Zone Groups – Lilly & Non-Lilly Access Management – Phase 2  Top 10 Enterprise Groups  Cost Center  Physical Location  Business Function (LRL, Legal, IT)  Employee Status  Org Code – Supervisor  Employee Group  Etc.  Request – Please supply your top 2 Enterprise/Divisional Groups/Roles Access Management – Phase 3  Standard Service to request Enterprise or Divisional  Governance to manage requests and ensure ownership and stewardships  Define what is an “appropriate” level for a role/group vs adhoc vs not an appropriate group – use an enterprise role/group  Enterprise (All)  Enterprise (External only)  Enterprise (Internal only)  Departmental, Functional, Workgroup Access Management – Phase 4  Federation 11/13/2009 Company Confidential File name/location 438 Copyright © 2000 Eli
    403. Summary • Lilly has recognized that Identity is a journey. • Governance is the key ingredient to success. • Using industry standards from all Identity will allow a company (Lilly)to be agile to met business needs. • Creating a Identity infrastructure and team that focuses on the business needs and process, which will assist in gaining control in your environment. 439
    404. WIFM? • We waste time repeating localized processes that often aren‟t well-maintained or managed • Fewer local processes and one-stop shopping for access • People have access to information they shouldn‟t • Access to defined resources • Tracking historical access to information is nearly impossible • Audit trails • A lot of energy is spent maintaining passwords and access to “stuff” • End user self service and access by attributes 440
    405. IdM Q&A 441
    406. 2009 National BDPA Technology Conference Security Information Management and PCI Compliance Chris Blask August 5 – 9, 2009 Raleigh, NC
    407. • Industry Leaders in Network Security • Public Speakers at Blackhat and Other CONS • Several Publications to include:  Gray Hat Hacking: the Ethical Hackers Handbook • Over 20 Years experience in Gov and Industry • Focused on:  Security Strategy, Architecture, Policy Design  Regulatory Compliance (PCI, SOX, HIPAA, GLBA, etc)  Security Information Management (SIM/SEM/SEIM)  Design, Implementation, Tuning, and Operations  Penetration Testing of Networks and Applications  Security Operations 443
    408. Presentation Objectives • You Will Learn:  The direction of Security Regulations and Compliance in the United States  The state of Security Information Management (SIM) Technology and the Market  The application of SIM Technologies to PCI Compliance 444
    409. 445
    410. • Once upon a time “CyberSecurity” meant a lock on a door • In the Olden Days, the records that run the modern world were mostly kept on paper • In that Bygone Era, computers were mostly for computing lots of numbers • Those days are gone 446
    411. • Senate Bills S.773 and S.778 (govtrack.us) • “To ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications“ 447
    412. • 6.a “Within 1 year NIST shall establish measurable and auditable cybersecurity standards for all Federal Government, government contractor, or grantee critical infrastructure information systems and networks… “ • 6.d.2 “The Director shall-require each Federal agency, and each operator of an information system or network designated by the President as a critical infrastructure information system or network, periodically to demonstrate compliance....” 448
    413. • 2.1 “America‟s failure to protect cyberspace is one of the most urgent national security problems facing the country. “ • 2.7 “The Cyber Strategic Inquiry 2008 … recommended to „establish a single voice for cybersecurity within government‟ concluding that the „unique nature of cybersecurity requires a new leadership paradigm.’. “ 449
    414. • Following public debacles such as TJ Maxx (~50M, 2002) the card brands formed the PCI Security Standards Council • Current Version of PCI DSS 1.2 • Enforces “best practices” • Requires Executive sign-off • Heartland Payment Systems –audited as PCI Compliant – reports breach in January 2009 450
    415. 451
    416. • Nomenclature:  Security Information Management (SIM)  Security Event Management (SEM)  Security Incident and Event Management (SIEM)  They all walk like ducks • SIM = A system for collecting and analyzing information about what your information is doing • SIM Inputs  Events (syslog, SNMP, Flow Data, IDS alerts…)  Network Data (Vulnerability Assessment, Inventory) 452
    417. And What is it Doing? Do You Know? In The Past In The Present What You Have ? ? What It‟s Doing ? ? 453
    418. PC PC PC PC NAC AUTH 454
    419. • Everything your information system does, it can report on  Your information system does a lot of things every day  Even small systems can produce >1M events/day • Most often, reporting (“logging”) is turned off  Try telling Ops they must sort through 10M events every day… • Most network operators are flying blind  Even many who have purchased a SIM 455
    420. SIM Architecture
    421. • About ten years into the evolution of SIM  Started with simple logging solutions  Recent evolutions (~5-6 years): productized solutions becoming more consumable • Software and Hardware solutions available today  Software solutions tend to be highly customizable and highly expensive  Hardware solutions tend to be highly deployable and reasonably cost effective 457
    422. • Have a goal in mind  Identify a value you want to achieve with your SIM  PCI Compliance  Security Operations  Network Operations • Get Executive Buy-in  Successful SIM deployment may require multiple groups to collaborate • Get Help  SIM may touch everything  SIM will require customization  SIM is not your father‟s Oldsmobile 458
    423. 459
    424. • The intent of PCI is to demonstrate that:  You have secure control of Card Holder data  You can verify that it stays secure  You can tell when it stops being secure  It’s all about diligence! • Today, PCI requires you to be aware of your network • Inevitably, future PCI specs will increase logging and log analysis requirements 460
    425. • “What doesn’t SIM have to do with PCI?”  Req #1: “Install and Maintain a FW configuration to protect CH data.”  Req #2: “Do not use vendor-supplied defaults for system passwords and other security parameters.”  Req #3: “Protect stored cardholder data.”  Req #4: “Encrypt transmission of cardholder data across open, public networks.”  Req #5: “Use and regularly update anti-virus software or programs.”  Req #6: “Develop and maintain secure systems and applications.” 461
    426. • “What doesn’t SIM have to do with PCI?”  Req #7: “Restrict access to cardholder data by business need to know.”  Req #8: “Assign a unique ID to each person with computer access.”  Req #9: “Restrict physical access to CH data.”  Req #10: “Track and monitor all access to network resources and cardholder data.”  Req #11: “Regularly test security systems.”  Req #12: “Maintain a policy that addresses infosec for employees and contractors.” 462
    427. • “Install and Maintain a FW configuration to protect CH data.” • A good SIM deployment should:  Let you determine what is running on your network now from layer 1 to 7  Assist with FW policy creation  Provide reporting platform  Provide forensics platform 463
    428. • “Do not use vendor-supplied defaults for system passwords and other security parameters.” • A good SIM deployment should:  Be capable of detecting unencrypted logins  Provide visibility into user logins  Provide reporting platform  Provide forensics platform 464
    429. • “Protect stored cardholder data.” • A good SIM deployment should:  Be capable of detecting any out-of-policy access to CH data  Provide specific response capability to disallowed access incidents  Provide reporting platform  Provide forensic platform 465
    430. • “Encrypt transmission of cardholder data across open, public networks.” • A good SIM deployment should:  Detect unencrypted traffic  Provide reporting platform  Provide forensics platform 466
    431. • “Use and regularly update anti-virus software or programs.” • A good SIM deployment should:  Enable effective prioritization of AV  Provide reporting platform  Provide forensics platform 467
    432. • “Develop and maintain secure systems and applications.” • A good SIM deployment should:  Verify hosts and applications are only communicating as per policy  Provide reporting platform  Provide forensics platform 468
    433. • “Restrict access to cardholder data by business need to know.” • A good SIM deployment should:  Confirm enforcement of access rules  Detect and record configuration changes to systems holding CH data  Detect suspicious login attempts to systems holding CH data  Provide reporting platform  Provide forensics platform 469
    434. • “Assign a unique ID to each person with computer access.” • A good SIM deployment should:  Monitor user logins on all systems in PCI domain  Detect non-standard logins (unencrypted, repeated login failure…)  Relate user IDs with originating IP Address  Provide reporting platform  Provide forensics platform 470
    435. • “Restrict physical access to cardholder data.” • A good SIM deployment should:  OK, you almost got me on this one…  BUT – think about integrating access-card usage data with PCI system access logs… 471
    436. • “Track and monitor all access to network resources and cardholder data.” • A good SIM deployment should:  Maintain audit trail of all access to all components of PCI domain  Provide capability to alert on out-of-policy access violations  Provide reporting platform  Provide forensics platform 472
    437. • “Regularly test security systems and processes.” • A good SIM deployment should:  Constantly monitor all aspects of the PCI domain  Provide central console to oversee regular testing exercises  Provide reporting platform  Provide forensics platform 473
    438. • “Maintain a policy that addresses information security for employees and contractors.” • A good SIM deployment should:  Provide an active representation of existing policy  Provide a platform for detecting policy violations  Provide a platform for determining necessary policy changes  Provide reporting platform  Provide forensics platform 474
    439. • Both PCI compliance and SIM deployment ask us to follow Best Practices:  Have a policy, and enforce it  Know what you have, and know what it‟s up to • Both PCI and SIM can touch everything • Deploying and using SIM properly makes becoming PCI compliant simpler • Becoming PCI compliant without a SIM is at best problematic 475
    440. Contact Information Chris Blask N2NetSecurity, Inc. chris@n2netsec.com 941 201-8277 n2netsec.com 476
    441. Contact Information Chris Blask N2NetSecurity, Inc. chris@n2netsec.com 941 201-8277 n2netsec.com 477
    442. 2009 National BDPA Technology Conference Surviving a Payment Card Industry (PCI) Audit Allen Harper August 5 – 9, 2009 Raleigh, NC
    443. • Industry Leaders in Network Security • Public Speakers at Blackhat and Other CONS • Several Publications to include:  Gray Hat Hacking: the Ethical Hackers Handbook • Over 20 Years experience in Gov and Industry • Focused on:  Security Strategy, Architecture, Policy Design  Regulatory Compliance (PCI, SOX, HIPAA, GLBA, etc)  Security Information Management (SIM/SEM/SEIM)  Design, Implementation, Tuning, and Operations  Penetration Testing of Networks and Applications  Security Operations 479
    444. • Recent History • PCI in a Nutshell • PCI Compliance Requirements • PCI Common Pitfalls • Establishing a Monitoring Capability • PCI Maintenance 480
    445. • Before PCI • TJ Max • Hannaford Bros • Heartland Payment Systems 481
    446. Data Security Cardholder Information Standard (DSS) Security Program (CISP) of 2001 Discover Information Security Site Data Protection Compliance (DISC) Program (SDP) Confused Merchants 482
    447. • Poster child for PCI • Initial compromise through WEP at stores • Happened over 18 months (ending Mar 07) • 45.6 Million credit cards compromised • Still counting damage • Many law suits filed • Several states passed laws • Motivation for PCI 483
    448. • 270+ supermarkets in 5 eastern States • 4.2M accounts exposed 12/07-3/08 • Two class action law suits filed • Opinion:  Inside job  Malware placed on machines, sniffed data  Security controls not in place  May have been PCI compliant at time of breach  PCI QSA audit in question 484
    449. • Processes more than 600 Million CCs a year • Reported a compromise on 20 Jan 09 • Number unknown, likely the biggest EVER! • Several company systems infiltrated, compromised and used to collect CC data • Organized Cybercrime Involved  Signals a new level of threat  Lots of “chatter” in underground sites about a big compromise in recent months…  20% increase in online charitable contributions last month…this is often a technique to see if card is valid… 485
    450. • PCI DSS • PCI DSS Domains • PCI Players • PCI Terms • PCI Encryption Requirement • Self Assessment Questionnaire • PCI Merchant Levels • Consequences 486
    451. • Card Associations founded an LLC (2006)  Security Standards Council (open global forum)  http://www.pcisecuritystandards.org • Single Program, Single Focus • Payment Card Industry Data Security Standard (PCI-DSS), now at version 1.2 “Payment Card Industry (PCI) Data security requirements apply to all Members, merchants, and service providers that store, process or transmit cardholder data.” • PCI is a Continuous Process 487
    452. 1. Install and maintain a firewall configuration to protect cardholder data Build and Maintain a Secure Network 2. Do not use vendor-supplied defaults for system passwords and other security parameters 3. Protect stored cardholder data Protect Cardholder Data 4. Encrypt transmission of cardholder data across open, public networks 5. Use and regularly update anti-virus software Maintain a Vulnerability Management Program 6. Develop and maintain secure systems and applications 7. Restrict access to cardholder data by business need-to-know Implement Strong Access 8. Assign a unique ID to each person with computer access Control Measures 9. Restrict physical access to cardholder data 10. Track and monitor all access to network resources and cardholder data Regularly Monitor and Test Networks 11. Regularly test security systems and processes Maintain an Information 12. Maintain a policy that addresses information security Security Policy 488
    453. Example Domain 489
    454. • PCI Security Standards Council • Issuing and Acquiring Banks • Merchants • Service Providers • Qualified Security Assessor (QSA)  www.pcisecuritystandards.org/pdfs/pci_qsa_list.pd f • Approved Scan Vendor (ASV)  www.pcisecuritystandards.org/pdfs/asv_report.htm l 490
    455. • Primary Account Number (PAN) • Encryption • Processing Systems • CAV2/CID/CVC2/CVV2 (DIS, JBC, MC, Visa) • Payment Applications Best Practices (PABP)  https://www.pcisecuritystandards.org/pdfs/pci_pa -dss_program_guide.pdf • Self Assessment Questionnaire (SAQ) • Report on Compliance (ROC) • Point of Sale (POS) • PIN Entry Devices (PED) 491
    456. Data Element Storage Protection PCI DSS Permitted Required 3.4 Cardholder Primary Account Number YES YES YES data Cardholder name YES YES NO Service Code YES YES NO Expiration Date YES YES NO Sensitive Full Magnetic Strip NO N/A N/A Authentication CAV2/CVC2/CVV2/CID NO N/A N/A data* PIN / PIN Block NO N/A N/A 492
    457. SAQ Type Description Questions 1.2.A Card-not-present (e-commerce or mail/telephone-order) 11 merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. 1.2. B Imprint-only merchants with no electronic cardholder 21 data storage or Stand-alone dial-up terminal merchants, no electronic cardholder data storage 1.2 C Merchants with payment application systems connected 38 to the Internet, no electronic cardholder data storage 1.2 D All other merchants (not included in descriptions for 226 SAQs A-C above) and all service providers defined by a payment brand as eligible to complete an SAQ. 493
    458. Who Requires • Any merchant-regardless of acceptance channel- •On-site audit by QSA 1 processing over 6,000,000 transactions per year. •Annual report of compliance (ROC) • Any merchant that has suffered a hack or an attack that •Quarterly scans by ASV resulted in an account data compromise. •Annual penetration test (SAQ-D) • Any merchant that Visa, at its sole discretion, determines should meet the Level 1 merchant requirements to minimize risk to the Visa system. Any merchant-regardless of acceptance channel- •Self-assessment questionnaire (SAQ) 2 processing 1,000,000 to 6,000,000 transactions per year. •Quarterly scans by ASV •Annual penetration test (SAQ-D) Any merchant processing 20,000 to 1,000,000 credit card •Self-assessment questionnaire (SAQ) 3 transactions per year. •Quarterly scans by ASV Any merchant processing fewer than 20,000 credit card •Self-assessment questionnaire (SAQ) 4 transactions per year, and all other merchants-regardless •Quarterly scans by ASV of acceptance channel-processing up to 1,000,000 Visa transactions per year. Note: actual requirements vary by card issuer, check with them for specifics 494
    459. • Cost of notifying victims • Loss of business and reputation • Cost of Lawsuits • Fines up to $500,000 per incident • Cost of replacing cards ($10/ea) • Cost of any fraudulent transactions • Cost of forensics by QSA • Cost of audit (Level 1) by QSA • Possible loss of credit card processing $$$ • Safe Harbor for Compliant Vendors (VISA) 495
    460. • Vulnerability Scans • Internal Penetration Test • Quarterly External Scans by ASV • Annual Assessments by QSA • Preparing for Internal Audit • Annual SAQ/ROC 496
    461. • 11.2 Run internal and external network vulnerability scans at least quarterly and after any significant change in the network. • These do not have to be performed by a QSA • Use common tools (free or commercial) • Use common best practice settings (no need for DoS test) • Document findings, recommendations to resolve, and progress between scans 497
    462. • Required for Level 1, 2 and 3 Merchants • Check PCI site for ASVs (trained by PCI SSC) • ASV may use their own software or other • ASV should not install root-kit or other software (unless authorized by PCI SSC) • ASV must be non-disruptive  No reboots, DOS, change of DNS routing, etc • Advice: use an online, remote ASV, such as Qualys 498
    463. • 11.3 Perform penetration testing at least once a year and after any significant infrastructure or application upgrade or modification … These penetration tests must include the following:  11.3.1 Network-layer penetration tests  11.3.2 Application-layer penetration tests • These do NOT have to be performed by QSA or ASV 499
    464. Annual Assessments by QSA • Annually (for Level 1 Merchants), the QSA will:  Define the scope of the assessment  Verify all technical information provided by merchant  Use independent judgment and confirm compliance  Provide support and guidance to meet compliance  Be onsite for validation of information and assessment  Follow the PCI Security Assessment Procedures  Select systems and components for sampling  Evaluate Compensating Controls  Produce Final Report • Advice: Engage with QSA early and often, prior to actual assessment, during preparation phase 500
    465. • Get Executive Buy-in • Develop a team  IT/Network/Security  PCI Auditors (QSA and non)  Internal IT Auditors  CIO/CFO/Legal/CISO • Develop and Publish Policy • Training (what is PCI?) • Gap Analysis (use the PCI DSS in a spreadsheet, split up work, conduct interviews, sample systems, validate policies, identify gaps) 501
    466. • Everyone should start with self assessment questionnaire (see Gap Assessment on prev slide) • Level 2-4 Merchants must submit annual SAQ • Level 1 Merchants must have annual onsite assessment and submit a ROC.  Signed by a corporate officer.  Signed by a QSA  Submitted to Acquiring Bank for Approval 502
    467. • Reducing Scope • Compensating Controls • 10.5.3/4 Centralized Logging • 3.5/3.6 Key Management • 6.3.7 Source Code Review • 6.3.3 Separation of Duties • 12.1 Security Policy • 12.6 Security Awareness Program • 12.9 Incident Response Plan/BCP 503
    468. • Segmentation of internal network is key  Reduces scope  Reduces cost!  This is critical! • Isolates systems that process and store cardholder data from other network systems • Requires an in depth knowledge of flow of cardholder data throughout network • Use of internal firewalls, routers, ACLS, etc • Segmentation will be verified by Assessor • Advice: segment wireless and corporate network (+DMZ) from cardholder environment 504
    469. Compensating Controls • Allowed when compliance on a particular item will be too expensive or otherwise not feasible • Should be used as only a last resort • Requires a compensating controls worksheet • Must be accepted by assessor and acquiring bank • Must be reviewed annually by assessor and results recorded on ROC. • Advice: The fewer the better  less than 10 for sure, less than 5 is norm (knowpci.com) 505
    470. • 10.5.3 “Promptly back up audit trail files to a centralized log server or media that is difficult to alter.” • 10.5.4 “Verify that logs for wireless networks are offloaded or copied onto a centralized internal log server or media that is difficult to alter.” • Includes the following audit data:  User ID, Type of Event, Date/Time, Success/Failure, Origin of event, ID of affected data/system/component • Advice: Ensure you get it all, then use your SIM/SEM/SIEM device to perform this task. 506
    471. • DSS Requires:  Strong Key Generation  Secure Key Distribution  Secure Key Storage  Periodic Changes of Key (at least annually)  Destruction of old Keys  Split Knowledge of Encrypted Key  Prevention of Unauthorized Key Substitution  Solid Key Revocation Process  Key custodians sign “acknowledgement” form • Advice: automate when possible, purchase commercial solution when feasible. Don‟t “roll your own” encryption… 507
    472. • 6.3.7 “Review of custom code prior to release to production or customers in order to identify any potential coding vulnerability.” • This applies to all custom code used to accept, process, or store cardholder data • Advise: start this early, it will take a while to complete and fix findings afterward. Outsource when skills are not present in- house. 508
    473. • 6.3.3 “Separation of duties between development, test, and production environments” • This requires separate people for these roles. No way around it. • Advice: Peer developers from other in-house, non-PCI applications may be used in this role. Document controls such as source code repository, code-diff review process, restricted accounts on production systems, etc. 509
    474. • 12.1 Requires  12.1.1 Addresses all requirements in this specification  12.1.2 Includes an annual process that identifies threats, and vulnerabilities, and results in a formal risk assessment  12.1.3 Includes a review at least once a year and updates when the environment changes • Signed acknowledgement for all employees • May need to start without executive direction • Advice: store centrally on portal, develop hierarchy of documents to avoid redundancy. Publish Authorized Use Policy for users. 510
    475. • 12.6 Implement a formal security awareness program to make all employees aware of the importance of cardholder data security:  12.6.1 Educate employees upon hire and at least annually (for example, by letters, posters, memos, meetings, and promotions) • Required for new employees and then annual • Advice: create user security awareness training material and track on Learning Management System (LMS). Capture new users as part of on- boarding system. 511
    476. • 12.9 Requires  Specific Incident Response Procedures  Business Continuity Plan (BCP)  Data Backup Procedures  Roles and Responsibilities  Communication and Contact Strategies • BCP is Much bigger than security  More than Disaster Recovery… • Advice: develop plans and practice regularly, develop scenarios to test 512
    477. • Log Retention Considerations • SIM/SEM/SEIM • Security Operations 513
    478. • 10.7 Retain audit trail history for at least one year, with a minimum of three months available online • Expect Millions of Events per day • Depending on format, may require Terabytes of storage • Advice: choose a good SIM/SEM/SIEM to manage and parse this data 514
    479. • Debatable name, clear requirement (10.6) • Filters and correlates millions of events into a manageable number of actionable incidents • Your only hope to “find a needle in the haystack” • Must be tuned:  Quality and Quantity of Sensors Tens of Millions of raw events Millions of security relevant events  IDS, Firewalls, Routers, Scanners, OS Hundreds of correlated events  Change Control of Manager Dozens of correlated  Tuning of Manager incidents  Reduction of False Positives Few actionable incidents  Creation of Content  Filters, Rules, Reports, Charts 515
    480. • Tiered Analyst Accounts (least access perms)  Tier 1 – “Eyes on glass”, responsible for detection of suspicious events and minimal analysis, escalation  Tier 2 – “Heavy Analysis”, research, elimination of false positives, reaching out to other business groups  Tier 3 – “Change Control”, validates lower tiers work, leads incident response, tunes manager as appropriate • Tier 1 Analyst should treat all suspicious events as potentially malicious, unless proven false. Either way, both cases need to be escalated • However: “first reports are often wrong” 516
    481. • OK, you are now PCI compliant, now what… • Your network changes from time to time  Any significant network change that affects systems that accept, process, store card holder data triggers a reassessment. • PCI-Changes from time to time  DSS 1.1 released Sep 06  SAQ 1.1 released Feb 08  DSS 1.2 released Oct 08  SAQ 1.2 released Oct 08 517
    482. Summary of PCI DSS 1.2 Changes • Mostly clarification, not many changes…  DSS1: expanded to cover routers & firewalls, review 6mos  DSS2: modified, broadcast of SSID now allowed  DSS4: WEP not permitted after June 30, 2010  DSS5: AV required on all systems “commonly affected”  DSS6: More “risk management” in patching  DSS 9: Review Security of offsite storage “annually”  DSS 9: flexibility given for cameras or other controls  DSS12: Relaxed language in contracts to Services providers  DSS12: Expanded definition of “employee facing”…PDAs… NOTE: there is now a new PCI PABP DSS out… see PCI site. 518
    483. • Visa (CISP)  http://www.visa.com/cisp • MasterCard (SDP)  http://www.mastercard.com/us/sdp/index.html • PCI Security Standards Council  https://www.pcisecuritystandards.org  Self Assessment Questionnaire  https://www.pcisecuritystandards.org/tech/saq.htm • PCI DSS blogs http://www.pcianswers.com http://knowpci.com • Your Acquiring Bank 519
    484. • Security Strategy, Architecture, Policy Design • Regulatory Compliance (PCI, SOX, etc.) • Security Operations/Staff Augmentation • SIM/SEM/SIEM Implementation, and Tuning • Penetration Testing (Network, Applications) • http://www.n2netsec.com 520
    485. ? 521
    486. Contact Information Allen A. Harper N2NetSecurity, Inc. allen@n2netsec.com (919)654-6788 www.n2netsec.com 522
    487. 2009 National BDPA Technology Conference Top 10 Security Threats and Preventions For 2009 Allen Harper August 5 – 9, 2009 Raleigh, NC
    488. • Industry Leaders in Network Security • Public Speakers at Blackhat and Other CONS • Several Publications to include:  Gray Hat Hacking: the Ethical Hackers Handbook • Over 20 Years experience in Gov and Industry • Focused on:  Security Strategy, Architecture, Policy Design  Regulatory Compliance (PCI, SOX, HIPAA, GLBA, etc)  Security Information Management (SIM/SEM/SEIM)  Design, Implementation, Tuning, and Operations  Penetration Testing of Networks and Applications  Security Operations 524
    489. Books We Have Authored… 525
    490. Purpose of Brief • To Discuss Today‟s Security Trends • Open your Eyes to Emerging Threats • Dispel Some Common Security Beliefs • Have Some Fun… • Threats Presented in No Particular Order • Both Threats and Preventions will be Discussed • Actionable Items… Rick will Have Copy 526
    491. Heartland Payment Systems, Inc • Processes more than 600 Million CCs a year • Reported a compromise on Tues, 20 Jan 09 • Number unknown, likely the biggest EVER! • Several company systems infiltrated, compromised and used to collect CC data • Organized Cybercrime Likely Involved  Signals a new level of threat  Lots of “chatter” in underground sites about a big compromise in recent months…  20% increase in online charitable contributions at the end of 2008…this is often a technique to see if card is valid… 527
    492. 1. Data Loss • Data at Rest • Data in Transit • Liability • Prevention:  Devalue Assets  Classification/Tagging  Log or Block USB Devices when Feasible  Data Loss Prevention Technologies  Encryption  File Shadowing/Watermarking  Exfiltration Monitoring • Note: Compliance (PCI, SOX, HIPAA) != Security
    493. 2. Wireless Insecurities • WEP is Dead (Aircrack-NG, WIcrawl) • WPA is in Intensive Care (coWPAtty)  WPA 1 & 2 PSK is Dead… only WPA2 Enterprise lives… • War Driving/Walking/Flying/Balooning/Chalking • Karma (Hotspots, Airports, Starbucks) • Prevention:  WPA 2-Enterprise (for now)  Segmentation  Layer 2 Encryption (IPSEC)  Wireless IDS (AirDefense, AirMagnet)
    494. 3. Drive by Download Attacks • Web Based Client Attacks – Wrong Place/Time • Defense in Depth is Dead… 2 1 3
    495. Defense for Web Based Attacks • Switch Browsers…go Firefox! … for now! • Virtual Browsers  Hardened Linux running in VMware Appliance  www.vmware.com/appliances/directory/browserapp.html  CheckPoint ZoneAlarm‟s ForceField  www.zonealarm.com/forcefield/ 11/13/2009 FOUO 531
    496. 4. Phishing • Attacks on Layer 8 • Not your dad‟s “Social Engineering” • Spear Phishing – Data Gathered with Maltego • Whale Phishing • Prevention: Filtering and User Awareness
    497. Phishing…It happens… 11/13/2009 FOUO 533
    498. 5. Security Information Overload • Event Management Requirements (Millions/day) • Log Management Requirements (Billions/years) • Prevention: SEIM to the Rescue
    499. SEIM in Action
    500. 6. Security Blind Spot • Zero-day or 0day Exploits • Exploits to non-disclosed vulnerabilities • Exploits with NO signature (elevator key) • Offer undetected access to any vulnerable system!!!!! • They are Sold…Full Disclosure is dead!  The black market (blackhats, virus/spyware writers)  Organized crime (Russian Business Network-RBN)  Vulnerability Sharing Clubs  Vulnerability Announcement Services (Idefense, 3Com)  Auctioned on sites like ebay… www.wslabi.com  Governments play too… 536
    501. Zero-day Auctions like ebay… 537 www.wslabi.com/
    502. 6. Security Blind Spot State Level Anomaly based Severity Info Warfare tools, Vuln Discovery, and Zero-day line Terrorist honeypots are useful here! Corporate Espionage Signature based Malicious tools and RED Hacker teams are only useful here! Ethical Hacker Curious Hacker Script Kiddie Infected worm victim Probability 538 Attackers Defenders
    503. 7. Sophisticated Malware • Was Annoying… Now Organized Crime…McColo • Encrypted and Obfuscated Payloads • Targeted Data, Identity, and Resources Theft • Prevention: Patching, Antivirus, and Honeynets
    504. 8. Physical Network Access • Physical Access is Admin Access! • Jacks in Conference Rooms…Server Rooms… • Insider Threat (estimated to be 40% of attacks) • VoIP Attacks: sniffing, voicemail, exploits • Blackberries use BES as proxy! • Prevention:  NAC to the rescue  Network Segmentation  Strong ACLs on Files and Shares  Logging of Violations and Monitoring  Forced timeout and passwords on Blackberries  Strong Physical Security  Harden your VoIP Services
    505. 9. Virtualization • Old Attacks Apply and Some New Ones… • Virtual Security Appliances? See me for info… • Rogue Virtual Machines • Not Just VMware… • Patching?
    506. Threats to Virtualization 542
    507. 10. E-Discovery • What is the Threat? Time and Resources… • If your company is sued and your lawyers say to you… “We need all the emails for the last year and all copies of all spreadsheets on all computers and all network shares in the network…for the last year…in 2 weeks…” • Can you do it? Or will this request break you? • Prevention:  Clear Data Retention Policy (the shorter the better)  Data Retention Technologies  E-Discovery Policy, Personnel, Procedures
    508. Demos… of Backtrack 544
    509. 545
    510. Please let us know if we can assist your company… allen@n2netsec.com 546
    511. Contact Information Allen A. Harper N2NetSecurity, Inc. allen@n2netsec.com (919)654-6788 www.n2netsec.com 547
    512. 2009 National BDPA Technology Conference Raleigh, North Carolina Professional Leadership and Management •Best Practices in IT Summer Intern Programs •Building a Culture of Innovation at GE Healthcare •Change Management: Transitioning to New Leadership •Processing America‟s Tax Returns: A Birdseye View •Selling BDPA: Multiple Streams of Chapter Income •Using Enterprise Architecture To Manage Today‟s Change •Utilizing A Disciplined Management Approach for Success
    513. 2009 National BDPA Technology Conference IT Summer Intern Program Best Practices Terry J. Morris August 5 – 9, 2009 Raleigh, NC
    514. Presentation Outline • Introduction • Presentation Objective • Current State • Typical Recruiting Process • Intern Program Principles • Intern Benefits • Sample Intern Profile • “The Talent Pipeline” • Lilly IT Internship Program Overview • Sample Organizational Structure • Key Intern Program Roles • Leadership Engagement • Key Challenges • Key Considerations • References • Q&A 550
    515. Introduction • Name: Terry J. Morris, Jr. • Employer: Eli Lilly and Company (Since 2001)  Current Role(s)  Business Analyst in Global Medical & Regulatory IT  Information Technology Intern Coordinator • Previous Internships:  Federal Express (1998)  IBM/ATT Global Network Services (1999) 551
    516. Presentation Objectives • Share best practices for ideal IT internship programs • Discuss key principles, components, roles, and responsibilities of an ideal IT internship program. • Review Eli Lilly and Company‟s IT Intern Program 552
    517. Intern Cartoon #1 553
    518. Intern Cartoon #2 554
    519. Current State • Employment of computer and information systems managers is expected to grow between 18 to 26 percent for all occupations through the year 2014. • The number of students enrolled in computer science programs is at its lowest in at least a decade. • Computer Science was one of the hottest majors during the dot- com boom of the late '90s, but the numbers dropped after the 2001 bust. • Despite a strong market for IT professionals, college students aren't as interested in studying computing as previously. • There is now a higher demand for IT talent, but a smaller supply of candidates. 555
    520. Typical Recruiting Process Early Engagement via Youth Focused Campus Technology Programs (i.e. Interview Internship Full-time Hire Recruiting BDPA High Programming Competition, NSBE, etc) 556
    521. Intern Program Principles • Mission and objectives should align with the overall recruiting strategy for the organization. • Appropriate level of senior management engagement and sponsorship. • Dedicated resources during planning and execution periods. • Valuable corporate experience for interns. • Provide mechanism to evaluation the interns performance based on objective data. • Clearly defined candidate profile. 557
    522. Intern Benefits • Robust Projects • Accountability • Adding Value • Interaction w/ Top Executives • Corporate Experience • Fun!! 558
    523. Sample Intern Profile • Minimum requirements • Currently a freshman, sophomore, or junior in a computer related BS/MS program • Cumulative GPA of 3.0/4.0 • Additional skills/preferences • Technical depth and ability to quickly learn new technologies • Strong desire for a career in IT • Demonstrated leadership and ability to influence • Strong interpersonal skills with ability to work as a member of cross- functional business teams and technical teams • Excellent written and verbal communication skills 559
    524. “The Talent Pipeline” Attraction Assessment Closing Onsite Visits Interviews Offers Internship Full-time Offers Accepts Recruiting Process Target Schools www.xxx.com New Hire Conferences Intern to Full Time Facebook 560
    525. Audience Engagement: How do we recruit this generation in the current cultural envrionment? 561
    526. Lilly Intern Program • Mission • Objective(s) • Components 562
    527. Audience Engagement: Other Intern Program Examples 563
    528. Sample Organizational Structure CIO Executive Project Area Sponsor Management Program Program HR HR Recruiter Manager Coordinator Representative Co- Committee Component Interns Mentors Coordinator Members Coordinators 564
    529. Key Intern Program Roles Intern Program Coordinator • Facilitate knowledge transfer to Intern Co-Coordinator • Serve as initial POC of entire Internship Program • Accountable for coordination of entire Internship Program • Facilitate all Lead Team/Coordinator Meetings • Participate In Corporate Internship Program Meetings/Functions • Partner w/ HR Staffing & Recruiting • Constantly look for ways to improve the program • Provide leadership/counsel/guidance to Co- Coordinator/Committee Members/TLs/Interns • Look for ways to develop others during program • Server as escalation contact for entire Program 565
    530. Key Intern Program Roles Intern Program Co-Coordinator • Serve as secondary POC of entire Internship Program • Responsible for assisting with the coordination of entire Internship Program • Participate in all Lead Team/Coordinator Meetings • Participate In Corporate Internship Program Meetings/Functions • Constantly look for ways to improve the program • Provide leadership/counsel/guidance to Interns • Look for ways to develop others during program • Prepare for Coordinator Role Next Year 566
    531. Key Intern Program Roles • Component Coordinator  Work within their respective component to secure participation of a management-level individual and to prepare them to present an overview of their corresponding component • Committee Members  Responsible for planning any events assigned by the Coordinator  Provide detailed updates on the events to the Coordinators  Has low interaction with the interns • Team Leader  Provide a positive experience for the intern  Establish/Maintain a strong relationship with the intern  Be able to represent the interns work • Mentor  Provide a sounding board for more personal conversations  Inquire about barriers/conflicts for potential advise or escalation  Expose the intern to the city and in depth Lilly culture  Serve as an unbiased contact 567
    532. Key Intern Program Roles • Executive Sponsor  Ensures management alignment with program vision.  Allocates approval funding for program.  Point of escalation from all management needs. • HR Representative  Human resource advocate /resource for students.  Provide benefits and compensation overview for interns. 568
    533. Leadership Engagement • Leadership engagement is required to maintain the appropriate level of sponsorship throughout the organization. • The organization‟s leadership should express the importance of the intern program to all management, to ensure of the appropriate allocation of time and resources. • Key organizational leaders should make themselves available throughout the internship program for direct interaction with the interns. 569
    534. Key Challenges • Decline in Computer Science and Information Technology enrollment across the U.S. • Maintaining corporate sponsorship and financial support during economic downturns. • Recruiting and retaining top talent. • Providing adequate pay, room and board, and transportation. • Strategy for managing through geographic concerns. 570
    535. Key Considerations • Competitive Salaries • Transportation allocation • Room and board concessions • Opportunity for feedback from all stakeholders • Robust project selection and matching process • Appropriate leadership and organizational visibility 571
    536. References • Career Guide to Industries 2006-07 - http://www.doleta.gov/BRG/Indprof/IT_profile. cfm • NPR “Computer Science Course Enrollment Dips in U.S.” - http://www.npr.org/templates/story/story.php? storyId=88154024 572
    537. Q&A 573
    538. 2009 National BDPA Technology Conference Building a Culture of Innovation at GE Healthcare Russ Neumeier August 5 – 9, 2009 Raleigh, NC
    539. 575
    540. GE Healthcare 576
    541. Global Landscape Asia 15% Americas 49% Europe, Middle East & Africa 36% 2009 National BDPA Technology Conference 577
    542. Inverting the triangle …from few to the many
    543. Inverting the Triangle • New leadership • New ideas • More involvement • More participation • More ownership This drives what we do and why we do it 579
    544. Our Innovation History …from Process to Mindset
    545. Our Innovation History • November 2006: the Innovation campaign! • Focus: Technology • The Process  50 ideas  30 participants • Global IT Feedback 581
    546. A Bit of Marketing Have you ever wondered....? "A picture is worth a thousand ideas." -- Gerald Haman THREE days and counting 2009 National BDPA Technology Conference 582
    547. A Bit of Marketing Have you ever taken a detour "just because...?" "You have to have a plan in place, but not one so rigid that you don't take detours. The A-ha's are in the detours." -- Terry Eggar TWO days and counting 2009 National BDPA Technology Conference 583
    548. A Bit of Marketing Have you ever asked, "what if....?" "Never before has it been so economically feasible to ask „what if‟ questions,… Put concretely, without experimentation, we might all still be living in caves and using rocks as tools." -- Stefan Thomke TOMORROW is the day 2009 National BDPA Technology Conference 584
    549. A Bit of Marketing 2009 National BDPA Technology Conference 585
    550. A Bit of Marketing 2009 National BDPA Technology Conference 586
    551. Our Innovation History • Innovation 2.0: Opening Bell • Wider Focus: Process & Technology • Market Forces  175 ideas  300 participants 2009 National BDPA Technology Conference 587
    552. User Generated Content 2009 National BDPA Technology Conference 588
    553. Innovation 2.0 Results Submitted Reviewed Approved Leadership report outs POC • Single Workflow for employee • Single Workflow for • Firefox employee • Onetool for ITSM • Web based Project Mgmt • Web based Project Mgmt • Web based Visio • Google docs • Acqusitions due diligence • Web based Visio • Oracle enquiry bot • MEA Video conf • SSO using digital certs • Acqusitions due diligence • Collaboration workspace • Time on Desktop • Oracle enquiry bot • SSO using digital certs More in pipe-line.. • Collaboration workspace Top discussed ideas • Onsite Helpdesk • Firefox • Onetool for ITSM • Blackberry 2d barcode • GE Answers 2009 National BDPA Technology Conference 589
    554. Our Innovation History • Innovation 3.0: a joint venture between IT/Engineering • Narrow Focus: cost out of the business • Market Forces  101 ideas  378 participants 2009 National BDPA Technology Conference 590
    555. Our Innovation History • Growth Playbook: purposefully cross- functional • Focus: answering business problems • Key Themes 2009 National BDPA Technology Conference 591
    556. Road Trips! …going to the Innovators and bringing the Innovators to us
    557. Road Trip • GE Healthcare CIO & Direct Reports • West-Coast Swing • Several Days, Several Vendors 2009 National BDPA Technology Conference 593
    558. Regional Technology Fair • 2008: things changed • Flipped the idea • Hundreds of participants 2009 National BDPA Technology Conference 594
    559. Regional Technology Fair • 2009: built on success • 80% of vendors were repeats • Hundreds of participants • Creative ideas 2009 National BDPA Technology Conference 595
    560. Open-source software …doing a lot for free
    561. Humble Beginnings…Wiki • TINY budget • Talked to the early adopters • No formal marketing • 2nd largest wiki in GE • Every GE business is interested 2009 National BDPA Technology Conference 597
    562. Humble Beginnings…Blogs 2009 National BDPA Technology Conference 598
    563. GE Opinion Survey – Virtual Pub • Three areas of focus • Nine Questions • Two weeks • The response:  175 posts  2,300+ views 2009 National BDPA Technology Conference 599
    564. The Pipeline …technology past, present, and future
    565. Skunkworks Graduates • Proven consumer applications • No formal project • Open-source • Word-of-Mouth • Still growing! 2009 National BDPA Technology Conference 601
    566. Pipeline Projects • Collaboration • Community • Self-Directed • Ongoing 2009 National BDPA Technology Conference 602
    567. Peering Around the Corner 2009 National BDPA Technology Conference 603
    568. Can I do THAT??!
    569. A Barbaric Yawp 2009 National BDPA Technology Conference 605
    570. Fostering Innovation 1. Grass-Roots • Seek other early adopters • Show value to the business • Stop projects that don‟t work • Live by example 2009 National BDPA Technology Conference 606
    571. Fostering Innovation 2. Embrace the troublemakers • Engage the ones circumventing policy • Talk to them • Get them involved • Let them be advocates for change 2009 National BDPA Technology Conference 607
    572. Fostering Innovation 3. Executive & Management • Provide air cover • Provide seed funding • Provide the visibility • Live by example 2009 National BDPA Technology Conference 608
    573. Fostering Innovation 4. Have Fun • Break from tradition • Allow some personalization • Trust people! 2009 National BDPA Technology Conference 609
    574. Fostering Innovation 5. Start the conversations • Ask questions • Speak up • Share what you know • LISTEN! • Live by example 2009 National BDPA Technology Conference 610
    575. Fostering Innovation 6. One size does not fit all • Try several things • Experiment • Messy can be good • Build mindset 2009 National BDPA Technology Conference 611
    576. Fostering Innovation 7. Permission to fail • Encourages reasonable risk • Speeds innovation • Learn MORE 2009 National BDPA Technology Conference 612
    577. Points to Ponder • How can you encourage idea sharing? • Where do the innovators hang out in your organization? How can you draw them into creative projects? • Create a list of the things you can do to promote cross-functional work 2009 National BDPA Technology Conference 613
    578. Monday‟s Challenge …quick things you can try on Monday morning
    579. Endless Possibilities • Download some software • Take on a quick project • Ask people to solve a problem • Try one before catching up on email 2009 National BDPA Technology Conference 615
    580. Downloads – All Free… • WAMP server - http://www.wampserver.com/en/download.php • MediaWiki - http://www.mediawiki.org/wiki/Download • WordPress MU - http://mu.wordpress.org/download/ • PHPbb – http://www.phpbb.com/downloads/ I‟ve run all of these apps on my laptop 2009 National BDPA Technology Conference 616
    581. Summary • It‟s not all software • Time • It doesn‟t cost a lot • Experiment • Start the conversation • Listen • Have fun 2009 National BDPA Technology Conference 617
    582. Questions?
    583. Contact Information Russ Neumeier GE Healthcare russ.neumeier@ge.com 414.721.3573 http://www.gehealthcare.com 619
    584. 2009 National BDPA Technology Conference Transitioning To New Leadership Sharon D. Fitzpatrick The Fitzpatrick Group, LLC August 5 – 9, 2009 Raleigh, NC
    585. Presentation Objectives • Phases of Transition • Creating A Strategic Vision • Leadership: Individual Alignment with Transition • Organizations: Transitions and Change • Proactive Approach for Transitioning to New Leadership by Developing Professional Networks 621
    586. Leading Change Exercise: Quick Change
    587. Quick Change We look at change as things that will be taken away. Often times we have to make too many changes too quickly. If change is not sustained in some way; there is a tendency to return to the status quo.
    588. Successful Leadership Transition Change Status Quo Resistance
    589. 3 Phases of Transition New Beginning Neutral Zone Letting Go
    590. Creating A Strategic Vision • Imaginative Create a Strategic • Interesting Vision Statement • Doable that describes how you will maintain the • Focused focus of Strategic • Flexible Objectives during a • Understandable new leadership transition
    591. Leading People “ Leaders make things possible. Excellent leaders make them inevitable” -----Lance Morrow
    592. Organizations: Transitions & Change Organization‟s Customer and Organization‟s Employee Systems, Environmental Culture & Development Processes & Impacts Philosophy Structure X Quarter NBOD Meeting2007 National BDPA 628 Technology Conference
    593. Developing Professional Networks Organizational Management Internal: Transitioning External: Individuals, To New Practitioners, Teams, Government Groups Leadership Customers Vision Social Networks
    594. Transitioning To New Leadership Be Proactive in developing networks Need to have a particularly with new Vision for focusing leadership that will on Strategic assist in attaining the Objectives with the focus of our Vision transition to New and Professional leadership Goals Need to understand who we are as leaders; how to continue to be ethical and build and maintain trust in the midst of change
    595. Contact Information Sharon D. Fitzpatrick The Fitzpatrick Group, LLC sharon@mytrainingconsultant.com (703) 669-5377 www.mytrainingconsultant.com 631
    596. 2009 National BDPA Technology Conference Processing America‟s Tax Returns, A Birdseye View Tony McMahon August 5 – 9, 2009 Raleigh, NC
    597. Processing America‟s Tax Returns, A Birdseye View  Modernization & Information Technology Services (MITS), The IRS IT Footprint  Infrastructure  Processes  Best Practices 633
    598. Processing America‟s Tax Returns, A Birdseye View MITS – Locations - Personnel UNITED STATES Washington Vermont 39 0 Montana Maine Maine Washington Montana North Dakota 3 1 North Dakota 1 Minnesota 3 39 Minnesota 23 1 Vermont New Hampshire Oregon 1 23 $ 0 12 Oregon 11 New Hampshire 11 Wisconsin 193 Massachusetts Idaho South Dakota South Dakota Wisconsin Massachusetts 108 Idaho Wyoming 2 15 15 New York New York Wyoming 193 Connecticut 1 1 1 2 Michigan Michigan Rhode Island 2 California 1 487 $ Connecticu 21 Iowa Iowa Pennsylvania New Pennsylvania New California 2 $ 193 193 Jersey t Jersey Nebraska Nebraska 2 24 Nevada $ 2 Ohio Ohio Nevada 19 2 Illinois Indiana 64 Maryland Delaware 2 Utah Illinois 27 64 19 Utah Colorado Colorado 41 41 Indiana DC Fresno 245 30 $ W.V. Maryland 2434 Fresno 128 245 27 West Virginia Virginia 30 772 128 Kentucky 772 29 Virginia 29 200 $ Kentucky 127127 North Carolina 62 62 Other Other Arizona Tennessee Tennessee 170 20 New Mexico $ South Arizona New Mexico 2 Oklahoma Arkansas 371 371 Oklahoma 21 Arkansas Carolina South Carolina 20 3 $ 7 2 Texas Texas 21 3 7 Mississippi Georgia Other Other Mississippi 214 2 Alabama Alabama 202 Georgia 6 214 2 6 202 $ Florida Austin Austin 283 283 68 Florida 68 Puerto Rico 9 Total MITS Employees = 6848 Computing Center $ Campus 1000 ↑ 250-999 100-249 10-99 0-9 634
    599. Processing America‟s Tax Returns, A Birdseye View ECC – Locations - Infrastructure • Enterprise Computing Centers –  Martinsburg – 134,789 square ft of ADP space  Memphis – 96,012 square ft of ADP space  Detroit – 49,168 square ft of ADP space  Remote Sites – Servers : All except Wyoming, Delaware, and Hawaii 635
    600. Processing America‟s Tax Returns, A Birdseye View Tier 1 Systems – MTB – MEM – DET System Channels MIPS MTB MEM DET IBM 2094-711 Z9 328 4550 X IBM 2094-711 Z9 208 4550 X IBM 2094-405 Z9 260 895 X IBM 2084 A-08 126 853 X IBM 2066-OB1 SACS Prod 52 108 X X IBM 2066-OB1 SACS Dev 52 108 X X UNISYS Dorado 7800 187 1400 X UNISYS Dorado 7800 192 1125 X TOTAL 1405 13589 X Quarter NBOD Meeting2007 National BDPA 636 Technology Conference
    601. Processing America‟s Tax Returns, A Birdseye View Tier II Systems – MTB – MEM – DET Name Count Processors Memory MTB MEM DET SUN F25K 4 142 551 GB X X SUN F15K 5 304 1696 GB X X SUN E25K 3 208 832 GB X SUN Web Server 125 446 1220 GB X Modernization 74 293 1304 GB X X Consolidated 142 660 625 GB X EMS 8 40 96 GB X EMS/EFTPS 9 44 112 GB X Forum Boxes 8 8 2 GB X X Wintel Servers 460 1438 918.7 GB X X X TOTAL 838 3583 7356.7GB X Quarter NBOD Meeting2007 National BDPA 637 Technology Conference
    602. Processing America‟s Tax Returns, A Birdseye View Tier II Systems – Remote Sites Group Count Processors Memory Appeals Wintel File-Servers 50 100 200GB Appeals Wintel Blade Servers 12 48 96GB Counsel Unix 15 34 90GB Counsel Wintel 409 928 1521GB ASA Andover 101 270 350GB ASA Atlanta 88 260 330GB ASA Austin 77 279 380GB ASA Brookhaven 41 140 200GB ASA Cincinnati 90 276 302GB ASA Fresno 61 170 150GB ASA Memphis 105 301 379GB ASA Ogden 90 210 200 X Quarter NBOD Meeting2007 National BDPA 638 Technology Conference
    603. Processing America‟s Tax Returns, A Birdseye View Tier II Systems – Remote Sites Group Count Processors Memory ASA Philadelphia 47 69 84GB ASA Kansas City 73 202 190GB ISA Group 1 52 308 105GB ISA Group 2 113 382 322GB ISA Group 3 116 346 400GB ISA Group 4 629 1120 594GB ISA Group 5 39 190 59GB ISA Group 6 61 140 96GB ISA Group 7 199 374 344GB ISA Group 8 14 42 31.15GB TOTAL 2482 6189 6423.15 X Quarter NBOD Meeting2007 National BDPA 639 Technology Conference
    604. Processing America‟s Tax Returns, A Birdseye View Tier II Systems – OS Instances Linux Solaris 10 23 64 Solaris 2.6 Solaris 7 491 2 Solaris 8 96 Solaris 9 Unix (Misc) 246 108 VMWare ESX Server 2.1 5 11 VMWare ESX Server 2.5 49 7 VMWare VI-3 239 W2K Pro/XP 2398 2 Windows 2000 Adv Server SP4 37 28 Windows 2000 Server Modified Windows 2000 SP2 Windows Server SP 2A 599 Windows Server SP 3 Windows Server SP 4 214 Windows 2003 Server 342 Windows 2003 Server SP1 Windows 2003 Server SP2 Windows Legacy OS (Pre W2K) Windows NT 4 SP 4 Windows NT 4 SP 6 X Quarter NBOD Meeting2007 National BDPA 640 Technology Conference
    605. Processing America‟s Tax Returns, A Birdseye View Processes Weekly Processing Inputs Enterprise Enterprise Computing Computing Center (MTB) Center (DET) Social Security Adm. (SSA) Submission Processing Campuses Enterprise Computing Financial Center (MEM) Management Service (FMS) X Quarter NBOD Meeting2007 National BDPA 641 Technology Conference
    606. Processing America‟s Tax Returns, A Birdseye View Processes Weekly Processing Outputs Financial Management Enterprise Service (FMS) Computing Center (MTB) Submission Processing Campuses Enterprise Computing Center (DET) Enterprise Computing Center (MEM) Nationwide IRS Sites X Quarter NBOD Meeting2007 National BDPA 642 Technology Conference
    607. Processing America‟s Tax Returns, A Birdseye View Processes 2006 2007 2008 2009 CFOL Transactions Per day 6.0m 6.25m 6.70m 7.22m CONTROL-M-Production batch. Jobs Per day 3,500 4,150 4,300 4550 X Quarter NBOD Meeting2007 National BDPA 643 Technology Conference
    608. Processing America‟s Tax Returns, A Birdseye View Processes CFOL Transactions Per Day 9,000,000 8,000,000 7,000,000 6,000,000 5,000,000 4,000,000 3,000,000 2,000,000 1,000,000 0 X Quarter NBOD Meeting2007 National BDPA 644 Technology Conference
    609. Processing America‟s Tax Returns, A Birdseye View Processes MTB Master File Workload Individual Tax Returns CADE Workload CY04 – 132.9 million CY04 – 5,400* Started in July CY05 – 133.4 million CY05 – 1.4 million CY06 – 126.5 million CY06 – 7.4 million CY07 – 126.4 million CY07 – 11.2 million CY08 - 126.0 million CY08 - 30.6 million CY09 – 55.2 million CY09 – 26.0 million (thru cycle 200913) (thru cycle 200913) During the February-May timeframe average 6 million tax returns per week X Quarter NBOD Meeting2007 National BDPA 645 Technology Conference
    610. Processing America‟s Tax Returns, A Birdseye View Processes MTB Master File Workload Business Tax Returns CY04 – 49.5 million CY05 – 50.3 million CY06 – 51.7 million CY07 – 52.7 million CY08 – 52.6 million CY09 – 15.8 million (thru cycle 200913) X Quarter NBOD Meeting2007 National BDPA 646 Technology Conference
    611. Processing America‟s Tax Returns, A Birdseye View 1040 Paper Return Pipeline Process National Bank Of Doeville U.S Mail Internal Revenue Service 100.00 One Hundred John Doe Return Mailed Mail Delivered Mail Opened Returns Checks Deposited / Extracted/Sorted Coding & Editing Remittance Processing Pending Error Resolution Errors Computer Computer Numbering Corrected Checked Entered File Sent to MTB U.S Mail Paper Checks Mailed Refund files sent to Treasury Disbursing Center (TDC) Treasury Electronic Funds Disbursing, Regional Account Posted at MTB Transferred to designated Financial Centers (RFC) Financial Institutions issue electronic and Paper 647 Refunds.
    612. Processing America‟s Tax Returns, A Birdseye View 1040 e-File Pipeline Process Computer Entered Computer Checked Errors Corrected File Sent to MTB U.S Mail Refund files sent to Treasury Disbursing Paper Checks Mailed Center (TDC) Treasury Electronic Funds Account Posted at MTB Disbursing, Regional Transferred to designated Financial Centers (RFC) Financial Institutions issue electronic and Paper Refunds. 648
    613. Daily Count 100,000 200,000 300,000 400,000 500,000 700,000 0 600,000 01/01/09 (Thu) 01/08/09 (Thu) 01/15/09 (Thu) 01/22/09 (Thu) 01/29/09 (Thu) 02/05/09 (Thu) 02/12/09 (Thu) 02/19/09 (Thu) 02/26/09 (Thu) Date 03/05/09 (Thu) 03/12/09 (Thu) 03/19/09 (Thu) 03/26/09 (Thu) Total January 1 to April 22 = 25,662,568 04/02/09 (Thu) 04/09/09 (Thu) 04/16/09 (Thu) Processing America‟s Tax Returns, A Birdseye View 04/23/09 (Thu) PAPER 1040 PROCESSING - ALL 10 SITES - 2009 1040 Paper Processing 04/30/09 (Thu) 649
    614. Daily Count 0 500,000 1,000,000 1,500,000 2,000,000 3,000,000 3,500,000 2,500,000 01/01/09 (Thu) 01/08/09 (Thu) 01/15/09 (Thu) 01/22/09 (Thu) 01/29/09 (Thu) 02/05/09 (Thu) 02/12/09 (Thu) 02/19/09 (Thu) 02/26/09 (Thu) Date 03/05/09 (Thu) 03/12/09 (Thu) 03/19/09 (Thu) 03/26/09 (Thu) Total January 1 to April 20 = 72,832,200 04/02/09 (Thu) 04/09/09 (Thu) 04/16/09 (Thu) 04/23/09 (Thu) E-FILE 1040 PROCESSING - ALL 5 SITES - 2009 1040 e-File Processing 04/30/09 (Thu) 650 Processing America‟s Tax Returns, A Birdseye View
    615. Processing America‟s Tax Returns, A Birdseye View Best Practices – Customer Support  Incident Management – Focus on processes to restore normal service operations as quickly as possible with minimum disruption to the business. Service Restoration Teams delivering a virtual trouble shooting environment. Develop a standardized process to document problem detection, resolution steps, and lessons learned. Creation of knowledge database to quickly search for known problems. X Quarter NBOD Meeting2007 National BDPA 651 Technology Conference
    616. Processing America‟s Tax Returns, A Birdseye View Best Practices – Customer Support  Problem Management – Root Cause Analysis (RCA) Trend Analysis Proactive monitoring of key indicators of systems that will allow for incident prevention and quicker incident detection. X Quarter NBOD Meeting2007 National BDPA 652 Technology Conference
    617. Processing America‟s Tax Returns, A Birdseye View Best Practices - Staffing  Flexi-Place & Alternative Work Schedules  Collaborative Tools  Upgrade Desktop  Awards/Recognition Program X Quarter NBOD Meeting2007 National BDPA 653 Technology Conference
    618. Processing America‟s Tax Returns, A Birdseye View Contact Information Tony McMahon Department of Treasury, IRS Anthony.H.McMahon@irs.gov 304-264-7110 WWW.IRS.GOV 654
    619. 2009 National BDPA Technology Conference Selling BDPA: Multiple Streams of Chapter Revenue Wayne Hicks August 5 – 9, 2009 Raleigh, NC
    620. It Can Be Done!  Nat‟l Membership Committee Chair (1989- 1990) • Chartered almost 25% of current chapters (10 of 51)  Nat‟l BDPA Vice President (1991-1992)  BDPA Cincinnati Chapter President (1999- 2001) • Grew membership from 6 (Jan 1999) to 229 (Nov 2001) • Won Chapter of the Year Twice (2000 and 2001)  National BDPA President-Elect (2002-2003)  National BDPA President (2004-2005) • Profitable annual conferences • All-time record in corporate sales • All-time record in BDPA membership totals  BETF Executive Director (2006 – Present) • Over $144,000 grants for local BDPA chapters since 2006. • Increased grant activity in 2008 Selling BDPA (Aug 2009) 661
    621. Where Is the Money? 1.Marketing 2.Membership is Money 3.Fundraising 4.Corporate Sales Selling BDPA (Aug 2009) 662
    622. What is our Brand Essence? 1. BDPA is the center of influence, excellence and professional development for African Americans in the Information Technology industry 2. BDPA offers a pathway from the classroom to the boardroom in an environment that rewards innovation, technical mastery, business mastery and individual growth. 3. From that initial mentoring session with a high school student to a BDPA corporate executive or business owner reaching out to promote interest and utilization of IT, BDPA represents broad community leadership and a nurturing association of inspired professionals. Selling BDPA (Aug 2009) 663
    623. Where is our „hurt‟? The biggest marketing challenge that BDPA faces is its low membership numbers.  FACT #1: We have seen a steady stream of major-name corporations to BDPA.  FACT #2: However, that success will start to falter if these corporations see BDPA as a small organization which is not growing. To them, the value of their investment comes from high numbers. Selling BDPA (Aug 2009) 664
    624. BDPA Marketing Theme “BDPA advances the careers of African Americans in the IT industry from the classroom to the boardroom” Elevator pitch when people ask what does BDPA do “We’re a service organization that advances IT professionals’, entrepreneurs’ and students’ careers from the classroom to the boardroom through education, mentoring, services and business networking that enhance innovation, technical skills, business savvy and personal growth.” Selling BDPA (Aug 2009) 665
    625. Our Marketing Messages 1. Marketing messages to potential 3. Marketing messages for potential members entrepreneur members • Join BDPA to advance your career  Open the door to new business in IT. opportunities through BDPA • Through BDPA, help shape and  Help us help you through guide the next generation of IT contributing to BDPA‟s growth professionals.  Participate in BDPA at the • Participate in BDPA at the community level to bridge the digital community level to bridge the digital divide divide 2. Marketing messages to 4. Marketing messages for potential potential sponsors student members  Your support of BDPA today  Play with today‟s technology while expands your IT resources for creating tomorrow‟s technology tomorrow  Try it, you might like it  Your active involvement in BDPA  Make friends and find mentors who builds the next generation of IT and can shape your future technology leaders  BDPA is a strong partner to help you open new markets within African American communities Selling BDPA (Aug 2009) 666
    626. Helpful Hints • Get covered in the press • Get into the budget cycle • Learn to fly in under the radar • Organize a CIO Reception • Partner with ITSMF, SIM, Urban League and others • Pick the low hanging fruit • Seek investments, not donations • Start a Corporate Advisory Council • Understand your product offering • Use our CRM tool (SF.com) Selling BDPA (Aug 2009) 667
    627. Grow Your Membership 1. Who is your target 5. Attracting student audience? members vs. IT 2. Recruitment professionals strategies 6. Corporate 3. Retention strategies memberships 4. Wholesale 7. Using the membership growth membership vs. retail database to your membership growth chapter's advantage. Selling BDPA (Aug 2009) 668
    628. Fundraising Tips 1. Annual awards banquets or luncheon (1Q) 2. Annual education banquets or luncheon (3Q) 3. Collaborating with BDPA Education & Technology Foundation (BETF) 4. Matching funds 5. Raffles and other fundraising ideas 6. Traditional grant writing 7. Volunteer grants Selling BDPA (Aug 2009) 669
    629. Corporate Sales Corporate Sales Roles & Corporate Participation Responsibilities Continuum 1. Chapter President 1. Awareness 2. Account Manager 2. Involvement 3. Corporate Champion 3. Corporate 4. Corporate Chapter Supporter 5. BDPA-BETF Director 4. Corporate Sponsor Selling BDPA (Aug 2009) 670
    630. Corporate ROI Decision 1. National Programs/Services – Resume database, digital library, IT Institute, newsletter ads, web banner or Bemley Scholarship fund. 2. Local Chapter Programs/Services – Monthly program meeting, quarterly workshops, newsletter ads, web banner or memberships. 3. Annual Conference – Career Fair, Speaking Opportunity, Receptions, Conference Guide advertisements or workshop presenters. Selling BDPA (Aug 2009) 671
    631. Corp Sales Talking Points 1. Has company realized 5. What are good areas for benefits from BDPA collaboration (hot sponsorship? buttons)? 2. What are your business 6. Is the corporation interested in supporting challenges? multiple chapters? 3. Is there more that National BDPA? National BDPA can do to help Conference? company meet 7. Will Company sponsor corporate objectives? and at what level? 4. Any BDPA opportunities 8. What are the next steps? for improvement? Selling BDPA (Aug 2009) 672
    632. Corp Sales Process Flow 1. Distribute Corporate Marketing Package 2. Hold preliminary meeting 3. Submit written proposal 4. Hold formal presentation meeting 5. Funds disbursement and receipt 6. Provide recognition and show appreciation 7. Increase corporate employee participation 8. Provide periodic status reports 9. Seek renewal and additional funds disbursement Selling BDPA (Aug 2009) 673
    633. Corp Sales Collateral Material Annual Conference Brochure Banquet Publications (local or national) Corporate Opportunities Portfolio Membership Brochure Newsletters (local or national) Your Chapter‟s Desk Reference Selling BDPA (Aug 2009) 674
    634. Contact Information Wayne Hicks, CEO Hicks Enterprises wayne@elecvillage.com (513) 284-4968 http://betf.blogspot.com http://electronicvillage.blogspot.com 675
    635. Selling BDPA (Aug 2009) 676
    636. Selling BDPA (Aug 2009) 677
    637. 2009 National BDPA Technology Conference Utilizing a Disciplined Management Approach for Success Roderick L. King August 5 – 9, 2009 Raleigh, NC
    638. Contact Information Name: Roderick L. King Company: National Government Services, Inc. (a subsidiary of WellPoint, Inc.) Email Address: rod.king@anthem.com Telephone Number: (317) 913-6354 Website Address: www.wellpoint.com 703
    639. Disciplined Management Approach for Success • Who is WellPoint? • Who is National Government Services? • Contact Center Performance • Define Discipline Management Approach • Deciding • Planning • Executing • Measuring • Take Aways 704
    640. Disciplined Management Approach for Success • Who is WellPoint? 705
    641. Disciplined Management Approach for Success • National Government Services administers Medicare contracts for the following:  Medicare Part A (hospital insurance)  Medicare Part B (medical insurance)  Durable Medical Equipment  Home Health and Hospice 706
    642. Disciplined Management Approach for Success • In fiscal year 2008 NGS:  Processed approximately 200 M Medicare claims  Paid approximately 96.9 B Medicare claims  Responded to over 11.6 M phone calls and 56,050 written inquires  Served approximately 24.5 M people with Medicare in 25 states and 5 U.S. Territories  Served approximately 161,125 providers and suppliers Source: 2009 National Government Services Medicare Contractor Fact Sheet 707
    643. Disciplined Management Approach for Success Jurisdiction States Included J11 (A/B and home health & hospice (HH&H) sub), includes JC of NC, SC, VA WV; includes HH&H JC: HH&H AL, AR, FL, GA, IL, IN, KY, LA, MS, NM, NC, OH, OK, SC, TN, TX J13 (A/B prime) CT, NY J14 (A/B and home health & hospice (HH&H) sub), includes JA of MA, ME, NH, RI, VT; includes HH&H JA: HH&H CT, MA, ME, NH, RI, VT JA (DME sub) CT, DC, DE, MA, MD, ME, NH, NJ, NY, PA, RI, VT JB (DME prime) IL, IN, KY, MI, MN, OH, WI, 708
    644. Disciplined Management Approach for Success • Journey Begins………….. • NGS re-organization of the Senior Leadership Team • Role and responsibilities expanded • Lead organization through contractor reform • Operating in new environment 709
    645. Disciplined Management Approach for Success • Contact Center Performance  Below expectations  Customer feedback ---The contact center is NGS‟ #1 priority  Provider feedback – Felt wait times were too long and staff was not being helpful  Morale Issues 710
    646. Disciplined Management Approach for Success • Disciplined Management Approach  What is it?  Webster‟s dictionary defines discipline as,  “Control gained by enforcing obedience or order”  “Orderly or prescribed conduct or pattern of behavior”  “To bring under control”  “Order” • I define this as utilizing a focused processed in order to achieve results • Four steps to the Approach 711
    647. Disciplined Management Approach for Success Step one --- Deciding  Clear direction  Clear decisions  Set the vision for team  Level of urgency  What needs to be done to improve contact center  Change outlook for contact center  Become Industry leader 712
    648. Disciplined Management Approach for Success Step two --- Planning • Clear goals and Clear targets • Return National Government Services to meeting current performance requirements • Prepare National Government Services for meeting future performance requirements 713
    649. Disciplined Management Approach for Success Step two --- Planning • Hiring/Training • Best skill routing • System connectivity • Internal site monitor of technology • Third party review of contact center • Contact top providers (high call activity) 714
    650. Disciplined Management Approach for Success Step two --- Planning • Long term strategy  Focus on increasing self service tools  Focus on becoming more efficient  Drove technology play for contact center (not IT department) 715
    651. Disciplined Management Approach for Success Step three --- Executing • Focused implementation excellence • Daily meetings • Weekly updates to Senior Management • Shared progress with entire organization • Shared updates with agents • Continued to look at areas to improve 716
    652. Disciplined Management Approach for Success Step four --- Measuring • Key performance indicators  Average Speed of Answer  Completion rate  Average handle time • Looked at other measures (leaders in the industry)  First call resolution  Calls handled vs. handled time  Set standards for tier II calls 717
    653. Disciplined Management Approach for Success Step four --- Measuring • Changed our call back policy • Focus on customer satisfaction (survey) • Changed our philosophy around service 718
    654. Disciplined Management Approach for Success Take Away When we decide, plan, execute, and measure in a disciplined manner, we achieve needed results. 719
    655. Disciplined Management Approach for Success Thank You Questions 720

    + Wayne HicksWayne Hicks, 1 month ago

    custom

    229 views, 0 favs, 3 embeds more stats

    These are the presentations made at the 2009 Nation more

    More info about this document

    © All Rights Reserved

    Go to text version

    • Total Views 229
      • 222 on SlideShare
      • 7 from embeds
    • Comments 0
    • Favorites 0
    • Downloads 15
    Most viewed embeds
    • 4 views on http://bdpa.groupsite.com
    • 2 views on http://www.itmwisdombase.org
    • 1 views on http://bdpa-news.blogspot.com

    more

    All embeds
    • 4 views on http://bdpa.groupsite.com
    • 2 views on http://www.itmwisdombase.org
    • 1 views on http://bdpa-news.blogspot.com

    less

    Flagged as inappropriate Flag as inappropriate
    Flag as inappropriate

    Select your reason for flagging this presentation as inappropriate. If needed, use the feedback form to let us know more details.

    Cancel
    File a copyright complaint
    Having problems? Go to our helpdesk?

    Categories

    Tags

    -->
    What's New

    © 2009 SlideShare Inc. All rights reserved.